Exploit released for critical Windows CryptoAPI spoofing bugProof of concept exploit code has been released by Akamai researchers for a critical Windows CryptoAPI vulnerability discovered by...
Day: January 26, 2023
The FBI Identified a Tor User
The FBI Identified a Tor UserNo details, though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and...
AI and Political Lobbying
AI and Political LobbyingLaunched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails, college essays and myriad other forms...
VMware warns of critical code execution bugs in vRealize Log Insight
VMware warns of critical code execution bugs in vRealize Log InsightA critical vulnerability in VMware vRealize Log Insight appliance can allow an unauthenticated attacker to take...
Security Analysis of Threema
Security Analysis of ThreemaA group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based...
Real-World Steganography
Real-World SteganographyFrom an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid...
Chinese hackers targeted Iranian government entities for months: Report
Chinese hackers targeted Iranian government entities for months: ReportChinese advanced persistent threat actor, Playful Taurus, targeted several Iranian government entities between July and December 2022, according...
Friday Squid Blogging: Another Giant Squid Captured on Video
Friday Squid Blogging: Another Giant Squid Captured on VideoHere’s a new video of a giant squid, filmed in the Sea of Japan. I believe it’s injured....
Publisher’s Weekly Review of A Hacker’s Mind
Publisher’s Weekly Review of A Hacker’s MindPublisher’s Weekly reviewed A Hacker’s Mind—and it’s a starred review! “Hacking is something that the rich and powerful do, something...
No-Fly List Exposed
No-Fly List ExposedI can’t remember the last time I thought about the US no-fly list: the list of people so dangerous they should never be allowed...
DragonSpark threat actor avoids detection using Golang source code Interpretation
DragonSpark threat actor avoids detection using Golang source code InterpretationChinese threat actor tracked as DragonSpark targets organizations in East Asia with a Golang malware to evade...
Experian Glitch Exposing Credit Files Lasted 47 Days
Experian Glitch Exposing Credit Files Lasted 47 DaysOn Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how...
Bulk Surveillance of Money Transfers
Bulk Surveillance of Money TransfersJust another obscure warrantless surveillance program. US law enforcement can access details of money transfers without a warrant through an obscure surveillance...
US Cyber Command Operations During the 2022 Midterm Elections
US Cyber Command Operations During the 2022 Midterm ElectionsThe head of both US Cyber Command and the NSA, Gen. Paul Nakasone, broadly discussed that first organization’s...
French rugby club Stade Français leaks source code
French rugby club Stade Français leaks source codePrestigious club Stade Français potentially endangered its fans for over a year after leaking its website’s source code. Stade...
On Alec Baldwin’s Shooting
On Alec Baldwin’s ShootingWe recently learned that Alec Baldwin is being charged with involuntary manslaughter for his accidental shooting on a movie set. I don’t know...
Many ICS flaws remain unpatched as attacks against critical infrastructure rise
Many ICS flaws remain unpatched as attacks against critical infrastructure risePatching vulnerabilities in industrial environments has always been challenging due to interoperability concerns, strict uptime requirements,...
How Hackers Used Legitimate Software to Breach U.S. Federal Agencies
How Hackers Used Legitimate Software to Breach U.S. Federal AgenciesA phishing scam using legitimate remote monitoring and management (RMM) software was used to target at least...
Driving Business Growth in Turbulent Times from CISO’s Perspective: Part II
Driving Business Growth in Turbulent Times from CISO’s Perspective: Part II Dive Into our Hubs Initiative as an Alternative to Remote Work Strategy: What’s Behind the...
North Korea-linked TA444 group turns to credential harvesting activity
North Korea-linked TA444 group turns to credential harvesting activityNorth Korea-linked TA444 group is behind a credential harvesting campaign targeting a number of industry verticals. Proofpoint researchers...
Infrastructure-as-Code Security: a Critical Responsibility
Infrastructure-as-Code Security: a Critical ResponsibilityBy Thomas Segura, Technical Content Writer, GitGuardian By large, software is still in its adolescence compared to other large-scale industries. Although its...
Google Chrome 109 update addresses six security vulnerabilities
Google Chrome 109 update addresses six security vulnerabilitiesGoogle addressed six security vulnerabilities in its web browser Chrome, none of them actively exploited in the wild. Google...
Been hit by BianLian ransomware? Here’s your get-out-of-jail-free card
Been hit by BianLian ransomware? Here's your get-out-of-jail-free cardAvast issues a free decryptor so victims can get their data back Cybersecurity firm Avast has released a...
T-Mobile suffers 8th data breach in less than 5 years
T-Mobile suffers 8th data breach in less than 5 yearsTelecom player T-Mobile US has suffered a cybersecurity incident that resulted in the exposure of the personal...
Zacks Investment Research data breach impacted hundreds of thousands of customers
Zacks Investment Research data breach impacted hundreds of thousands of customersZacks Investment Research (Zacks) disclosed a data breach, the security may have exposed the data of...
Experts warn of a surge of attacks exploiting a Realtek Jungle SDK RCE (CVE-2021-35394)
Experts warn of a surge of attacks exploiting a Realtek Jungle SDK RCE (CVE-2021-35394)Experts warn of a spike in the attacks that between August and October...
Wallarm touts API leak protection with new scanning feature
Wallarm touts API leak protection with new scanning featureAPI security company Wallarm announced Frdiay that it had opened a preview period for its newest offering —...
The metaverse brings a new breed of threats to challenge privacy and security gatekeepers
The metaverse brings a new breed of threats to challenge privacy and security gatekeepersThe metaverse is coming; businesses and government agencies are already building virtual worlds...
US Supreme Court leak investigation highlights weak and ineffective risk management strategy
US Supreme Court leak investigation highlights weak and ineffective risk management strategyThe Supreme Court of the United States (SCOTUS) has announced that its investigation to find...
Attackers exploiting critical flaw in many Zoho ManageEngine products
Attackers exploiting critical flaw in many Zoho ManageEngine productsUsers of on-premises deployments of Zoho ManageEngine products should make sure they have patches applied for a critical...