As TikTok, the world’s most popular app, comes under increasing scrutiny in response to data privacy and security concerns, lawmakers in the west may soon set...
Day: April 12, 2023
Data on 400K Kodi Forum Members Stolen and Put Up for Sale
The Kodi forum (MyBB) is a place where about 400,000 users of the Kodi open source media player come together to share tips on customizing their...
Microsoft: NSO Group-Like ‘QuaDream’ Actor Selling Mobile Spyware to Governments
Microsoft has identified another Israel-based threat organization, similar to NSO Group, that is selling mobile spyware and other cyber espionage tools and services to international governments...
Gartner: Human-Centric Design Is Top Cybersecurity Trend for 2023
In order for cybersecurity initiatives to be effective in reducing security failures, Gartner, a research and consulting firm, finds that it will be essential for security...
CrowdStrike Expands Falcon to Include IoT
Cybersecurity vendor CrowdStrike introduced new extended detection and response (XDR) capabilities within its Falcon platform to secure “extended” internet of things (XIoT). CrowdStrike Falcon Insight for...
LastPass Breach Reveals Important Lessons
The LastPass breach will be remembered as paradigmatic. The blast radius from this August 2022 breach grew from bad to catastrophic during a six-month period. Initially,...
10 things to look out for when buying a password manager
Here’s how to choose the right password vault for you and what exactly to consider when weighing your options 11 Apr 2023 – 11:30AM Here’s how...
1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs
At least 1 million websites that run on WordPress have been infected by a campaign that uses rafts of WordPress plug-in and theme vulnerabilities to inject...
Rethinking Cybersecurity’s Structure & the Role of the Modern CISO
Effective cybersecurity operations are as unique as the business models and technology choices of the companies they protect. Their creation and management are constantly complicated by...
Top Tech Talent Warns of AI’s Threat to Human Existence in Open Letter
More than 1,000 of technology’s top talent names — including Twitter CEO Elon Musk, Apple co-founder Steve Wozniak, and politician Andrew Yang — have signed an...
FBI Advising People to Avoid Public Charging Stations
The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices: Avoid...
Researchers Uncover 7000 Malicious Open Source Packages
Security vendor Sonatype detected 6933 malicious open source packages in the month of March alone, bringing the total discovered since 2019 to 115,165. Info-stealers comprised a...
New Zero-Click iOS Exploit Deploys Israeli Spyware
Security researchers have discovered a new zero-click, zero-day exploit that targeted iPhone users in 2021 with commercial spyware produced by secretive Israeli firm QuaDream. Microsoft and...
Ethical Hackers Could Earn up to $20,000 Uncovering ChatGPT Vulnerabilities
OpenAI is offering white hat hackers up to $20,000 to find security flaws as part of its bug bounty program launched on April 11, 2023. The...
Microsoft Fixes Zero-Day Bug This Patch Tuesday
Microsoft’s Patch Tuesday release this month included a security update for a Windows zero-day vulnerability being actively exploited in the wild. The bug in question, CVE-2023-28252,...
SAP April 2023 security updates fix critical vulnerabilities
April 12, 2023 By Pierluigi Paganini SAP fixed two critical bugs that affect the Diagnostics Agent and the BusinessObjects Business Intelligence Platform. SAP April 2023 security updates include...
OpenAI launched a bug bounty program
AI company OpenAI launched a bug bounty program and announced payouts of up to $20,000 for security flaws in its ChatGPT chatbot service. OpenAI launched a...
Cybercrime group exploits Windows zero-day in ransomware attacks
Microsoft has addressed a zero-day in the Windows Common Log File System (CLFS) actively exploited in ransomware attacks. Microsoft has addressed a zero-day vulnerability, tracked as...
A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover
A flaw in Microsoft Azure could be exploited by attackers to gain access to storage accounts, perform lateral movements, and even execute remote code. Researchers from...
Yum! Brands, the owner of KFC, Taco Bell and Pizza Hut, discloses data breach
Yum! Brands, the company that owns the KFC, Pizza Hut, and Taco Bell brands, disclosed a data breach after the January ransomware attack. On January 13,...
SAP releases security updates for two critical-severity flaws
Enterprise software vendor SAP has released its April 2023 security updates for several of its products, which includes fixes for two critical-severity vulnerabilities that impact the...
OpenAI launches bug bounty program with rewards up to $20K
AI research company OpenAI announced today the launch of a new bug bounty program to allow registered security researchers to discover vulnerabilities in its product line...
Hacked sites caught spreading malware via fake Chrome updates
Hackers are compromising websites to inject scripts that display fake Google Chrome automatic update errors that distribute malware to unaware visitors. The campaign has been underway...
Windows zero-day vulnerability exploited in ransomware attacks
Microsoft has patched a zero-day vulnerability in the Windows Common Log File System (CLFS), actively exploited by cybercriminals to escalate privileges and deploy Nokoyawa ransomware payloads....
Windows 11 KB5025239 cumulative update released with 25 changes
Microsoft has released the Windows 11 KB5025239 cumulative update for version 22H2 to fix security vulnerabilities and introduce 25 changes, improvements, and bug fixes. KB5025239 is a mandatory...
iPhones hacked via invisible calendar invites to drop QuaDream spyware
Microsoft and Citizen Lab discovered commercial spyware made by an Israel-based company QuaDream used to compromise the iPhones of high-risk individuals using a zero-click exploit named...
Microsoft Patches Zero-Day Bug Exploited by Ransomware Group
Application Security , Attack Surface Management , Cybercrime Attackers Drop Nokoyawa Ransomware; Experts See Increasing Criminal Sophistication Mihir Bagwe (MihirBagwe) , Mathew J. Schwartz (euroinfosec) •...
Cybercrime: Ransomware Hits and Initial Access Listings Grow
Cybercrime , Fraud Management & Cybercrime , Ransomware But If Hydra Takedown Is a Guide, Fresh Disruptions May Take Big Bite Out of Market Mathew J....
Latitude Financial Refuses to Pay Ransom
Fraud Management & Cybercrime , Geo Focus: Australia , Geo-Specific Ongoing Cyberattack Still Causing Service Disruptions Prajeet Nair (@prajeetspeaks) • April 11, 2023 A...
Proposed Health IT Certification Rules Target AI, Privacy
Healthcare , HIPAA/HITECH , Industry Specific HHS Rules Aimed at Beefing Up Health IT Systems, Patient Data Privacy, Security Marianne Kolbasuk McGee (HealthInfoSec) • April 11,...