Source: go.theregister.com – Author: Team Register Scammers are buying up cheap domain names to host sites that sell dodgy health products using fake articles, according to...
Month: January 2024
Nokia walks the walk about its RAN to play on Uncle Sam’s China fears – Source: go.theregister.com
Source: go.theregister.com – Author: Team Register Comment A vendor establishing a business unit dedicated to government sales is not new or unusual. But Finnish telecommunications giant...
PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions – Source:thehackernews.com
Source: thehackernews.com – Author: . Jan 17, 2024NewsroomFinancial Data / Vulnerability The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities...
Combating IP Leaks into AI Applications with Free Discovery and Risk Reduction Automation – Source:thehackernews.com
Source: thehackernews.com – Author: . Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI...
Code Written with AI Assistants Is Less Secure – Source: www.schneier.com
Source: www.schneier.com – Author: Bruce Schneier Interesting research: “Do Users Write More Insecure Code with AI Assistants?“: Abstract: We conduct the first large-scale user study examining...
Dark web threats and dark market predictions for 2024 – Source: securelist.com
Source: securelist.com – Author: Sergey Lozhkin, Anna Pavlovskaya, Kaspersky Security Services Kaspersky Security Bulletin An overview of last year’s predictions Increase in personal data leaks; corporate...
Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Out-of-date Confluence Data Center and Server instances are haunted by a critical vulnerability leading to remote code execution. The post...
AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Researchers show how a new attack named LeftoverLocals, which impacts GPUs from AMD, Apple and Qualcomm, can be used to...
Achieving “Frictionless Defense” in the Age of Hybrid Networks – Source: www.securityweek.com
Source: www.securityweek.com – Author: Matt Wilson A “frictionless defense” is about integrating security measures seamlessly into the digital landscape to safeguard against threats while ensuring a...
GitHub Rotates Credentials in Response to Vulnerability – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire GitHub rotates credentials and releases patches after being alerted of a vulnerability affecting GitHub.com and GitHub Enterprise Server. The post...
Here’s How ChatGPT Maker OpenAI Plans to Deter Election Misinformation in 2024 – Source: www.securityweek.com
Source: www.securityweek.com – Author: Associated Press ChatGPT maker OpenAI outlines a plan to prevent its tools from being used to spread election misinformation in 2024. The...
Oracle Patches 200 Vulnerabilities With January 2024 CPU – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Oracle releases 389 new security patches to address 200 vulnerabilities as part of the first Critical Patch Update of 2024....
Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Citrix is aware of attacks exploiting two new NetScaler ADC and Gateway zero-day vulnerabilities tracked as CVE-2023-6548 and CVE-2023-6549. The...
Google Warns of Chrome Browser Zero-Day Being Exploited – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ryan Naraine The exploited zero-day, tagged as CVE-2024-0519, is described as an out-of-bounds memory access issue in the V8 JavaScript engine. The...
Inside the Massive Naz.API Credential Stuffing List – Source: www.troyhunt.com
Source: www.troyhunt.com – Author: Troy Hunt It feels like not a week goes by without someone sending me yet another credential stuffing list. It’s usually something...
GitHub rotates keys to mitigate impact of credential-exposing flaw – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment...
MacOS info-stealers quickly evolve to evade XProtect detection – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and...
Citrix warns of new Netscaler zero-days exploited in attacks – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day...
Google fixes first actively exploited Chrome zero-day of 2024 – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of...
Majorca city Calvià extorted for $11M in ransomware attack – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas The Calvià City Council in Majorca announced it was targeted by a ransomware attack on Saturday, which impacted municipal services....
FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential...
PixieFail flaws impact PXE network boot in enterprise systems – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas A set of nine vulnerabilities, collectively called ‘PixieFail,’ impact the IPv6 network protocol stack of Tianocore’s EDK II, the open-source...
Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials – Source:thehackernews.com
Source: thehackernews.com – Author: . Jan 17, 2024NewsroomBotnet / Cloud Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI)...
Webinar: The Art of Privilege Escalation – How Hackers Become Admins – Source:thehackernews.com
Source: thehackernews.com – Author: . Jan 17, 2024The Hacker NewsCyber Threat / Live Webinar In the digital age, the battleground for security professionals is not only...
New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone – Source:thehackernews.com
Source: thehackernews.com – Author: . Jan 17, 2024NewsroomSpyware / Forensic Analysis Cybersecurity researchers have identified a “lightweight method” called iShutdown for reliably identifying signs of spyware...
GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials – Source:thehackernews.com
Source: thehackernews.com – Author: . Jan 17, 2024NewsroomVulnerability / Software Security GitHub has revealed that it has rotated some keys in response to a security vulnerability...
Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP! – Source:thehackernews.com
Source: thehackernews.com – Author: . Jan 17, 2024NewsroomVulnerability / Cyber Threat Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and...
Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability – Source:thehackernews.com
Source: thehackernews.com – Author: . Jan 17, 2024NewsroomBrowser Security / Vulnerability Google on Tuesday released updates to fix four security issues in its Chrome browser, including...
GitHub Rotates Credentials and Patches New Bug – Source: www.infosecurity-magazine.com
Source: www.infosecurity-magazine.com – Author: 1 GitHub has revealed that service disruption in December was due to it rotating credentials after the discovery of a high-severity bug,...
Google fixed the first actively exploited Chrome zero-day of 2024 – Source: securityaffairs.com
Source: securityaffairs.com – Author: Pierluigi Paganini Google fixed the first actively exploited Chrome zero-day of 2024 Google has addressed the first Chrome zero-day vulnerability of the...