Attackers are logging in instead of breaking in
Cyberattackers leveraged more than 500 unique tools and tactics in 2022, according to Sophos. The data, analyzed from more than 150 Sophos Incident Response (IR) cases, identified more than 500 unique tools and techniques, including 118 “Living off.....»»
How attackers deliver malware to Foxit PDF Reader users
Threat actors are taking advantage of the flawed design of Foxit PDF Reader’s alerts to deliver malware via booby-trapped PDF documents, Check Point researchers have warned. Exploiting the issue The researchers have analyzed several campaigns u.....»»
May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)
For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based b.....»»
Finding the chink in coronavirus"s armor—experiment reveals how the main protease of SARS-CoV-2 protects itself
The COVID-19 pandemic resulted in millions of deaths. Despite an unparalleled collaborative research effort that led to effective vaccines and therapies being produced in record-breaking time, a complete understanding of the structure and lifecycle o.....»»
Apple makes breaking your new iPad"s screen a little less painful
Buyers of the new iPad Air and iPad Pro now have an option with AppleCare+ to get broken screens replaced for just $29.AppleCare+ logo atop an iPadThe new low fee is the same one that Apple has been running for iPhones since 2018, and it comes with t.....»»
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)
Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability in the Visuals component that can be exploited by remote attackers to trigg.....»»
Google patches its fifth zero-day vulnerability of the year in Chrome
Exploit code for critical "use-after-free" bug is circulating in the wild. Enlarge (credit: Getty Images) Google has updated its Chrome browser to patch a high-severity zero-day vulnerability that allows attackers to exe.....»»
School"s out: how climate change threatens education
Record-breaking heat last month that prompted governments in Asia to close schools offers fresh evidence of how climate change is threatening the education of millions of children......»»
Apple made an outrageous change to its new iPads
Apple's new iPads are here, but these new devices are breaking a longstanding tradition......»»
Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)
Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same local network. .....»»
SentinelOne Singularity Cloud Native Security simulates harmless attacks on cloud infrastructure
Attackers are targeting the scope and scale of the cloud to run rapid and coordinated threat campaigns. A new approach is needed to defend against them, and SentinelOne is delivering it with the launch of Singularity Cloud Native Security. A solution.....»»
Ghost Security Phantasm detects attackers targeting APIs
Ghost Security announced the early access availability of Phantasm, application-specific threat intelligence poised to fill a large gap that currently exists in both threat intelligence and application security. Developed by a team of industry expert.....»»
World extends run of heat records for an 11th month in a row
April was the Earth's 11th consecutive month of record-breaking heat, with warmer weather already sweeping across Asia and a hotter-than-usual summer expected in Europe......»»
MITRE breach details reveal attackers’ successes and failures
MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect Secure VPN.....»»
Novel attack against virtually all VPN apps neuters their entire purpose
TunnelVision vulnerability has existed since 2002 and may already be known to attackers. Enlarge (credit: Getty Images) Researchers have devised an attack against nearly all virtual private network applications that forc.....»»
Researchers discover spontaneous liquefaction of solid metal–liquid metal interfaces in colloidal binary alloys
The boundary between solid metal and liquid metal can be much less "solid" than we ever suspected. RMIT researchers have discovered that the liquid-solid boundary can fluctuate back and forth, with metallic atoms near the surface breaking free from t.....»»
For the ancient Maya, cracked mirrors were a path to the world beyond
Some people fear that breaking a mirror can lead to seven years of misfortune. The history of this superstition may go back to the ancient Greeks and Romans, who ascribed mysterious powers to reflected images......»»
Dropbox says attackers accessed customer and MFA info, API keys
File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and authentication information. “From a technical perspective, Dropbox Sign’s infrastructure is lar.....»»
AI-driven phishing attacks deceive even the most aware users
Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics, according to Zscaler. AI automates and personalizes various aspects of the attack process AI-driven phishing attacks leverage AI.....»»
The latest Windows update is breaking VPN connections
Microsoft has just confirmed that the April 2024 Windows security updates break VPN connections across client and server platforms......»»
Apple has ‘secretive’ advanced AI lab in Europe; poached specialists from Google
A new report today says that Apple has created a ‘secretive’ advanced AI lab in Europe, and it’s this facility which is responsible for some of its most ground-breaking artificial intelligence work. The same report suggests that most of Appl.....»»