Attackers are logging in instead of breaking in
Cyberattackers leveraged more than 500 unique tools and tactics in 2022, according to Sophos. The data, analyzed from more than 150 Sophos Incident Response (IR) cases, identified more than 500 unique tools and techniques, including 118 “Living off.....»»
Rebrand, regroup, ransomware, repeat
Changes witnessed over the last few years have led to larger ransomware groups breaking into smaller units, posing more considerable challenges for law enforcement. Ransomware actors are evading arrest more easily and adapting methods with innovative.....»»
Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers......»»
Breaking down the indestructible: New technologies target PFAS environmental menace
PFAS are synthetic chemicals widely used in products such as non-stick cookware and waterproof clothing due to their water and grease-resistant properties. However, their persistence in the environment has led to widespread contamination and signific.....»»
Breaking boundaries: The unexpected routes of minerals in crop growth
Imagine plants not just sipping nutrients dissolved in water, but actually munching on tiny mineral particles straight from the soil. A study sheds light on how wheat and lettuce aren't just passive feeders—they actively grab, transport, and utiliz.....»»
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty pro.....»»
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript.....»»
PostgreSQL databases under attack
Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack – observed by Aqua Security researchers on a honeypot system – starts with the threat actors brute-forcing access.....»»
Apple"s M3 Pro 14-inch MacBook Pro drops to $1,499, the lowest price ever
A record-breaking MacBook Pro 14-inch price drop is knocking a staggering $500 off the M3 Pro model at Amazon, Best Buy and B&H. Grab the deal while supplies last.Save $500 on this 14-inch MacBook Pro.To snap up the deal while supplies last, head ove.....»»
The overshoot myth: We can"t keep burning fossil fuels and expect scientists of the future to get us back to 1.5°C
Record breaking fossil fuel production, all-time high greenhouse gas emissions and extreme temperatures. Like the proverbial frog in the heating pan of water, we refuse to respond to the climate and ecological crisis with any sense of urgency. Under.....»»
Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera
Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in M.....»»
Vulnerability in Microsoft apps allowed hackers to spy on Mac users
A vulnerability found in Microsoft apps for macOS allowed hackers to spy on users. Security researchers from Cisco Talos reported in a blog post how the vulnerability could be exploited by attackers and what Microsoft has been doing to fix the explo.....»»
Last call: Apple"s 1TB iPad Pro 13-inch dips to new record low price at $200 off
A record-breaking discount is available exclusively for AppleInsider readers, with the premium 2024 M4 iPad Pro 13-inch with 1TB storage now $200 off.The lowest price on record for the well-equipped model is available only at AppleInsider when you sh.....»»
Record-breaking phone collection unveiled — and it’s huge
A private collection of mobile phones numbering in the thousands has been unveiled, and it has claimed a Guinness World Record......»»
Security flaws in Microsoft Mac apps could let attackers spy on users
Cisco Talos recently uncovered security vulnerabilities in several Microsoft apps for macOS that can potentially let attackers spy on your camera and other system components.Security flaws found in Microsoft apps for MacTalos claims to have found eig.....»»
Record-breaking phone collection unveiled, and it’s huge
A private collection of mobile phones numbering in the thousands has been unveiled, and it has claimed a Guinness World Record......»»
Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited.....»»
The Run of Record-Breaking Heat Has Ended, for Now
Air temperatures in July 2024 were fractionally cooler than in July 2023, probably because of a waning El Niño. But don’t expect things to be much cooler in coming years......»»
This Code Breaker Is Using AI to Decode the Heart’s Secret Rhythms
Inspired by his expertise in breaking ancient codes, Roeland Decorte built a smartphone app that continuously listens for signs of disease hidden in our pulse......»»
Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom
Cybercriminals are breaking into organizations’ cloud storage containers, exfiltrating their sensitive data and, in several cases, have been paid off by the victim organizations to not leak or sell the stolen data. “The attackers behind t.....»»
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been una.....»»