Cybercriminals use legitimate websites to obfuscate malicious payloads
According to Egress, the evolving attack methodologies currently used by cybercriminals are designed to get through traditional perimeter security. “The evolution of phishing emails continues to pose a major threat to organizations, emphasizing the.....»»
Edgio Client-Side Protection enables organizations to secure critical customer data
Edgio released its Client-Side Protection solution. Designed to monitor scripts and APIs on the browser-side to prevent malicious code from exfiltrating sensitive customer data, Edgio Client-Side Protection allows teams to gain full visibility on cli.....»»
CISOs are nervous Gen AI use could lead to more security breaches
Malicious Gen AI use is on top of everyone's mind, as hackers create convincing phishing emails......»»
Binarly releases Transparency Platform v2.0 to improve software supply chain security
Binarly releases the Binarly Transparency Platform v2.0 with features for continuous post-build compliance, visibility into the security posture of IoT and XIoT devices, and the ability to identify malicious behavior and hidden backdoors within binar.....»»
AI set to play key role in future phishing attacks
A staggering increase in QR code phishing (quishing) attacks during 2023 saw them skyrocket up the list of concerns for cyber teams globally, according to Egress. Attacks were both prolific and highly successful, demonstrating how cybercriminals effe.....»»
North Korea is evading sanctions by animating Max and Amazon shows
Thousands of exposed files on North Korean server tell the tale. Enlarge (credit: Aurich Lawson / Getty) For almost a decade, Nick Roy has been scanning North Korea’s tiny Internet presence, spotting new websites comin.....»»
The rising influence of AI on the 2024 US election
We stand at a crossroads for election misinformation: on one side our election apparatus has reached a higher level of security and is better defended from malicious attackers than ever before. On the other side, the rise of artificial intelligence (.....»»
Here’s how to protect against iPhone password reset attacks [U]
One of the latest attacks on iPhone sees malicious parties abuse the Apple ID password reset system to inundate users with iOS prompts to take over their accounts. Here’s how you can protect against iPhone password reset attacks (often called “MF.....»»
Security Bite: Cybercriminals take advantage of Apple Store Online’s third-party pickup
At this year’s annual hacking conference, Black Hat Asia, a team of security researchers revealed how cybercriminals are sneakily using........»»
How iOS Web Distribution works in the EU in iOS 17.5
The new iOS 17.5 beta introduces app sideloading from websites in the EU and Apple has announced both what eligible developers have to do, and what users can expect to see.Apple is allowing EU developers to skip the App Store and offer sideloading fr.....»»
New open-source project takeover attacks spotted, stymied
The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious.....»»
Publisher Reinforces Paywall With Sci-Hub Blockade in Germany
As part of a voluntary agreement with copyright holders, German Internet service providers block a list of structurally infringing websites. This blocklist has recently expanded with the first publisher-related target; popular shadow library, Sci-Hub.....»»
Movie industry demands US law requiring ISPs to block piracy websites
Opponents say SOPA-like proposal would block plenty of legitimate websites. Enlarge / Motion Picture Association CEO Charles Rivkin speaks onstage during CinemaCon, a convention of the National Association of Theatre Owners, at C.....»»
Index Engines CyberSense 8.6 detects malicious activity
Index Engines announced the latest release of its CyberSense software, with version 8.6 delivering a revamped user interface to support smarter recovery from ransomware attacks, new custom Advanced Threshold Alerts to proactively detect unusual activ.....»»
IT pros targeted with malicious Google ads for PuTTY, FileZilla
An ongoing malvertising campaign is targeting IT administrators looking to download system utilities such as PuTTY (a free SSH and Telnet client) and FileZilla (a free cross-platform FTP application). “We have reported this campaign to Google b.....»»
Thousands of LG TVs are vulnerable to takeover—here’s how to ensure yours isn’t one
LG patches four vulnerabilities that allow malicious hackers to commandeer TVs. Enlarge (credit: Getty Images) As many as 91,000 LG TVs face the risk of being commandeered unless they receive a just-released security upd.....»»
How can the energy sector bolster its resilience to ransomware attacks?
Since it plays a vital role in every functioning society, the energy sector has always been a prime target for state-backed cybercriminals. The cyber threats targeting this industry have grown significantly in recent years, as geopolitical tensions h.....»»
How malicious email campaigns continue to slip through the cracks
In this Help Net Security video, Josh Bartolomie, VP of Global Threat Services at Cofense, discusses how email will remain a target as long as it remains the predominant form of communication within a business. Cofense researchers have found that mal.....»»
Cybercriminal adoption of browser fingerprinting
Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns. While browser fingerprinting has been used by legitimate organizations to uniquely identify web browser.....»»
“Pink slime” local news outlets erupt all over US as election nears
Number of partisan news sites roughly equals those doing actual, legitimate journalism. Enlarge / Chicago City Wire is a hyper-partisan website masquerading as an outlet that does journalism. (credit: FT Montage) The num.....»»
Sideloading apps from the web in EU possible with iOS 17.5
As promised, the iOS 17.5 beta includes support for sideloading apps directly from authorized developer websites in the European Union.Apple App StoreWhen Apple first released its plans for complying with the EU's Digital Markets Act, it only intende.....»»