LibreOffice, OpenOffice Bug Allows Hackers To Spoof Signed Docs
LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source. Although the severity of the flaw is classified as moderate, the implica.....»»
Hacker free-for-all fights for control of home and office routers everywhere
How and why nation-state hackers and cybercriminals coexist in the same router botnet. Enlarge (credit: Aurich Lawson / Ars Technica) Cybercriminals and spies working for nation-states are surreptitiously coexisting insi.....»»
TikTok could be banned in Europe as well as the US
Hugely popular video app TikTok could be banned in Europe as well as the US, according to remarks made by the president of the European Commission. TikTok is also under two separate EU investigations, and President Biden last week signed a bill wh.....»»
Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) A state-sponsored threat actor has managed to compromise Cis.....»»
TikTok owner has strong First Amendment case against US ban, professors say
Professor: US faces "uphill battle" justifying law against First Amendment suit. Enlarge (credit: Getty Images | NurPhoto) TikTok owner ByteDance is preparing to sue the US government now that President Biden has signed.....»»
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets
WP Automatic plugin patched, but release notes don't mention the critical fix. Enlarge (credit: Getty Images) Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-.....»»
ByteDance would rather shut down US TikTok than sell it
TikTok owner ByteDance reportedly will not sell to a US firm if it is unable to convince a court to overturn President Biden's day-old law forcing a sale or ban.TikTok may be cease to be available in the USAccording to the bill signed into law by Pre.....»»
CISOs are nervous Gen AI use could lead to more security breaches
Malicious Gen AI use is on top of everyone's mind, as hackers create convincing phishing emails......»»
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)
A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco T.....»»
Nation-state hackers exploit Cisco firewall 0-days to backdoor government networks
Perimeter devices ought to prevent network hacks. Why are so many devices allowing attacks? Enlarge (credit: Getty Images) Hackers backed by a powerful nation-state have been exploiting two zero-day vulnerabilities in Ci.....»»
The best resume templates for Google Docs
Use Google Docs resume templates to ensure Applicant Tracking Software compliance when you're applying for jobs......»»
Biden signs TikTok bill into law as Chinese firm threatens legal action
President Biden has now formally signed the bill that means TikTok owner ByteDance must sell the platform, or face being banned in the US from 2025.TikTok could be banned in the US from 2025As expected following the Senate's passing of the combinatio.....»»
Hackers are using developing countries for ransomware practice
Businesses in Africa, Asia, and South America hit before moving on to Western targets. Enlarge (credit: Getty Images) Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia, and Sout.....»»
Hackers are carrying out ransomware experiments in developing countries
Businesses in Africa, Asia, and South America hit before moving on to western targets. Enlarge (credit: Getty Images) Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia and South.....»»
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)
For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a launcher.....»»
Hackers infect users of antivirus service that delivered updates over HTTP
eScan AV updates were delivered over HTTP for five years. Enlarge (credit: Getty Images) Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service.....»»
Windows vulnerability reported by the NSA exploited to install Russian malware
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now. Enlarge (credit: Getty Images) Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attack.....»»
Biden signs bill criticized as “major expansion of warrantless surveillance”
FISA renewal requires more service providers to cooperate with government. Enlarge (credit: Getty Images | Yuichiro Chino) Congress passed and President Biden signed a reauthorization of Title VII of the Foreign Intellig.....»»
Windows vulnerability reported by the NSA exploited to install Russian backdoor
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now. Enlarge (credit: Getty Images) Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attack.....»»
Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate
Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants — cheap, independently produced, and crudely constructed — on the dark web. The developers of these junk gun variants are attempting to disrupt the traditional affiliate.....»»
Damn Vulnerable RESTaurant: Open-source API service designed for learning
Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game. “I wanted to create a generic playground for ethical hackers, developer.....»»