More PyPl packages hacked following phishing attack
Package maintainers gave away login credentials, which were then used to taint packages with malicious code......»»
IRONSCALES expands platform capabilities to improve employee phishing awareness
IRONSCALES announced its Fall ’23 Release, strengthening its foundational behavioral analysis with deep image-based detection capabilities to stop email attacks that bypass text analysis such as QR code phishing attacks (or quishing). Additionally,.....»»
Outdated cryptographic protocols put vast amounts of network traffic at risk
Cryptography is largely taken for granted – rarely evaluated or checked – a practice that could have devastating consequences for businesses as attack surfaces continue to expand, the cost of a data breach rises year-over-year, and the age of qua.....»»
7 free cyber threat maps showing attack intensity and frequency
Cyber threat maps are one of the most visually engaging tools in the arsenal of cybersecurity professionals. These real-time visualizations provide a global perspective on digital threats, showcasing the intensity and frequency of attacks as they hap.....»»
No, Okta, senior management, not an errant employee, caused you to get hacked
If a transgression by a single employee breaches your network, you're doing it wrong. Enlarge (credit: Omar Marques/SOPA Images/LightRocket via Getty Images) Identity and authentication management provider Okta on Friday.....»»
A croc"s life: There"s more than meets the eye
Saltwater crocodiles are large predators that lurk in muddy waters, with jaws powerful enough to attack anything from water buffalo to humans... but they are also just big chilled-out lounge-lizards who love to sunbake......»»
Ransomware attacks set to break records in 2023
Ransomware attacks continue at a record-breaking pace, with Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year (YoY), according to Corvus Insurance. In its Q2 2023 Global Ransomware Report, Corvus noted a significant res.....»»
This tiny device is sending updated iPhones into a never-ending DoS loop
No cure yet for a popular iPhone attack, except for turning off Bluetooth. Enlarge / A fully updated iPhone (left) after being force crashed by a Flipper Zero (right). (credit: Jeroen van der Ham) One morning two weeks a.....»»
HBO boss Casey Bloys admits using fake accounts to hit back at critics
Casey Bloys was responding to reports he tasked staff with creating fake accounts to attack critics......»»
Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: GOAD: Vulnerable Active Directory environment for practicing attack techniques Game of Active Directory (GOAD) is a free pentesting lab. It provides.....»»
Saturday Citations: Mars limnology, phage immunology, quantum technology. Plus: The mushrooms are coming
This week, we reported on LIGO upgrades, parasitic fungi and a new analysis of Curiosity rover data. Also, did you know that viruses also attack bacteria? But at that scale, it's a lot less like catching a cold and a lot more like Harry Dean Stanton.....»»
Apple news: iLeakage attack, MAC address leakage bug
On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. This time around, the updates did not garner as much attention as when they deliver a zero-day fix, though it has to be menti.....»»
Humans are still better than AI at crafting phishing emails, but for how long?
Humans are still better at crafting phishing emails compared to AI, but not by far and likely not for long, according to research conducted by IBM X-Force Red. Creating phishing emails: Humans vs. AI The researchers wanted to see whether ChatGPT is a.....»»
GOAD: Vulnerable Active Directory environment for practicing attack techniques
Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. GOAD-Light: 3 vms, 1 forest, 2 domains “When the Zerologon vulnerability surfaced.....»»
Quishing: Tricks to look out for
QR code phishing – aka “quishing” – is on the rise, according to HP, Darktrace, Malwarebytes, AusCERT, and many others. What are QR codes? QR codes are two-dimensional matrix barcodes used for tracking products, identifying it.....»»
iLeakage attack resurrects Spectre with password and website data extraction
Spectre can't stay dead despite numerous attempts by Apple to patch it, with iLeakage the latest attack vector to utilize speculative execution demonstrated by researchers.iLeakage attackApple's move to Apple Silicon processors hasn't stopped specula.....»»
Oldest family of jewel wasps discovered in Cretaceous amber from Lebanon
Jewel wasps (Chalcidoidea) are one of the most diverse groups of insects, with more than 120,000 species described and an estimated true diversity of nearly 1 million. The chalcids are parasitoid wasps, which attack other insects to lay their eggs up.....»»
The Samsung Galaxy S23 just got hacked big time - should you be worried?
Hackers are competing to breach Samsung's latest flagship Galaxy S23 phone, with two groups already being successful......»»
Hackers can force iOS and macOS browsers to divulge passwords and much more
iLeakage is practical and requires minimal resources. A patch isn't (yet) available. Enlarge (credit: Kim et al.) Researchers have devised an attack that forces Apple’s Safari browser to divulge passwords, Gmail messag.....»»
CyCognito platform enhancements help users identify and protect unmanaged assets
CyCognito announced a major platform expansion of its External Attack Surface Management (EASM). The latest release includes extended visibility across cloud assets, web application API endpoints and web application firewalls (WAFs), enhanced web cra.....»»
Teleport Identity Governance and Security reduces attack surface area
Teleport released Teleport Identity Governance and Security, a product that secures and governs services, and user identities across multiple clouds, environments and SaaS applications. This new product reduces attack response times by providing cust.....»»