PostgreSQL databases under attack
Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack – observed by Aqua Security researchers on a honeypot system – starts with the threat actors brute-forcing access.....»»
DDoS attack volume rises, peak power reaches 1.7 Tbps
The total number of DDoS attacks during H1 2024 amounted to 830,000, an increase of 46% when compared to H1 2023, according to Gcore. Peak attack power rose from 1.6 terabits per second (Tbps) in H2 2023 to 1.7 Tbps. DDoS attacks hit Gaming, tech, fi.....»»
Microsoft fixes 6 zero-days under active attack
August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memor.....»»
Australian gold mining company hit with ransomware
Australian gold mining firm Evolution Mining has announced on Monday that it became aware on 8 August 2024 of a ransomware attack impacting its IT systems, and has been working with its external cyber forensic experts to investigate the incident. .....»»
Browser backdoors: Securing the new frontline of shadow IT
Browser extensions are a prime target for cybercriminals. And this isn’t just a consumer problem – it’s a new frontier in enterprises’ battle against shadow IT. Ultimately, more extension permissions result in potentially bigger attack su.....»»
A major Sonos exploit was explained at Black Hat — but you needn’t worry
Researchers from NCC Group showed how a Sonos One could fall victim to an attack that would let someone listen in on the microphones......»»
Are Taylor Swift concerts still safe after terrorist threat? Experts explain why stadiums can be "soft targets"
Authorities in Austria say they've subverted a planned terrorist attack targeting several of Taylor Swift's Eras Tour concerts in Vienna, shows that would have drawn as many as 200,000 concertgoers to three stadiums......»»
New infosec products of the week: August 9, 2024
Here’s a look at the most interesting products from the past week, featuring releases from: Rapid7, AppOmni, Contrast Security, Elastic, Cequence Security, Veza, ArmorCode, and EndorLabs. Rapid7 releases Command Platform, unified attack defense and.....»»
A critical security issue in 1Password for Mac left credentials vulnerable to attack
1Password has disclosed a now patched critical security flaw in its software that could give attackers access to users' unlock keys and credentials. Here's what to do to keep your data safe.1Password has disclosed a critical security flaw present in.....»»
Prompt injection attack on Apple Intelligence reveals a flaw, but is easy to fix
A prompt injection attack on Apple Intelligence reveals that it is fairly well protected from misuse, but the current beta version does have one security flaw which can be exploited. However, the issue would be very easy for the company to fix, so.....»»
“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days
A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of Sa.....»»
Austria finds chemicals in house of suspected Taylor Swift concert attack plotter
Austria finds chemicals in house of suspected Taylor Swift concert attack plotter.....»»
Russian Mi-28 Havoc Attack Helicopter Engaged In Mid-Air By Ukrainian Drone
Russian Mi-28 Havoc Attack Helicopter Engaged In Mid-Air By Ukrainian Drone.....»»
Videos of people feeding crocodiles at site of latest attack are deeply concerning, says expert
After a 4.9-meter saltwater crocodile (Crocodylus porosus) killed a 40-year-old doctor in Far North Queensland this week, the illegal feeding of wild crocodiles has become a point of major concern......»»
Cymulate AI Copilot validates security against real-time threats
Cymulate AI Copilot is a generative AI solution designed to deploy, test and tune security controls to evaluate their effectiveness against real-time threats. The solution offers a dynamic attack planner, among other AI-powered features, for greater.....»»
Mac and Windows users infected by software updates delivered over hacked ISP
DNS poisoning attack worked even when targets used DNS from Google and Cloudflare. Enlarge (credit: Marco Verch Professional Photographer and Speaker) Hackers delivered malware to Windows and Mac users by compromising th.....»»
Hacked ISP infects users receiving unsecure software updates
DNS poisoning attack worked even when targets used DNS from Google and Cloudflare. Enlarge (credit: Marco Verch Professional Photographer and Speaker) Hackers delivered malware to Windows and Mac users by compromising th.....»»
Southport attacks: What we know about knife crime in the UK and how to solve it
The knife attack on a dance class of children in Southport has left the country horrified. We do not yet know much about what happened, but a male aged 17 has been charged with the murder of three girls and 10 counts of attempted murder......»»
Rapid7 releases Command Platform, unified attack defense and response
Rapid7 launched its Command Platform, a unified threat exposure, detection, and response platform. It allows customers to integrate their critical security data to provide a unified view of vulnerabilities, exposures, and threats from endpoint to clo.....»»
Chinese hackers hijacked an ISP software update to spread malware
StormBamboo used DNS poisoning to successfully attack organizations using insecure updates......»»
Mac malware posing as apps like Loom, LedgerLive, and Black Desert Online
A “sophisticated and alarming” Mac malware attack is being carried out in the guise of free versions of popular apps like the screen recording utility Loom, cryptocurrency manager LedgerLive, and MMO game Black Desert Online. It appears to be.....»»