Prevent attackers from using legitimate tools against you
Malicious actors are increasingly exploiting legitimate tools to accomplish their goals, which include disabling security measures, lateral movement, and transferring files. Using commonly available tools allows attackers to evade detection. While cu.....»»
Unpatchable 0-day in surveillance cam is being exploited to install Mirai
Vulnerability is easy to exploit and allows attackers to remotely execute commands. Enlarge (credit: Getty Images) Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mira.....»»
Rezonate’s mid-market solution reduces the cloud identity attack surface
Rezonate announced a new identity security solution for mid-market companies. The offering proactively reduces the identity attack surface and improves compliance efforts in a fraction of the time of legacy IAM tools or manual methods. This approach.....»»
Apple 15W wireless chargers to be banned from sale in China
Apple 15W wireless chargers are set to be banned from sale in China, with both MagSafe and Qi2 charging pads affected. The Chinese government says that the prohibitions are to prevent interference and “maintain the order of airwaves” … m.....»»
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)
Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB,.....»»
AI tools like ChatGPT popular among students who struggle with concentration and attention
Since their release, AI tools like ChatGPT have had a huge impact on content creation. In schools and universities, a debate about whether these tools should be allowed or prohibited is ongoing......»»
X’s Grok will direct users to Vote.gov after bungling basic ballot question
After falsely stating that ballot deadlines passed, Grok sends users to Vote.gov. Enlarge (credit: Getty Images | NurPhoto ) Elon Musk's X platform made a change to its AI assistant, Grok, that may prevent it from giving.....»»
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)
Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentia.....»»
Lateral movement: Clearest sign of unfolding ransomware attack
44% of unfolding ransomware attacks were spotted during lateral movement, according to Barracuda Networks. 25% of incidents were detected when the attackers started writing or editing files, and 14% were unmasked by behavior that didn’t fit with kn.....»»
SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)
SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is.....»»
Fostering creativity in the scientific research process
How can creativity be implemented in the scientific research process from the outset? By equipping students with creativity tools during their training. This is the message of a prominent group of researchers, which they have now published as a Lette.....»»
Telegram CEO Pavel Durov detained in France; fake reports of App Store removal
Telegram co-founder and CEO Pavel Durov has been “detained” in France, on suspicion of failing to take steps to prevent the criminal use of the messaging app. Various rumors are circulating regarding the nature of the investigation, and the fu.....»»
Lyft Pet Rides will prevent repeat of Tux the Missing Cat drama
Today is National Dog Day, a fitting date for the launch of Lyft Pet Rides, a feature intended to match those transporting pets with drivers happy to accommodate them … more….....»»
9to5Mac Overtime 028: Henny Tha Bizness talks iPad music-making and the creative process
Grammy award-winning platinum music producer Henny Tha Bizness joins Overtime to talk about iPad music production, the benefits of simplicity, mastering your tools, why AI in music isn’t as new of a concept as it may seem, and much more. 9to5Mac.....»»
Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers......»»
Bioengineers develop a new environmentally friendly adhesive polymer
A team of bioengineers at the University of California, Berkeley, has developed a new kind of environmentally friendly adhesive polymer. In their study, published in the journal Science, the group used an electrophilic stabilizer to prevent a certain.....»»
QNAP releases QTS 5.2 to prevent data loss from ransomware threats
QNAP has released the QTS 5.2 NAS operating system. A standout feature of this release is the debut of Security Center, which actively monitors file activities and thwarts ransomware threats. Additionally, system security receives a boost with the in.....»»
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty pro.....»»
Mac Studio storage upgraded by hardware hacker, but don"t expect a retail kit soon
The flash storage on a Mac Studio is extremely difficult to upgrade, but a skilled hardware hacker has proven it can be done — assuming you have the skill, tools, time, and patience.Custom PCBs used to upgrade Mac Studio's storage [YouTube/dosdude1.....»»
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript.....»»
Killing giant ragweed just got harder for some Wisconsin farmers
When giant ragweed takes hold in a crop field, the towering weed reduces yield and sends plumes of its famously allergy-inducing pollen into the air. There are few tools available to thwart the menace, especially for farmers growing non-GMO soybeans......»»