They’ve begun: Attacks exploiting vulnerability with maximum 10 severity rating
Will attacks be as big as those targeting MOVEit? Maybe not, but they still can be plenty bad. Enlarge (credit: Getty Images) Ransomware hackers have started exploiting one or more recently fixed vulnerabilities that pos.....»»
Cybercriminals exploit file sharing services to advance phishing attacks
Threat actors use popular file-hosting or e-signature solutions as a disguise to manipulate their targets into revealing private information or downloading malware, according to Abnormal Security. A file-sharing phishing attack is a unique type of ph.....»»
Organizations turn to biometrics to counter deepfakes
The risk of deepfakes is rising with 47% of organizations having encountered a deepfake and 70% of them believing deepfake attacks which are created using generative AI tools, will have a high impact on their organizations, according to iProov. Perce.....»»
Vulnerability in Microsoft apps allowed hackers to spy on Mac users
A vulnerability found in Microsoft apps for macOS allowed hackers to spy on users. Security researchers from Cisco Talos reported in a blog post how the vulnerability could be exploited by attackers and what Microsoft has been doing to fix the explo.....»»
Windows 0-day was exploited by North Korea to install advanced rootkit
FudModule rootkit burrows deep into Windows, where it can bypass key security defenses. Enlarge (credit: Getty Images) A Windows zero-day vulnerability recently patched by Microsoft was exploited by hackers working on be.....»»
Less severe forest fires can reduce intensity of future blazes
Not all forest fires have devastating effects. Low- and moderate-severity forest wildfires can reduce the intensity of future conflagrations for as long as 20 years in certain climates, according to new research by the University of California, Davis.....»»
This Apple TV+ show has 100% on Rotten Tomatoes, and season two is coming soon
Apple TV+ has plenty of excellent shows, but among all of its best-reviewed titles, only two series have scored a 100% freshness rating on Rotten Tomatoes. And now, Apple has announced that one of those shows—Bad Sisters—is debuting its second se.....»»
Protecting academic assets: How higher education can enhance cybersecurity
Cyber attacks against higher education institutions increased by 70% in 2023. This is largely due to legacy endpoint security management and practices, limited IT support staff, and overwhelming amounts of data, much of which is PII (personally ident.....»»
Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited.....»»
Critical Start helps organizations reduce cyber risk from vulnerabilities
Critical Start announced Critical Start Vulnerability Management Service (VMS) and Vulnerability Prioritization. These new offerings are a foundational pillar of Managed Cyber Risk Reduction, allowing organizations to assess, manage, prioritize, and.....»»
Authentik: Open-source identity provider
Authentik is an open-source identity provider designed for maximum flexibility and adaptability. It easily integrates into existing environments and supports new protocols. It’s a comprehensive solution for implementing features like sign-up, a.....»»
Pixel problems: Google"s security nightmare caused by hidden software
A vulnerability included in every version of Android for previous Google Pixel models will soon be patched, but Pixel 9 buyers don't need to worry.Google Pixel 9The majority of Google Pixel smartphones sold from September 2017 onward have included a.....»»
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been una.....»»
Unlearning the RaaS Model: How ransomware attacks are evolving
Unlearning the RaaS Model: How ransomware attacks are evolving.....»»
DDoS attack volume rises, peak power reaches 1.7 Tbps
The total number of DDoS attacks during H1 2024 amounted to 830,000, an increase of 46% when compared to H1 2023, according to Gcore. Peak attack power rose from 1.6 terabits per second (Tbps) in H2 2023 to 1.7 Tbps. DDoS attacks hit Gaming, tech, fi.....»»
Current attacks, targets, and other threat landscape trends
In this Help Net Security video, Kendall McKay, Strategic Lead, Cyber Threat Intelligence at Cisco Talos, discusses the trends that Cisco Talos incident response observed in incident response engagements from Q2 2024, which covers April to June. Whil.....»»
Lawsuit Attacks Florida’s Lab-Grown Meat Ban as Unconstitutional
Upside Foods, a leading cultivated-meat company, argues that the ban violates the US Constitution in several ways......»»
How CIOs, CTOs, and CISOs view cyber risks differently
C-suite executives face a unique challenge: aligning their priorities between driving technological innovation and ensuring business resilience while managing ever-evolving cyber threats from criminals adept at exploiting the latest technologies, acc.....»»
The Anker Soundcore has a 24-hour playtime for only $24
The Anker Soundcore Bluetooth speaker with a 24-hour battery life and an IPX5 waterproof rating is on sale from Amazon for only $24, but you have to hurry......»»
Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)
A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability is exploitable remotely and requires no special privileges or user interact.....»»
The role of employee awareness in preventing supply chain attacks
The role of employee awareness in preventing supply chain attacks.....»»