Zyxel firewalls under attack by Mirai-like botnet
CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CV.....»»
Liongard unveils Managed Attack Surface Solution for SMBs, mid-market, and enterprise clients
Liongard unveils its latest innovation: the Managed Attack Surface Solution for SMBs, mid-market, and enterprise clients. This solution combines its ASM platform with the expertise of its extensive global managed IT service partner network, providing.....»»
Vectra AI Platform enhancements combat GenAI attacks
Vectra AI announced an expansion of the Vectra AI Platform to protect enterprises from new threat vectors introduced by the rapid adoption of GenAI tools. The Vectra AI Platform’s patented Attack Signal Intelligence uses behavior-based AI to de.....»»
Novel attack against virtually all VPN apps neuters their entire purpose
TunnelVision vulnerability has existed since 2002 and may already be known to attackers. Enlarge (credit: Getty Images) Researchers have devised an attack against nearly all virtual private network applications that forc.....»»
BlackBasta claims Synlab attack, leaks some stolen documents
The BlackBasta ransomware / cyber extortion gang is behind the recent cyber attack that resulted in the temporary shutdown of operations at Synlab Italia. The group claimed the attack on their leak site on Saturday and says they have exfiltrated appr.....»»
Edgio ASM reduces risk from web application vulnerabilities
Edgio launched its Attack Surface Management (ASM) solution. ASM is designed to discover all web assets, provide full inventory of technologies, detect security exposures and manage exposure response across an organization from a centralized manageme.....»»
AI-driven phishing attacks deceive even the most aware users
Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics, according to Zscaler. AI automates and personalizes various aspects of the attack process AI-driven phishing attacks leverage AI.....»»
Hacker free-for-all fights for control of home and office routers everywhere
How and why nation-state hackers and cybercriminals coexist in the same router botnet. Enlarge (credit: Aurich Lawson / Ars Technica) Cybercriminals and spies working for nation-states are surreptitiously coexisting insi.....»»
Health care giant comes clean about recent hack and paid ransom
Ransomware attack on the $371 billion company hamstrung US prescription market. Enlarge (credit: Getty Images) Change Healthcare, the health care services provider that recently experienced a ransomware attack that hamst.....»»
Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades
There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are “not aware at this time of any malicious a.....»»
Account compromise of “unprecedented scale” uses everyday home devices
Credential-stuffing attack uses proxies to hide bad behavior. Enlarge (credit: Getty Images) Authentication service Okta is warning about the “unprecedented scale” of an ongoing campaign that routes fraudulent login.....»»
UK outlaws awful default passwords on connected devices
The law aims to prevent global-scale botnet attacks. Enlarge (credit: Getty Images) If you build a gadget that connects to the Internet and sell it in the United Kingdom, you can no longer make the default password "pass.....»»
Researchers unveil novel attack methods targeting Intel’s conditional branch predictor
Researchers have found two novel types of attacks that target the conditional branch predictor found in high-end Intel processors, which could be exploited to compromise billions of processors currently in use. The multi-university and industry resea.....»»
Android TV has access to your entire account—but Google is changing that
Should sideloading Chrome on an old smart TV really compromise your entire account? Enlarge (credit: Google) Google says it has patched a nasty loophole in the Android TV account security system, which would grant attack.....»»
Hackers infect users of antivirus service that delivered updates over HTTP
eScan AV updates were delivered over HTTP for five years. Enlarge (credit: Getty Images) Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service.....»»
Windows vulnerability reported by the NSA exploited to install Russian malware
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now. Enlarge (credit: Getty Images) Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attack.....»»
Windows vulnerability reported by the NSA exploited to install Russian backdoor
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now. Enlarge (credit: Getty Images) Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attack.....»»
Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation While it initially seemed that protecting Palo Alto Network firewalls f.....»»
Why zebrafish can regenerate damaged heart tissue, while other fish species cannot
A heart attack will leave a permanent scar on a human heart, yet other animals, including some fish and amphibians, can clear cardiac scar tissue and regrow damaged muscle as adults......»»
Whistleblower reveals 2023 CareGard cyberattack, says F&I company concealed it from partners
AFG Cos. was unprepared for a ransomware attack last summer, for months had been unsure of the extent of the breach, and as of early this month hadn't alerted automaker partners or the agents selling its coverage to dealerships, a whistleblower alleg.....»»
Former AFG exec reveals 2023 CareGard data breach, criticizes company"s response
AFG Cos. was unprepared for a ransomware attack last summer, for months had been unsure of the extent of the breach, and as of early this month hadn't alerted automaker partners or the agents selling its coverage to dealerships, a whistleblower alleg.....»»