April 4, 2024 at 05:01AM The UK National Cyber Security Centre warns that the use of artificial intelligence (AI) in cybercrime will increase the volume and impact of attacks. Cybersecurity firm Sophos also highlights the potential for AI to enable large-scale scam campaigns, demonstrating how AI can be used to create convincing content to lure … Read more
April 4, 2024 at 12:57AM Ivanti has released security updates to fix four flaws affecting Connect Secure and Policy Secure Gateways. These flaws could lead to code execution and denial-of-service attacks. The vulnerabilities include heap overflow, null pointer dereference, and XML entity expansion issues. Ivanti has been addressing security flaws and is working on improving … Read more
April 3, 2024 at 08:11AM Google is addressing cookie theft by developing Device Bound Session Credentials (DBSC) to tie authentication data to a specific device, making stolen cookies useless. DBSC creates public/private key pairs and associates sessions with the public key, preventing correlation between keys from different sessions to protect privacy. Google expects to support … Read more
April 2, 2024 at 03:40PM A campaign is distributing malware by posing as genuine installers for popular workplace collaboration apps through exploiting a traffic-tracking feature. After reviewing the meeting notes, it is clear that the campaign involves distributing malware by disguising it as legitimate installers for popular workplace collaboration apps. This is achieved by abusing … Read more
April 2, 2024 at 10:03AM Pentagrid reported a vulnerability in self check-in kiosks at Ibis Budget hotels, potentially exposing keypad codes used to enter rooms. The vulnerability was found in Germany, but likely impacted other European hotels. Accor, the brand owner, promptly addressed the issue. The flaw could have allowed unauthorized room access, posing a … Read more
April 2, 2024 at 07:09AM Prudential Financial recently revealed a data breach impacting 36,000 individuals, involving unauthorized access to personal information such as names, addresses, and license numbers. The breach, attributed to the Alphv/BlackCat ransomware group, occurred on February 4, 2024. Prudential is offering credit monitoring and has reinforced security measures. No identity theft or … Read more
March 29, 2024 at 09:09AM In March 2024, a dormant botnet, TheMoon, was found controlling EoL routers and IoT devices to power a criminal proxy service named Faceless. The service allows malicious activities to remain anonymous and has been used by threats like SolarMarker and IcedID to connect to their C2 servers. The majority of … Read more
March 29, 2024 at 08:36AM The US Department of Energy has allocated $15 million for university-based electric power centers to enhance cybersecurity in the energy sector. Six universities will partner with industry stakeholders and the DOE National Laboratories for cybersecurity research and training. The initiative aims to reduce power disruption risk and develop tailored cybersecurity … Read more
March 29, 2024 at 08:03AM Automated network penetration testing is a game-changer in cybersecurity, making it affordable and efficient for companies to assess their network security regularly. Benefits include finding and fixing vulnerabilities, catching what other tools miss, improving security operations, avoiding downtime and financial losses, complying with regulations, understanding attackers’ tactics, testing incident response … Read more
March 28, 2024 at 01:19PM The malicious actor utilized Slack channels to upload stolen data as an exfiltration point. Based on the meeting notes, it appears that the malicious actor utilized Slack channels to upload the stolen data as an exfiltration point. Full Article