Spatial Computing Hack Exploits Apple Vision Pro Flaw to Fill Room With Spiders, Bats

June 21, 2024 at 09:21AM Apple classified a recently patched Vision Pro vulnerability as a DoS issue, but a researcher has demonstrated its potential for filling a room with spiders and bats. This exploit highlights the severity of the flaw, raising concerns about the security implications of spatial computing. Based on the meeting notes, it … Read more

CDK warns: threat actors are calling customers, posing as support

June 21, 2024 at 07:02AM CDK Global has issued a warning to customers about unauthorized calls from bad actors posing as CDK agents. The warning follows cyberattacks that caused system shutdowns, disrupting car dealership operations. CDK has set up automated voice response lines for customer updates, cautioning customers against responding to non-CDK communications. There is … Read more

In Other News: Fuxnet ICS Malware, Google User Tracking, CISA Employee Scams 

June 14, 2024 at 10:27AM SecurityWeek curates a weekly roundup of cybersecurity stories, focusing on diverse developments like Chinese cyberspies hacking Fortinet devices, a White House initiative to secure rural hospitals, vulnerabilities in biometric access systems, ICS malware Fuxnet, EU’s encryption backdoor push, and more. Microsoft will evaluate employees’ cybersecurity work for compensation. US federal … Read more

AWS adds passkeys support, warns root users must enable MFA

June 12, 2024 at 03:43PM AWS has launched FIDO2 passkeys for multi-factor authentication, boosting account security. These passkeys use public key cryptography and resist phishing attacks. Amazon encourages users to adopt MFA, planning to make it mandatory for root account users by July 2024. The company is committed to enhancing MFA adoption via CISA’s Secure … Read more

GitHub Paid Out Over $4 Million via Bug Bounty Program

June 12, 2024 at 08:06AM GitHub’s bug bounty program, established 10 years ago, has paid out over $4 million. In 2023, the program reached this milestone and saw its largest single reward of $75,000 for a vulnerability. The total payout exceeded $850,000 in 2023, with GitHub aiming to enhance payout processes and public disclosures in … Read more

Mozilla Launches 0Din Gen-AI Bug Bounty Program

June 7, 2024 at 09:15AM Mozilla launches new bug bounty program called 0Day Investigative Network (0Din) focusing on large language models and deep learning technologies. The program aims to improve the security of the gen-AI ecosystem by addressing various security issues. Researchers can submit findings to ‘0din at mozilla.com’, allowing them an opportunity for contribution … Read more

Chinese Hackers Exploit Old ThinkPHP Vulnerabilities in New Attacks

June 6, 2024 at 01:33PM Two remote code execution (RCE) vulnerabilities in ThinkPHP, CVE-2018-20062 and CVE-2019-9082, patched over five years ago, are being exploited in ongoing attacks. Chinese-speaking threat actors use the web shell “Dama” to compromise servers, bypass PHP functions, and escalate privileges. Organizations are urged to urgently patch, as attackers target unpatched systems. … Read more

Microsoft announces deprecation of Windows NTLM authentication

June 4, 2024 at 11:44AM Microsoft has deprecated NTLM authentication on Windows and Windows servers, urging a transition to Kerberos or Negotiation authentication. This is due to security concerns, including cyberattacks like ‘NTLM Relay.’ Users and developers are recommended to utilize auditing tools to facilitate the transition. The replacement can generally be achieved with a … Read more

NIST Commits to Vulnerability Plan, But Researchers’ Concerns Remain

June 4, 2024 at 09:04AM US National Institute of Standards and Technology is addressing the backlog in processing vulnerability reports. NIST’s plan involves a multipronged approach, working with public and private sectors, and updating technology to handle the increasing number of disclosed vulnerabilities. The backlog has been attributed to a combination of resource reductions and … Read more

Microsoft India’s X account hijacked in Roaring Kitty crypto scam

June 3, 2024 at 06:33PM Microsoft India’s Twitter account, with over 211,000 followers, was hijacked by cryptocurrency scammers impersonating Roaring Kitty. The account, verified by Twitter, gave more legitimacy to the scam posts. Scammers aimed to lure victims to a malicious website and steal cryptocurrency assets. Verified organizations have been increasingly targeted by threat actors … Read more