Tag: computer
-
Hacker Conversations: Dan McInerney and Puzzle-Driven Hacking
McInerney’s path to becoming a hacker is subtly different to many other hackers. He started as a 22-year old psychology graduate rather than a computer-obsessed 9-year old kid. The post Hacker Conversations: Dan McInerney and Puzzle-Driven Hacking appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hacker-conversations-dan-mcinerney-and-puzzle-driven-hacking/
-
CERT-In Alerts Multiple Vulnerabilities in Drupal Expose Systems
The Indian Computer Emergency Response Team (CERT-In) issued a Vulnerability Note CIVN-2024-0353 highlighting several critical vulnerabilities within the widely used content management system (CMS), Drupal. The Drupal vulnerabilities, spanning versions from 7 to 11, have been First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cert-in-alerts-drupal-vulnerabilities/
-
BootKitty UEFI malware exploits LogoFAIL to infect Linux systems
The recently uncovered ‘Bootkitty’ UEFI bootkit, the first malware of its kind targeting Linux systems, exploits CVE-2023-40238, aka ‘LogoFAIL,’ to infect computers running on a vulnerable UEFI firmware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bootkitty-uefi-malware-exploits-logofail-to-infect-linux-systems/
-
Notorious ransomware developer charged with computer crimes in Russia
Mikhail Matveev, better known as Wazawaka, was in court last week. First seen on cyberscoop.com Jump to article: cyberscoop.com/mikhail-matveev-wazawaka-russia-charges/
-
Sophos Threat Report 2024 zeigt: KMUs stehen im Fadenkreuz der Angreifer
Der Sophos-Report analysiert des Weiteren sogenannte IABs, also Initial Access Brokers. Diese Kriminelle haben sich darauf spezialisiert, in Computer-… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-threat-report-2024-zeigt-kmus-stehen-im-fadenkreuz-der-angreifer/a36749/
-
NIST SP 800-61 Revision 1: Computer Security Incident Handling Guide
First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/agency-releases/nist-sp-800-61-revision-1-computer-security-incident-handling-r-2383
-
Cyber-Vorfall bei einem Computer-Händler in Frankreich
First seen on groupe-ldlc.com Jump to article: www.groupe-ldlc.com/information-relative-a-un-incident-de-cybersecurite-2/
-
Russian APT RomCom combines Firefox and Windows zero-day flaws in drive-by exploit
Tags: access, antivirus, apt, attack, backdoor, browser, business, computer, cve, cybercrime, cyberespionage, defense, endpoint, exploit, flaw, germany, government, group, insurance, intelligence, malicious, microsoft, msp, password, powershell, russia, software, threat, ukraine, vulnerability, windows, zero-dayA Russia-aligned group that engages in both cybercrime and cyberespionage operations used a zero-click exploit chain last month that combined previously unknown and unpatched vulnerabilities in Firefox and Windows.The campaign, whose goal was to deploy the group’s RomCom backdoor on computers, targeted users from Europe and North America. The APT group, also known as Storm-0978,…
-
The Black Friday 2024 Cybersecurity, IT, VPN, & Antivirus Deals
Black Friday 2024 is almost here, and great deals are already live in computer security, software, online courses, system admin services, antivirus, and VPN software. These promotions offer deep discounts from various companies and are only available for a limited time. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-black-friday-2024-cybersecurity-it-vpn-and-antivirus-deals/
-
Cybersecurity’s oversimplification problem: Seeing AI as a replacement for human agency
Tags: access, ai, awareness, business, ciso, computer, cyber, cybersecurity, data, election, infrastructure, intelligence, Internet, jobs, technology, threat, tool, trainingThere’s a philosophical concept called the Great Man Theory that suggests history is all about how significant individuals act as centers of gravity for society as a whole, think Alexander the Great, Napoleon Bonaparte, Queen Elizabeth I, or the founding fathers of the American Revolution.Recent research suggests that cybersecurity and related professions are developing a…
-
Kansas City Man Indicted for Hacking into Nonprofit and Health Club
A 31-year-old man has been indicted by a federal grand jury for hacking into the computer systems of a nonprofit organization and a health club business. The indictment, unsealed today,... First seen on securityonline.info Jump to article: securityonline.info/kansas-city-man-indicted-for-hacking-into-nonprofit-and-health-club/
-
9 VPN alternatives for securing remote network access
Tags: access, ai, api, attack, authentication, automation, best-practice, business, cloud, compliance, computer, computing, control, corporate, credentials, cve, cybercrime, cybersecurity, data, defense, detection, dns, encryption, endpoint, exploit, firewall, fortinet, group, guide, Hardware, iam, identity, infrastructure, Internet, iot, least-privilege, login, malicious, malware, mfa, microsoft, monitoring, network, office, password, ransomware, risk, router, saas, service, software, strategy, switch, threat, tool, update, vpn, vulnerability, vulnerability-management, waf, zero-trustOnce the staple for securing employees working remotely, VPNs were designed to provide secure access to corporate data and systems for a small percentage of a workforce while the majority worked within traditional office confines. The move to mass remote working brought about by COVID-19 in early 2020 changed things dramatically. Since then, large numbers…
-
DOJ: Man hacked networks to pitch cybersecurity services
A Kansas City man has been indicted for allegedly hacking into computer networks and using this access to promote his cybersecurity services. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/doj-man-hacked-networks-to-pitch-cybersecurity-services/
-
FBI pierces ‘anonymity’ of cryptocurrency, secret domain registrars in Scattered Spider probe
The US Justice Department on Wednesday announced the arrest of five suspected members of the notorious Scattered Spider phishing crew, but the most interesting part of the case was a US Federal Bureau of Investigation (FBI) document detailing how easily the feds were able to track the phishers’ movements and activities. In recent years, services that push…
-
Act fast to snuff out employee curiosity over ‘free’ AI apps
The word “free” has always tempted employees who are looking for an app or template to make their work easier. These days, combine “free” with “AI” and the lure is almost irresistible.Since the release of ChatGPT in late 2022, free AI-themed apps have exploded. Unfortunately, some are created by threat actors. One of the latest…
-
Microsoft blocks Windows 11 24H2 on some PCs with USB scanners
Microsoft now blocks the Windows 11 24H2 update on computers with standalone scanners, multi-function printers, fax machines, modems, and other network devices with eSCL protocol support. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-blocks-windows-11-24h2-on-some-pcs-with-usb-scanners/
-
Faraway Russian hackers breached US organization via Wi-Fi
Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/25/enterprise-wi-fi-compromised/
-
AI Kuru, cybersecurity and quantum computing
As we continue to delegate more infrastructure operations to artificial intelligence (AI), quantum computers are advancing towards Q-day (i.e., the day when quantum computers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/25/ai-quantum-computers/
-
Windows 11 24H2 update blocked on PCs with Assassin’s Creed, Star Wars Outlaws
Microsoft is blocking the Windows 11 24H2 update on computers with some Ubisoft games, like Assassin’s Creed, Star Wars Outlaws, and Avatar: Frontiers of Pandora, after changes in the operating system cause the games to crash, freeze, or have audio issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-halts-windows-11-24h2-update-on-pcs-assassins-creed-star-wars-outlaws/
-
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windowsDon’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
-
Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia
Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe.Recorded Future’s Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063,…
-
CERT-In Flags Critical Vulnerabilities in Zoom: Update Your Apps Now
The Indian Computer Emergency Response Team (CERT-In) has issued a detailed security advisory about multiple vulnerabilities found in the popular video conferencing application, Zoom. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cert-in-advisory-for-zoom-vulnerabilities/
-
Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service
The Computer Emergency Response Team of Ukraine (CERT-UA), part of the State Service of Special Communications and Information Protection (SSSCIP), has joined forces with the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/21/ukrainian-cyberwar-tryzub-cyber-training-service/
-
China’s top messaging app WeChat banned from Hong Kong government computers
First seen on theregister.com Jump to article: www.theregister.com/2024/10/24/hong_kong_wechat_ban/
-
Anthropic’s latest Claude model can interact with computers what could go wrong?
Tags: computerFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/24/anthropic_claude_model_can_use_computers/
-
Unraveling Raspberry Robin’s Layers: Analyzing Obfuscation Techniques and Core Mechanisms
IntroductionDiscovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader that has circulated in the wild for several years, primarily spreading through infected USB devices. Although USB devices are a common and unremarkable tactic for spreading malware, Raspberry Robin stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods,…
-
‘Quishing’, ‘vishing’ and AI scams the new cybercriminal techniques duping Australians
Tags: ai, computer, cybercrime, detection, email, hacker, intelligence, qr, scam, tactics, technologyAustralian Signals Directorate sounds alarm on ‘shifting tactics’ by state-sponsored hackers and cybercriminals, and targeting of critical infrastructure<ul><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>Cybercriminals are using fake QR codes or sophisticated artificial intelligence scams to trick Australians into giving up their private details or downloading dangerous files, the…