Naked Security
How to deal with dates and times without any timezone tantrums…
Heartfelt encouragement to embrace RFC 3339 – find out why!
Naked Security
Heartfelt encouragement to embrace RFC 3339 – find out why!
Naked Security
Heartfelt encouragement to embrace RFC 3339 – find out why!
Cyber Security News
Tor Browser 13.0.14 has been released, bringing important security updates to the popular privacy-focused web browser.
The Hacker News
A vulnerability in FortiOS SSL-VPN was exploited by hackers as a zero-day to attack government agencies and large organizations before Fortinet fixed
Bleeping Computer
An ongoing malvertising campaign is injecting ads in the Microsoft Edge News Feed to redirect potential victims to websites pushing tech support scams.
Cyber Security News
The iPhone of Galina Timchenko, the co-founder, CEO, and publisher of the Russian independent media outlet Meduza was found to have NSO Group's Pegasus spyware.
The Hacker News
Discover how sophisticated hackers are targeting Mexico with TimbreStealer, a new malware on the block.
The Hacker News
Russian journalist Galina Timchenko's iPhone hacked with NSO Group's Pegasus spyware
Cyber Security News
Threat actors use keyloggers to capture sensitive information, as covert techniques and tactics allow them to steal valuable information.
Bleeping Computer
Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets.
CyberNews
Journalists in Lebanon have been targeted by what cybersecurity firm Avast calls a "secretive spyware" threat group exploiting Google Chrome weakness.
Security Affairs
Google’s Threat Analysis Group (TAG) uncovered a new initial access broker, named Exotic Lily, that is closely affiliated with the Conti ransomware gang. Google’s Threat Analysis Group (TAG) researchers linked a new initial access broker, named Exotic Lily, to the Conti ransomware operation. Initial access brokers play an essential role in the cybercrime ecosystem, they provide access to previously […]
Bleeping Computer
Malicious advertisements are now being injected into Microsoft's AI-powered Bing Chat responses, promoting fake download sites that distribute malware.
Bleeping Computer
A sophisticated threat actor named 'CashRewindo' has been using aged domains in global malvertising campaigns that lead to investment scam sites.
CyberScoop
Google's Threat Analysis Group is calling the hackers Exotic Lily, and it says they employed relatively novel tactics.
Bleeping Computer
A newly launched information-stealing malware variant called Mars Stealer is rising in popularity, and threat analysts are now spotting the first notable large-scale campaigns employing it.
Bleeping Computer
A new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information.
SecurityWeek
SentinelLabs researchers are crowdsourcing an effort to understand a new mysterious APT hitting hitting telcos, ISPs and universities in the Middle East and Africa.
Security Affairs
Recently patched Fortinet FortiOS SSL-VPN zero-day exploited in attacks against government organizations and government-related targets. Fortinet researchers reported that threat actors exploited the recently patched FortiOS SSL-VPN vulnerability (CVE-2022-42475) in attacks against government organizations and government-related targets. In December, the security vendor urged its customers to update their installs to address an actively exploited FortiOS SSL-VPN […]
Security Affairs
Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The campaigns involved a new piece of malware called […]
CyberNews
The ransomware attack on Yanfeng – a North American auto parts supplier for GM and Stellantis' Jeep, Dodge, and Ram in North America is claimed by the Qilin ransom gang.
Ars Technica
Remote code-execution bug was exploited to backdoor vulnerable servers.
Bleeping Computer
For Windows, we've got an almost limitless number of tools and open-source programs to customize the appearance of the desktop. In this article, we're going to share a list of open-source and free tools to customize the desktop, taskbar, and more
CSO
The exploit allows attackers to remotely execute arbitrary code and commands without authentication.
Ars Technica
After lying low, exploit seller Candiru rears its ugly head once more.
SecurityWeek
Only when we have that deeper understanding - an understanding that goes beyond the application layer data - can we make better decisions around fraud.
Bleeping Computer
A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads.
Bleeping Computer
A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads.
Naked Security
Wondering how you’d handle a data breach report if the worst happened to you? Here’s a useful example.
Bleeping Computer
Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials.
Naked Security
It took six months for notifications to start, and we still don’t know exactly what went down… but here’s our advice on what to do.
CSO
Security researchers allege that several apps are collecting data from iOS devices, violating Apple’s policy on device fingerprinting.
Naked Security
Latest episode – listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT…
CyberScoop
An operation to undermine the software utility XZ Utils has exposed the fragile human foundations on which the modern internet is built.
Naked Security
Ironically, Twitter Blue users will be allowed to keep using the very 2FA process that’s not considered secure enough for everyone else.