The Hacker News
Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access
Researchers reveal a critical design flaw in Google Workspace, dubbed "DeleFriend," that could allow attackers to steal emails, exfiltrate data.
The Hacker News
How Hackers Phish for Your Users' Credentials and Sell Them
Did you know that a single stolen credential can jeopardize your entire network? Protect your organization against sophisticated phishing attacks. Lea
Cyber Security News
OwnCloud Critical Vulnerability Exploited in the Wild
Owncloud was discovered with a new vulnerability which was associated with the exposure of sensitive information.
Bleeping Computer
Microsoft deprecates Defender Application Guard for Office
Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an alternative.
Bleeping Computer
Healthcare giant Henry Schein hit twice by BlackCat ransomware
American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October.
Latest Hacking News
Multiple Vulnerabilities Found In ownCloud File Sharing App
Numerous security vulnerabilities riddled the privacy of ownCloud users that the vendor patched recently. Exploiting these vulnerabilities could expose users’ passwords to potential adversaries. ownCloud Vulnerabilities Risked User Accounts According to the recent advisories, ownCloud addressed three
The Hacker News
How to Handle Retail SaaS Security on Cyber Monday
Cyber Monday Alert: $13.7 billion in spending today! Retailers, safeguard your SaaS apps to protect customer data.
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Hacker News
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches
ownCloud, an open-source file-sharing software, has disclosed 3 critical vulnerabilities.
Security Affairs
App used by hundreds of schools leaking children's data
Almost a million files with minors' data, including home addresses and photos were left open to anyone on the internet.
Bleeping Computer
Critical bug in ownCloud file sharing app exposes admin passwords
Open source file sharing software ownCloud is warning of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials.
Cyber Security News
WailingCrab Malware Abuse Messaging Protocol for C2 Communications
WailingCrab's backdoor component has been in contact with the C2 since the middle of 2023 via the lightweight IoT message protocol MQTT.
CyberNews
App used by hundreds of schools leaking children's data
Almost a million files with minors' data, including home addresses, photos, and information about the school they attend, were left open to anyone on the internet, posing a threat to children.
DarkReading
Fake Browser Updates Targeting Mac Systems With Infostealer
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
Bleeping Computer
The Black Friday 2023 Security, IT, VPN, & Antivirus Deals
Black Friday 2023 is here, and great deals are live in computer security, software, online courses, system admin services, antivirus, and VPN software.
Bleeping Computer
Open-source Blender project battling DDoS attacks since Saturday
Blender has confirmed that recent site outages have been caused by ongoing DDoS (distributed denial of service) attacks that started on Saturday.
The Hacker News
AI Solutions Are the New Shadow IT
AI Solutions Are the New Shadow IT - Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
Infosecurity News
India Faces Surge in IM App Attacks With Trojan Campaigns
Microsoft highlighted a shift in tactics, with attackers directly sharing malicious APK files
Infosecurity News
Black Friday: Significant Security Gaps in E-Commerce Web Apps
Millions of consumers’ PII could be at risk due to exploitable vulnerabilities and a lack of basic security protocols in e-commerce web apps
Cyber Security News
Hackers Infect Linux Machines with Rootkits via Apache ActiveMQ Vulnerability
Trend Micro researchers recently revealed Apache ActiveMQ vulnerability (CVE-2023-46604) was actively exploited.
The Hacker News
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users
📱 Alert: Android users in India, beware! Hackers are distributing fake banking and government apps to steal sensitive data like bank info and persona
Security Affairs
The Top 5 Reasons to Use an API Management Platform - Security Affairs
Organizations need to govern and control the API ecosystem, this governance is the role of API management.
The Record
Hackers create fake banking apps to steal financial data from Indian users
Researchers have uncovered an ongoing information-stealing campaign targeting customers of Indian banks with mobile malware.
The Record
‘Citrix Bleed’ vulnerability targeted by nation-state and criminal hackers: CISA
The bug has caused alarm for weeks as cybersecurity experts warned that many government agencies and major companies were leaving their appliances exposed to the internet — opening themselves up to attacks.
The Record
Binance agrees to pay $4.3 billion for money laundering violations, CEO steps down
Binance, the largest cryptocurrency exchange in the world, agreed to pay more than $4 billion in settlements with several U.S. law enforcement agencies after years of investigations uncovered widespread criminal use of the platform.
Bleeping Computer
Microsoft fixes ‘Something Went Wrong’ Office sign-in errors
Microsoft is rolling out fixes for known Microsoft 365 issues causing 'Something Went Wrong [1001]' sign-in errors and rendering desktop applications unusable for many customers.
Infosecurity News
Infostealer Lumma Evolves With New Anti-Sandbox Method
Outpost24 explained the technique relies on trigonometry to discern genuine human behavior
Latest Hacking News
Google Workspace Vulnerabilities Risk Security Breaches – Warn Researchers
Researchers have found numerous security vulnerabilities in Google Workspace that risk breaches. While the vulnerabilities pose a serious threat to the users, Google denies fixing the bugs as they do not match with Google’s threat
The Hacker News
Product Walkthrough: Silverfort's Unified Identity Protection Platform
Silverfort's Unified Identity Protection Platform: A game-changer in cybersecurity. Discover how it protects organizations from identity-based attacks
SecurityWeek
Researchers Dive Into Activities of Indian Hack-for-Hire Firm Appin
Researchers uncover the activities of Appin, a hack-for-hire Indian firm involved in espionage, surveillance, and disruptive attacks.
The Record
‘Sex life data’ stolen from UK government among record number of ransomware attacks
The latest data released by the Information Commissioner’s Office (ICO) includes an attack that breached data on the sex lives of up to 10,000 people, from an unspecific government department.
Ars Technica
No Bing, no Edge, no upselling: De-crufted Windows 11 coming to Europe soon
Some changes will arrive for non-EU users, too, but not the easy removals.
Bleeping Computer
Microsoft confirms Copilot AI assistant coming to Windows 10
Microsoft will roll out the Copilot AI-powered assistant to Windows 10 systems enrolled in the Insider Program over the coming months.
CyberNews
Fake crypto apps bring real losses to leading app marketplace users
Fake crypto apps and crypto romance scams on the rise
The Hacker News
How to Automate the Hardest Parts of Employee Offboarding
Eliminate 90% of the time and effort in finding and offboarding cloud and SaaS accounts. Say goodbye to IT offboarding headaches.
Cyber Security News
Best Network Security Vendors for SaaS - 2024
Best Network Security Vendors for SaaS : 1. Perimeter 81 2. Palo Alto Networks 3. Fortinet 4. Symantec 5. Check Point 6. McAfee 7. Okta.
Ars Technica
Bing Chat is now “Microsoft Copilot” in potentially confusing rebranding move
Microsoft: "Soon there will be a Copilot for everyone and for everything you do."
SecurityWeek
Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI
Microsoft provided guidance on an Azure CLI bug leading to the exposure of sensitive information through GitHub Actions logs.
Latest Hacking News
Atlassian Confluence Vulnerabilities Exploited To Deploy Effluence Backdoor
Researchers have found a new malware exploiting Atlassian Confluence vulnerabilities. Identified as Effluence, the new malware is a backdoor that chains a known vulnerability with a newly reported security flaw affecting Atlassian Confluence servers. Once
The Hacker News
Three Ways Varonis Helps You Fight Insider Threats
Insider threats are difficult for organizations to combat. Varonis’ modern cybersecurity answer uses the data security triad of sensitivity, access, a
The Record
Google to distribute 100,000 Titan Security Keys to high-risk users
The company said it would hand out the keys at no cost to people working in governments around the world, particularly those involved in the administration of elections.
Bleeping Computer
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs
Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short for Azure command-line interface).
Bleeping Computer
Windows 11 KB5032190 update enables Moment 4 features for everyone
Microsoft has released the KB5032190 cumulative update to fix security vulnerabilities in Windows 11. This is the first Patch Tuesday update with access to Windows 11 Moment 4 features, provided you turn on the "Get latest updates" toggle.
Bleeping Computer
Windows 10 KB5032189 update released with 11 improvements
Microsoft has released the KB5032189 cumulative update for Windows 10 21H2 and Windows 10 22H2, which contains eleven fixes for various issues.
Cyber Security News
10 Best Network Security Companies For CISO - 2024
Best Network Security Companies for CISO: 1. Perimeter81 2. Palo Alto Networks 3. Cisco 4. Check Point 5. IBM 6. Crowdstrike 7. Trend Micro.
The Hacker News
The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy
Data breaches cost businesses $4.45 million on average in 2023! Don't let your organization become a statistic.
CyberSecurity Dive
New York proposes ‘nation-leading’ hospital cybersecurity regulations
The rules, which would require facilities to develop response plans and hire a chief information security officer, aim to safeguard hospitals from growing threats and keep them operating during an attack.
Latest Hacking News
WhatsApp Enhances Call Security With Location Hiding, Unknown Call Block
Stepping ahead to enhance users’ privacy, WhatsApp improvises its call feature security by launching two new features. These features facilitate users in hiding their location during calls and block calls from unknown numbers. WhatsApp Rolls Out
Latest Hacking News
Multiple Vulnerabilities Found In PureVPN – One Remains Unpatched
Researchers spotted a couple of security vulnerabilities in PureVPN Desktop clients for Linux that impact users’ privacy. While PureVPN patched one flaw, another RCE vulnerability remains unpatched. Numerous PureVPN Vulnerabilities Affected Linux Clients Security researchers Rafay Baloch
The Hacker News
Top 5 Marketing Tech SaaS Security Challenges
Don't leave your marketing data exposed. Discover the top challenges in securing SaaS applications used by marketing teams.
Bleeping Computer
Windows 11 will soon let you uninstall more inbox apps
Microsoft is gearing up to roll out an update for Windows 11 that will significantly enhance user control over built-in apps. In the upcoming version, you will be able to uninstall a wider range of inbox apps.
Bleeping Computer
Microsoft Edge is testing a new video translation feature
Microsoft Edge's latest Canary update has an innovative feature: video translation. This feature translates YouTube videos in real-time, and it allegedly supports four languages.
Cyber Security News
Best Security Solutions for Marketers - 2024
Best security solutions for Marketers: 1. Perimeter 81 2. Surfshark3. Private Internet Access 4. Malwarebytes 5. CyberGhost 6. GoodAccess
Bleeping Computer
Microsoft fixes Outlook Desktop bug causing slow saving issues
Microsoft has resolved a known issue causing significant delays for Microsoft 365 customers when saving attachments in Outlook Desktop.
.webp)
Cyber Security News
Hackers Trick Windows Users With Malicious Ads to Deliver Malware
Cybersecurity researchers at Malwarebytes recently identified a malicious campaign that mimics the WindowsReport.com portal.
Cyber Security News
Hackers Exploit Microsoft Access Feature to Steal Windows User’s NTLM Tokens
Microsoft Access is a relational database management system which is developed by Microsoft that allows users to store and manage data.
Cyber Security News
Top 10 Best Google Alternatives in 2024
Best Google Alternatives: 1. DuckDuckGo 2. Search Encrypt 3. Qwant 4. Startpage 5. Mojeek 6. Bing 7. Gibiru 8. Ask 9. SearX 10. Yahoo!
Bleeping Computer
Microsoft extends Windows Server 2012 ESUs to October 2026
Microsoft provides three more years of Windows Server 2012 Extended Security Updates (ESUs) until October 2026, allowing administrators more time to upgrade or migrate to Azure.
SecurityWeek
In Other News: EU Government Surveillance, Rewards for Iranian Hackers, Evolution of Chinese Spying
EU regulation enables government surveillance, US offering rewards for Iranian hackers, evolution of Chinese spying.
The Hacker News
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
Iranian hacker group Imperial Kitten launches cyberattacks on transportation, logistics, and tech sectors, including Israel.
The Hacker News
Stealthy Kamran Spyware Targeting Urdu-speaking Users in Gilgit-Baltistan
Urdu-speaking readers in Gilgit-Baltistan, beware! A WATERING HOLE ATTACK using Kamran spyware has been uncovered by ESET
The Record
Washington State Department of Transportation working to recover from cyberattack
Washington’s State Department of Transportation is recovering from a cyberattack that is causing a range of issues for local ferries and apps used for maps.
The Record
Android spyware delivered through infected news site targets Urdu speakers in Kashmir
Hackers are targeting Urdu speakers with spyware delivered through an infected popular news site, according to a new report.
Infosecurity News
New Kamran Spyware Targets Urdu-Speaking Users in Pakistan
ESET said the attack affects Android users accessing the Urdu version of the Hunza News website
Bleeping Computer
Google ads push malicious CPU-Z app from fake Windows news site
A threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware.
CyberNews
Be careful what you scan: QR scams increase by 51%
Threat actors are using malicious QR codes to steal valuable data and money. Experts say it’s still difficult to detect and mitigate the threats spread by this method.
Infosecurity News
Quishing Campaigns Spike 50% in September
QR code phishing is becoming increasingly popular
CyberNews
Google, Meta, Microsoft to join forces defending apps from hackers
Google, Microsoft, and Meta founded a steering committee to improve app security through a newly restructured App Defense Alliance.e
CyberNews
Digital payment apps Paypal, Venmo, CashApp could soon be regulated like banks
Payment apps and digital wallets Apple Pay, Google Wallet, Venmo, and CashApp, could soon be regulated like banks under the US Consumer Financial Protection Bureau.
CyberNews
Black Friday warning as ‘grinch bots’ target retailers
Advanced bargain-stealing bots make up more than half of automated retail traffic, says cybersecurity analyst Imperva.
Infosecurity News
EU Rules for Digital Identities and Trust Services Face Backlash
A proposed amendment of eIDAS could “weaken the security of the Internet as a whole”, said a letter signed by over 500 individuals and organizations
The Hacker News
Webinar: Kickstarting Your SaaS Security Strategy & Program
Your SaaS apps are a goldmine for cybercriminals. Learn how to safeguard them with industry expert Effie Mansdorf.
Bleeping Computer
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto
Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets.
Cyber Security News
Hackers Bypassing "Restricted Settings" in Android 13 to Drop Malware Securely
The ever-changing landscape of mobile security is a constant battle between security researchers and malicious actors.
Ars Technica
OpenAI introduces GPT-4 Turbo: Larger memory, lower cost, new knowledge
Novel-sized context window, DALL-E 3 API, more announced on OpenAI DevDay 2023.
Bleeping Computer
Microsoft will roll out MFA-enforcing policies for admin portal access
Microsoft will roll out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365, Exchange, and Azure.
Bleeping Computer
QNAP warns of critical command injection flaws in QTS OS, apps
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices.
Bleeping Computer
Cybercrime service bypasses Android security to install malware
A new dropper-as-a-service (DaaS) named 'SecuriDropper' has emerged, using a method that bypasses Android 13's 'Restricted Settings' to install malware on devices and grant them access to the Accessibility Services.
Latest Hacking News
Canada Bans Kaspersky, WeChat On Govt Devices Suspecting Spying
The Government of Canada officially bans using WeChat and Kaspersky apps on government devices, citing privacy risks. Users can no longer download the apps on government-issued mobile devices. Canada Bans Kaspersky And WeChat According to a recent
Cyber Security News
The Ultimate SaaS Security Admin Guide - 2024
SaaS Security Admin Guide: 1. Encryption 2. Backup and Recovery 3. Data Residency 4. Regular Audits 5. Data Privacy 6. Least Privileges.
Cyber Security News
Hackers Spreading WhatsApp Spy Mods Via Telegram
WhatsApp mods are not officially supported by WhatsApp and can vary in popularity. Some users are attracted to them for extra features.
Cyber Security News
Threat and Vulnerability Roundup for the week of October 29th to November 4th
welcome to Cyber Writes' weekly publication - the Threat and Vulnerability Roundup! Get ready to dive into the latest and greatest in cybersecurity, as we bring you the most up-to-date information each week.
The Hacker News
Google Play Store Introduces 'Independent Security Review' Badge for Apps
Google's new "Independent security review" badge in the Play Store's Data safety section will help you identify secure Android apps.
CSO
UK NCSC issues new guidance on post-quantum cryptography migration
The UK National Cyber Security Centre has refreshed its guidance to help system and risk owners plan their migration to post-quantum cryptography (PQC).
Bleeping Computer
Google Play adds security audit badges for Android VPN apps
Google Play, Android's official app store, is now tagging VPN apps with an 'independent security reviews' badge if they conducted an independent security audit of their software and platform.
Bleeping Computer
New Microsoft Exchange zero-days allow RCE, data theft attacks
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
Cyber Security News
Government of Canada Bans WeChat and Kaspersky Apps
The minister of Canada, Anita Anand, banned the WeChat and Kaspersky suite of applications on government mobile devices.
CyberNews
TikTok responds to charges of antisemitism as it battles misinformation
A TikTok blog post, released Thursday, aims to dispel accusations that the social app is pushing a political agenda regarding the still unfolding Israel-Hamas conflict.
Infosecurity News
Spy Module Discovered in WhatsApp Mods
Kaspersky said that between October 5 and 31 alone, it intercepted over 340,000 attacks
Bleeping Computer
Your end-users are reusing passwords – that’s a big problem
Password reuse is a difficult vulnerability for IT teams to get full visibility over. Learn more from Specops Software on how to mitigate the risk of compromised credentials.
Cyber Security News
Securing Your SaaS: Best Practices and Proven Strategies
Protecting cloud-based apps and the data they manage is the primary goal of Software as a Service (SaaS) security.
SecurityWeek
Microsoft Temporarily Disables SketchUp Support After Discovery of 117 Vulnerabilities
Zscaler identified 117 vulnerabilities in Microsoft 365’s support for SketchUp files and bypassed initial patches.
SecurityWeek
AP News Site Hit by Apparent Denial-of-Service Attack
The Associated Press news website experienced an outage that appeared to be consistent with a denial-of-service attack
Infosecurity News
Forrester: GenAI Will Lead to Breaches and Privacy Fines in 2024
Analyst warns that risks of using the technology will become apparent
DarkReading
More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library
While Microsoft patched the issues in June, support for SketchUp appears to remain disabled in Microsoft 365.
Bleeping Computer
LayerX Enterprise Browser Security Extension – Secure the Modern Workspace
LayerX has developed a secure enterprise browser extension that delivers comprehensive visibility, monitoring, and granular policy enforcement on every event within a browsing session. Learn more about this cybersecurity platform from LayerxSecurity.
The Hacker News
Hands on Review: LayerX's Enterprise Browser Security Extension
Protect your organization's most critical interface—The Browser! LayerX's secure extension offers comprehensive visibility and policy enforcement, de
Latest Hacking News
Samsung Galaxy Rolls Out Auto Blocker To Protect Devices
Pledging the utmost security and privacy for its users, Samsung has now developed a dedicated device protection feature. Dubbed “Auto Blocker,” this new feature protects Samsung Galaxy devices from malicious actions, such as sneaky sideloading,
Cyber Security News
Strategic App Management: Simplifying, Securing, and Optimizing Device Workflows
App management encompasses each of these stages, ensuring a seamless experience for both users and admins. Let's explore how app management,
The Hacker News
North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware
State-sponsored North Korean hackers are using a sneaky macOS malware called KANDYKORN to target crypto engineers via Discord.
Bleeping Computer
Avast confirms it tagged Google app as malware on Android phones
Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday.
Bleeping Computer
Windows 11 23H2 - New features in the Windows 11 2023 Update
This article will explore Windows 11 23H2 features, from dynamic lighting to Windows Copilot upgrades.
Infosecurity News
Arid Viper Campaign Targets Arabic-Speaking Users
Cisco Talos said the group deployed customized mobile Android malware in the APK format
Bleeping Computer
Microsoft releases Windows 11 23H2 as an enablement package
Microsoft announced today the release of Windows 11, version 23H2, the next feature update for its operating system (also known as the Windows 11 2023 Update).
Bleeping Computer
Samsung Galaxy gets new Auto Blocker anti-malware feature
Samsung has unveiled a new security feature called 'Auto Blocker' as part of the One UI 6 update, offering enhanced malware protection on Galaxy devices.
Bleeping Computer
Canada bans WeChat and Kaspersky products on govt devices
Canada has banned the use of Kaspersky security products and Tencent's WeChat app on mobile devices used by government employees, citing network and national security concerns.
The Hacker News
Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App
Arid Viper, a cyber espionage group linked to Hamas, has been exposed for its Android spyware campaign disguised as a dating app.
SecurityWeek
Extending ZTNA to Protect Against Insider Threats
Overcoming the failures and challenges of Zero Trust Network Access (ZTNA) for in-office and remote users
The Hacker News
Canada Bans WeChat and Kaspersky Apps On Government Devices
Canada bans WeChat and Kaspersky apps on government devices, citing privacy and security risks.
The Record
Canada bans WeChat, Kaspersky apps on government mobile phones
Canadian state officials are now banned from using the messaging app WeChat and the antivirus program Kaspersky on government-issued mobile devices due to "unacceptable" privacy and security risks because of their associations with China and Russia, respectively.
The Record
FBI ‘keeping a close eye’ on Iranian hackers as Israel-Hamas war intensifies
Digital attacks against the U.S. by Iran and non-state actors could worsen if the conflict between Israel and Hamas grows, FBI Director Christopher Wray warned on Tuesday.
Ars Technica
Windows CE, Microsoft’s stunted middle child, reaches end of support at 26 years
From netbooks and PDAs to ATMs, voting kiosks, and ungainly presidential phones.
SecurityWeek
Canada Bans WeChat and Kaspersky on Government Phones
Canada's CISO determined that WeChat and Kaspersky applications present an unacceptable level of risk to privacy and security.
Infosecurity News
Report Links ChatGPT to 1,265% Rise in Phishing Emails
The SlashNext report also found a noteworthy 967% increase in credential phishing attacks
Cyber Security News
Hackers Infect Windows Users with Weaponized MSIX App Packages
MSIX packages can be distributed & installed without administrative privileges, allowing malicious software to traditional security controls.
Bleeping Computer
Huawei, Vivo phones tag Google app as TrojanSMS-PA malware
Huawei, Honor, and Vivo smartphones and tablets are displaying strange 'Security threat' alerts urging the deletion of the Google app, warning that it is detected as the 'TrojanSMS-PA' malware.
The Hacker News
ServiceNow Data Exposure: A Wake-Up Call for Companies
ServiceNow exposes sensitive data due to misconfigurations. Learn how this could've jeopardized your business and the steps to ensure your data is sec
Bleeping Computer
Microsoft 365 users get workaround for ‘Something Went Wrong’ errors
Microsoft shared a workaround for a known Microsoft 365 issue triggering 'Something Went Wrong [1001]' sign-in errors and making desktop applications unusable for many customers.
Ars Technica
People are speaking with ChatGPT for hours, bringing 2013’s Her closer to reality
Long mobile conversations with the AI assistant using AirPods echo the sci-fi film.
Cyber Security News
11 Best Cloud Access Security Broker Software (CASB) - 2023
Best Cloud Access Security Broker (CASB) Software: 1. DoControl CASB 2. Microsoft Cloud App Security 3. Forcepoint 4. Palo Alto Networks.
Cyber Security News
Cloudflare Observed The Peak DDOS Attack of 201 Million HTTP Requests Per Second
DDoS (Distributed Denial of Service) attacks are extremely destructive and alarming since they flood a target's web services with overwhelming traffic.
CSO
Failure to verify OAuth tokens enables account takeover on websites
Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information.
Bleeping Computer
Windows 10 KB5031445 preview update fixes ctfmon.exe memory leak, 9 issues
Microsoft has released the optional KB5031445 Preview cumulative update for Windows 10 22H2 with nine improvements or fixes, including a fix for a memory leak in ctfmon.exe.
Bleeping Computer
Android adware apps on Google Play amass two million installs
Several malicious Google Play Android apps installed over 2 million times push intrusive ads to users while concealing their presence on the infected devices.
Bleeping Computer
Cloudflare sees surge in hyper-volumetric HTTP DDoS attacks
The number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every precedent, indicating that the field has entered a new chapter.
Cyber Security News
Hackers Launch a Chain of Exploits Via Malicious iMessage Attachments
TriangleDB", this malware infection chain consists of a malicious iMessage attachment which launches a chain of exploits on affected devices.
Cyber Security News
QNAP Eliminates Server Responsible for Extensive Brute-force Attacks
On October 14, 2023, the company discovered a big wave of weak password attacks. Within 7 hours, the QNAP Product Security Incident Response Team (QNAP PSIRT) successfully blocked hundreds of zombie network IPs using QuFirewall, thereby defending several QNAP NAS devices that were exposed to the internet from further attack.
The Hacker News
Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
Brazil's popular PIX payment system is under attack! Cybercriminals are using a new malware, GoPIX, to target users searching for "WhatsApp web."
The Record
Grammarly says it corrected sign-in vulnerabilities after alert from cyber researchers
The bugs, found by researchers at Salt Security, involved social sign-in — when someone accesses a web service through their credentials on another platform. Other companies were affected besides Grammarly.
Infosecurity News
API Security Flaw Impacted Grammarly, Vidio and Bukalapak
Salt Security discovered the vulnerabilities in implementations of the OAuth protocol
Bleeping Computer
Decentralized Matrix messaging network says it now has 115M users
The team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more.
CyberSecurity Dive
1Password caught in Okta breach, impacting employee-facing apps
The password manager came forward after BeyondTrust and Cloudflare disclosed similar Okta environment breaches. All three victims claim no data was compromised.
The Hacker News
34 Cybercriminals Arrested in Spain for Multi-Million Dollar Online Scams
Spanish Law Enforcement have arrested 34 members of a criminal gang responsible for different online scams and stolen €3 million.
The Hacker News
Make API Management Less Scary for Your Organization
Protect your organization from security nightmares. Learn how modern API management with Gloo Gateway can fortify your defenses against data breaches
The Hacker News
Operation Triangulation: Experts Uncover Deeper Insights into iOS Zero-Day Attacks
Sophisticated Apple iOS attack dubbed Operation Triangulation employed clever techniques to targets victims with a backdoor implant called "TriangleDB
The Record
Unprecedented federal suit, joined by states, accuses Meta platforms of harming children
In all, 41 states and the District of Columbia either joined the federal lawsuit or said they planned similar action on their own.
The Record
1Password, Cloudflare affected by Okta compromise
Password manager 1Password and cybersecurity and networking giant Cloudflare were targeted by hackers following the breach affecting single sign-on provider Okta, according to statements from both companies.
Bleeping Computer
1Password discloses security incident linked to Okta breach
1Password, a popular password management platform used by over 100,000 businesses, suffered a security breach after hackers gained access to its Okta ID management tenant.
Ars Technica
1Password detects “suspicious activity” in its internal Okta account
1Password CTO says investigation found no compromise of user data or sensitive systems.
Bleeping Computer
QNAP takes down server behind widespread brute-force attacks
QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS (network-attached storage) devices with weak passwords.
The Hacker News
DoNot Team's New Firebird Backdoor Hits Pakistan and Afghanistan
Discover the latest cyber threat: DoNot Team's Firebird backdoor targeting Pakistan and Afghanistan.
The Hacker News
Who's Experimenting with AI Tools in Your Organization?
See how you can find out in minutes with Nudge Security. Automate discovery of new AI tools as they are introduced, collect context on how AI tools ar
The Record
Behind the FTC’s plan to hire child psychologists to help regulate social media firms
Alvaro Bedoya, a commissioner at the Federal Trade Commission (FTC), is known for his expertise in digital privacy — a skill which is serving him well now, as the commission works to better understand the effects of social media, particularly on children.
SecurityWeek
Philippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security Risks
Philippine defense chief ordered military personnel to stop using applications that use AI to create portraits, citing security risks.
Latest Hacking News
SpyNote Android Trojan Emerges As Recent Spyware Threat For Android
Heads up, Android users! A new Android trojan “SpyNote” has is actively targeting Android devices, serving as a potent spyware. The malware spreads via malicious SMS messages, hence, making it inevitable for the users to
-1.webp)
Cyber Security News
U.S. Government Releases Popular Phishing Technique Used by Hackers
Phishing is a cyberattack that uses deception to trick people into giving away sensitive information or taking actions that compromise security.
DarkReading
North Korean State Actors Attack Critical Bug in TeamCity Server
Known threat groups Diamond Sleet and Onyx Sleet focus on cyber espionage, data theft, network sabotage, and other malicious actions, Microsoft says.
SecurityWeek
Harmonic Lands $7M Funding to Secure Generative AI Deployments
The British startup is working on software to mitigate against the ‘wild west’ of unregulated AI apps harvesting company data at scale.
Computerworld
Apple’s latest China App Store problem is a warning for us all
As pressure grows for Apple to support app purchases from outside its App Store, reports the company has fired App Store staffers for 'business misconduct' should send a little chill up your spine.
SecurityWeek
Google Play Protect Gets Real-Time Code Scanning
Google improves Android devices’ proactive protections against malware with real-time scanning at code level.
The Hacker News
Google Play Protect Introduces Real-Time Code-Level Scanning for Android Malware
Google Play Protect now scans apps in real time to detect and block novel malware before you install them.
Infosecurity News
Google Play Protect Bolsters Security Against Malicious Apps
New real-time scanning feature conducts analyses of an app’s code during the installation process
Bleeping Computer
Google Play Protect adds real-time scanning to fight Android malware
Google has announced new, real-time scanning features for Google Play Protect that make it harder for malicious apps employing polymorphism to evade detection.
Cyber Security News
Best Unified Network Security Solutions for Small Businesses
Best Unified Network Security Solutions for Small Businesses. 1. Perimeter 81, 2. Snort, 3. OSSEC, 4. Wireshark, 5. Burp Suite, 6. Splunk.
CSO
Most organizations globally have implemented zero trust
Zero-trust adoption is growing according to a recent report from Okta that found 61% of organizations have already implemented a zero-trust initiative.
The Hacker News
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps
Korean hacking group Lazarus Group targets defense industry and nuclear engineers with fake job interviews, using trojanized VNC apps to steal data an
SecurityWeek
Darwinium Raises $18 Million for Edge-based Fraud Prevention Tech
Since launching in 2021, Darwinium has raised $26 million to build a bot and fraud prevention platform running on the perimeter edge.
Latest Hacking News
Signal Debunks Rumors About Zero-Day Vulnerability In The App
Following the rumors about a zero-day flaw in the Signal app, the developers have debunked the reports. As explained, they found no traces of any zero-day vulnerability in the app, asking for evidence (if any)
SecurityWeek
Lost and Stolen Devices: A Gateway to Data Breaches and Leaks
Strategies to prevent lost and stolen computers from contributing to data breaches and leaks.
SecurityWeek
Cybersecurity M&A Roundup for First Half of October 2023
More than a dozen cybersecurity-related M&A deals were announced in the first half of October 2023.
Infosecurity News
FBI: Hackers Are Extorting Plastic Surgery Patients
Cybercriminals are harvesting sensitive medical data from plastic surgery offices as leverage for extortion demands
Bleeping Computer
FBI warns of extortion groups targeting plastic surgery offices
The FBI warns that cybercriminals are using spoofed emails and phone numbers to target plastic surgery offices across the United States for extortion in phishing attacks that spread malware.
Ars Technica
Mazda’s DMCA takedown kills a hobbyist’s smart car API tool
Financial risk too great for dev working "in my spare time to help others."
Cyber Security News
Top 10 Best Insider Risk Management Platforms - 2023
Best Insider Risk Management Platforms. 1. DoControl 2.ActivTrak 3. Elevate Platform 4. Splunk 5.Varonis 6.Forcepoint 7.Securonix 8. Observe It 9. Exabeam 10.LogRhythm
Bleeping Computer
Microsoft fixes known issue causing Outlook freezes, slow starts
Microsoft has fixed a known issue affecting Outlook for Microsoft 365 users since June and causing slow starts and freezes as if Offline Outlook Data Files (OST) were syncing right after launch.
The Record
Russia wants to isolate its internet, but experts warn it won’t be easy
As Russia’s war with Ukraine drags on, the Kremlin has doubled down on its efforts to take control of the internet on its own turf.
Latest Hacking News
DarkGate Malware Becomes Active, Spreads Via Skype Accounts
The notorious DarkGate malware has become active again, as it now spreads via compromised Skype accounts. Researchers warn users to remain cautious while interacting with unknown accounts. DarkGate Malware Spreads Via Compromised Skype Accounts According to a
Infosecurity News
Signal Disputes Alleged Zero-Day Flaw
Reports emerged over the weekend regarding a zero-day exploit in the messaging app
SecurityWeek
Signal Pours Cold Water on Zero-Day Exploit Rumors
Privacy-focused messaging firm Signal is pouring cold water on widespread rumors of a zero-day exploit in its popular encrypted chat app.
Bleeping Computer
Microsoft fixes Windows 10 security update installation issue
Microsoft has resolved a known issue that caused Windows 10 security updates released during this month's Patch Tuesday to fail with 0x8007000d errors.
The Hacker News
The Fast Evolution of SaaS Security from 2020 to 2024 (Told Through Video)
SaaS Security breaches often stem from misconfigured settings. Learn how 'SaaS Security on Tap' video series tackles the key concepts.
The Hacker News
Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence
🔒 Signal refutes viral reports of a zero-day flaw in its encrypted messaging app. Extensive investigation found no evidence to support the claim.
-1.webp)
Cyber Security News
Hackers Abusing Skype and Teams to Deliver the DarkGate Malware
o spread the DarkGate malware to the targeted businesses, hackers utilized the Teams and Skype messaging platforms.
Bleeping Computer
Steam enforces SMS verification to curb malware-ridden updates
Valve has announced implementing additional security measures for developers publishing games on Steam, including SMS-based confirmation codes. This is to deal with a recent outbreak of malicious updates pushing malware from compromised publisher accounts.
Computerworld
Microsoft addresses three zero-days for October’s Patch Tuesday
Microsoft this week rolled out 103 security updates, including for three zero-day vulnerabilities affecting Windows and Edge.
Bleeping Computer
Microsoft plans to kill off NTLM authentication in Windows 11
Microsoft announced earlier this week that the NTLM authentication protocol will be killed off in Windows 11 in the future.
Bleeping Computer
Hackers use Binance Smart Chain contracts to store malicious scripts
Cybercriminals are employing a novel code distribution technique dubbed 'EtherHiding,' which abuses Binance's Smart Chain (BSC) contracts to hide malicious scripts in the blockchain.
Ars Technica
How DDoSers used the HTTP/2 protocol to deliver attacks of unprecedented size
More than 8 years after the adoption of HTTP/2, DDoSers devise rapid reset attack.
SecurityWeek
In Other News: Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty
Noteworthy stories that might have slipped under the radar: Ex-Uber security chief files appeal, tech giants announce new security offerings.
The Hacker News
DarkGate Malware Spreading via Messaging Services Posing as PDF Files
DarkGate malware is now spreading through instant messaging apps like Skype & Microsoft Teams.
Bleeping Computer
Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT
Malicious NuGet packages appearing to have over 2 million downloads impersonate crypto wallets, crypto exchange, and Discord libraries to infect developers with the SeroXen remote access trojan.
Cyber Security News
Google Initiates the End of Passwords, Making Passkeys the Default for Users
The famous organization Google initiated passwordless by default to make it easier for users by making passkeys.
The Hacker News
How to Guard Your Data from Exposure in ChatGPT
Employee usage of GenAI apps like ChatGPT surged by 44% in just 3 months! But at what cost to data security? Dive into LayerX's report for insights
Infosecurity News
European Police Hackathon Hunts Down Traffickers
Many recruit victims on social media, says Europol
Trend Micro
DarkGate Opens Organizations for Attack via Skype, Teams
We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment.
Bleeping Computer
Microsoft Defender now auto-isolates compromised accounts
Microsoft Defender for Endpoint now uses automatic attack disruption to isolate compromised user accounts and block lateral movement in hands-on-keyboard attacks with the help of a new 'contain user' capability in public preview.
Bleeping Computer
Generative AI Security: Preventing Microsoft Copilot Data Exposure
Microsoft Copilot introduces potential privacy risks as it can have full access to your organization's documents, email, contacts, chats, and calendar. Learn more from Varonis about Microsoft Copilot's security model works and the privacy risks associated with using it.
Bleeping Computer
Simpson Manufacturing shuts down IT systems after cyberattack
Simpson Manufacturing disclosed via a SEC 8-K filing a cybersecurity incident that has caused disruptions in its operations, which are expected to continue.
SecurityWeek
Citrix Patches Critical NetScaler ADC, Gateway Vulnerability
Citrix has released patches for a critical information disclosure vulnerability in NetScaler ADC and NetScaler Gateway.
-1-1.webp)
Cyber Security News
Top 10 Best SaaS Security Tools
Top 10 Best SaaS Security Tools. 1. DoControl, 2. Splunk, 3. Zscaler, 4. Qualys, 5. Proofpoint, 6. Veracode, 7. Okta, 8. Trend Micro.
Bleeping Computer
Microsoft warns of incorrect BitLocker encryption errors
Microsoft warned customers this week of incorrect BitLocker drive encryption errors being shown in some managed Windows environments.
Ars Technica
Adobe’s AI image generators get beefy updates, including vector graphics
Firefly 2 improves detail, Firefly Vector generates scalable vectors from a prompt.
Bleeping Computer
Windows 10 KB5031356 update released with 25 improvements
Microsoft has released the KB5031356 cumulative update for Windows 10 21H2 and Windows 10 22H2, with twenty-five fixes for various issues.
Bleeping Computer
Windows 11 KB5031354 cumulative update released with new features
Microsoft has released the Windows 11 22H2 KB5031354 cumulative update to fix security vulnerabilities. This is the first Patch Tuesday update with access to Windows 11 Moment 4 features provide you turn on the "Get latest updates" toggle
Infosecurity News
#CyberMonth: Google Makes Passkeys Default Sign-In Option
The tech giant said the move is designed to help efforts to make passwords obsolete
CSO
Veza releases new IGA solution to enhance identity security
The solution manages access authorization based on roles and permissions, not users or groups.
SecurityWeek
SAP Releases 7 New Notes on October 2023 Patch Day
SAP has released seven new notes as part of its October 2023 Security Patch Day, all rated ‘medium severity’.
The Hacker News
Google Adopts Passkeys as Default Sign-in Method for All Users
Say goodbye to passwords. You can now set up passkeys for your account, making sign-ins easier and more secure.
Bleeping Computer
Google makes passkeys the default sign-in for personal accounts
Google announced today that passkeys are now the default sign-in option across all personal Google Accounts across its services and platforms.