Ars Technica
Archie, the Internet’s first search engine, is rescued and running
A journey through busted tapes, the Internet Old Farts Club, and SPARCstations.
Ars Technica
A journey through busted tapes, the Internet Old Farts Club, and SPARCstations.
Trend Micro
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024.
SecurityWeek
Financial terms were not released but it's likely a hefty price tag with Exabeam’s most recent valuation pegged at $2.5 billion.
DarkReading
A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.
SecurityWeek
Senators are recommending that Congress spend at least $32 billion over the next three years to develop AI and place safeguards around it.
The Record
“We've got to do a better job of making sure Americans of all political stripes understand what is very probably coming their way over the next less than six months,” Senate Intelligence Chair Mark Warner told leaders from ODNI, CISA and the FBI.
Bleeping Computer
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
SecurityWeek
MITRE announced the public availability of the EMB3D threat model for embedded devices used in critical infrastructure.
The Record
Rep. Zach Nunn arrived in Congress with arguably more cyber experience than any other new member in history. Can he fill the shoes of Rep. Mike Gallagher, the party's longtime House leader on cybersecurity issues?
CyberSecurity Dive
The committee wants to question Brad Smith, Microsoft’s president and vice chair, over the company’s security shortcomings and how it plans to strengthen security measures.
The Record
The law includes data minimization requirements, which significantly constrain what personal data companies can gather and use and bans companies from selling consumers’ sensitive data, allowing individuals to sue if they believe businesses have done so.
Cyber Security News
AFS, a subsidiary of global professional services company Accenture, has been awarded a $789 million contract to bolster the cybersecurity.
DarkReading
The latest round of investment prices the fast-growing cloud native application protection platform (CNAPP) at $12 billion with a simple mandate: Grow quickly through acquisition.
The Record
The cohort fears the draft federal American Privacy Rights Act (APRA) could wipe out existing, and in a few cases stronger, state data privacy laws.
The Hacker News
The cloud promises agility, but opens a Pandora's box of cyber risks if not secured properly. Understand your responsibility under the shared responsi
DarkReading
The city was forced to shut down its IT networks and continues to investigate a major cyber incident that happened over the weekend.
SecurityWeek
Niobium raises $5.5 million in seed funding for a fully homomorphic encryption (FHE) hardware accelerator designed for zero trust computing.
SecurityWeek
Cloud security giant Wiz has raised $1 billion, which brings the total funding to $1.9 billion, at a valuation of $12 billion.
SecurityWeek
MITRE has shared more details on the recent hack, including the new malware and a timeline of the attacker’s activities.
The Record
"We're working on it," says the Senate Intelligence Committee chairman about the recently renewed law's handling of “electronic communications service providers” — a sticking point for privacy advocates.
HACKRead
A new botnet called Goldoon targets D-Link routers and NAS devices putting them at risk of DDoS attacks and more. Learn how weak credentials leave you vulnerable and how to secure your network. pen_spark
SecurityWeek
Network detection and response (NDR) provider Corelight has raised $150 million in a Series D funding round led by Accel.
The Hacker News
A new botnet called Goldoon is targeting D-Link routers with a critical vulnerability from 2015 (CVE-2015-2051).
CyberSecurity Dive
Legislators slammed Andrew Witty over the company’s lack of cybersecurity practices and the impact of the breach, which may have compromised the data of a third of Americans.
The Record
Researchers at Fortinet are calling the botnet Goldoon. D-Link released a patch in 2015 for the bug that it exploits, but some device owners didn't install it.
DarkReading
The breach used stolen Citrix credentials for an account with no MFA. Attackers went undetected for days, and Change's backup strategy failed.
SecurityWeek
New York startup Oasis Security banks $35 million in a Series A extension round led by Accel, Cyberstarts, and Sequoia Capital.
SecurityWeek
DeepKeep, which provides an AI-Native Trust, Risk, and Security Management (TRiSM) platform, has raised $10 million in seed funding.
The Record
CEO Andrew Witty blamed Change Healthcare's legacy technologies and lack of multifactor authentication for the cyberattack, which disrupted the medical industry nationwide.
SC Magazine
Andrew Witty stuck with the familiar corporate line of providing consumers with two years of credit monitoring.
The Record
Sens. Mark Warner and Thom Tillis want to see changes in the federal NVD to reflect how different AI systems can be from traditional software and hardware.
SecurityWeek
Mainsail Partners leads a $15 million financing round for end-to-end cybersecurity compliance platform company Apptega.
SecurityWeek
Despite headwinds from industry behemoths like Microsoft and Google, venture capital investors remain bullish on enterprise browser startups
CyberSecurity Dive
Critics say negligence, misguided investments and hubris have left the enterprise giant on its back foot.
The Cyber Express
The Federal Communications Commission has fined the largest phone carriers in the country - AT&T, Sprint, T-Mobile and Verizon -
The Record
Only five of 14 queried auto manufacturers require a warrant or court order before giving law enforcement connected car owners’ location data, an investigation found.
The Record
UnitedHealth Group CEO Andrew Witty is preparing to testify in two separate congressional hearings about the ransomware attack on the company's Change Healthcare unit.
Krebs on Security
The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers -- including AT&T, Sprint, T-Mobile and Verizon -- for illegally sharing access to customers' location information without consent.
The Record
T-Mobile, Verizon, AT&T and Sprint were caught peddling customers’ location data to so-called aggregators who then resold the information to third-party data brokers, the FCC said.
DarkReading
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: security license mandates; a move to four-day remediation requirements; lessons on OWASP for LLMs.
The Record
Lawmakers sought to keep Americans' data out of the Chinese government's hands. For privacy advocates and others, though, the new TikTok law raises bigger questions.
SecurityWeek
Zero trust endpoint security company ThreatLocker has announced a $115 million Series D funding round that brings the total to $240 million.
The Record
A bipartisan pair of U.S. House members wants more information from the Department of Homeland Security about a Russia-linked group's attack on a water utility in Texas, as well as cybersecurity protections for water supplies in general.
DarkReading
The company reports most systems are functioning again but that analysis of the data affected will take months to complete.
The Cyber Express
In today's digital age, where data breaches and cyber threats loom large, the role of Chief Information Security Officer (CISO)
CyberSecurity Dive
Exploits of Ivanti VPN products have hit roughly 1,700 organizations. To Mitre, guidance from the vendor and government fell short.
SecurityWeek
MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.
Infosecurity News
Non-profit MITRE says a sophisticated state group breached its network via two chained Ivanti zero-days
The Record
The House Energy and Commerce Subcommittee on Oversight and Investigations will hear from UnitedHealth Group CEO Andrew Witty on May 1.
Cyber Security News
The MITRE Corporation has disclosed that a sophisticated cyber attack recently compromised one of its internal r&d networks.
The Record
The White House says President Joe Biden will sign the bill to reauthorize Section 702 of FISA.
The Record
The president signed legislation that imposes modest changes to the Section 702 of the Foreign Intelligence Surveillance Act.
The Hacker News
How attackers are hacking organizations without touching the endpoint by targeting cloud identities.
Security Affairs
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since 2022.
CSO
United HealthGroup said it has already taken $872 million in dealing with the attack and the disruption it caused.
The Record
The vote comes as the Biden administration and Section 702's congressional supporters engage in a new fight with privacy hawks over a provision that would alter the definition of “electronic communication service providers,” or ECSPs.
The Record
Experts and lawmakers expressed concern at a House committee hearing that the draft American Privacy Rights Act would not do enough to rein in the industry.
SecurityWeek
YL Ventures leads a seed funding round for Miggo Security, a Tel Aviv startup working on application detection and response technology.
The Record
The House was expected to consider the bipartisan Fourth Amendment is Not for Sale Act, which has a companion bill in the Senate. Biden administration officials have denounced the legislation on national security grounds.
The Record
The campaigns are reminiscent of efforts in 2020 with a “renewed focus on undermining US support for Ukraine” as well as attempts to turn U.S. citizens against NATO and to foster domestic infighting.
DarkReading
The scam is spreading across the US and impersonates the specific toll-collection services of each state in malicious SMS messages
The Record
“Republicans need to work with us in a bipartisan way to ensure this program with important implications for our national security does not lapse,” says Senate Majority Leader Chuck Schumer.
The Record
UnitedHealth Group's earnings call captured the financial fallout from the incident on the same day as a congressional hearing into the cyberattack.
SC Magazine
The ransomware group posted screenshots of alleged insurer and patient information Monday.
Cyber Security News
The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
SecurityWeek
Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar.
The Cyber Wire
N2K Networks today announced the premiere of Cyber Talent Insights, a three-part special series podcast that guides listeners through effective strategies to develop cybersecurity teams in the constantly changing landscape of the industry.
The Cyber Express
An active exploitation of critical vulnerabilities in D-Link Network Attached Storage (NAS) devices has raised concerns for D-Link users exposing
The Record
Members were preparing to hold procedural votes on the legislation Friday morning, after having blocked it once already this week.
Trend Micro
Delve into the crucial practice of file scanning within uploader applications, and learn defensive measures to safeguards against malicious threats like malware.
Security Affairs
US Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link NAS devices bugs to its Known Exploited Vulnerabilities catalog
SecurityWeek
USCYBERCOM said its Cyber National Mission Force participated in 22 foreign hunt forward operations in 2023.
The Record
The Cybersecurity and Infrastructure Security Agency added two bugs in older D-Link hardware to its Known Exploited Vulnerabilities list. Experts say 92,000 devices could be exposed.
Trend Micro
Our blog entry provides an in-depth analysis of Earth Hundun's Waterbear and Deuterbear malware.
The Hacker News
Microsoft releases a massive patch for April 2024, fixing a record 149 flaws. Two vulnerabilities are ALREADY under attack.
The Record
As U.S. hospitals struggle to pay their employees amid a cyberattack that knocked out a major payment vendor, a powerful Democratic senator is seizing the moment to push for better security in the sorely vulnerable healthcare sector.
Bleeping Computer
Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs.
DarkReading
The company is asking users to retire several network-attached storage (NAS) models to avoid compromise through a publicly available exploit that results in backdooring.
Infosecurity News
Threat actors are targeting a high severity vulnerability in close to 100,000 legacy D-Link devices
SecurityWeek
Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild.
The Hacker News
Hackers are exploiting vulnerabilities (CVE-2024-3272 and CVE-2024-3273) in D-Link NAS devices. Up to 92,000 devices affected.
SC Magazine
An attacker could gain remote access to network-attached storage and execute arbitrary commands.
Bleeping Computer
Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE) zero-day flaw.
Ars Technica
D-Link won't be patching vulnerable NAS devices because they're no longer supported.
Infosecurity News
Two US lawmakers have published a draft federal data privacy law, dubbed the American Privacy Rights Act, which aims to provide protections for the personal information of all US citizens
CyberSecurity Dive
The networking hardware vendor advised owners of the affected devices to retire and replace them. There is no patch available for the vulnerability.
The Hacker News
Q1 2024 had 22% less ransomware attacks than Q4 2023. Why is that and is it a trend that will continue?
SC Magazine
More than 92,000 outdated internet-exposed D-Link Network Attached Storage devices could be breached in attacks exploiting a newly discovered arbitrary command injection and hardcoded backdoor vulnerability, tracked as CVE-2024-3273, which could result in sensitive data access, system configuration modifications, and denial-of-service conditions, reports Security Affairs.
The Record
A comprehensive data privacy bill unveiled Sunday would offer historic privacy protections and appears to have momentum on both sides of the aisle.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models.
Bleeping Computer
A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.
Computerworld
When it comes to Android upgrades, all device-makers are absolutely not equal — and this year's data reveals just how volatile their commitments can be.
The Record
U.S. House leaders are planning to call up legislation that would renew powerful spying authorities — known as Section 702 — that are slated to expire in a matter of days.
Cyber Security News
A new command injection vulnerability and a backdoor account has been discovered in D-Link Network Attached Storage devices which affects
DarkReading
The initiative is meant to provide more resources and better strategies for healthcare entities that face an increasing amount of cybersecurity challenges.
The DFIR Report
Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, … Read More
The Record
In a move praised by privacy and security experts, the agency says it is looking hard at the safety of protocols known as SS7 and Diameter.
Ars Technica
Voice Engine can clone voices with 15 seconds of audio, but OpenAI is warning of potential misuse.
Loading more articles....