DarkReading
US AI Experts Targeted in SugarGh0st RAT Campaign
Researchers believe the attacker is likely China-affiliated, since a previous version of the malware was used by a China nation-state attack group.
The Hacker News
North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign
Kimsuky hackers launch new social engineering attack using fake Facebook accounts. Learn how they target activists via Messenger and deliver malware.
Cyber Security News
Top 10 Best Managed Service Providers (MSP) for CISO, CTO & IT Managers - 2024
Best MSP for CISO, CTO & IT Managers - 1. Perimeter 812. Secureworks 3. IBM 4. Trustwave 5. Wipro 6. Verizon 7. Sophos 8. Symantec.
CSO
Cycode rolls out ASPM connector marketplace, analysts see it as bare minimum
Application Security Posture Management tools need to integrate with other security tools to do their job.
Security Affairs
Google fixes seventh actively exploited Chrome zero-day this year
Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week.
DarkReading
Patch Now: Another Google Zero-Day Under Exploit in the Wild
Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week.
The Cyber Express
Russian Hackers Used Two New Backdoors to Spy on European Foreign Ministry
Researchers recently uncovered two new backdoors implanted within the infrastructure of a European Ministry of Foreign Affairs (MFA) and its
The Cyber Express
Josh Krueger of Project Hosts, Inc. Appointed to Federal Secure Cloud Advisory Committee
Josh Krueger, the Chief Information Security Officer at Project Hosts, Inc. has been appointed to the Federal Secure Cloud Advisory
SecurityWeek
Android 15 Brings Improved Fraud and Malware Protections
Google is boosting fraud and malware protections in Android 15 with live threat detection and expanded restricted settings.
SecurityWeek
Palo Alto Networks Teams Up With IBM, Acquires QRadar SaaS Assets
Palo Alto Networks and IBM have announced a significant partnership to jointly provide cybersecurity solutions.
SecurityWeek
Third Chrome Zero-Day Patched by Google Within One Week
Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.
Cyber Security News
Google Chrome Zero-day Vulnerability (CVE-2024-4947) Actively Exploited in The Wild
Google has released update for its Chrome to patch a high-severity vulnerability that is being actively exploited by attackers in the wild.
The Hacker News
Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability
Google fixes critical zero-day vulnerability in Chrome. CVE-2024-4947, a type confusion bug in the V8 JavaScript engine, has been actively exploited b
SC Magazine
Google patches 3rd Chrome browser zero-day inside of a week
Security pros say the uptick in Chrome zero-days this week demonstrates an increased focus by threat actors on attacking browsers.
Bleeping Computer
Google patches third exploited Chrome zero-day in a week
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
Bleeping Computer
Google fixes third actively exploited Chrome zero-day in a week
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
Ars Technica
Google unveils Veo, a high-definition AI video generator that may rival Sora
Google's video synthesis model creates minute-long 1080p videos from written prompts.
Bleeping Computer
Android to add new anti-theft and data protection features
Google is introducing multiple anti-theft and data protection features later this year, some available only for Android 15+ devices, while others will roll out to billions of devices running Android 10 and later.
Bleeping Computer
Android 15, Google Play get new anti-malware and anti-fraud features
Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices.
Bleeping Computer
Android 15, Google Play Protect get new anti-malware and anti-fraud features
Today, Google announced new security features coming to Android 15 and Google Play Protect that will help block scams, fraud, and malware apps on users' devices.
The Hacker News
Google Launches AI-Powered Theft and Data Protection Features for Android Devices
Google just unveiled new "private space" feature lets you keep your sensitive apps hidden and locked with a separate PIN.
The Hacker News
Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps
Android 15 introduces new features to prevent malicious apps from capturing your sensitive data. Find out more about these crucial updates:
Ars Technica
SSH backdoor has infected 400,000 Linux servers over 15 years and keeps on spreading
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
Infosecurity News
Google Expands Content Watermarking Tool to AI-Generated Text
Google DeepMind’s SynthID can now be used to watermark AI-generated images, audio, text and video
SecurityWeek
Unwanted Tracking Alerts Rolling Out to iOS, Android
Apple and Google have rolled out a new mobile feature that warns users of unwanted trackers moving with them.
SecurityWeek
Senators Urge $32 Billion in Emergency Spending on AI After Finishing Yearlong Review
Senators are recommending that Congress spend at least $32 billion over the next three years to develop AI and place safeguards around it.
The Cyber Express
Microsoft Addresses Zero-Day Vulnerability Exploited by QakBot Malware
Microsoft patched a zero-day vulnerability exploited by attackers to distribute QakBot and other malware payloads on susceptible Windows systems. Identified
The Cyber Express
Chrome Vulnerability Alert: Google’s Rapid Response to 6th Zero-Day Exploit
A new Google Chrome vulnerability has been uncovered and exploited, marking the sixth zero-day incident in 2024 alone. In response,
The Hacker News
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
DarkReading
Microsoft Windows DWM Zero-Day Poised for Mass Exploit
CVE-2024-30051 is the most concerning out of this month's Patch Tuesday offerings, and is already under active exploit by several QakBot actors.
Cyber Security News
Let's AI Search for You! Google Search Now Gets Advanced AI-Powered Capabilities
Google revealed its plans to integrate advanced generative AI capabilities into its flagship Search product. This move promises to transform the way users interact with and leverage information on the internet.
Cyber Security News
Alert! Microsoft Fixes 60 Vulnerabilities With 2 Actively Exploited Zero-Days
Microsoft fixed 60 vulnerabilities in its Patch Tuesday release in May 2024, including 2 zero-day vulnerabilities actively exploited in the wild
Ars Technica
Google strikes back at OpenAI with “Project Astra” AI agent prototype
AI model updates galore at Google I/O, including 2m context window, Imagen 3, Veo, and more.
SecurityWeek
Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities
Microsoft patched 60 security bugs in multiple products and waned of an actively exploited Windows zero-day (CVE-2024-30051)
Bleeping Computer
Microsoft fixes Windows zero-day exploited in QakBot malware attacks
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
Bleeping Computer
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
SecurityWeek
Adobe Patches Critical Flaws in Reader, Acrobat
Adobe documents multiple code execution flaws in a wide range of products, including the widely deployed Adobe Acrobat and Reader software.
DarkReading
Dangerous Google Chrome Zero-Day Allows Sandbox Escape
Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.
HACKRead
Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data
A new Android malware poses as popular applications like WhatsApp, Instagram, and Snapchat to steal user data, including login credentials.
Bleeping Computer
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own
Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition.
Bleeping Computer
Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android
On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with them.
Bleeping Computer
VMware fixes three zero-day bugs exploited at Pwn2Own 2024
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest.
Ars Technica
Apple, SpaceX, Microsoft return-to-office mandates drove senior talent away
"It’s easier to manage a team that’s happy.”
The Hacker News
New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation
Google has released emergency fixes for a new zero-day vulnerability (CVE-2024-4761) that has been actively exploited in the wild.
The Cyber Express
Cybersecurity Concerns Surround ChatGPT 4o’s Launch; Open AI Assures Beefed up Safety Measure
The field of Artificial Intelligence is rapidly evolving, and OpenAI's ChatGPT is a leader in this revolution. This groundbreaking large
SecurityWeek
Google Patches Second Chrome Zero-Day in One Week
Google has patched CVE-2024-4761, the second exploited vulnerability addressed by the company within one week.
Security Affairs
Google fixes sixth actively exploited Chrome zero-day this year
Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability.
The Hacker News
6 Mistakes Organizations Make When Deploying Advanced Authentication
Advanced authentication: The key to addressing the weakest link in cybersecurity - human users. Learn how to fortify your organization's defenses.
SecurityWeek
MITRE EMB3D Threat Model Officially Released
MITRE announced the public availability of the EMB3D threat model for embedded devices used in critical infrastructure.
Cyber Security News
Chrome Zero-day Vulnerability Exploited in the Wild, Patch Now!
Google has released an urgent security update for the Chrome browser to address a high-severity vulnerability that is being actively exploited in the wild.
Bleeping Computer
Google Chrome emergency update fixes 6th zero-day exploited in 2024
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks.
Latest Hacking News
Google Admits Active Exploitation For Chrome Browser Zero-Day
Chrome users must ensure that their devices are updated with the latest browser release. Google addressed an actively exploited zero-day flaw with the latest build, which applies to all Chrome users with various devices. The
The Hacker News
Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices
pple and Google just rolled out a cross-platform feature called "Detecting Unwanted Location Trackers" (DULT) on iOS and Android to protect users.
SC Magazine
Google patches 6th Chrome zero-day of 2024, three days after last one
Security pros say the industry can expect to see this bug exploited soon, so patch, monitor and conduct other measures, like browser isolation and sandboxing.
Krebs on Security
Patch Tuesday, May 2024 Edition
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS…
Bleeping Computer
Apple backports fix for zero-day exploited in attacks to older iPhones
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS zero-day tagged as exploited in attacks.
Bleeping Computer
Apple backports fix for RTKit iOS zero-day to older iPhones
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks.
SecurityWeek
$2.5 Million Offered at Upcoming 'Matrix Cup' Chinese Hacking Contest
Chinese hacking contest Matrix Cup is offering rewards for exploits targeting OS, smartphones, enterprise software, and security products.
%20(2).webp)
Cyber Security News
Google Cloud Accidentally Deletes $125 Billion Pension Fund’s Online Account
A major mistake in setup caused Google Cloud and UniSuper to delete the financial service provider's private cloud account.
The Cyber Express
TCE Cyberwatch: Weekly Wrap on AI, Deepfakes, Cybersecurity Challenges Affecting Nations Worldwide
This week on TCE Cyberwatch we’re covering the different data breaches and vulnerabilities faced by different companies. Along with this,
The Record
'Russian' hackers deface potentially hundreds of local British news sites
An infiltrator posted a breaking news story titled "PERVOKLASSNIY RUSSIAN HACKERS ATTACK" on websites owned by Newsquest Media Group.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Staying informed is the key in this dynamic battle of cybersecurity, and due to this, the weekly news recap provides you with the newest trends, weaknesses, infringements found, and some possible defense mechanisms.
The Hacker News
FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT
The notorious FIN7 hacking group is at it again! This time, they're using malicious Google ads to trick users into downloading malware disguised as le
CSO
CISA inks 68 tech vendors to secure-by-design pledge — but will it matter?
CISA’s pledge drew some big names, but the impact on software security could be limited. Meanwhile the org has extended its comment period on the CIRCIA cyberattack reporting law.
CSO
Google Chrome gets a patch for actively exploited zero-day vulnerability
Details of the use-after-free memory vulnerability were not publicly released, but Google says it’s aware an exploit for the bug exists.
HACKRead
New LLMjacking Attack Lets Hackers Hijack AI Models for Profit
Researchers have discovered a novel cyberattack scheme, dubbed, LLMjacking, in which, threat actors gain access to the cloud environment.
Ars Technica
Google patches its fifth zero-day vulnerability of the year in Chrome
Exploit code for critical "use-after-free" bug is circulating in the wild.
CyberNews
Google maps out tiny portion of brain
One cubic millimeter of the human brain has been shown to have 50,000 cells and 150 million neural connections.
DarkReading
Cybersecurity Races to Unmask New Wave of AI Deepfakes
Kevin Mandia, CEO of Mandiant at Google Cloud, calls for watermarks as the industry braces for a barrage of mind-bending AI-generated fake audio and video.
Security Affairs
Google fixes fifth actively exploited Chrome zero-day this year
Since the start of the year, Google released an update to fix the fifth actively exploited zero-day vulnerability in the Chrome browser.
SecurityWeek
Exploited Chrome Zero-Day Patched by Google
A Chrome 124 update patches the second Chrome zero-day that has been found to be exploited in malicious attacks in 2024.
The Hacker News
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability
Google has just released an update to patch a new zero-day flaw, CVE-2024-4671, which hackers are actively exploiting in the wild.
The Hacker News
Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing
Fake Android apps mimicking popular platforms like Google & WhatsApp are stealing user data.
Cyber Security News
FIN7 Hackers Abuse Sponsored Google Ads To Deliver MSIX Payloads
Hackers take advantage of sponsored Google Ads as they provide an excellent chance to quickly reach a large audience.
SecurityWeek
RSA Conference 2024 – Announcements Summary (Day 4)
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
CyberSecurity Dive
Some Ascension hospitals diverting emergency care after cybersecurity incident
The health system’s electronic health records, MyChart patient portal and several systems for ordering tests and medications are unavailable, Ascension said.
Bleeping Computer
Google fixes fifth Chrome zero-day exploited in attacks this year
Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year.
The Hacker News
Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models
Researchers have uncovered a new attack called "LLMjacking" that targets large language models (LLMs) hosted on cloud services.
The Cyber Express
Lenovo Joins Secure by Design Pledge, Enhancing Cybersecurity Standards
Lenovo takes a bold step towards fortifying cybersecurity by joining the Secure by Design pledge, initiated by the US Cybersecurity
Cyber Security News
Alert! Google Chrome Zero-day Exploited in the Wild
There is a vulnerability in Chrome's Visuals component that is being tracked as CVE-2024-4671. The flaw is related to the use-after-free issue and can potentially lead to remote code execution.
SC Magazine
Google patches fifth Chrome zero-day of 2024
While Google confirmed that the bug exists in the wild, security researchers say there has yet to have been an instance of active exploitation.
DarkReading
Aggressive Cloud-Security Player Wiz Scores $1B in Funding Round
The latest round of investment prices the fast-growing cloud native application protection platform (CNAPP) at $12 billion with a simple mandate: Grow quickly through acquisition.
Infosecurity News
Why Cybersecurity Professionals Have a Duty to Secure AI
Experts at the RSA Conference urged cyber professionals to lead the way in securing AI systems today and pave the way for AI to solve huge societal challenges
Bleeping Computer
AT&T delays Microsoft 365 email delivery due to spam wave
AT&T's email servers are blocking connections from Microsoft 365 due to a "high volume" spam wave originating from Microsoft's service.
DarkReading
Vast Network of Fake Web Shops Defrauds 850,000 & Counting
China-based cybercriminal group "BogusBazaar" created tens of thousands of fraudulent online stores based on expired domains to steal payment credentials.
CyberSecurity Dive
68 tech, security vendors commit to secure-by-design practices
CISA said companies ranging from Microsoft to Palo Alto Networks signed the voluntary pledge in an effort to boost resiliency and increase transparency around CVEs and cyberattacks.
CyberSecurity Dive
Ascension hit by cybersecurity incident disrupting clinical operations
The major nonprofit health system detected “unusual activity” on some network systems Wednesday.
Infosecurity News
Fake Online Stores Scam Over 850,000 Shoppers
Researchers discover 75,000+ domains hosting fraudulent e-commerce sites, in a campaign dubbed BogusBazaar
The Cyber Express
Google Brings Gemini AI to Cybersecurity
Google has brought together its Gemini AI model with its Mandiant cybersecurity unit and VirusTotal threat Intelligence to enhance threat
DarkReading
Token Security Launches Machine-Centric IAM Platform
Instead of building a list of users and identifying what systems each use can access, Token Security starts with a list of machines and determining who can access each system.
The Record
With nation-state threats in mind, nearly 70 software firms agree to Secure by Design pledge
CISA Director Jen Easterly said the voluntary pledge by software companies is important because of widespread nation-state hacking campaigns, including the Volt Typhoon operation attributed to China.
SC Magazine
Cybersecurity incident impacts operations at Ascension hospitals
Large Catholic nonprofit hired Mandiant to investigate what’s now an unspecified cybersecurity incident that has reportedly forced hospitals in at least Maryland, Michigan, Kansas, and Wisconsin to shut down its systems.
DarkReading
3-Year Iranian Influence Op Preys on Divides in Israeli Society
Iran follows in Russia's disinformation footsteps but with a different, more economical, and potentially higher-impact model.
Infosecurity News
Three Strategies to Boost Open-Source Security
Experts at the RSA Conference discussed how governments, the open-source community and end users can work together to drastically improve the security of open-source software
Ars Technica
Dell responds to return-to-office resistance with VPN, badge tracking
Report claims new tracking starts May 13 with unclear consequences.
HACKRead
LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites
WordPress websites are under attack with a surge of malicious JavaScript being injected using vulnerable versions of the LiteSpeed Cache plugin.
Bleeping Computer
Massive webshop fraud ring steals credit cards from 850,000 people
A massive network of 75,000 fake online shops called 'BogusBazaar' tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders.
The Hacker News
New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data
Researchers have uncovered a new class of attacks called Pathfinder that can extract encryption keys and sensitive data from Intel CPUs.
SecurityWeek
Android Update Patches Critical Vulnerability
Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component.
SecurityWeek
RSA Conference 2024 – Announcements Summary (Day 2)
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
Loading more articles....