The Hacker News
New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks
New Wi-Fi vulnerability discovered! CVE-2023-52424, dubbed "SSID Confusion attack," affects all operating systems and Wi-Fi clients.
Cyber Security News
Top 10 Best Managed Service Providers (MSP) for CISO, CTO & IT Managers - 2024
Best MSP for CISO, CTO & IT Managers - 1. Perimeter 812. Secureworks 3. IBM 4. Trustwave 5. Wipro 6. Verizon 7. Sophos 8. Symantec.
%20(1)%20(1).webp)
Cyber Security News
PoC Exploit Released for Ivanti EPMM MobileIron Core
A newly disclosed vulnerability, identified as CVE-2024-22026, has been found in Ivanti EPMM, formerly known as MobileIron Core.
DarkReading
Flaw in Wi-Fi-Standard Can Enable SSID Confusion Attacks
Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions.
.webp)
Cyber Security News
New Wi-Fi ‘SSID Confusion’ Attack Let Attackers connecting To Malicious Network
A design flaw in the IEEE 802.11 standard allows for SSID spoofing in WPA2 and WPA3 networks. While authentication protocols prevent
Bleeping Computer
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
Bleeping Computer
Microsoft fixes VPN failures caused by April Windows updates
Today, Microsoft fixed a known issue breaking VPN connections across client and server platforms after installing the April 2024 Windows security updates.
Ars Technica
ChatGPT-4o allows real-time audio-video conversations with an “emotional” AI chatbot
GPT-4o demo shows new AI model singing a bedtime story, detecting user's facial expressions.
Cyber Security News
New 'TunnelVision' Technique Allows Hackers to Bypass VPN Encryption
Security researchers have uncovered a new technique called "TunnelVision" that exposes a fundamental flaw in routing-based Virtual Private Networks (VPNs),
The Hacker News
Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing
Fake Android apps mimicking popular platforms like Google & WhatsApp are stealing user data.
The Hacker News
New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation
Researchers have uncovered a vulnerability (CVE-2024-3661) that allows threat actors to snoop on your VPN traffic.
SecurityWeek
LockBit Takes Credit for City of Wichita Ransomware Attack
The LockBit cybercrime group has taken credit for the recent ransomware attack that disrupted City of Wichita systems.
DarkReading
Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE
Patch now: CVE-2023-49606 in the open source, small-footprint proxy server can potentially lead to remote code execution.
Bleeping Computer
City of Wichita breach claimed by LockBit ransomware gang
The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation.
Bleeping Computer
Get a grade-A refurbished Dell Precision desktop for $414 off
A desktop can be a powerful and effective upgrade for remote work, personal projects, and much more. This near-mint refurbished Dell Precision tower has all the power you need for $269.99, $414 off the $684 MSRP.
The Cyber Express
LockBit Ransomware Targets Wichita City Following Unmasking of Group Leader
Despite the major collaborative effort by law enforcement agencies resulting in the exposure and sanctioning of Dmitry Yuryevich Khoroshev, the
SC Magazine
‘TunnelVision’ DHCP flaw lets attackers bypass VPNs, redirect traffic
Security pros warn that this flaw could affect just about every IP-routing based VPN.
Bleeping Computer
New attack leaks VPN traffic using rogue DHCP servers
A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection.
DarkReading
City of Wichita Public Services Disrupted After Ransomware Attack
The city was forced to shut down its IT networks and continues to investigate a major cyber incident that happened over the weekend.
SC Magazine
RSAC 2024: Outfoxing SSO: Bypassing modern authentication
Identity security firm Silverfort shows how an adversary could bypass FIDO2 protections and SSO to hijack a session token for abuse.
Ars Technica
Novel attack against virtually all VPN apps neuters their entire purpose
TunnelVision vulnerability has existed since 2002 and may already be known to attackers.
Cyber Security News
Multiple Xiaomi Android Devices Vulnerability Let Attackers Hijack Phones
Several security experts have recently discovered that Xiaomi Android devices are suffering from a range of security vulnerabilities that affect several apps and system components.
The Hacker News
Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components
Xiaomi devices running Android have been found to contain multiple security vulnerabilities in various apps and system components.
DarkReading
Paris Olympics Cybersecurity at Risk via Attack Surface Gaps
Though Olympics officials appear to have better secured their digital footprint than other major sporting events have, significant risks remain for the Paris Games.
Ars Technica
AI in space: Karpathy suggests AI chatbots as interstellar messengers to alien civilizations
Andrej Karpathy muses about sending a LLM binary that could "wake up" and answer questions.
Bleeping Computer
Microsoft says April Windows updates break VPN connections
Microsoft says the April 2024 Windows security updates break VPN connections on Windows 11, Windows 10, and Windows Server systems.
Ars Technica
UK outlaws awful default passwords on connected devices
The law aims to prevent global-scale botnet attacks.
Bleeping Computer
How to Protect Your Employees from Identity-Based Attacks
Identity-based attacks have become one of the most significant threats facing organizations today. Learn more from Specops Software on tactics used in these types of attacks and how to defend against them.
The Cyber Express
Moldova Government Hit by NoName Ransomware: Websites Down
The notorious NoName ransomware group this time has allegedly set its sights on Moldova, targeting key government websites in what
HACKRead
Integrated Residential Security Solutions to Employ in 2024
As we progress through 2024, home security is rapidly advancing, with a notable shift towards integrated residential security solutions.
HACKRead
Popular Keyboard Apps Leak User Data: Billion Potentially Exposed
Popular keyboard apps leak user data! Citizen Lab reports 8 out of 9 Android IMEs expose keystrokes. Change yours & protect passwords!
Infosecurity News
CrushFTP File Transfer Vulnerability Lets Attackers Download System Fi
CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows them to download system files
Bleeping Computer
Add a 5G Android tablet to your gear with $130 off this TCL Tab 10
A good tablet is a crucial piece of your work gear, as a second screen, an entertainment center, and much more. This TCL 5G tablet provides power and space for $119.99, $130 off the $249 MSRP.
DarkReading
Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attacks
Moobot, Miori, AGoent, and a Gafgyt variant have joined the infamous Mirai botnet in attacking unpatched versions of vulnerable Wi-Fi routers.
The Cyber Express
“We Will be Attacked”: Cybersecurity Challenges Loom Over Paris Olympics 2024
As the countdown to the Paris Olympics 2024 begins, organizers are gearing up to confront potential cybersecurity threats and the
Bleeping Computer
Get a grade-A rated refurbished Chromebook for $364 off
Chromebooks are ideal for road warriors of all stripes. This grade-A Lenovo Chromebook will fit right in with your gear for $110.99, $364 off the $475 MSRP.
The Hacker News
Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users
A sophisticated cyber-espionage campaign has re-emerged, targeting South Asia with an iOS spyware implant called LightSpy.
Infosecurity News
New Android Espionage Campaign Spotted in India and Pakistan
A new cyber espionage campaign, called ‘eXotic Visit,’ targeted Android users in South Asia via seemingly legitimate messaging apps
Bleeping Computer
Get a grade-A refurbished 2-in-1 Chromebook and save $364
Flexible work needs flexible tools. This grade-A Lenovo Chromebook offers multiple form factors and ease of use for $110.99, $364 off the $475 MSRP.
DarkReading
92K D-Link NAS Devices Open to Critical Command-Injection Bug
The company is asking users to retire several network-attached storage (NAS) models to avoid compromise through a publicly available exploit that results in backdooring.
CyberNews
The $100 cybersecurity budget – how cyber pros would spend it
Cybernews asked cybersecurity professionals how they would allocate a limited budget for the greatest impact on home security.
Infosecurity News
Over 90,000 D-Link NAS Devices Are Under Attack
Threat actors are targeting a high severity vulnerability in close to 100,000 legacy D-Link devices
Cyber Security News
Hackers Weaponize Suspended Domains To Deliver Malware Payload
A recent phishing campaign targeting Latin America utilized emails with ZIP attachments containing an HTML file disguised as an invoice using
The Cyber Express
What Is Orbot: The Much-Needed Tor for Android and iOS!
Have you ever Googled something you'd rather not admit to and then worried about shadowy government agencies tracking your search
Security Affairs
Cyberattack disrupted services at Omni Hotels & Resorts
US hotel chain Omni Hotels & Resorts suffered a cyber attack that forced the company to shut down its systems.
The Hacker News
New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA
Financial organizations in APAC & MENA are under attack. A sophisticated threat dubbed JSOutProx combines JavaScript & .NET to infiltrate systems.
CSO
Cyberattack forces Omni Hotels to shut down its IT systems
Omni shut down its IT systems in response to an attack it faced on Friday, disrupting key operations including reservations, payments, and point-of-sale systems.
Bleeping Computer
These Sony noise-canceling earbuds are now $100 off MSRP
Order today for just $99.99 to get your hands on the LinkBuds S in Black or White (open box), saving a massive 50% on the original price.
Bleeping Computer
Learn pentesting and white-hat skills with $150 off this bundle
Ethical hacking is the best way to put your systems to the test. These nine cybersecurity courses help you get started for $29.99, $150 off the $180 MSRP.
Ars Technica
What we know about the xz Utils backdoor that almost infected the world
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.
HACKRead
TheMoon Malware Returns: 6,000 Asus Routers Hacked in 72 Hours
A new variant of "TheMoon Malware" has emerged, specifically targeting vulnerable IoT devices, particularly Asus routers.
SecurityWeek
In Other News: Airline Privacy Review, SEC's SolarWinds Hack Probe, Apple MFA Bombing
US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.
CyberNews
Cybercriminals selling new tool weaponizing Raspberry Pi
Threat actors have come up with a new solution called Geobox that transforms the mini-computer Raspberry Pi into a Swiss-army knife type of hacking device.
The Cyber Express
Classes Resume at University of Winnipeg Following Recovery from Cyber Incident
The University of Winnipeg reacted to a 'cyber incident' affecting its infrastructure, prompting the cancellation of Monday's classes. The University
Bleeping Computer
$700 cybercrime software turns Raspberry Pi into an evasive fraud tool
Cybercriminals are selling custom Raspberry Pi software called 'GEOBOX' on Telegram, which allows inexperienced hackers to convert the mini-computers into anonymous cyberattack tools.
HACKRead
New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location
With GEOBOX on the Dark Web cybercriminals can enable manipulation of GPS, network simulation, Wi-Fi mimicry, and anti-fraud filter evasion.
Cyber Security News
Hackers Transform Raspberry Pi Into A Hacking Tool
GEOBOX is specialized software designed for Raspberry Pi devices that have been observed on the Dark Web being marketed as the next major
The Cyber Express
Holi Scams Lurk Online: Secure Your Celebrations with These Cyber Safety Tips
Amidst the anticipation of the vibrant Holi celebrations, there lurks a less colorful reality: the shadowy world of Holi scams
Ars Technica
Vernor Vinge, father of the tech singularity, has died at age 79
Vinge won multiple Hugo awards and created a sci-fi concept that drives AI researchers.
CyberNews
Amazon, other retailers under FCC investigation for selling jammers
The Federal Communications Commission confirmed to NBC News that it’s investigating Amazon and other retailers allegedly marketing and selling radio frequency jammers.
Ars Technica
Nvidia announces “moonshot” to create embodied human-level AI in robot form
As companies race to pair AI with general-purpose humanoid robots, Nvidia's GR00T emerges.
HACKRead
Texas Adult Site Age Verification Law Sparks 234.8% VPN Surge
The surge in VPN demand is not surprising. The ban on Utah-based users by Pornhub in May 2023 resulted in a 967% increase in demand for VPN.
Bleeping Computer
Keep a computer in your pocket with $119 off the ECS LIVA Mini Box
Desktops don't have to be massive towers, and they don't have to be stuck on your desk, either. This palm-sized desktop from ECS gives you the full experience in a tiny package for $99.99, $119 off the $219 MSRP.
CyberNews
Michelin-starred chef working on “stratospheric dining experience”
If you thought getting a reservation at a nice restaurant on a Friday night was tough, try booking a table at this space capsule.
The Record
Cyberattack knocks out Pensacola city government phone lines
The attack on Pensacola, which has affected the 311 Citizen Support system but not emergency calls, is the 21st on a U.S. local government so far this year.
Ars Technica
Hackers can read private AI assistant chats even though they’re encrypted
All non-Google chat GPTs affected by side channel that leaks responses sent to users.
The Hacker News
DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day Attack
A new DarkGate malware campaign uses a recently patched #MicrosoftWindows flaw (CVE-2024-21412) to deploy malicious software via bogus installers.
DarkReading
Heated Seats? Advanced Telematics? Software-Defined Cars Drive Risk
Carmakers are offering all kinds of over-the-air subscriptions and features, many of which benefit the businesses that use them. But this also opens up a wider attack surface for vehicle attackers.
Computerworld
A call for digital-privacy regulation 'with teeth' at the federal level
Big tech is making money hand over fist with your data. And while the states are picking up the slack on privacy legislation, Congress remains AWOL.
.webp)
Cyber Security News
Tweaks Stealer Attacks Online Game Users Abusing YouTube & Discord
A new malicious campaign has been unveiled, targeting the vast user base of the online gaming platform Roblox.
Bleeping Computer
Windows 11 KB5035853 update released, here's what's new
Microsoft has released the KB5035853 cumulative update for Windows 11 23H3 and 22H2, with 21 fixes and changes, including fixing a bug causing 0x800F0922 errors when installing updates.
HACKRead
Unsecured Video Doorbells Sold on Major Platforms: Millions at Risk of Hacking
Consumer Reports exposes security vulnerabilities in popular video doorbells allowing unauthorized access, stolen footage, and privacy risks.
HACKRead
Cisco Fixes High-Severity Code Execution and VPN Hijacking Flaws
Network equipment giant Cisco has addressed security flaws impacting its Secure Client enterprise VPN application and endpoint security solutions.
Cyber Security News
10 Best Network Security Solutions for Chief Security Officer to Consider - 2024
Best Network Security Solutions for CSO :1. Perimeter81 2. Cisco Systems 3. Palo Alto Networks 4. Fortinet 5. Check Point Software.
Cyber Security News
10 Best Network Security Solutions for Enterprise - 2024
Best Network Security Solutions for Enterprise: 1. Perimeter81 2. Cisco Systems 3. Palo Alto Networks 4. Fortinet 5. Sophos 6. McAfee.
CyberNews
Google's newest office has AI designers toiling in a Wi-Fi desert
Google has been touting the myriad innovations in the first building wholly designed and built by the web giant. But some say they wish Wi-Fi was decent.
.webp)
Cyber Security News
The Importance of VPNs for Network Security
The IT team would use firewalls to protect the company's sensitive data as Internet traffic moved in and out of the network.
PCMag
Scammers Target Helldivers 2 Buyers With Fake Games on Steam
Bogus versions of Helldivers 2 popped up on Steam, complete with info, screenshots, and logos ripped from the real game. One suspicious detail gave it away, though.
Cyber Security News
Juice jacking : Hijacking mobile phones using public charging ports
RBI has issued a stark warning against the dangers of "juice jacking,"targeting mobile users who charge their devices at public USB ports.
Cyber Security News
Internet-connected Doorbell Cameras Flaw Let Attackers Hijack Devices
The security flaws in popular video doorbell cameras could allow attackers to hijack popular camera devices.
Bleeping Computer
Windows 11 KB5034848 preview update adds USB 80Gbps support
Microsoft has released the optional KB5034848 Preview cumulative update for Windows 11 23H2 and 22H2, which brings new features, including USB 80Gbps and nineteen other changes and fixes.
Bleeping Computer
Windows 11 'Moment 5' update released, here are the new features
Microsoft has released the Windows 11 'Moment 5' update for versions 23H2 and 22H2, starting the rollout of new features, such as Windows Copilot skills and plugins, Voice Access, AI enhancements for ClipChamp and Photos, and Narrator improvements.
Cyber Security News
10 Best Automatic WiFi Security Providers - 2024
Best Automatic WiFi Security Providers : 1. Perimeter 81 2. Cisco Systems 3. Fortinet 4. Palo Alto Networks 5. Aruba Networks 6. Sophos.
Security Affairs
Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities
Recently the leak of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities.
Cyber Security News
10 Best Network Security Providers for Government Sectors - 2024
Network security providers for the government: 1. Perimeter81 2. Cisco 3. Palo Alto Networks 4. Fortinet 5. Symantec 6. Trend Micro.
Bleeping Computer
Windows Photos gets AI magic eraser on Windows 10 and later
Microsoft's Windows Photos app now has its own generative erase tool that enables users to replace unwanted objects with AI-generated content.
Bleeping Computer
Microsoft has started testing Wi-Fi 7 support in Windows 11
Microsoft is testing support for Wi-Fi 7 in Windows 11, which offers multi-gigabit speeds and improved throughput, latency, and reliability compared to previous Wi-Fi generations.
HACKRead
AT&T Outage Disrupts Service for Millions of Users Across US
You are not alone, an AT&T outage is happening across the United States, and the company is working to bring back service to normal.
Bleeping Computer
Massive AT&T, Verizon, and T-Mobile outage impacts US customers
Tens of thousands of U.S. customers from Verizon, T-Mobile, and AT&T have been complaining about lack of wireless service or interruptions on Thursday morning.
Bleeping Computer
Massive AT&T outage impacts US mobile subscribers
Tens of thousands of U.S. customers from Verizon, T-Mobile, and AT&T have been complaining about lack of wireless service or interruptions on Thursday morning.
Ars Technica
70,000 AT&T customers are without service across the US
Cause of outage is unknown, but some suspect it's network-to-network "peering."
SecurityWeek
An Online Dump of Chinese Hacking Documents Offers a Rare Window Into Pervasive State Surveillance
Leaked documents show how Chinese authorities surveil dissidents overseas, hack other nations and promote pro-Beijing narratives online
CyberNews
New WiFi vulnerabilities allow attackers to fake and overtake networks
Billions of Android users worldwide could be affected by a new WiFi vulnerability, which hackers may exploit to create clones of WiFi hotspots and intercept data.
The Hacker News
New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers
Millions of Android, Linux, and ChromeOS devices are vulnerable new Wi-Fi attacks! Hackers can steal data or spy on you.
HACKRead
Wyze Cameras Glitch: 13,000 Users Saw Footage from Others' Homes
Wyze cameras reportedly allowed a whopping 13,000 customers to access unauthorized images and video from cameras installed in other homes.
Cyber Security News
Top 10 Best Network Security Solutions for IT Managers - 2024
Best Network Security Solutions for IT Managers : 1. Perimeter 81 2. Palo Alto Networks 3. Cisco 4. Rapid 5. Fortinet 5. Sophos.
Trend Micro
Earth Preta Campaign Uses DOPLUGS to Target Asia
In this blog entry, we focus on Earth Preta's campaign that employed a variant of the DOPLUGS malware to target Asian countries.
Cyber Security News
GL-AX1800 Router Security Flaw Let Attackers Execute Remote Code
GL-AX1800 router by researchers revealed the presence of several security vulnerabilities that attackers could exploit to gain remote access and unauthorized access to restricted files.
CyberNews
Burglars using jammers to disable wireless smart home security
After a series of robberies in Edina, Minneapolis, police suspect that burglars are using WiFi jammers to block off security system signals
Security Affairs
Security Affairs newsletter Round 459 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Loading more articles....