security.didici.cc
Dark Utilities C2 service draws thousands of cyber criminals
3 hours agoNascent platform provides miscreants an easier and cheaper way to launch remote access, DDoS, and other attacks A platform that makes it easier for cyber criminals to establish command-and-control (C2) servers has already attracted 3,000 users since launc ...
Twitter says zero-day bug leaked account data
8 hours agoUser enumeration bug created in July 2021, plugged in January 2022.
DuckDuckGo says Hell, Hell, No to those Microsoft trackers after web revolt
1 day agoPlus: That Twitter privacy leak, scammers send Ubers for victims, critical flaw in Cisco gear, and more In brief DuckDuckGo has finally cracked down on the Microsoft tracking scripts that got the alternative search engine into hot water earlier this yea ...
Hi, I'll be your ransomware negotiator today – but don't tell the crooks that
2 days agoWhat it's like bargaining with criminals ... and advising clients suffering their worst day yet Interview The first rule of being a ransomware negotiator is that you don't admit you're a ransomware negotiator — at least not to LockBit or another cyber ...
Friday Squid Blogging: New Squid Species
2 days agoSeems like they are being discovered all the time: In the past, the DEEPEND crew has discovered three new species of Bathyteuthids, a type of squid that lives in depths between 700 and 2,000 meters. The findings were validated and published in 2020. Anoth ...
Nomad to crypto thieves: Please give us back 90%, keep 10% as a reward. Deal?
2 days agoThe Feds may see things differently Cryptocurrency bridge Nomad sent a message to the looters who drained nearly $200 million in tokens from its coffers earlier this week: return at least 90 percent of the ill-gotten gains, keep 10 percent as a bounty for ...
What Worries Security Teams About the Cloud?
2 days agoWhat issues are cybersecurity professionals concerned about in 2022? You tell us!
Warning! Critical flaws found in US Emergency Alert System
2 days agoDEF CON may be about to blow lid off security hole The US government is warning of critical vulnerabilities in its Emergency Alert System (EAS) systems that, if exploited, could enable intruders to send fake alerts out over television, radio, and cable ne ...
Genesis IAB Market Brings Polish to the Dark Web
2 days agoAs the market for initial access brokers matures, services like Genesis — which offers elite access to compromised systems and slick, professional services — are raising the bar in the underground economy.
A Ransomware Explosion Fosters Thriving Dark Web Ecosystem
2 days agoFor the right price, threat actors can get just about anything they want to launch a ransomware attack — even without technical skills or any previous experience.
Stolen Data Gives Attackers Advantage Against Text-Based 2FA
2 days agoWith names, email addresses, and mobile numbers from underground databases, one person in five is at risk of account compromise even with SMS two-factor authentication in place.
Fresh RapperBot Malware Variant Brute-Forces Its Way Into SSH Servers
2 days agoOver the past few weeks, a Mirai variant appears to have made a pivot from infecting new servers to maintaining remote access.
A Digital Home Has Many Open Doors
2 days agoDevelopment of digital gateways to protect the places where we live, work, and converse need to be secure and many doors need to offer restricted access.
How to Resolve Permission Issues in CI/CD Pipelines
2 days agoThis Tech Tip outlines how DevOps teams can address security integration issues in their CI/CD pipelines.
Open Redirect Flaw Snags Amex, Snapchat User Data
2 days agoSeparate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.
Revealed: The top 11 malware and ransomware strains you need to worry about
2 days agoFrom ransomware to password-stealing trojans, here's what you need to look out for.
Critical flaws found in four Cisco SMB router ranges – for the second time this year
3 days agoAt least Switchzilla thinks they're salvageable, unlike the boxes it ordered binned back in June Cisco has revealed four of its small business router ranges have critical flaws – for the second time in 2022 alone.…
Android apps are invasive and unsafe: study
3 days agoWebView plus JavaScript bypass user permissions.
ACSC and CISA detail top malware of 2021
3 days agoTwo Trojans in use for over a decade.
Bloke robbed of $800,000 in cryptocurrency by fake wallet app wants payback from Google
3 days agoI got played via the Play store Last October, California resident Jacob Pearlman downloaded an Android version of a cryptocurrency wallet app called Phantom from the Google Play app store.…
Cyberattackers Increasingly Target Cloud IAM as a Weak Link
3 days agoAt Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers.
Amazon, IBM Move Swiftly on Post-Quantum Cryptographic Algorithms Selected by NIST
3 days agoA month after the algorithms were revealed, some companies have already begun incorporating the future standards into their products and services.
Time to Patch VMware Products Against a Critical New Vulnerability
3 days agoA dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines.
High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover
3 days agoThe CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users.
How Email Security Is Evolving
3 days agoSecuring email communication has never been more critical for organizations, and it has never been more challenging to do so. Attack volumes have increased and become more sophisticated.
Massive China-Linked Disinformation Campaign Taps PR Firm for Help
3 days agoA global network of inauthentic news sites present themselves as independent news outlets, offering content favoring China's government and articles critical of the US.
Phylum Releases a Free Community Edition to Make Software Supply Chain Security More Accessible
3 days agoUsers can identify risks across five domains, work on multiple projects, and take advantage of exclusive community benefits.
The Myth of Protection Online — and What Comes Next
3 days agoIt's a myth that consuming and processing alerts qualifies as security. Today's technology allows better detection and prevention, rather than accepting the low bar for protection set by ingrained incident response reactions.
Deep Instinct Pioneers Deep-Learning Malware Prevention to Protect Mission-Critical Business Applications at Scale
3 days agoAgentless approach meets the attacker earlier to protect financial services and other large enterprises from an underserved attack vector.
35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?
3 days agoIn the last month, "Pl0xP" cloned several GitHub repositories, adding malicious code to the forks that would attempt to infect developer systems and steal sensitive files that included software keys.
Ping Identity to Go Private After $2.8B Acquisition
3 days agoThe identity-services company is being acquired by Thoma Bravo software investment for cash, before being delisted.
Taiwanese military reports DDoS in wake of Pelosi visit
3 days agoControversial visit to Taiwan continues to reverberate through cyberspace, the real world, and the semiconductor industry Taiwan's Ministry of National Defense confirmed it was hit by a DDoS attack on Wednesday in what has been an eventful week for the is ...
SIKE Broken
3 days agoSIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition. It was just broken, really badly. We present an efficient key recovery attack on the Supersingular Isogeny Diffie-Hellman protocol (SIDH), based on ...
India scraps data protection law in favor of better law coming … sometime
4 days agoTech giants and digital rights groups didn't like it, but at least it was a law The government of India has scrapped the Personal Data Protection Bill it's worked on for three years, and announced it will – eventually – unveil a superior bill.…
Student crashes Cloudflare beta party, redirects email, bags a bug bounty
4 days agoSimple to exploit, enough to pocket $3,000 A Danish ethical hacker was able to work his way uninvited into a closed Cloudflare beta and found a vulnerability that could have been exploited by a cybercriminal to hijack and steal someone else's email.…
UK Parliament bins its TikTok account over China surveillance fears
4 days agoPlan to educate the children turned out to be a 'won't someone think of the children?' moment The UK's Parliament has ended its presence on TikTok after MPs pointed out the made-in-China social media service probably sends data about its users back to Bei ...
Solana, Phantom blame Slope after millions in crypto-coins stolen from 8,000 wallets
4 days agoSOL holders literally S.O.L. Millions of dollars worth of Solana cryptocurrency and other tokens were stolen from seemingly thousands of netizens this week by thieves exploiting some kind of security weakness or blunder.…
Cisco small business routers need urgent patch
4 days agoRemote code execution, denial of service.
New Startup Footprint Tackles Identity Verification
4 days agoEarly-stage startup Footprint's goal is to provide tools that change how enterprises verify, authentication, authorize, and secure identity.
Microsoft widens enterprise access to its threat intelligence pool
4 days agoOrganizations can be more proactive in tracking threats, finding holes in their protection Microsoft says it will give enterprise security operation centers (SOCs) broader access to the massive amount of threat intelligence it collects every day.…
How IT Teams Can Use 'Harm Reduction' for Better Cybersecurity Outcomes
4 days agoCopado's Kyle Tobener will discuss a three-pronged plan at Black Hat USA for addressing human weaknesses in cybersecurity with this medical concept — from phishing to shadow IT.
Thoma Bravo makes US$2.4 billion play for Ping Identity
4 days agoDeepens cyber security bets.
India nixes privacy bill that alarmed big tech companies
4 days agoWorks on new law.
Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks
4 days agoSMBs should patch CVE-2022-32548 now to avoid a host of horrors, including complete network compromise, ransomware, state-sponsored attacks, and more.
School Kid Uploads Ransomware Scripts to PyPI Repository as 'Fun' Project
4 days agoThe malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of times.
Cyberattackers Drain Nearly $6M From Solana Crypto Wallets
4 days agoSo far, the ongoing attack has impacted nearly 8,000 Solana hot wallets.
Sonatype shines light on typosquatting ransomware threat in PyPI
4 days agoIt's all fun and games until somebody gets their files encrypted Miscreants making use of typosquatting are being spotted by researchers at Sonatype, emphasizing the need to check that the package is really the one you meant to download.…
Zero-Day Defense: Tips for Defusing the Threat
4 days agoBecause they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust.
You can’t choose when you’ll be hit by ransomware, but you can choose how you prepare
4 days agoWithout a road to recovery, you’re just going to be roadkill Sponosred Feature What sort of disaster would you rather prepare for? Hurricanes are destructive, but you know when one's coming, giving you time to take defensive action. Earthquakes vary i ...
ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO
4 days agoSerial entrepreneur, cybersecurity leader, and industry veteran joins ShiftLeft to drive growth and AI/ML innovation globally.
Druva Introduces the Data Resiliency Guarantee of up to $10 Million
4 days agoThe new program offers robust protection across all five data risk categories: cyber, human, application, operation, and environmental.
VMWare Urges Users to Patch Critical Authentication Bypass Bug
4 days agoVulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and ‘Supercharge’ a Tech Career
4 days agoTodd Thibodeaux uses ChannelCon 2022 state of the industry remarks to unveil CompTIA’s Project Agora; invites broad industry participation in the effort to fight for tech talent.
Tonight We're Gonna Log On Like It's 1979
4 days ago
Microsoft's latest Windows 11 update improves Defender for Endpoint's ransomware capabilities
4 days agoMicrosoft rolls out enhanced ransomware protections for Windows users in the latest Windows 11 previews.
Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform
4 days agoConverged SASE platform provides AI-driven Zero trust security and simplified, optimized connectivity to any network location or device, including IoT.
5 Ways Chess Can Inspire Strategic Cybersecurity Thinking
4 days agoRising interest in chess may feed the next generation of cybersecurity experts.
American Express, Snapchat Open-Redirect Vulnerabilities Exploited in Phishing Scheme
4 days agoPhishing operators are taking advantage of security bugs in the Amex and Snapchat websites (the latter is unpatched) to steer victims to phishing pages looking to harvest Google and Microsoft logins.
How to use Android's lockdown mode and why you should
4 days agoEnabling it is easy but there is one caveat.
Drone Deliveries into Prisons
4 days agoSeems it’s now common to sneak contraband into prisons with a drone.
Time to update: Latest Google Chrome browser fixes 27 security flaws
4 days agoGoogle fixes at least 27 security flaws in Chrome 104 and the browser has dropped its original API for supporting USB two-factor authentication security keys.
NortonLifeLock and Avast $8.6b deal gets provisional yes from UK regulator
4 days agoPlus: Even market authorities can't seem to keep up with Microsoft's Defender branding The UK's Competition and Markets Authority has given a provisional nod to the proposed merger of British cybersecurity company Avast and US rival NortonLifeLock.…
Post-quantum crypto cracked in an hour with one core of an ancient Xeon
5 days agoNIST's nifty new algorithm looks like it's in trouble One of the four encryption algorithms the US National Institute of Standards and Technology (NIST) recommended as likely to resist decryption by quantum computers has has holes kicked in it by research ...
Singapore takes formal step towards setting up cyber defence unit
5 days agoCountry passes amendments to Act that will see a new digital intelligence unit--including a digital chief--formally established as part of the armed forces, a step the government says is necessary as "cyber intrusions" intensify and threaten critical syst ...
Nancy Pelosi ties Chinese cyber-attacks to need for Taiwan visit
5 days agoAnd is if to confirm the link, a DDoS takes out Taiwan's presidential website ahead of senior politico's arrival Speaker of the US House of Representatives Nancy Pelosi has tied her controversial visit to Taiwan to an alleged barrage of China-directed cyb ...
Atlassian patches email template vulnerability in Jira
5 days agoCode execution via email templates.
VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws
5 days agoMeanwhile, a security update for rsync VMware has fixed a critical authentication bypass vulnerability that hits 9.8 out of 10 on the CVSS severity scale and is present in multiple products.…
How a crypto bridge bug led to a $200m 'decentralized crowd looting'
5 days agoFlash mob exploits Nomad's validation code blunder Cryptocurrency bridge service Nomad, which describes itself as "an optimistic interoperability protocol that enables secure cross-chain communication," has been drained of tokens notionally worth $190.7 m ...
Universities Put Email Users at Cyber Risk
5 days agoDMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails.
Thousands of Mobile Apps Leaking Twitter API Keys
5 days agoNew finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year.
Large Language AI Models Have Real Security Benefits
5 days agoComplex neural networks, including GPT-3, can deliver useful cybersecurity capabilities such as explaining malware and quickly classifying websites, researchers find.
Massive New Phishing Campaign Targets Microsoft Email Service Users
5 days agoThe campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection.
From Babuk Source Code to Darkside Custom Listings — Exposing a Thriving Ransomware Marketplace on the Dark Web
5 days agoVenafi investigation of 35 million Dark Web URLs shows macro-enabled ransomware widely available at bargain prices.
Patches out for serious vulnerabilities in several VMware products
5 days agoAuthentication bypass and remote code execution bugs fixed.
Manufacturing Sector in 2022 Is More Vulnerable to Account Compromise and Supply Chain Attacks in the Cloud than Other Verticals
5 days agoNetwrix study reveals that manufacturing organizations experienced these types of attacks more often than any other industry surveyed.
Robinhood's crypto unit hit with $30m fine over security, anti-crime misses
5 days agoCancel the kitchen scraps for lepers and orphans, no more merciful beheadings, and call off Christmas Robinhood's cryptocurrency operations has been fined $30 million for violating New York's anti-money-laundering and cybersecurity regulations.…
Axis Raises the Bar With Modern-Day ZTNA Service that Boasts Hyper-Intelligence, Simplicity, and 350 Global Edges
5 days agoLaunches industry’s first ZTNA Migration Tool and ZTNA Buyback Program, setting the stage for migration away from ZTNA 1.0.
T-Mobile Store Owner Made $25M Using Stolen Employee Credentials
5 days agoNow-convicted phone dealer reset locked and blocked phones on various mobile networks.
Threat groups embrace messaging apps to spread malware, communicate
5 days agoUnderground forums are so last year. Telegram, Discord offer better privacy, functionality to criminals, says Intel 471 Cybercriminals are turning to messaging apps like Telegram and Discord as alternatives to popular underground forums: not only for the ...
Microsoft Intros New Attack Surface Management, Threat Intel Tools
5 days agoMicrosoft says the new tools will give security teams an attacker's-eye view of their systems and supercharge their investigation and remediation efforts.
Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk
5 days agoTo protect against similar attacks, organizations should focus on bringing cloud entitlements and configurations under control.
VirusTotal: Threat Actors Mimic Legitimate Apps, Use Stolen Certs to Spread Malware
5 days agoAttackers are turning to stolen credentials and posing as trusted applications to socially engineer victims, according to Google study of malware submitted to VirusTotal.
Incognia Mobile App Study Reveals Low Detection of Location Spoofing in Dating Apps
5 days agoWith over 323 million users of dating apps worldwide, study finds location spoofing is a threat to user trust and safety.
Microsoft's new security tool lets you to see your systems like a hacker would
5 days agoMicrosoft brings in its RiskIQ acquisition to launch Defender Threat Intelligence and Defender External Attack Surface Management.
BlackCloak Bolsters Malware Protection With QR Code Scanner and Malicious Calendar Detection Features
5 days agoIn conjunction with Black Hat 2022, pioneer of digital executive protection also announces new security innovations and SOC 2 Type II certification.
Cybrary Lands $25 Million in New Funding Round
5 days agoSeries C investment from BuildGroup and Gula Tech Adventures, along with appointment of Kevin Mandia to the board of directors, will propel a new chapter of company growth.
Bot army risk as 3,000+ apps found spilling Twitter API keys
5 days agoPlease stop leaving credentials where miscreants can find them Want to build your own army? Engineers at CloudSEK have published a report on how to do just that in terms of bots and Twitter, thanks to API keys leaking from applications.…
5 Steps to Becoming Secure by Design in the Face of Evolving Cyber Threats
5 days agoFrom adopting zero-trust security models to dynamic environments to operating under an "assumed breach" mentality, here are ways IT departments can reduce vulnerabilities as they move deliberately to become more secure.
CREST Defensible Penetration Test Released
5 days agoCREST provides commercially defensible scoping, delivery, and sign-off recommendations for penetration tests.
Reported ransomware attacks are just the tip of the iceberg. That's a problem for everyone
5 days agoShame or just trying to avoid bad publicity means there's very little useful data recorded on ransomware attacks.
Surveillance of Your Car
5 days agoTheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it. The Markup has identified 37 companies that are part of the rapidly growing connected vehicle data industry that seeks to monetize such data in an envi ...
Miscreants aim to cause Discord discord with malicious npm packages
6 days agoLofyLife campaign comes amid GitHub security lockdown Cybercriminals continue to use npm packages to drop malicious packages on unsuspecting victims, most recently to steal Discord login tokens, bank card data, and other user information from infected sys ...
Be careful what you download: 17 password-stealing Android apps removed from Google Play
6 days agoCybersecurity researchers say DawDropper campaign delivered four kinds of trojan malware to victims after bypassing Play Store protections.
Charges filed over $300m 'textbook pyramid and Ponzi scheme' crypto startup
6 days agoFinancial watchdog accuses 11 of playing role in alleged scam Forsage, an alleged crypto Ponzi scheme purporting to be a decentralized smart contract platform, bilked millions of investors worldwide out of more than $300 million, according to America's se ...
DoJ: Foreign Adversaries Breach US Federal Court Records
6 days agoA Justice Department official testifies to a House committee that the cyberattack is a "significant concern."
Ransomware Hit on European Pipeline & Energy Supplier Encevo Linked to BlackCat
6 days agoCustomers across several European countries are urged to update credentials in the wake of the attack that affected a gas-pipeline operator and power company.
Credential Canaries Create Minefield for Attackers
6 days agoCanary tokens — also known as honey tokens — force attackers to second-guess their potential good fortune when they come across user and application secrets.
Chromium Browsers Allow Data Exfiltration via Bookmark Syncing
6 days ago"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools.
Name That Edge Toon: Up a Tree
6 days agoCome up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
Defence against the dark arts of ransomware
6 days agoLocking in safeguards against incursion with Rubrik Zero Trust Security Webinar It's just any old Monday, already you are mentally ticking off the to do list, and then, as you reach for your morning coffee and switch on your screen. Devastation. You've ...
Samsung's smartphone 'Repair Mode' will stop nosy technicians looking at your photos
6 days agoSamsung offers Galaxy customers some protection from repair technicians abusing access to customers' phones.
For Big Tech, Neutrality Is Not an Option — and Never Really Was
6 days agoTech companies play a vital role in global communication, which has profound effects on how politics, policies, and human rights issues play out.
Securing Your Move to the Hybrid Cloud
6 days agoInfosec expert Rani Osnat lays out security challenges and offers hope for organizations migrating their IT stack to the private and public cloud environments.
Ring Gives Videos to Police without a Warrant or User Consent
6 days agoAmazon has revealed that it gives police videos from its Ring doorbells without a warrant and without user consent. Ring recently revealed how often the answer to that question has been yes. The Amazon company responded to an inquiry from US Senator Ed Ma ...
Akamai: We stopped record DDoS attack in Europe
1 week agoA 'sophisticated, global botnet' held an Eastern European biz under siege over 30 days Akamai Technologies squelched the largest-ever distributed denial-of-service (DDoS) attack in Europe earlier this month against a company that was being consistently ha ...
Student details, photos exposed in University of WA data breach
1 week agoInvestigation continues.
Spyware developer charged by Australian Police after 14,500 sales
1 week agoPLUS: India open to space tourism; China/Indonesia infosec pact; Paytm denies breach; Infosys dodges government again; and more Asia In Brief Australia's federal police (AFP) on Friday charged a man with creating and profiting from spyware that allowed ...
Austrian spy firm accused by Microsoft says hacking tool was for EU states
1 week agoFor official use only.
Tim Hortons offer free coffee and donut to settle data privacy invasion claims
1 week agoAlso, malicious VBA macros are out and container files are in, Robin Banks helps criminals rob banks, and more In brief Canadian fast food chain Tim Hortons is settling multiple data privacy class-action lawsuits against it by offering something it know ...
This is what to expect when a managed service provider gets popped
1 week agoMSP should just stand for My Server's Pwned! A Russian-language miscreant claims to have hacked their way into a managed services provider, and has asked for help monetizing what's said to be access to the networks and computers of that MSP's 50-plus US c ...
Friday Squid Blogging: Evolution of the Vampire Squid
1 week agoShort article on the evolution of the vampire squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
AWS Focuses on Identity Access Management at re:Inforce
1 week agoIdentity and access management was front and center at AWS re:inforce this week.
Attackers Have 'Favorite' Vulnerabilities to Exploit
1 week agoWhile attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed.
ICYMI: Dark Web Happenings Edition With Evil Corp., MSP Targeting & More
1 week agoDark Reading's digest of other "don't-miss&quo
t; stories of the week — including a Microsoft alert connecting disparate cybercrime activity together, and an explosion of Luca Stealer variants after an unusual Dark Web move.
Feds put $10m bounty on Putin pal accused of bankrolling US election troll farm
1 week agoJust in time for the midterms The Feds have put up a $10 million reward for information about foreign interference in US elections in general, and more specifically a Russian oligarch and close friend of President Vladimir Putin accused of funding an orga ...
Why Bug-Bounty Programs Are Failing Everyone
1 week agoIn a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes.
Decentralized IPFS networks forming the 'hotbed of phishing'
1 week agoP2P file system makes it more difficult to detect and take down malicious content Threat groups are increasingly turning to InterPlanetary File System (IPFS) peer-to-peer data sites to host their phishing attacks because the decentralized nature of the sh ...
Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization
1 week agoThe first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams.
Amazon Adds Malware Detection to GuardDuty TDR Service
1 week agoThe new GuardDuty Malware Protection and Amazon Detective were among 10 products and services unveiled at AWS re:Inforce in Boston this week.
Big Questions Remain Around Massive Shanghai Police Data Breach
1 week agoWhy was PII belonging to nearly 1 billion people housed in a single, open database? Why didn't anyone notice it was downloaded?
Why is my internet so slow? 11 ways to speed up your connection
1 week agoSlow connections are the bane of anyone working, studying, or trying to stay entertained at home. Here's how to fix the most common issues.
Microsoft Zero-Days Sold and then Used
1 week agoYet another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF. There’s an entire industry devoted to undermining all of ...
Malicious Npm Packages Tapped Again to Target Discord Users
1 week agoRecent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods.
Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info
1 week agoThe campaign uses four malicious packages to spread "Volt Stealer" and "Lofy Stealer" malware in the open source npm software package repository.
3 Tips for Creating a Security Culture
1 week agoTrying to get the whole organization on board with better cybersecurity is much tougher than it may sound.