🔗 Security Engineering Blog

🗞️ Today's News

Friday Squid Blogging: Squid Nebula

2024-06-21 21:06:45 UTC

A stunning astronomical photo of the Squid Nebula is causing a buzz online. The image is captivating viewers with its beauty and detail.

Read More
Perplexity Plagiarized Our Story About How Perplexity Is a Bullshit Machine

2024-06-21 17:22:51 UTC

Experts are divided on the legal implications for the AI-powered search startup, Perplexity, after it was accused of plagiarizing a story criticizing its credibility. While some believe that the company could face legal claims such as infringement and defamation, others argue that plaintiffs would have strong cases against the startup.

Read More
First million breached Ticketmaster records released for free

2024-06-21 16:01:22 UTC

A cybercriminal has released the first million breached Ticketmaster records for free. The individual claims Ticketmaster refused to pay for the data.

Read More
How to Prepare for The Practical Web Penetration Tester Exam

2024-06-21 16:00:09 UTC

Prepare for the Practical Web Penetration Tester Exam by sponsoring a video or getting trained and certified through TCM-sec. You can also support The Cyber Mentor through Patreon or one-time donations. Check out recommended hacker books and the equipment used by The Cyber Mentor for recording. Stay connected on social media platforms and access helpful resources for those interested in cybersecurity.

Read More
Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign

2024-06-21 13:42:00 UTC

Chinese hackers operating under the codename SneakyChef have been identified as the masterminds behind a global espionage campaign using malware like SpiceRAT and SugarGh0st. With a primary focus on government entities in Asia and EMEA since August 2023, the hackers employ scanned documents of various countries' Ministries as lures to carry out their cyber attacks.

Read More
Santander Employee Data Breach Linked to Snowflake Attack

2024-06-21 13:11:36 UTC

More than 12,000 Santander US employees are being informed that their personal information was exposed in a data breach. The breach has been linked to a Snowflake attack. - SecurityWeek报道,圣安德鲁斯员工数据泄露与雪花攻击有关:Santander US通知12,000多名员工,他们的个人信息在数据泄露中被泄露。'post Santander Employee Data Breach Linked to Snowflake Attack appeared on SecurityWeek。'

Read More
Military-themed Email Scam Spreads Malware to Infect Pakistani Users

2024-06-21 13:01:00 UTC

A new phishing campaign dubbed PHANTOM#SPIKE has been uncovered by cybersecurity researchers, targeting Pakistani users with military-themed emails to spread malware. The campaign utilizes a custom backdoor to infect users, with unknown threat actors behind the activity. According to Securonix, the phishing documents related to the military are used to activate the infection sequence. The researchers warn that this method is just one of many used by threat actors to deploy malware.

Read More
The Good, the Bad and the Ugly in Cybersecurity – Week 25

2024-06-21 13:00:49 UTC

In Cybersecurity news this week, the Department of Justice has indicted two operators of Dark web markets, while China-linked cyber spies are exploiting zero days to target virtual machines ESXi. Additionally, a cyberattack has disrupted US auto dealerships.

Read More
Spatial Computing Hack Exploits Apple Vision Pro Flaw to Fill Room With Spiders, Bats

2024-06-21 12:52:58 UTC

A security researcher has discovered a hack that exploits a vulnerability in Apple's Vision Pro, allowing them to fill a room with spiders and bats using spatial computing. Initially classified as a Denial of Service (DoS) issue, the researcher showed that the flaw is more sinister than previously thought. Apple has since patched the vulnerability.

Read More
In Other News: Microsoft Email Spoofing, Snowflake Hack Ransoms, LogoFail Follow-Up

2024-06-21 12:46:33 UTC

Three important stories that may have gone unnoticed include a Microsoft email spoofing vulnerability, ransom demands for Snowflake hack victims, and ongoing issues with LogoFail. These stories highlight potential security risks and vulnerabilities that need to be addressed.

Read More
Recent SolarWinds Serv-U Vulnerability Exploited in the Wild

2024-06-21 12:03:24 UTC

Threat actors are taking advantage of a new vulnerability in SolarWinds Serv-U that allows for unauthorized access. Public proof-of-concept code is being used to exploit the flaw in the wild, according to SecurityWeek.

Read More
Security Cloud Control: Pioneering the Future of Security Management

2024-06-21 12:00:31 UTC

Security Cloud Control is leading the way in revolutionizing security management for organizations. With attackers targeting vulnerable aspects of networks like unsecured users, devices, and workloads, the shift to a distributed data environment has made protection even more challenging. To combat these threats, many organizations are turning to Security Cloud Control for innovative solutions.

Read More
Enhancing AI Security Incident Response Through Collaborative Exercises

2024-06-21 12:00:16 UTC

A new playbook has been introduced to improve the response to AI security incidents through collaborative exercises. The resource will help industry peers and global partners coordinate their efforts, ensuring a strong and secure technological future.

Read More
Ross Anderson’s Memorial Service

2024-06-21 11:04:12 UTC

The memorial service for Ross Anderson is scheduled for Saturday at 2:00 PM BST. Those unable to attend in person can join remotely via Zoom using the passcode “L3954FrrEF”.

Read More
Personal and Facility Information Potentially Accessed in CISA Hack

2024-06-21 10:23:38 UTC

Personal and facility information may have been compromised in a recent CISA hack. The Cybersecurity and Infrastructure Security Agency reported that data from the CFATS program may have been accessed after an Ivanti Connect Secure appliance was breached in January. The incident underscores the importance of cybersecurity measures to protect sensitive information.

Read More
Oyster Backdoor Spreading via Trojanized Popular Software Downloads

2024-06-21 09:51:00 UTC

A malvertising campaign is using trojanized installers for popular software like Google Chrome and Microsoft Teams to spread the Oyster backdoor, also known as Broomstick and CleanUpLoader. Rapid7 discovered that lookalike websites are hosting these malicious payloads, which users are redirected to after searching for the software on search engines like Google and Bing.

Read More
US Bans Kaspersky Software

2024-06-21 09:21:55 UTC

The US government has officially prohibited the sale of Kaspersky software due to concerns about the company's ties to the Russian government. This decision comes amidst national security worries.

Read More
SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately

2024-06-21 08:54:00 UTC

An urgent warning has been issued for users of SolarWinds Serv-U file transfer software to patch a high-severity vulnerability, CVE-2024-28995, immediately. Malicious actors are actively exploiting the flaw, which allows for directory traversal and potentially grants access to sensitive files on the host machine. All versions of Serv-U up to and including 15.4.2 are affected by this critical security issue.

Read More
Disruptions at Many Car Dealerships Continue as CDK Hack Worsens

2024-06-21 08:47:00 UTC

Car dealership software provider CDK Global is experiencing continued disruptions as they work to restore services following a cyberattack. The company discovered an additional hack, leading to worsened disruptions at many car dealerships. The situation is ongoing and causing security concerns in the automotive industry.

Read More
US bans Kaspersky, warns: “Immediately stop using that software”

2024-06-21 08:19:17 UTC

The United States has banned Kaspersky antivirus software and is warning users to immediately stop using it. The Commerce Secretary advised switching to an alternative antivirus provider to ensure security.

Read More
Was T-Mobile compromised by a zero-day in Jira?

2024-06-21 07:34:25 UTC

IntelBroker is selling source code from major companies, raising concerns about a potential zero-day vulnerability in Jira that could have compromised T-Mobile. Experts are questioning whether the sale of the source code is a demonstration of the zero-day's value.

Read More
How macOS keeps an eye on UPS and wireless devices

2024-06-21 06:30:00 UTC

In monitoring UPS and wireless devices, macOS utilizes iohid and BatteryCenter to check connected devices every 2-5 seconds.

Read More
U.S. Bans Kaspersky Software, Citing National Security Risks

2024-06-21 04:25:00 UTC

The U.S. government has banned Kaspersky software, citing national security risks. The Bureau of Industry and Security announced the unprecedented ban, preventing the cybersecurity company's U.S. subsidiary from offering its products in the country. The decision also affects Kaspersky Lab's affiliates, subsidiaries, and parent companies, as the department raised concerns over potential security threats.

Read More
Change Healthcare to Start Notifying Customers Who Had Data Exposed in Cyberattack

2024-06-21 01:51:33 UTC

Change Healthcare will begin informing customers, including hospitals and insurers, about potential exposure of patient information in a significant cyberattack. The company is taking steps to notify those affected by the breach.

Read More