🗞️ Today's News

2024-07-27 08:00:00 UTC

This weekend's Mac riddles are here to keep you entertained during family time, shopping, and fun activities. Get ready to solve riddle 1: Skipper or...

2024-07-27 07:00:00 UTC

Explore the history of kernel panics, from using recovery disks in classic Mac OS to experiencing unexpected restarts and finding hidden panic logs.

2024-07-27 06:09:00 UTC

French authorities, in partnership with Europol, have commenced a "disinfection operation" to eradicate the PlugX malware from numerous compromised systems. The initiative, led by the Paris Prosecutor's Office, began on July 18 and is projected to last several months. Approximately a hundred victims in France, Malta, and Portugal are expected to benefit from this cybersecurity operation.

2024-07-27 05:47:00 UTC

Cybersecurity researchers find a malicious PyPI package targeting Apple macOS to steal Google Cloud credentials. The package, "lr-utils-lib," was downloaded 59 times before being removed in June 2024. The malware aims to target a specific group of victims using a phishing technique.

2024-07-26 21:31:54 UTC

Google has addressed a security vulnerability that enabled criminals to sidestep email verification and generate Google Workspace accounts, granting them access to third-party services. This flaw allowed them to pose as domain owners on platforms that use Google's "Sign in with Google" function.

2024-07-26 21:02:21 UTC

Squid pigments could be the key to a more eco-friendly sunscreen, as they are being considered for their benefits to the environment. Details on the blog moderation policy are also discussed in the Friday Squid Blogging post.

2024-07-26 17:35:44 UTC

The second annual SANS Cyber Compliance Countdown 2024 event is set to focus on major cybersecurity directives that will impact organizations of all sizes. The event aims to educate attendees on meeting compliance requirements and offer solutions to address these directives. Some of the key topics include the NIS II Directive, SEC Requirements, DORA, and the US Department of Defense CMMC. Participants will learn from experts and industry leaders on handling cyber incidents, risk management best practices, and reporting to senior stakeholders. Don't miss this opportunity to stay ahead of cybersecurity regulations and protect your organization.

2024-07-26 17:30:02 UTC

Keeper Security's privileged access management solution, aimed at protecting organizations from cyber threats, is highlighted in a recent article warning against becoming a pentester. The company offers a demo of their Enterprise Password Management platform to showcase how it can enhance security measures. Additionally, opportunities for sponsorships, security consulting, training, and certifications are provided, along with a list of recommended hacker books for further education in the field. Social media links and donation options are also available for those interested in supporting the channel.

2024-07-26 16:21:42 UTC

Researchers from security firm Binarly have discovered that the Secure Boot process has been compromised on over 200 device models sold by major brands such as Acer, Dell, Gigabyte, Intel, and Supermicro. The issue stems from a cryptographic key used in the Secure Boot process being compromised in 2022. A platform key that forms the root-of-trust anchor between hardware devices and their firmware was published in a public GitHub repository in December of that year by an individual working for US-based device manufacturers. The repository, located at https://github.com/raywu-aaeon/Ryzen2000_4000.git, has since been taken down, but the implications of this breach are concerning.

2024-07-26 16:08:43 UTC

Creating a certificate authority (CA) hierarchy across multiple AWS accounts and Regions for global organizations has become easier with AWS Private Certificate Authority. While the CA tree typically resides in one account in one Region, some businesses operate in multiple Regions and accounts. These customers have shared their experiences in building a CA hierarchy using AWS services.

2024-07-26 15:15:53 UTC

Meta has removed a total of 63,000 accounts on Instagram linked to sextortion and scam training. The social media platform cracked down on accounts participating in illegal activities, including sextortion schemes and scam training programs.

2024-07-26 14:47:30 UTC

In 2024, it has been revealed that the average employee now uses 2.5 devices for work tasks, leading to a large number of devices across businesses. A study in the UK found that two-thirds of large businesses have over 1,000 devices on their networks. It is essential for businesses to be aware of the benefits of implementing Endpoint Detection & Response (EDR) to protect their networks.

2024-07-26 14:27:48 UTC

Evo Security, a provider of IAM solutions for MSPs, has secured $6 million in funding led by TechOperators in a Series A funding round. The news was announced on SecurityWeek.

2024-07-26 13:43:35 UTC

Progress Software has addressed a critical remote code execution flaw in the Telerik Report Server product. The vulnerability was identified as a major security risk, prompting the company to release a patch to protect users. The post on SecurityWeek highlighted the importance of updating the software to prevent potential exploitation.

2024-07-26 13:17:00 UTC

A Spanish-speaking cybercrime group called GXC Team has been found combining phishing kits with harmful Android apps, enhancing their malware service. Group-IB, a cybersecurity firm based in Singapore, has been monitoring the group since January 2023 and labeled their operations as a sophisticated AI-powered phishing service.

2024-07-26 13:04:08 UTC

Threat actors are actively exploiting ServiceNow RCE flaws to steal credentials from government organizations and commercial companies. Security researchers have identified victims in various sectors, including government agencies, data centers, energy providers, and software development firms. Despite ServiceNow fixing the vulnerabilities, the malicious activity continues.

2024-07-26 13:00:31 UTC

In Cybersecurity news this week, there have been developments on multiple fronts. A member of The Com hacking group was arrested, a DPRK actor was caught infiltrating a US cybersecurity company, and malware was spread via GitHub by DaaS.

2024-07-26 12:00:00 UTC

In a recent blog post, KnowBe4 warned about a North Korean hacker who deceived a US security vendor into hiring him before attempting to hack into their systems. The incident serves as a cautionary tale for other potential targets.

2024-07-26 11:24:33 UTC

Threat actors are taking advantage of newly discovered vulnerabilities in ServiceNow following their public disclosure. The exploitation of these critical-severity flaws has caught the attention of cybersecurity experts. Read more about the attacks in SecurityWeek's latest post.

2024-07-26 11:00:00 UTC

In recent news, the FBI Cyber Action Team, Pentagon IT firm leak, and Nigerian cybercriminal receiving a 12-year prison sentence have been reported. These stories may have gone unnoticed, but they are worth noting. The FBI's Cyber Action Team was featured in an article, data from Pentagon IT provider Leidos was leaked, and a Nigerian individual was sentenced to 12 years behind bars for cybercrime. This information was shared on SecurityWeek.

2024-07-26 11:00:00 UTC

Offensive AI has become a crucial element in cybersecurity, with the words of Victor Hugo echoing the complexity of peace and war. In 1971, a mysterious message called "I'm the Creeper: catch me if you can" appeared on computers connected to ARPANET. This message was the product of a program that marked the beginning of cybersecurity challenges.

2024-07-26 10:30:00 UTC

Europe has announced a €7.3 billion allocation for defense research in the next seven years. The funding will go towards developing new military technologies such as drones, tanks, battleships, and space intelligence.

2024-07-26 10:13:36 UTC

The United States has announced a $10 million reward for any information leading to the arrest of Rim Jong Hyok, a member of the North Korean hacking group APT45. This offer follows concerns about cyber attacks from North Korea. Read more on SecurityWeek.

2024-07-26 10:00:11 UTC

Scammers are capitalizing on the rising popularity of Generative AI, also known as GenAI, according to a recent article by Unit 42. The post discusses a direct relationship between the surge in GenAI usage and an increase in scam attacks, supported by data and a case study on network abuse. Be cautious of potential scams targeting the Generative AI wave.