Mar 06, 2025Ravie LakshmananData Security / Software Security Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been … [Read more...] about Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows
In early 2025, the Chinese chatbot, DeepSeek, burst onto the AI scene. It provoked much comment and controversy across the globe: we could hardly fail to spot the similarity of its logo to our own, comparisons with ChatGPT were abundant, and in Italy, South Korea, Australia, and other countries, DeepSeek was blocked altogether. The hype was — and remains — intense, including … [Read more...] about Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows
Apple introduces the new MacBook Air with the M4 chip and a sky blue color
March 5, 2025 PRESS RELEASE Apple introduces the new MacBook Air with the soaring performance of the M4 chip, a gorgeous new sky blue color, and a lower starting price of $999 The world’s most popular laptop delivers more value than ever with greater performance, up to 18 hours of battery life, a 12MP Center Stage camera, and enhanced external display support — all in its … [Read more...] about Apple introduces the new MacBook Air with the M4 chip and a sky blue color
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Mar 05, 2025Ravie LakshmananNetwork Security / Data Breach The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks. That's according to new findings from the Microsoft … [Read more...] about China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Apple introduces iPad Air with powerful M3 chip and new Magic Keyboard
March 4, 2025 PRESS RELEASE Apple introduces iPad Air with powerful M3 chip and new Magic Keyboard CUPERTINO, CALIFORNIA Apple today introduced the faster, more powerful iPad Air with the M3 chip and built for Apple Intelligence. iPad Air with M3 brings Apple’s advanced graphics architecture to iPad Air for the first time — taking its incredible combination of … [Read more...] about Apple introduces iPad Air with powerful M3 chip and new Magic Keyboard
Elastic Stack 8.16.5 released | Elastic Blog
Version 8.16.5 of the Elastic Stack was released today. We recommend you upgrade to this latest version. We recommend 8.16.5 over the previous version 8.16.4 For details of the issues that have been fixed and a full list of changes for each product in this version, please refer to the release notes. Source link … [Read more...] about Elastic Stack 8.16.5 released | Elastic Blog
Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
Mar 04, 2025Ravie LakshmananCybercrime / Threat Intelligence Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated, it grants … [Read more...] about Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
Cross-Domain Attack Defense with Intel-Led Threat Hunting
1. Initial Entry and Exploitation In the first stage of this attack, the adversary set up a command-and-control (C2-1 in Figure 1) infrastructure to launch their attack. They targeted a Linux Tomcat server, exploiting a known vulnerability to gain root access. Once inside, they conducted reconnaissance using standard tools like LDAP search to enumerate network shares and … [Read more...] about Cross-Domain Attack Defense with Intel-Led Threat Hunting
“Friday Night Baseball” returns to Apple TV+ on March 28
March 3, 2025 UPDATE “Friday Night Baseball” returns to Apple TV+ on March 28 Exclusive weekly doubleheaders return for a fourth season, with New York Mets at Houston Astros and Baltimore Orioles at Toronto Blue Jays “Fight for Glory: 2024 World Series,” the new docuseries on Apple TV+, premieres later this month, and a new Apple Immersive baseball film “VIP: Yankee … [Read more...] about “Friday Night Baseball” returns to Apple TV+ on March 28
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Mar 03, 2025Ravie LakshmananCloud Security / Email Security Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), … [Read more...] about Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail