Jun 17, 2024NewsroomRouter Security / Vulnerability ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass … [Read more...] about ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
software vulnerability
U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain
Jun 16, 2024NewsroomCybercrime / SIM Swapping Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The move is said to be a joint effort … [Read more...] about U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain
Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan
Jun 15, 2024Newsroom Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage and SMS," Resecurity said in a report … [Read more...] about Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan
Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans
Jun 14, 2024The Hacker News Data is growing faster than ever. Remember when petabytes (that's 1,000,000 gigabytes!) were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed, analyzed, shared, and even used to train the next wave of … [Read more...] about Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans
New Attack Technique ‘Sleepy Pickle’ Targets Machine Learning Models
Jun 13, 2024NewsroomVulnerability / Software Security The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine learning (ML) models to … [Read more...] about New Attack Technique ‘Sleepy Pickle’ Targets Machine Learning Models
Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters
Jun 12, 2024NewsroomKubernetes / Endpoint Security Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Cloud security firm Wiz, which shed light on the activity, said it's an updated variant of a financially motivated operation that was first documented by CrowdStrike in March … [Read more...] about Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters
How Cynet Makes MSPs Rich & Their Clients Secure
Jun 11, 2024The Hacker NewsEndpoint Security / Incident Response Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand their client base. … [Read more...] about How Cynet Makes MSPs Rich & Their Clients Secure
More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack
Jun 10, 2024NewsroomPhishing Attack / Cybercrime Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024, Canadian cybersecurity firm … [Read more...] about More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
Jun 08, 2024NewsroomVulnerability / Programming Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating … [Read more...] about New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns
Jun 08, 2024NewsroomArtificial Intelligence / Privacy Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an "explorable visual timeline" by capturing screenshots of what appears on … [Read more...] about Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns