News Targeted

News

Articles tagged with security

Cloudflare mitigates record number of DDoS attacks in 2025

Category: IT|Apr 30, 2025 | Author: Admin

Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase. [more]

Coinbase fixes 2FA log error making people think they were hacked

Category: IT|Apr 29, 2025 | Author: Admin

Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised. [more]

Microsoft blocks ActiveX by default in Microsoft 365, Office 2024

Category: Microsoft|Apr 24, 2025 | Author: Admin

Microsoft announced it will begin disabling all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 applications later this month. [more]

Google adds Android auto-reboot to block forensic data extractions

Category: Google|Apr 22, 2025 | Author: Admin

Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state. [more]

SSL/TLS certificate lifespans reduced to 47 days by 2029

Category: IT|Apr 18, 2025 | Author: Admin

The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. [more]

Oracle says "obsolete servers" hacked, denies cloud breach

Category: IT|Apr 9, 2025 | Author: Admin

Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as "two obsolete servers." [more]

WinRAR flaw bypasses Windows Mark of the Web security alerts

Category: Microsoft|Apr 6, 2025 | Author: Admin

A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. [more]

Coinbase to fix 2FA account activity entry freaking out users

Category: IT|Apr 5, 2025 | Author: Admin

Coinbase is fixing a misleading account activity message that has caused confusion and anxiety, making users think their credentials were compromised. [more]

OpenAI now pays researchers $100,000 for critical vulnerabilities

Category: IT|Mar 29, 2025 | Author: Admin

Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for "exceptional and differentiated" critical security vulnerabilities from $20,000 to $100,000. [more]

Hijacked Microsoft web domain injects spam into SharePoint servers

Category: Microsoft|Mar 28, 2025 | Author: Admin

The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. [more]

Cloudflare now blocks all unencrypted traffic to its API endpoints

Category: IT|Mar 24, 2025 | Author: Admin

Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. [more]

Supply chain attack on popular GitHub Action exposes CI/CD secrets

Category: IT|Mar 17, 2025 | Author: Admin

A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. [more]

GitLab patches critical authentication bypass vulnerabilities

Category: IT|Mar 13, 2025 | Author: Admin

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. [more]

Mozilla warns users to update Firefox before certificate expires

Category: Microsoft|Mar 12, 2025 | Author: Admin

Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates. [more]

New Chirp tool uses audio tones to transfer data between devices

Category: IT|Mar 9, 2025 | Author: Admin

A new open-source tool named 'Chirp' transmits data, such as text messages, between computers (and smartphones) through different audio tones. [more]

Undocumented "backdoor" found in Bluetooth chip used by a billion Devices

Category: IT|Mar 8, 2025 | Author: Admin

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks. [more]

Nearly 12,000 API keys and passwords found in AI training dataset

Category: IT|Mar 2, 2025 | Author: Admin

Close to 12,000 valid secrets that include API keys and passwords have been found in the Common Crawl dataset used for training multiple artificial intelligence models. [more]

OpenAI bans ChatGPT accounts used by North Korean hackers

Category: IT|Feb 25, 2025 | Author: Admin

OpenAI says it blocked several North Korean hacking groups from using its ChatGPT platform to research future targets and find ways to hack into their networks. [more]

Exploits for unpatched Parallels Desktop flaw give root on Macs

Category: IT|Feb 24, 2025 | Author: Admin

Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices. [more]

Google Cloud introduces quantum-safe digital signatures in KMS

Category: Google|Feb 23, 2025 | Author: Admin

Google Cloud has introduced quantum-safe digital signatures to its Cloud Key Management Service (Cloud KMS), making them available in preview. [more]

CISA flags Craft CMS code injection flaw as exploited in attacks

Category: IT|Feb 21, 2025 | Author: Admin

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. [more]

Microsoft testing fix for Windows 11 bug breaking SSH connections

Category: Microsoft|Feb 20, 2025 | Author: Admin

Microsoft is not testing a fix for a longstanding known issue that is breaking SSH connections on some Windows 11 22H2 and 23H2 systems. [more]

New OpenSSH flaws expose SSH servers to MiTM and DoS attacks

Category: IT|Feb 18, 2025 | Author: Admin

OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago. [more]

Hackers steal emails in device code phishing attacks

Category: Microsoft|Feb 16, 2025 | Author: Admin

An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. [more]

Hackers exploit authentication bypass in Palo Alto Networks PAN-OS

Category: IT|Feb 15, 2025 | Author: Admin

Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. [more]

Malicious PirateFi game infects Steam users with Vidar malware

Category: IT|Feb 14, 2025 | Author: Admin

A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users. [more]

Fortinet discloses second firewall auth bypass patched in January

Category: IT|Feb 13, 2025 | Author: Admin

Update 2/11/25 07:32 PM ET: After publishing our story, Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January. [more]

Apple fixes zero-day exploited in 'extremely sophisticated' attacks

Category: Apple|Feb 11, 2025 | Author: Admin

Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and "extremely sophisticated" attacks. [more]

Microsoft raises rewards for Copilot AI bug bounty program

Category: General|Feb 10, 2025 | Author: Admin

Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. [more]

Microsoft kills off Defender 'Privacy Protection' VPN feature

Category: Microsoft|Feb 3, 2025 | Author: Admin

Microsoft announced it is killing off its Privacy Protection VPN feature in the Microsoft Defender app at the end of the month to focus on other features. [more]

PyPI adds project archiving system to stop malicious updates

Category: IT|Feb 2, 2025 | Author: Admin

The Python Package Index (PyPI) has announced the introduction of ‘Project Archival,’ a new system that allows publishers to archive their projects, indicating to the users that no updates are to be expected. [more]

Google says hackers abuse Gemini AI to empower their attacks

Category: IT|Feb 1, 2025 | Author: Admin

Multiple state-sponsored groups are experimenting with the AI-powered Gemini assistant from Google to increase productivity and to conduct research on potential infrastructure for attacks or for reconnaissance on targets. [more]

PayPal to pay $2 million settlement over 2022 data breach

Category: IT|Jan 26, 2025 | Author: Admin

New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state's cybersecurity regulations, leading to a 2022 data breach. [more]

Tesla EV charger hacked twice on second day of Pwn2Own Tokyo

Category: IT|Jan 23, 2025 | Author: Admin

Security researchers hacked Tesla's Wall Connector electric vehicle charger twice on the second day of the Pwn2Own Automotive 2025 hacking contest. [more]

Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack

Category: IT|Jan 22, 2025 | Author: Admin

The largest distributed denial-of-service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices. [more]

TikTok shuts down in the US as Trump throws the company a lifeline

Category: IT|Jan 19, 2025 | Author: Admin

TikTok shut down in the U.S. late Saturday night following the Supreme Court's decision to uphold the law that banned the company over national security concerns. [more]

Malicious PyPi package steals Discord auth tokens from devs

Category: IT|Jan 18, 2025 | Author: Admin

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. [more]

Hackers leak configs and VPN credentials for 15,000 FortiGate devices

Category: General|Jan 16, 2025 | Author: Admin

A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. [more]

Phishing texts trick Apple iMessage users into disabling protection

Category: Apple|Jan 13, 2025 | Author: Admin

Cybercriminals are exploiting a trick to turn off Apple iMessage's built-in phishing protection for a text and trick users into re-enabling disabled phishing links. [more]

Fake LDAPNightmware exploit on GitHub spreads infostealer malware

Category: IT|Jan 11, 2025 | Author: Admin

A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. [more]

Over 3 million mail servers without encryption exposed to sniffing attacks

Category: IT|Jan 5, 2025 | Author: Admin

Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. [more]

Bad Tenable plugin updates take down Nessus agents worldwide

Category: IT|Jan 4, 2025 | Author: Admin

Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. [more]

New details reveal how hackers hijacked 35 Google Chrome extensions

Category: Google|Jan 3, 2025 | Author: Admin

New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. [more]

Cybersecurity Firm's Chrome Extension Hijacked to Steal Users' Data

Category: IT|Jan 2, 2025 | Author: Admin

At least five Chrome extensions have been compromised in a coordinated attack, enabling a threat actor to steal sensitive user information. [more]

US considers banning TP-Link routers over cybersecurity risks

Category: IT|Dec 30, 2024 | Author: Admin

The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. [more]

Android malware found on Amazon Appstore disguised as health app

Category: Google|Dec 29, 2024 | Author: Admin

A malicious Android spyware application named 'BMI CalculationVsn' was discovered on the Amazon Appstore, masquerading as a simple health tool but stealing data from infected devices in the background. [more]

Juniper warns of Mirai botnet targeting Session Smart routers

Category: IT|Dec 28, 2024 | Author: Admin

Juniper Networks has warned customers of Mirai malware attacks targeting and infecting Session Smart routers using default credentials. [more]

Fortinet warns of FortiWLM bug giving hackers admin privileges

Category: IT|Dec 27, 2024 | Author: Admin

Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests. [more]

Ongoing phishing attack abuses Google Calendar to bypass spam filters

Category: Google|Dec 25, 2024 | Author: Admin

An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. [more]

Russian hackers use RDP proxies to steal data in MiTM attacks

Category: IT|Dec 23, 2024 | Author: Admin

The Russian hacking group tracked as APT29 (aka "Midnight Blizzard") is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. [more]

Interpol replaces dehumanizing "Pig Butchering" term with "Romance Baiting"

Category: IT|Dec 20, 2024 | Author: Admin

Interpol calls on the cybersecurity community, law enforcement, and the media to stop using the term "Pig Butchering" when referring to online relationship and investment scams, as it unnecessarily shames the victims impacted by these fraud campaigns. [more]

Hackers abuse Avast anti-rootkit driver to disable defenses

Category: IT|Nov 23, 2024 | Author: Admin

A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components. [more]

ChatGPT allows access to underlying sandbox OS, “playbook” data

Category: IT|Nov 16, 2024 | Author: Admin

OpenAI's ChatGPT platform provides a great degree of access to the LLM's sandbox, allowing you to upload programs and files, execute commands, and browse the sandbox's file structure. [more]

Microsoft pulls Exchange security updates over mail delivery issues

Category: Microsoft|Nov 15, 2024 | Author: Admin

Microsoft has pulled the November 2024 Exchange security updates released during this month's Patch Tuesday because of email delivery issues on servers using custom mail flow rules. [more]

CyberPanel Urges Users to Upgrade Amid Ongoing Issues

Category: IT|Oct 29, 2024 | Author: Admin

CyberPanel has announced the urgent need for users to upgrade their software due to ongoing issues that have affected file access for many users. The CyberPanel team is assisting those impacted at no cost, providing solutions such as a decryption script and a manual patch guide for... [more]

US says Chinese hackers breached multiple telecom providers

Category: IT|Oct 28, 2024 | Author: Admin

The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States. [more]

Recently patched CUPS flaw can be used to amplify DDoS attacks

Category: IT|Oct 7, 2024 | Author: Admin

A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. [more]

UK nuclear site Sellafield fined $440,000 for cybersecurity shortfalls

Category: IT|Oct 5, 2024 | Author: Admin

Nuclear waste processing facility Sellafield has been fined £332,500 ($440k) by the Office for Nuclear Regulation (ONR) for failing to adhere to cybersecurity standards and putting sensitive nuclear information at risk over four years, from 2019 to 2023. [more]

Google reportedly is close to buying cybersecurity company Wiz for $23 billion

Category: Google|Jul 15, 2024 | Author: Admin

Google's parent company Alphabet is reportedly in talks for an acquisition that, if it goes through, will be the company's biggest purchase ever. The Wall Street Journal, citing unnamed sources, claims that Google is in negotiations to purchase the cybersecurity company Wiz for $23... [more]

Netgear WNR614 flaws allow device takeover, no fix available

Category: IT|Jun 12, 2024 | Author: Admin

Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses. [more]

Microsoft announces new security services and features for AI deployments

Category: Microsoft|May 6, 2024 | Author: Admin

Late last week, Microsoft announced that after a series of high-profile data breaches that involved its services, it had decided it would now be "making security our top priority at Microsoft, above all else." Today, as part of the annual RSA Conference in San Fransisco, the company... [more]

The US Government Has a Microsoft Problem

Category: Microsoft|Apr 16, 2024 | Author: Admin

When Microsoft revealed in January that foreign government hackers had once again breached its systems, the news prompted another round of recriminations about the security posture of the world’s largest tech company. [more]

Apple warns of increased iPhone security risks

Category: Apple|Mar 2, 2024 | Author: Admin

Apple has told its European customers that new EU competition laws will make iPhones less safe. [more]

Cloudflare DDoS Protection Flaws Allowed Security Bypass Via Cloudflare

Category: IT|Oct 2, 2023 | Author: Admin

Although Cloudflare provides resilient DDoS protection, a researcher devised a strategy to bypass the security measures using Cloudflare itself. The process involves exploiting logic flaws in the firewall that allow an adversary to perform DDoS attacks on the target device. [more]

Apple fixes 16 security flaws with iOS 16.6, two actively exploited

Category: Apple|Jul 27, 2023 | Author: Admin

Apple has released iOS 16.6 today for everyone and while the update doesn’t come with new user-facing features, it has over a dozen important security fixes. And notably, two of the fixes are for actively exploited flaws. [more]

If you do not deactivate Gigabyte's function, you may be at risk of hackers

Category: IT|Jun 1, 2023 | Author: Admin

The security company Eclypsium has revealed that Gigabyte motherboards have a backdoor that few users know about. [more]

"Don't enable Google's new feature"

Category: Google|Apr 27, 2023 | Author: Admin

"The big improvement everyone with passwords has been waiting for," Now we are not so sure anymore whether it pays to activate cloud storage in "Google Authenticator." [more]