News Targeted

News

Articles tagged with cybersecurity

SSL/TLS certificate lifespans reduced to 47 days by 2029

Category: IT|Apr 18, 2025 | Author: Admin

The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. [more]

OpenAI bans ChatGPT accounts used by North Korean hackers

Category: IT|Feb 25, 2025 | Author: Admin

OpenAI says it blocked several North Korean hacking groups from using its ChatGPT platform to research future targets and find ways to hack into their networks. [more]

Exploits for unpatched Parallels Desktop flaw give root on Macs

Category: IT|Feb 24, 2025 | Author: Admin

Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices. [more]

Google Cloud introduces quantum-safe digital signatures in KMS

Category: Google|Feb 23, 2025 | Author: Admin

Google Cloud has introduced quantum-safe digital signatures to its Cloud Key Management Service (Cloud KMS), making them available in preview. [more]

CISA flags Craft CMS code injection flaw as exploited in attacks

Category: IT|Feb 21, 2025 | Author: Admin

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. [more]

Microsoft testing fix for Windows 11 bug breaking SSH connections

Category: Microsoft|Feb 20, 2025 | Author: Admin

Microsoft is not testing a fix for a longstanding known issue that is breaking SSH connections on some Windows 11 22H2 and 23H2 systems. [more]

New OpenSSH flaws expose SSH servers to MiTM and DoS attacks

Category: IT|Feb 18, 2025 | Author: Admin

OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago. [more]

Hackers steal emails in device code phishing attacks

Category: Microsoft|Feb 16, 2025 | Author: Admin

An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. [more]

Hackers exploit authentication bypass in Palo Alto Networks PAN-OS

Category: IT|Feb 15, 2025 | Author: Admin

Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. [more]

Malicious PirateFi game infects Steam users with Vidar malware

Category: IT|Feb 14, 2025 | Author: Admin

A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users. [more]

Fortinet discloses second firewall auth bypass patched in January

Category: IT|Feb 13, 2025 | Author: Admin

Update 2/11/25 07:32 PM ET: After publishing our story, Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January. [more]

Apple fixes zero-day exploited in 'extremely sophisticated' attacks

Category: Apple|Feb 11, 2025 | Author: Admin

Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and "extremely sophisticated" attacks. [more]

Microsoft raises rewards for Copilot AI bug bounty program

Category: General|Feb 10, 2025 | Author: Admin

Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. [more]

Microsoft kills off Defender 'Privacy Protection' VPN feature

Category: Microsoft|Feb 3, 2025 | Author: Admin

Microsoft announced it is killing off its Privacy Protection VPN feature in the Microsoft Defender app at the end of the month to focus on other features. [more]

Google says hackers abuse Gemini AI to empower their attacks

Category: IT|Feb 1, 2025 | Author: Admin

Multiple state-sponsored groups are experimenting with the AI-powered Gemini assistant from Google to increase productivity and to conduct research on potential infrastructure for attacks or for reconnaissance on targets. [more]

PayPal to pay $2 million settlement over 2022 data breach

Category: IT|Jan 26, 2025 | Author: Admin

New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state's cybersecurity regulations, leading to a 2022 data breach. [more]

Tesla EV charger hacked twice on second day of Pwn2Own Tokyo

Category: IT|Jan 23, 2025 | Author: Admin

Security researchers hacked Tesla's Wall Connector electric vehicle charger twice on the second day of the Pwn2Own Automotive 2025 hacking contest. [more]

Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack

Category: IT|Jan 22, 2025 | Author: Admin

The largest distributed denial-of-service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices. [more]

Malicious PyPi package steals Discord auth tokens from devs

Category: IT|Jan 18, 2025 | Author: Admin

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. [more]

Hackers leak configs and VPN credentials for 15,000 FortiGate devices

Category: General|Jan 16, 2025 | Author: Admin

A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. [more]

Phishing texts trick Apple iMessage users into disabling protection

Category: Apple|Jan 13, 2025 | Author: Admin

Cybercriminals are exploiting a trick to turn off Apple iMessage's built-in phishing protection for a text and trick users into re-enabling disabled phishing links. [more]

Fake LDAPNightmware exploit on GitHub spreads infostealer malware

Category: IT|Jan 11, 2025 | Author: Admin

A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. [more]

Bad Tenable plugin updates take down Nessus agents worldwide

Category: IT|Jan 4, 2025 | Author: Admin

Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. [more]

Cybersecurity Firm's Chrome Extension Hijacked to Steal Users' Data

Category: IT|Jan 2, 2025 | Author: Admin

At least five Chrome extensions have been compromised in a coordinated attack, enabling a threat actor to steal sensitive user information. [more]

US considers banning TP-Link routers over cybersecurity risks

Category: IT|Dec 30, 2024 | Author: Admin

The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. [more]

Fortinet warns of FortiWLM bug giving hackers admin privileges

Category: IT|Dec 27, 2024 | Author: Admin

Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests. [more]

Ongoing phishing attack abuses Google Calendar to bypass spam filters

Category: Google|Dec 25, 2024 | Author: Admin

An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. [more]

Russian hackers use RDP proxies to steal data in MiTM attacks

Category: IT|Dec 23, 2024 | Author: Admin

The Russian hacking group tracked as APT29 (aka "Midnight Blizzard") is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. [more]

Interpol replaces dehumanizing "Pig Butchering" term with "Romance Baiting"

Category: IT|Dec 20, 2024 | Author: Admin

Interpol calls on the cybersecurity community, law enforcement, and the media to stop using the term "Pig Butchering" when referring to online relationship and investment scams, as it unnecessarily shames the victims impacted by these fraud campaigns. [more]

Hackers abuse Avast anti-rootkit driver to disable defenses

Category: IT|Nov 23, 2024 | Author: Admin

A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components. [more]

UK nuclear site Sellafield fined $440,000 for cybersecurity shortfalls

Category: IT|Oct 5, 2024 | Author: Admin

Nuclear waste processing facility Sellafield has been fined £332,500 ($440k) by the Office for Nuclear Regulation (ONR) for failing to adhere to cybersecurity standards and putting sensitive nuclear information at risk over four years, from 2019 to 2023. [more]

Google reportedly is close to buying cybersecurity company Wiz for $23 billion

Category: Google|Jul 15, 2024 | Author: Admin

Google's parent company Alphabet is reportedly in talks for an acquisition that, if it goes through, will be the company's biggest purchase ever. The Wall Street Journal, citing unnamed sources, claims that Google is in negotiations to purchase the cybersecurity company Wiz for $23... [more]