News
-
"Cosmetics Giant Sephora to Pay $1m+ Privacy Settlement"One of the world’s biggest cosmetics retailers, Sephora, has agreed to pay $1.2 million in penalties and take corrective action after falling foul of the California Consumer Privacy Act (CCPA). Sephora was accused of failing to disclose to…
-
"Eliminating Algorithmic Complexity Attacks"Malicious actors often use Denial-of-Service (DoS) attacks to slow down and disrupt network systems. Such attacks attempt to prevent network users from accessing online services by overloading the network with so much data to process that it cannot keep…
-
"DoorDash Data Compromised Following Twilio Hack"Food delivery company DoorDash recently revealed that customer and employee data has been exposed due to a recent breach at a third-party vendor. DoorDash said hackers abused a third-party vendor's access to its systems. The attacker abused…
-
"TeamTNT Targeted Cloud Instances and Containerized Environments For Two Years"The threat actor known as TeamTNT has been targeting cloud instances and containerized environments on systems worldwide for at least two years. The findings come from CloudSEK security researchers, who posted an advisory on Thursday detailing a…
-
Pub Crawl #65Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.
-
"New 'Agenda' Ransomware Customized for Each Victim"Cybersecurity researchers at Trend Micro are raising the alarm on a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa. The researchers noted that Agenda is written in the Golang (Go) cross-…
-
"'Quantum-Safe' Crypto Hacked by 10-Year-Old PC"Cryptographers worldwide have spent the last two decades developing postquantum cryptography (PQC) algorithms to stay ahead of the quantum threat. These are based on new mathematical problems that are difficult to solve for both quantum and classical…
-
"How 'Kimsuky' Hackers Ensure Their Malware Only Reach Valid Targets"North Korean 'Kimsuky' threat actors are trying to ensure that their malicious payloads are only downloaded by legitimate targets and not by security researchers' systems. The threat group has been using new techniques to filter out invalid download…
-
"LastPass Breach: Source Code, Proprietary Tech Info Stolen"The makers of the popular password manager LastPass have announced that an unauthorized party gained access to portions of the LastPass development environment via a single compromised developer account, taking portions of source code and some…
-
"Cybercriminals Are Selling Access to Chinese Surveillance Cameras"According to new research, over 80,000 Hikvision surveillance cameras worldwide are vulnerable to an 11-month-old command injection flaw. Hikvision, short for Hangzhou Hikvision Digital Technology, is a Chinese state-owned video surveillance equipment…
-
"Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework"Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control (C2) framework as a replacement for Cobalt Strike in their intrusion campaigns. Because of the popularity of Cobalt Strike as an attack tool, defenses…
-
"A New Era of Data Privacy Choices"There are organizations that use Machine Learning (ML) and Artificial Intelligence (AI) algorithms to analyze massive amounts of browsing data, social network data, location data, voice data, and contact information that people share through their…