News
-
"CISA Warns of Windows and UnRAR Flaws Exploited in the Wild"Based on the evidence of active exploitation, the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its list of Known Exploited Vulnerabilities (KEV). One of them has been a zero-day bug…
-
"36% Of Orgs Expose Insecure FTP Protocol to the Internet, and Some Still Use Telnet"According to the ExtraHop Benchmarking Cyber Risk and Readiness report, a significant percentage of organizations expose insecure or highly sensitive protocols, such as SMB, SSH, and Telnet, to the public Internet. Whether intentional or unintentional,…
-
"Finding Bugs Faster Than Hackers"Researchers from the Binary Analysis and Systems Security (BASS) group at USC Viterbi's Information Sciences Institute (ISI), in collaboration with Arizona State University, Cisco Systems Inc., and EURECOM, have developed a new approach for quickly…
-
"Digital Security Dialogue"There are still serious issues regarding online safety and ethics that can harm less experienced users. Researchers have built upon familiar human verification techniques to incorporate discrete learning into the process so users can learn about online…
-
"Report Provides Updates on July's Maui Ransomware Incident"Security researchers from Kaspersky have recently published a new advisory providing additional technical details and attribution findings regarding the Maui ransomware incident unveiled by the Cybersecurity and Infrastructure Security Agency (CISA) in…
-
"APIC Fail: Intel 'Sunny Cove' Chips with SGX Spill Secrets"A group of computer scientists discovered an architectural flaw in certain recent Intel CPUs that can be exploited to reveal SGX enclave data such as private encryption keys. It is referred to as AEPIC Leak because it affects the memory-mapped registers…
-
"US Treasury Sanctions Virtual Currency Mixer For Connections With Lazarus Group"The United States has recently placed sanctions on Tornado Cash, a leading "crypto mixer" for transactions in virtual currency that US officials describe as a hub for laundering stolen funds, including by North Korean hackers. The Treasury stated that…
-
"iPhone Security Compromises Prove Difficult to Detect"Mobile phones can be abused to enable stalking through location tracking, account compromise, and remote surveillance methods. Although experts can assist victims in detecting and recovering from this type of technology abuse, researchers at Carnegie…
-
"IBM Patches High-Severity Vulnerabilities in Cloud, Voice, Security Products"IBM recently announced patches for multiple high-severity vulnerabilities impacting products such as Netezza for Cloud Pak for Data, Voice Gateway, and SiteProtector. Three vulnerabilities were resolved in IBM Netezza for Cloud Pak for Data, all of…
-
"Microsoft Publishes Office Symbols to Improve Bug Hunting"Microsoft Office has started publishing Office symbols for Windows to help bug hunters find and report security issues. Microsoft noted that symbols are pieces of information used during debugging and are contained within Symbol files, which are…
-
"IBM Makes Open-Source Tookit Available to Fight Software Supply Chain Attacks"In most cases, IBM's X-Force Red ethical hacking team has been able to gain access to Source Code Management (SCM) systems in an adversary simulation engagement. Access to SCM systems provides attackers with opportunities for software supply chain…
-
"Meta Stops Two Cyberespionage Activities in South Asia"Meta, Facebook's parent company, took action earlier this year against two cross-platform cyberespionage operations that relied on multiple websites for malware distribution. Bitter APT is the first hacking group that Meta shut down in the second quarter…