Researchers have collected and analyzed data on SMS phishing attacks, delving into the scope and nature of the operations behind such attacks. The work also explores how additional data on phishing activities can be collected and identifies ways in which law enforcement officials can address phishing operations. SMS phishing involves scammers impersonating a bank, government agency, or other trusted party to trick victims into sharing personal information such as credit card numbers and passwords. This article continues to discuss the study of SMS phishing tactics and infrastructure.

The Cybernews research team found 58,364 unique websites vulnerable to data breaches and full takeovers. Cybernews began investigating publicly exposed environment (.env) files on April 9. These configuration files contain passwords, Application Programming Interface (API) keys, and other secrets websites need to access databases, mail servers, payment processors, Content Management Systems (CMS), and other services. A scan of publicly available indexes shows that thousands of website owners have left their keys unprotected.

Cornell Tech's Security, Trust, and Safety (SETS) Initiative will leverage Cornell University's computer security, digital safety, policy, ethics, and law faculty, as well as its partnership with the Technion. SETS will guide new teaching, research, engagement, and entrepreneurial activities to address the global threats of unsafe digital technologies. The initiative will delve into computer security, emerging threats to online safety, and more. This article continues to discuss the SETS Initiative launched by Cornell Tech.

By grigby1 

By grigby1 

By krahal

The world seems to twirl faster. We have recently enjoyed a rare solar eclipse and a visit by auroras. Mother Nature has also sent tornados—all within a few weeks. So too does cyber in the tech world, and perhaps even faster. The challenge is embracing and expanding the good and controlling the bad.

A new campaign targets Brazilian banks with "AllaSenha," a custom variant of the Windows-based "AllaKore" Remote Access Trojan (RAT). The malware uses Azure cloud as Command-and-Control (C2) infrastructure, according to the cybersecurity company HarfangLab. The attack begins with a malicious Windows shortcut (LNK) file posing as a PDF document hosted on a WebDAV server. This article continues to discuss findings regarding the new AllaKore RAT variant.

Security researchers at Patstack conducted a security audit recently of the Slider Revolution plugin and uncovered two significant vulnerabilities that could compromise the security of WordPress websites. Slider Revolution is a widely used premium plugin with over 9 million active users.  It was found to have an unauthenticated stored XSS vulnerability.  This flaw could allow unauthorized users to steal sensitive information and escalate privileges on WordPress sites with a single HTTP request.