VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the…
U.S. rule on selling sensitive data, Cisco data stolen, Nidec breach
Proposed rules ban U.S. companies from selling sensitive data Cisco data stolen by IntelBroker Nidec breach exposes 50,000+ documents Thanks to today’s episode sponsor, SpyCloud Did you know that infostealer malware can be a precursor to ransomware? Infostealers are a…
Cyber Attackers Set Their Sights on the Manufacturing Industry
The manufacturing industry has emerged as the most targeted by cyber attacks, accounting for more than 25% of incidents across the top 10 sectors, with 45% of these involving malware. The industry’s appeal to malefactors has grown, largely due to…
OWASP Mobile Top 10 2024: Update Overview
75% of Mobile Apps Fail Basic Security Tests. Hackers are increasingly focusing on the mobile channel, making mobile apps a prime target for fraud and security breaches. With this growing threat, it’s essential for organizations and app developers to adopt…
Winnebago Public Schools Suffers Cyber Attack, Services Shut Down
Winnebago Public Schools (WPS) in Nebraska was the victim of a cyberattack on October 21, 2024, which caused significant disruptions to its operations. The school district has been scrambling to restore its systems and maintain essential services. Superintendent Kamau Turner…
Attackers Exploit Roundcube Webmail Vulnerability
Cybersecurity experts from Positive Technologies’ Security Expert Center (PT ESC) have uncovered an exploit targeting Roundcube Webmail, an open-source email client written in PHP. According to the researchers, Roundcube’s “extensive functionality and the convenient access it gives users to email accounts via a browser—without the…
Cyber Attackers Set Their Sights on Manufacturing
The manufacturing industry has emerged as the most targeted by cyber attacks, accounting for more than 25% of incidents across the top 10 sectors, with 45% of these involving malware. The industry’s appeal to malefactors has grown, largely due to…
Ransomware group demands $30k for not leaking Transak user data
A lesser-known ransomware group known as Stormous has recently issued a warning that it plans to release sensitive data belonging to approximately 57,000 customers of Transak, a cryptocurrency purchasing platform. The group claims that they have obtained sensitive information about…
Best Programming Languages for Hacking in 2025
As technology evolves, so does the landscape of cybersecurity and ethical hacking. By 2025, certain programming languages will continue to stand out for their utility in hacking and security analysis. Here’s a look at some of the best programming languages…
Google Mandiant: Time-to-Exploit Falls, Zero Day Exploits Rise
A staggering 70% of exploited vulnerabilities in 2023 were leveraged as zero days, meaning threat actors exploited the flaws in attacks before the impacted vendors knew of the bug’s existence or had been able to patch them. In addition, the…
Pixel perfect Ghostpulse malware loader hides inside PNG image files
Miscreants combine it with an equally tricky piece of social engineering The Ghostpulse malware strain now retrieves its main payload via a PNG image file’s pixels. This development, security experts say, is “one of the most significant changes” made by…
NHS App to Provide Full Medical Records Under Digital Overhaul Plan
The NHS App is set to undergo a major transformation, with plans to make full medical records, test results, and doctor’s letters accessible to patients across England. This initiative is part of a new 10-year strategy aimed at revolutionizing how…
IT security and government services: Balancing transparency and security
Government information technology leaders find themselves at a challenging balance point: On one end of the scale are increasing threats from cyber actors, bolstered by advanced technology like artificial intelligence (AI); on the other end is a longstanding commitment to…
CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537…
Phishing scams and malicious domains take center stage as the US election approaches
Phishing scams aimed at voters, malicious domain registrations impersonating candidates, and other threat activity designed to exploit unassuming victims take center stage as the US election approaches, according to Fortinet. “As the 2024 US presidential election approaches, it’s critical to…
Myths holding women back from cybersecurity careers
In this Help Net Security interview, Dr Kathryn Jones, Head of School, Computer Science and Informatics at Cardiff University, discusses the challenges and misconceptions that deter women from pursuing careers in cybersecurity. Dr Jones also outlines the diverse skills, mentorship,…
Hackers are finding new ways to leverage AI
AI adoption and integration has continued its rapid momentum within the hacking community, according to Bugcrowd. Nevertheless, it continues to pose both benefits and unfortunate cyber risks. This year’s report revealed a significant shift in the perceived value of AI…
Whitepaper: Securing GenAI
The ultimate guide to AI security: key AI security risks, vulnerabilities and strategies for protection. 61% of companies use AI, but few secure it. This whitepaper covers the key AI risks being overlooked from LLMs to RAG. Inside the Securing…
Severe Flaws Discovered in Major E2EE Cloud Storage Services
The cryptographic vulnerabilities were found in Sync, pCloud, Icedrive and Seafile by ETH Zurich This article has been indexed from www.infosecurity-magazine.com Read the original article: Severe Flaws Discovered in Major E2EE Cloud Storage Services
ISC Stormcast For Tuesday, October 22nd, 2024 https://isc.sans.edu/podcastdetail/9190, (Tue, Oct 22nd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, October 22nd, 2024…
Inside the Dark Web: How Threat Actors Are Selling Access to Corporate Networks
In recent weeks, underground forums on the dark web have continued to flourish as bustling marketplaces where cybercriminals sell unauthorized access to corporate networks. From VPN credentials to Remote Desktop Protocol (RDP) access, threat actors take advantage of compromised corporate…
USENIX NSDI ’24 – DISTMM: Accelerating Distributed Multimodal Model Training
Authors/Presenters:Jun Huang, Zhen Zhang, Shuai Zheng, Feng Qin, Yida Wang Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI ’24) content, placing the organizations enduring…
Are Leaders Ready to Break the Ransomware Cycle
It is good to see US government leaders realize that ransomware is a growing existential threat to our country, at the hands of our adversaries. A top US national cybersecurity advisor stated in a recent op-ed, “This is…
China’s Spamouflage cranks up trolling of US Senator Rubio as election day looms
Note to Xi: Marco and Ted Cruz aren’t the same person China’s Spamouflage disinformation crew has been targeting US Senator Marco Rubio (R-Florida) with its fake news campaigns over the past couple of months, trolling the Republican lawmaker’s official X…
Meta tests facial recognition for spotting ‘celeb-bait’ ads scams and easier account recovery
Meta is expanding tests of facial recognition as an anti-scam measure to combat celebrity scam ads and more broadly, the Facebook owner announced Monday. Monika Bickert, Meta’s VP of content policy, wrote in a blog post that some of the…
Sophos to snatch Secureworks in $859M buyout: Why fight when you can just buy?
Private equity giant Thoma Bravo adds another trophy to its growing collection British security biz Sophos has announced a plan to gobble up competitor Secureworks in an $859 million deal that will make Dell happy.… This article has been indexed…
170 AWS services achieve HITRUST certification
Amazon Web Services (AWS) is excited to announce that 170 AWS services have achieved HITRUST certification for the 2024 assessment cycle, including the following 12 services that were certified for the first time: AWS AppFabric AWS Application Migration Service Amazon…