cybersecurity

cross-posted from: https://lemmy.ml/post/1895271...

Researchers say that nearly 336,000 devices exposed to the Internet remain vulnerable to a critical vulnerability in firewalls sold by Fortinet because admins have yet to install patches the company released three weeks ago....

The Russian-linked hacktivist group NoName has been relentlessly targeting the Ukrainian financial sector in its latest campaign against the war-torn nation....

A year after the Russian invasion of Ukraine, MITRE efforts to develop and deliver needed technology and relief endure, and grow, helping the people on the ground who need it most ....

Microsoft researchers have recently discovered an attack leveraging custom and open-source tools to target internet-facing Linux-based systems and IoT devices. The attack uses a patched version of OpenSSH to take control of impacted devices and install cryptomining malware....

SolarWinds — the technology firm at the center of a December 2020 hack that affected multiple U.S. government agencies — said its executives may soon face charges from the U.S. Securities and Exchange Commission (SEC) for its response to the incident....

Unidentified hackers claimed to have targeted Dozor, a satellite telecommunications provider that services power lines, oil fields, Russian military units and the Federal Security Service (FSB), among others, according to a message posted to Telegram late Wednesday night....

Microsoft has disclosed that it's detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard....

BlackLotus is a sophisticated piece of malware that can infect a computer's low-level firmware, bypassing the Secure Boot defences built into Windows 10 and Windows 11, and allowing the execution of malicious code before a PC's operating system and security defences have loaded....

The recently discovered Chinese state-backed advanced persistent threat (APT) "Volt Typhoon," aka "Vanguard Panda," has been spotted using a critical vulnerability in Zoho's ManageEngine ADSelfService Plus, a single sign-on and password management solution. And it's now sporting plenty of previously undisclosed stealth...

Apple issued a security update on Wednesday for all its operating systems to patch dangerous vulnerabilities that could allow attackers to take over someone’s entire device....

The rapid pace of change in AI makes it difficult to weigh the technology's risks and benefits and CISOs should not wait to take charge of the situation. Risks range from prompt injection attacks, data leakage, and governance and compliance....

The rise of ChatGPT has been well-documented as a cybercrime gamechanger, democratizing highly advanced tactics, techniques, and procedures (TTPs) so average adversarial threat actors can increase lethality at low costs. Empowering run-of-the-mill hackers to continuously punch above their weight class will only continue to...

Microsoft Teams vulnerability allows attackers to deliver malware to employees Security researchers have uncovered a bug that could allow attackers to deliver malware directly into employees’ Microsoft Teams inbox....

I'm a newbie to podcasts, but I got hooked recently because I can listen while doing something else....

Executive summary...

TIL the French government may have broken encryption on a LUKS-encrypted laptop with a "greater than 20 character" password in April 2023....

The U.S. Army’s Criminal Investigation Division is urging military personnel to be on the lookout for unsolicited, suspicious smartwatches in the mail, warning that the devices could be rigged with malware....

There are presently 201k people monitoring domains in Have I Been Pwned (HIBP). That's massive! That's 201k people that have searched for a domain, left their email address for future notifications when the domain appears in a new breach and successfully verified that they control the domain. But that's only a subset of all the...

Cybercrime has become a dominant concern for many businesses, as well as individuals. Cybercriminals will target any business, and any individual if they can realize a profit from their minimal efforts. One of the ways that criminals achieve their goals is through the use of malware that garners a fast profit, such as...

The Department of Justice established a cyber-focused section within its National Security Division to combat the full range of digital crimes, a top department official said Tuesday....

After years of breakneck growth, China’s security and surveillance industry is now focused on shoring up its vulnerabilities to the United States and other outside actors, worried about risks posed by hackers, advances in artificial intelligence and pressure from rival governments....

A new policy directive from Maine Information Technology (MaineIT) has put a six-month moratorium on the adoption and use of Generative Artificial Intelligence (AI) technology within all State of Maine agencies due to “significant” cybersecurity risks....