Month: September 2024
Job applications require personal information—your educational background, past addresses and employment, and in some cases, even your Social Security number. Scammers are acutely aware of this vulnerability, and have many ways to gather data or make a quick buck from unsuspecting victims online. On this week’s episode of What the Hack with Adam Levin, singer/songwriter…
Read MoreList of Old NSA Training Videos The NSA’s “National Cryptographic School Television Catalogue” from 1991 lists about 600 COMSEC and SIGINT training videos. There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before. Tags: cryptography, FOIA, history of cryptography, history of security, NSA,…
Read More
The Federal Trade Commission (FTC) requires security camera vendor Verkada to create a comprehensive information security program as part of a settlement after multiple security failures enabled hackers to access live video feeds from internet-connected cameras. Many cameras were located in sensitive environments, such as women’s health clinics, psychiatric hospitals, prisons, and schools. FTC alleges that…
Read More
CRN breaks down 10 major new hires and executive departures at AWS in recent months, which includes many AI executives. Amazon Web Services is snatching up major artificial intelligence talent including CEOs from AI startups along with executives who’ve worked for the likes of OpenAI, Microsoft and Google Cloud. However, AWS has also recently witnessed…
Read More
An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing. This week, several readers reported receiving…
Read More
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. The four RCE flaws, three of which are rated critical and do not require authentication, were discovered by security researcher yali-1002, who released minimal…
Read More10up–Simple Local Avatars Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10. 2024-08-26 4.3 CVE-2024-43116audit@patchstack.com advancedformintegration — advanced_form_integration Cross-Site Request Forgery (CSRF) vulnerability in Nasirahmed Advanced Form Integration.This issue affects Advanced Form Integration: from n/a through 1.89.4. 2024-08-26 4.3 CVE-2024-43340audit@patchstack.com Analytify–Analytify Cross-Site Request Forgery (CSRF)…
Read MoreCISA released one Industrial Control Systems (ICS) advisory on September 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol
Read More
Sep 03, 2024Ravie LakshmananEndpoint Security / Malware Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation. “It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector,”…
Read More
Sep 03, 2024Ravie LakshmananRansomware / Malware A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. “Head Mare uses more up-to-date methods for obtaining initial access,” Kaspersky said in a Monday analysis of the group’s tactics and tools. “For instance, the attackers took…
Read More