Meta announced that it has taken down 2 million accounts across its platforms since the beginning of the year that are linked to pig butchering and other scams. Most of these accounts originate from Myanmar, Laos, the United Arab Emirates, the Philippines, and Cambodia, which is known for hosting “scam slave” operations. “These criminal scam…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28461 Array Networks AG and vxAG ArrayOS Improper Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant…
Read More
Information-stealing malware, or “infostealers,” have become a significant threat, evolving from targeting pirated software to mimicking popular applications like generative AI tools. These threats affect multiple platforms, including Windows and Android. Data from August 2022 to August 2024 shows a persistent presence of infostealers, with a slight decrease in activity around the holiday season, possibly…
Read More
The Chinese state-sponsored hacking group Salt Typhoon has been observed utilizing a new “GhostSpider” backdoor in attacks against telecommunication service providers. The backdoor was discovered by Trend Micro, which has been monitoring Salt Typhoon’s attacks against critical infrastructure and government organizations worldwide. Along with GhostSpider, Trend Micro discovered that the threat group also uses a…
Read More
Microsoft is working on fixing an ongoing and widespread Microsoft 365 outage that is impacting multiple services and features, including Exchange Online, Microsoft Teams, and SharePoint Online. Since this outage started roughly six hours ago, Downdetector has received thousands of reports, with affected users saying they’re also experiencing problems connecting with other services, such as…
Read More
As a cybersecurity leader, Tenable was proud to be one of the original signatories of CISA’s “Secure by Design” pledge earlier this year. Our embrace of this pledge underscores our commitment to security-first principles and reaffirms our dedication to shipping robust, secure products that our users can trust. Read on to learn how we’re standing…
Read More
Top Google partner 66degrees takes a deep dive with CRN around how the solution provider’s AI sales spiked 325 percent in 2024. ‘If you and I are in a brainstorming session, we’re going to come up with 10 good ideas. But if you can have a 5,000-person company come up with ideas, your use cases…
Read More
A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components. The malware that drops the driver is a variant of an AV Killer of no particular family. It comes with a hardcoded list of 142 names for…
Read More
Microsoft is now testing WebAuthn API updates that add support for support for using third-party passkey providers for Windows 11 passwordless authentication. Passkeys use biometric authentication, such as fingerprints and facial recognition, to provide a more secure and convenient alternative to traditional passwords, thus significantly reducing data breach risks. Redmond has been collaborating with credential…
Read More
Microsoft is blocking the Windows 11 24H2 update on computers with some Ubisoft games, like Assassin’s Creed, Star Wars Outlaws, and Avatar: Frontiers of Pandora, after changes in the operating system cause the games to crash, freeze, or have audio issues. Since Windows 11 24H2 was released, users have reported on Reddit [1, 2] and…
Read More