Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. Tinyproxy is an open-source HTTP and HTTPS proxy server designed to be fast, small, and lightweight. It is specifically tailored for UNIX-like operating systems and is commonly used by small businesses, public WiFi providers, and home users. At the…
Read More
BetterHelp has agreed to pay $7.8 million in a settlement agreement with the U.S. Federal Trade Commission (FTC) over allegations of misusing and sharing consumer health data for advertising purposes. Founded in 2013, BetterHelp is an alternative to traditional face-to-face therapy sessions. It provides a mental health platform for direct counseling from licensed therapists through text,…
Read MoreToday, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare…
Read More
The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury’s Office of Foreign Assets Control…
Read More
“We’re at $100 billion-plus annualized revenue run rate, yet 85 percent or more of the global IT spend remains on-premises,” said Andy Jassy, Amazon’s CEO and former longtime leader of AWS. Amazon’s CEO Andy Jassy says AWS’ generative AI strategy is accelerating companies to ditch their on-premises IT environments in favor of the cloud, with…
Read MoreCISA released two Industrial Control Systems (ICS) advisories on May 07, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol
Read MoreNew Attack on VPNs This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named…
Read More
This article is covering effects of the people tracking applications over the “telegram-nearby-map” project on GitHub. This open-source project allows users to track the approximate location of other Telegram users within a specified radius, raising significant concerns about privacy and potential misuse. Functionality and Concerns The tool leverages Telegram’s “People Nearby” feature, which allows users…
Read More
The funding was led by major names of Silicon Valley venture capital including Andreessen Horowitz and comes after Wiz executives signaled an intensified push with channel partners. Wiz on Tuesday announced $1 billion in new funding at a $12 billion valuation as the four-year-old company sees surging growth in the cloud and AI security markets.…
Read More
Kara Swisher has been covering Silicon Valley since the early days, and she’s made a ton of enemies the old fashioned way (by telling the truth about the new robber barons of our digital lives). In a new memoir called Burn Book, she pulls the curtain back on a world run by powerful babies. Is…
Read More