Friday Squid Blogging: New Extinct Species of Vampire Squid Discovered Paleontologists have discovered a 183-million-year-old species of vampire squid. Prior research suggests that the vampyromorph lived in the shallows off an island that once existed in what is now the heart of the European mainland. The research team believes that the remarkable degree of preservation…
Read More
Security agencies from several nations warn that attackers were able to deceive the integrity checking tools provided by Ivanti in response to the recent attacks exploiting zero-day vulnerabilities in its Connect Secure and Policy Secure gateways. The agency also identified a technique in a lab setting that could be used to achieve malware persistence on…
Read More
Adam Levin was a guest on Dark Rhiino’s Security Confidental podcast. In the episode, he encouraged listeners to protect both their security and their identities by “lying like a superhero.” Providing false or misleading information, accounts will be harder to break into in the event of a data breach. Listen to the episode below: Source…
Read More
Do you have an Anycubic Kobra 2 Pro/Plus/Max 3D printer? Did you know it has a security vulnerability? If you answered “yes” to both those questions, then chances are that I can guess just how you found out your 3D printer was vulnerable to hackers. My bet is that you might have learnt about the…
Read MoreCisco released security advisories to address vulnerabilities affecting Cisco NX-OS Software. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco NX-OS Software MPLS Encapsulated IPv6 Denial of Service Vulnerability Cisco NX-OS Software External Border…
Read More
Mar 01, 2024NewsroomPhishing Kit / Cryptocurrency A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster designed to primarily target mobile devices. “This kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combination of email, SMS, and voice…
Read More
Once inside the ADFS, the attackers “could steal data, a private key, needed to speak SAML to the business applications, impersonating authentication, and users,” Semperis researcher, Woodruff, said. Switching to a cloud identity provider was recommended by cybersecurity experts as it promised better private key security. With Entra ID, the private key used to perform…
Read More
If you’ve spent the last umpteen years pouring blood, sweat, and tears into creating content for your Tumblr or WordPress.com blog, chances are that you would appreciate some payback all of your hard work. Instead, though, Automattic (the parent company of Tumblr and WordPress.com) is going to monetise it – selling access to the information…
Read MoreNIST Cybersecurity Framework 2.0 NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It also has a new focus on governance, which…
Read More
Mar 01, 2024NewsroomLinux / Cyber Threat Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. “This latest version of Bifrost aims to bypass security measures and compromise targeted systems,” Palo Alto Networks Unit 42 researchers Anmol Maurya and Siddharth…
Read More