Aug 22, 2024Ravie LakshmananDatabase Security / Cryptocurrency Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that’s designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. “Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords,” Aqua security researcher Assaf Morag said…
Read More
“In the M&A game, rumors are currency. We accept that, and my general response is to ignore them. But what I’ve seen over the past few weeks from a company called Action1 goes far beyond anything I’ve ever experienced in my career, and I feel compelled to set the record straight,” Talpaz wrote in a…
Read MoreToday, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), CISA, FBI, NSA, and international partners are releasing Best Practices for Event Logging and Threat Detection. This guide will assist organizations in defining a baseline for event logging to mitigate malicious cyber threats. The increased prevalence of malicious actors employing living off the land…
Read MoreExecutive Summary This publication defines a baseline for event logging best practices to mitigate cyber threats. It was developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in cooperation with the following international partners: United States (US) Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the National…
Read More
A 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. A press release from the U.S. Department of Justice (DoJ) informs that Jesse Kipf used stolen credentials to access the Hawaii Death Registry System to register himself as…
Read More
‘Security continues to be our top priority,’ according to Microsoft. Microsoft will make the controversial “recall” feature for its artificial intelligence-powered Copilot+ PCs available to Windows Insiders users in October. The Redmond, Wash.-based tech giant added the new release date to a previous blog post about recall, which was billed as a way for users…
Read More
Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited attacks. “Google is aware that an exploit for CVE-2024-7971 exists in the wild,” the company said in an advisory published on Wednesday. This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome’s V8 JavaScript engine.…
Read More
The company says it expects to have 96 megawatts online by late 2026 with the remainder of the $3 billion build-out finished in a decade. Novva Data Centers said Wednesday that it will open its sixth site on 160 acres of land that it bought at auction last year in Arizona. It plans to infuse…
Read More
Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. Progressive web apps (PWA) are cross-platform applications that can be installed directly from the browser and offer a native-like experience through features like push notifications, access to device hardware, and background data syncing. Using this type of…
Read More
Reported claims by Action1 that CrowdStrike was planning to acquire the patch management firm for nearly $1 billion are ‘outrageous,’ CrowdStrike’s Gur Talpaz says in a LinkedIn post. Reported claims that CrowdStrike sought to acquire patch management firm Action1 for nearly $1 billion have no basis in reality, according to a CrowdStrike executive. In a…
Read More