#EN #2024 #en #security

Google ads push fake Google Authenticator site installing malware

Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware.

#bleepingcomputer #EN #2024 #Malvertising #Security #Authenticator #Info #Stealer #Malware #Google

·bleepingcomputer.com·Jul 31, 2024

Google ads push fake Google Authenticator site installing malware

BIND updates fix high-severity DoS bugs in the DNS software suite

The Internet Systems Consortium (ISC) released BIND security updates that fixed remotely exploitable DoS bugs in the DNS software suite.

#securityaffairs #EN #2024 #ISC #security #updates #DoS #CVE-2024-0760 #CVE-2024-1737 #CVE-2024-1975 #CVE-2024-4076

·securityaffairs.com·Jul 26, 2024

BIND updates fix high-severity DoS bugs in the DNS software suite

Private Cloud Compute: A new frontier for AI privacy in the cloud

Secure and private AI processing in the cloud poses a formidable new challenge. To support advanced features of Apple Intelligence with larger foundation models, we created Private Cloud Compute (PCC), a groundbreaking cloud intelligence system designed specifically for private AI processing. Built with custom Apple silicon and a hardened operating system, Private Cloud Compute extends the industry-leading security and privacy of Apple devices into the cloud, making sure that personal user data sent to PCC isn’t accessible to anyone other than the user — not even to Apple. We believe Private Cloud Compute is the most advanced security architecture ever deployed for cloud AI compute at scale.

#apple #EN #2024 #WWDC #Apple #Security #Research #cloud #AI #PCC #privacy #architecture

·security.apple.com·Jun 11, 2024

Private Cloud Compute: A new frontier for AI privacy in the cloud

New ShrinkLocker ransomware uses BitLocker to encrypt your files

A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker.

#bleepingcomputer #EN #2024 #BitLocker #Encryption #Ransomware #ShrinkLocker #Windows #Security #InfoSec #Computer-Security

·bleepingcomputer.com·May 25, 2024

New ShrinkLocker ransomware uses BitLocker to encrypt your files

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.

#bleepingcomputer #EN #2024 #Authentication-Bypass #D-Link #Exploit #Proof-of-Concept #Remote-Command-Execution #Router #Vulnerability #Zero-Day #Security #InfoSec #Computer-Security

·bleepingcomputer.com·May 14, 2024

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

2023 Kaspersky Incident Response report

The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations. #Cybersecurity #Incident #Internal #LockBit #Ransomware #Security #Statistics #Threats #response #services

#securelist #2024 #2023 #EN #Threats #Cybersecurity #Security #Incident #LockBit #response #Internal #services #Statistics #Ransomware

·securelist.com·May 14, 2024

2023 Kaspersky Incident Response report

Europol confirms web portal breach, says no operational data stolen

Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. #Breach #Computer #Data #EPE #Europol #InfoSec #Leak #Security #Theft

#bleepingcomputer #EN #2024 #Europol #Security #EPE #Theft #Leak #InfoSec #Data #Breach #Computer

·bleepingcomputer.com·May 13, 2024

Europol confirms web portal breach, says no operational data stolen

Microsoft needs to win back trust

Microsoft has faced a series of security issues in recent years. Now, the company is trying to win back trust and focus on security as a top priority.

#theverge #EN #2024 #trust #Microsoft #security #issues

·theverge.com·May 2, 2024

Microsoft needs to win back trust

'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks

Sources suspect China is behind the targeted exploitation of two zero-day vulnerabilities in Cisco’s security appliances.

#wired #EN #2024 #0-day #vulnerabilities #security #cisco #cybersecurity #china #hacking #ArcaneDoor

·wired.com·Apr 25, 2024

'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks

DDoS platform shut down by international law enforcement agencies

International law enforcement authorities have shut down a DDoS-as-a-service platform and seized its domain.

#heise #EN #2024 #Beschlagnahme #Cybercrime #DDoS #DDoS-as-a-service #PowerOFF #Security #stresser.tech

·heise.de·Apr 23, 2024

DDoS platform shut down by international law enforcement agencies

MITRE says state hackers breached its network via Ivanti zero-days

The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.

#bleepingcomputer #EN #2024 #Breach #Ivanti #MITRE #Zero-Day #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Apr 21, 2024

MITRE says state hackers breached its network via Ivanti zero-days

Targus discloses cyberattack after hackers detected on file servers

Laptop and tablet accessories maker Targus disclosed that it suffered a cyberattack disrupting operations after a threat actor gained access to the company's file servers.

#bleepingcomputer #EN #2024 #Mobile #InfoSec #Security #Targus #cyberattack

·bleepingcomputer.com·Apr 14, 2024

Targus discloses cyberattack after hackers detected on file servers

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways.

#bleepingcomputer #EN #2024 #Connect-Secure #Denial-of-Service #DoS #Ivanti #Policy-Secure #RCE #Remote-Code-Execution #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Apr 4, 2024

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

Finland confirms APT31 hackers behind 2021 parliament breach

The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021.

#bleepingcomputer #EN #2024 #APT31 #China #Finland #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Mar 27, 2024

Finland confirms APT31 hackers behind 2021 parliament breach

Apple Sued for Prioritizing Market Dominance Over Security

The U.S. Department of Justice in a lawsuit filed Thursday is accusing Apple of discarding user security and privacy protections as part of a broader effort to

#databreachtoday #EN #2024 #Apple #Apple-lawsuit #DOJ #security #privacy #dominance

·databreachtoday.eu·Mar 22, 2024

Apple Sued for Prioritizing Market Dominance Over Security

Ivanti fixes critical Standalone Sentry bug reported by NATO

Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers.

#bleepingcomputer #EN #2024 #Ivanti #NATO #Vulnerability #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Mar 20, 2024

Ivanti fixes critical Standalone Sentry bug reported by NATO

Microsoft Copilot for Security: General Availability details

Microsoft Copilot for Security will be generally available on April 1st. Read this blog to learn about new productivity research, product capabilities,..

#techcommunity.microsoft #EN #2024 #AI #Microsoft #Copilot #for #Security #annonce #tool

·techcommunity.microsoft.com·Mar 20, 2024

Microsoft Copilot for Security: General Availability details

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.

#bleepingcomputer #EN #2024 #Backdoor #Ivanti #Malware #SSRF #Vulnerability #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Feb 13, 2024

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Ivanti: Patch new Connect Secure auth bypass bug immediately

Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately.

#bleepingcomputer #EN #2024 #CVE-2024-22024 #Authentication-Bypass #Connect-Secure #Ivanti #Policy-Secure #Warning #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Feb 8, 2024

Ivanti: Patch new Connect Secure auth bypass bug immediately

Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways

At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our team has been working around the clock to aggressively review all code and is singularly focused on bringing full resolution to the issues affecting Ivanti Connect Secure (formerly Pulse Connect Secure), Ivanti Policy Secure and ZTA gateways. We have been following our product incident response process and rigorously assessing our products and code alongside world-class security experts and collaborating with the broader security ecosystem to share intelligence. We are committed to communicating findings openly with customers, consistent with our commitment to security and responsible disclosure.

#ivanti #EN #2024 #CVE-2024-22024 #Security #Update

·ivanti.com·Feb 8, 2024

Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Security Researcher Allegedly Hacked Apple’s Backend, Scammed $2.5 Million

Staggeringly, Apple thanked the defendant, Noah Roskin-Frazee, in a security update less than two weeks after he was arrested.

#404media #EN #2024 #Apple #Hacked #Scammed #security #researcher

·404media.co·Feb 7, 2024

Security Researcher Allegedly Hacked Apple’s Backend, Scammed $2.5 Million

Government hackers targeted iPhones owners with zero-days, Google says

One of the hacking campaigns used exploits developed by Variston, a Barcelona-based startup. Sources say the spyware maker is losing staff.

#techcrunch #EN #2024 #security #apple #cybersecurity #google #hackers #infosec #ios #iphone #spyware #surveillance #variston #zero-days

·techcrunch.com·Feb 6, 2024

Government hackers targeted iPhones owners with zero-days, Google says

Apple fixes zero-day bug in Apple Vision Pro that 'may have been exploited'

Apple said the vulnerability, which is being exploited in the wild, allows malicious code to run on an affected device.

#techcrunch #EN #2024 #security #apple-vision-pro #cybersecurity #exploit #vulnerability

·techcrunch.com·Feb 1, 2024

Apple fixes zero-day bug in Apple Vision Pro that 'may have been exploited'

23andMe data breach: Hackers stole raw genotype data, health reports

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. #23andMe #Breach #Computer #Credential #DNA #Data #Genetics #Health #InfoSec #Leak #Security #Stuffing

#bleepingcomputer #EN #2024 #Stuffing #Credential #InfoSec #Data #Genetics #Leak #DNA #Breach #Security #Computer #23andMe #Health

·bleepingcomputer.com·Jan 26, 2024

23andMe data breach: Hackers stole raw genotype data, health reports

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.

#bleepingcomputer #EN #2024 #Account-Takeover #Alert #Exposed #GitLab #Password-Reset #Security #Vulnerability

·bleepingcomputer.com·Jan 24, 2024

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

MacOS info-stealers quickly evolve to evade XProtect detection

Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently.

#bleepingcomputer #EN #2024 #Information #Malware #Security #Apple #Evasion #Stealer #Info #XProtect #InfoSec #Computer #macOS

·bleepingcomputer.com·Jan 17, 2024

MacOS info-stealers quickly evolve to evade XProtect detection

Slack Security Update

Because we take security, privacy, and transparency very seriously, we are sharing the details of a recent incident.

#Slack #EN #2024 #security #incident #Security-Incident #details

·slack.com·Jan 5, 2023

Slack Security Update

Because we take security, privacy, and transparency very seriously, we are sharing the details of a recent incident.

#Slack #EN #2024 #security #incident #Security-Incident #details

·slack.com·Jan 5, 2023

Slack Security Update