Critical flaw in NVIDIA Container Toolkit allows full host takeover
A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources.
Global infostealer malware operation targets crypto users, gamers
A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named #Atomic #Computer #Info #InfoSec #Information #Information-stealing #Marko #Polo #Rhadamanthys #Security #Stealc #Stealer #malware
Transport for London confirms customer data stolen in cyberattack
Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses. #Breach #Computer #Customer #Data #InfoSec #London #Security #TfL #Transport #for
Sextortion scams now use your "cheating" spouse’s name as a lure
A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof.
Making progress on routing security: the new White House roadmap
On September 3, 2024, the White House published a report on Internet routing security. We’ll talk about what that means and how you can help. The Internet can feel like magic. When you load a webpage in your browser, many simultaneous requests for data fly back and forth to remote servers. Then, often in less than one second, a website appears. Many people know that DNS is used to look up a hostname, and resolve it to an IP address, but fewer understand how data flows from your home network to the network that controls the IP address of the web server.
Germany's Sovereign Tech Fund Puts Over $750K Into FreeBSD Infrastructure Projects - FOSS Force
The FreeBSD Foundation will organize and manage the projects that STF is funding, which mainly focuses on security.
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. #Admin #Cache #Computer #InfoSec #LiteSpeed #Plugin #Security #Takeover #Website #WordPress
stardom dreams, stalking devices and the secret conglomerate selling both
people frequently reach out to me with companies to look into. usually it takes me about 10 minutes before i move on for one reason or another—it's not interesting for a story or has good security, for example. i didnt expect anything different when an acquaintance told me about Tracki, a self-proclaimed "world leader in GPS tracking" that they suspected could be used nefariously. at first glance, Tracki appeared to be a serious company, maybe even one that cared about security. we could never have guessed what was about to unfold before us. half a year into our investigation, we'd found it all: a hidden conglomerate posing as five independent companies, masked from governments and customers alike through the use of dozens of false identities, US letterbox companies, and an undeclared owner. a 90s phone sex scheme that, through targeting by one of hollywood's most notorious fixers, spiraled into a collection of almost a hundred domains advertising everything from online dating to sore throat remedies. a slew of device-assisted murder cases, on top of potential data breaches affecting almost 12 million users, ranging from federal government officials to literal infants. and most importantly, a little-known Snoop Dogg song. how in the world did we get here? starting our descent
NIST's Post-Quantum Cryptography Standards Are Here - IEEE Spectrum
Today, the National Institute of Standards and Technology (NIST) announced the first standardization of three cryptography schemes that are immune against the threat of quantum computers, known as post-quantum cryptography (PQC) schemes. With these standards in hand, NIST is encouraging computer system administrators to begin transitioning as soon as possible.
USPS Text Scammers Duped His Wife, So He Hacked Their Operation | WIRED
The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities. #black #cybersecurity #defcon #hacking #hacks #hat #phishing #security
Security Incident | August 2024
Mobile Guardian experienced a security incident that involved unauthorized access to the iOS and ChromeOS devices enrolled to the Mobile Guardian platform on the 4th of August. We have halted servers in order to prevent further disruption by the perpetrator. This is not related to an error in configuration that occurred on the 30th of July which affected Mobile Guardian iPads on our Singapore instance only.
Apple Rolls Out Security Updates for iOS, macOS
Apple on Monday announced a hefty round of security updates that address dozens of vulnerabilities impacting both newer and older iOS and macOS devices. iOS 17.6 and iPadOS 17.6 were released for the latest generation iPhone and iPad devices with fixes for 35 security defects that could lead to authentication and policy bypasses, unexpected application termination or system shutdown, information disclosure, denial-of-service (DoS), and memory leaks.
Google ads push fake Google Authenticator site installing malware
Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware.
BIND updates fix high-severity DoS bugs in the DNS software suite
The Internet Systems Consortium (ISC) released BIND security updates that fixed remotely exploitable DoS bugs in the DNS software suite.
Hackers target WordPress calendar plugin used by 150,000 sites
Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely. #Actively #Calendar #Computer #Events #Exploited #File #InfoSec #Modern #Plugin #Security #Upload #Vulnerability #WordPress
Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs
Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability. #Microsoft #Patch #Security #Tuesday #Update #Vulnerability #Windows
Private Cloud Compute: A new frontier for AI privacy in the cloud
Secure and private AI processing in the cloud poses a formidable new challenge. To support advanced features of Apple Intelligence with larger foundation models, we created Private Cloud Compute (PCC), a groundbreaking cloud intelligence system designed specifically for private AI processing. Built with custom Apple silicon and a hardened operating system, Private Cloud Compute extends the industry-leading security and privacy of Apple devices into the cloud, making sure that personal user data sent to PCC isn’t accessible to anyone other than the user — not even to Apple. We believe Private Cloud Compute is the most advanced security architecture ever deployed for cloud AI compute at scale.
Microsoft finds Raspberry Robin worm in hundreds of Windows networks
Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors.
New ShrinkLocker ransomware uses BitLocker to encrypt your files
A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker.
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
VMware fixes three zero-day bugs exploited at Pwn2Own 2024
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. #Computer #Hypervisor #InfoSec #Pwn2Own #Security #VMware #Zero-Day
2023 Kaspersky Incident Response report
The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations. #Cybersecurity #Incident #Internal #LockBit #Ransomware #Security #Statistics #Threats #response #services
Europol confirms web portal breach, says no operational data stolen
Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. #Breach #Computer #Data #EPE #Europol #InfoSec #Leak #Security #Theft
Dell API abused to steal 49 million customer records in data breach
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. #API #Breach #Computer #Data #Dell #Forum #Hacking #InfoSec #Limit #Rate #Scraping #Security
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F25299208%2FSTK453_PRIVACY_E_CVirginia.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Microsoft needs to win back trust
Microsoft has faced a series of security issues in recent years. Now, the company is trying to win back trust and focus on security as a top priority.
'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks
Sources suspect China is behind the targeted exploitation of two zero-day vulnerabilities in Cisco’s security appliances.
DDoS platform shut down by international law enforcement agencies
International law enforcement authorities have shut down a DDoS-as-a-service platform and seized its domain.
MITRE says state hackers breached its network via Ivanti zero-days
The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.
840-bed hospital in France postpones procedures after cyberattack
The Hospital Simone Veil in Cannes (CHC-SV) has announced that it was targeted by a cyberattack on Tuesday morning, severely impacting its operations and forcing staff to go back to pen and paper. #CHC-SV #Computer #Cyberattack #France #Healthcare #Hospital #InfoSec #Security
Microsoft finds Raspberry Robin worm in hundreds of Windows networks
Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors.