2024

Ransomware attacks hospitalizing security pros, as one admits suicidal feelings

Untold harms of holding the corporate perimeter revealed in extensive series of interviews Ransomware attacks are being linked to a litany of psychological and physical illnesses reported by infosec professionals, and in some cases blamed for hospitalizations.…

Two more Citrix NetScaler bugs exploited in the wild

Just when you thought you had recovered from Bleed Two vulnerabilities in NetScaler's ADC and Gateway products have been fixed – but not before criminals found and exploited them, according to the vendor.…

Google TAG: Kremlin cyber spies move into malware with a custom backdoor

The threat hunters believe COLDRIVER has used SPICA since at least November 2022 Russian cyberspies linked to the Kremlin's Federal Security Service (FSB) are moving beyond their usual credential phishing antics and have developed a custom backdoor that they started delivering via email as far back as November…

Vast botnet hijacks smart TVs for prime-time cybercrime

8-year-old op responsible for DDoS attacks and commandeering broadcasts to push war material Security researchers have pinned a DDoS botnet that's infected potentially millions of smart TVs and set-top boxes to an eight-year-old cybercrime syndicate called Bigpanzi.…

Enter the era of platform-based cloud security

How an integrated platform can streamline the management overhead, improve cloud security and boost threat visibility Sponsored Post  Reports suggest that forward-looking organisations are ditching legacy point-based cloud security offerings and replacing them with more efficient integrated platforms which slash management overheads while significantly improving the app security.…

Insurance website’s buggy API leaked Office 365 password and a giant email trove

Pen-tester accessed more than 650,000 sensitive messages, and still can, at Indian outfit using Toyota SaaS Toyota Tsusho Insurance Broker India (TTIBI), an Indo-Japanese joint insurance venture, operated a misconfigured server that exposed more than 650,000 Microsoft-hosted email messages to customers, a security researcher has found.…

Apple, AMD, Qualcomm GPU security hole lets miscreants snoop on AI training and chats

So much for isolation A design flaw in GPU drivers made by Apple, Qualcomm, AMD, and likely Imagination can be exploited by miscreants on a shared system to snoop on fellow users.…

What’s worse than paying an extortion bot that auto-pwned your database?

Paying one that lied to you and only saved the first 20 rows of each table Publicly exposed PostgreSQL and MySQL databases with weak passwords are being autonomously wiped out by a malicious extortion bot – one that marks who pays up and who is not getting their…

Windows Server 2022 patch is breaking apps for some users

Uninstall the update or edit the Windows registry to restore order The latest Windows Server 2022 patch has broken the Chrome browser, and short of uninstalling the update, a registry hack is the only way to restore service for affected users.…

Home improvement marketers dial up trouble from regulator

ICO slaps penalties on two businesses that collectively made more than 3 million cold calls Another week and yet another couple of pesky cold callers face fines from the UK's data privacy watchdog for "bombarding" unsuspecting households with marketing messages about home improvements.…

Copyright © 2024 Lugapel