2024-04-26 16:32:52 UTC
Keeper Security offers 6 tips to stay motivated and protect your organization against cyber threats with their Enterprise Password Management solution. They also provide options for sponsoring videos, pentests, security consulting, training, and certifications. Follow them on social media and consider supporting them on Patreon or with one-time donations. They also recommend essential hacker books and share details about their own equipment for those interested in building their own setups. (176 words)
2024-04-26 14:08:40 UTC
A newly discovered Android trojan called Brokewell has been found to steal user data and enable attackers to remotely control devices. This powerful malware poses a serious security threat to Android users.
2024-04-26 13:44:39 UTC
More than 1,400 CrushFTP servers are at risk due to an actively exploited zero-day vulnerability that has a published proof-of-concept (PoC). This news comes as a warning for users of these instances, as hackers may take advantage of the vulnerability. The post "Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day" emphasizes the urgency for these servers to address the security issue to prevent any unauthorized access.
2024-04-26 13:41:29 UTC
A self-spreading PlugX malware, transmitted through infected USB drives, has affected over 90,000 IP addresses. The worm variant continues to plague systems, as reported by SecurityWeek.
2024-04-26 13:00:39 UTC
Hackers have been exploiting a zero-day vulnerability in CrushFTP, according to reports. To combat cybercrime, a tool called Flare can help track down shady sellers and manage threat intelligence. Interested individuals can sign up for a free trial to see what information is available. For those looking to learn more about cybersecurity, training with John Hammond is available at a pay-what-you-can price. Additionally, readers can explore "The Hacker Mindset" by Garret Gee. To stay updated on cybersecurity news and more, subscribe to the newsletter. Support for the channel is available through Patreon, and sponsorship opportunities are also offered. You can connect with the channel on various social media platforms or submit malware for analysis. To support the channel on YouTube, remember to like, comment, and subscribe.
2024-04-26 13:00:00 UTC
In cybersecurity news this week, the U.S. government has filed cases against spyware and crypto criminals, Ivanti zero-days were used to hack into MITRE networks, and the GRU has been found exploiting an old Windows flaw.
2024-04-26 12:00:00 UTC
China has targeted Volkswagen in a hacking incident, a DDoS service has been shut down, and Rubrik has had its IPO. These stories, which may have gone unnoticed, were highlighted by SecurityWeek.
2024-04-26 11:32:33 UTC
The UK cybersecurity firm Darktrace has announced it will be acquired by private equity firm Thoma Bravo in a $5.3 billion cash deal, taking the company private. The acquisition marks a significant move in the cybersecurity industry.
2024-04-26 11:01:09 UTC
In a recent article by Kashmir Hill, it was revealed that GM deceived its drivers into unknowingly allowing the company to spy on them, ultimately selling that data to insurance companies. The scandal involving GM's manipulation of customer privacy has raised concerns and sparked debates on data privacy and ethical business practices.
2024-04-26 10:46:00 UTC
According to recent findings from the IDC, 70% of successful breaches originate from unprotected endpoints, making them an attractive target for hackers in today's interconnected digital landscape. To safeguard businesses from devastating cyberattacks, here are 10 critical endpoint security tips that every IT professional should know.
2024-04-26 10:42:00 UTC
A new Android malware named 'Brokewell' is spreading through fake browser updates, according to a report by Dutch security firm ThreatFabric. This malware has data-stealing and remote-control capabilities, making it a threat to mobile banking users. It is currently in active development.
2024-04-26 10:40:43 UTC
The Los Angeles County Department of Health Services has been breached after a recent phishing attack targeted over twenty employees. This breach has exposed the personal and medical information of thousands of patients. As the second largest public health care system in the nation, the department runs public hospitals and clinics.
2024-04-26 10:18:00 UTC
Palo Alto Networks has released instructions on how to fix a serious security flaw in PAN-OS that is currently being targeted by cyber criminals. The flaw, known as CVE-2024-3400, has a severity score of 10.0 and allows attackers to remotely execute commands on vulnerable devices without authentication. The company has addressed the issue and provided remediation guidance to help protect users.
2024-04-26 09:34:50 UTC
A critical vulnerability in the WordPress Automatic plugin is currently being exploited by hackers to insert backdoors and web shells into websites. This security flaw has raised concerns among website owners, prompting urgent action to protect their online platforms.
2024-04-26 06:30:00 UTC
Apple's decision to implement Fusion Drives in their iMacs and Mac minis from late 2012 to 2021 is now being questioned. The combination of SSD and HDD was meant to provide a balance between speed and storage capacity, but the company has since phased out Fusion Drives. The effectiveness of this technology and the reasons for its discontinuation have left consumers wondering if it was truly a good idea.
2024-04-26 05:49:00 UTC
Threat actors are currently targeting WordPress sites by exploiting a critical security flaw in the WP-Automatic plugin. This vulnerability, known as CVE-2024-27956, has a high CVSS score of 9.9 and could potentially lead to site takeovers. All versions of the plugin before 3.9.2.0 are affected by this SQL injection (SQLi) flaw.
2024-04-25 23:03:05 UTC
In the latest episode of Risky Biz News, Catalin Cimpanu and Patrick Gray provide a brief update on recent security news, including Cisco zero-day vulnerabilities. The podcast is also available in newsletter format for those who prefer written updates.