Seclook App Icon

🗞️ Today's News

2024-05-23 11:00:36 UTC

Microsoft unveils new AI feature 'Recall' for Copilot+ PCs, allowing Windows 11 users to search and retrieve past activities. Privacy concerns arise as Recall records all user activities on the PC.

Read More

2024-05-23 11:00:00 UTC

According to a new report by Rapid7, there has been a surge in zero-day attacks and supply chain compromises. Despite this, multi-factor authentication (MFA) remains underutilized. The report highlights how attackers are becoming more sophisticated and faster, with no signs of this trend slowing down in the future. This information was shared in Rapid7's 2024 Attack Intelligence Report, as reported by SecurityWeek.

Read More

2024-05-23 10:43:16 UTC

In order to stay ahead of potential threats, it is essential for organizations to gain better control over artificial intelligence (AI). As AI technology advances, there is a growing need for defenders to use it to protect against new forms of attacks. This focus on AI security is crucial for safeguarding organizations from potential breaches. Read more on SecurityWeek about the importance of getting a handle on AI.

Read More

2024-05-23 10:39:14 UTC

Heimdal Security will be showcasing the widest range of cybersecurity technology at Infosecurity Europe 2024 in London on June 3-4. Visitors can expect to interact with top cybersecurity experts, watch live demonstrations, and attend informative presentations at Heimdal's booth. This event promises a personalized experience for all attendees.

Read More

2024-05-23 10:36:17 UTC

A newly identified Chinese group named Unfading Sea Haze has been found targeting military and government entities in South China Sea countries since 2018. This alarming development was reported by SecurityWeek.

Read More

2024-05-23 10:24:58 UTC

A data breach at El Centro Del Barrio (CentroMed) has resulted in the compromise of personal information belonging to 400,000 individuals. This incident has raised concerns about cybersecurity and data protection.

Read More

2024-05-23 10:11:59 UTC

Intercontinental Exchange, the operator of the NYSE and other exchanges, has agreed to pay a $10 million fine to the SEC for a cyberattack that occurred in 2021. The company has been penalized for the breach, which compromised sensitive information.

Read More

2024-05-23 10:09:15 UTC

Credit card companies are exploring ways in which artificial intelligence could impact credit card services behind the scenes. This includes using AI to enhance and improve their products, as revealed by several companies.

Read More

2024-05-23 10:00:36 UTC

A Chinese cyberespionage campaign known as Operation Diplomatic Specter is currently targeting governmental entities in the Middle East, Africa, and Asia. This sophisticated operation utilizes rare techniques and a unique toolset to infiltrate political organizations across multiple continents. The activity was revealed by cybersecurity firm Unit 42.

Read More

2024-05-23 09:31:12 UTC

Mastercard is implementing AI technology in its fraud detection system to detect compromised cards faster and prevent them from being used by criminals. This new technology is expected to identify patterns in stolen cards quickly, allowing banks to replace them before they are exploited.

Read More

2024-05-23 09:21:00 UTC

Ivanti has released patches for critical remote code execution vulnerabilities in Endpoint Manager. The fixes address multiple security flaws that could be exploited by attackers to achieve remote code execution. Six out of the 10 vulnerabilities, with CVSS scores of 9.6, are related to SQL injection flaws that can be exploited by unauthenticated attackers within the same network.

Read More

2024-05-23 07:19:17 UTC

Join me for an engaging tech talk as HashiCorp joins IBM, Ubuntu 24.04 LTS, and more in the latest news in the tech space. From cutting-edge advancements to practical HomeLab setups, this livestream is a must-attend for tech enthusiasts looking to stay ahead in the digital world. Tune in for insightful discussions, updates, and valuable insights. Support me and become a Fan at https://christianlempa.de/patreon and join our Community at https://christianlempa.de/discord. Follow me everywhere at https://christianlempa.de. Check out my Tech Documentation at https://christianlempa.de/docs and my Gear and Equipment at https://christianlempa.de/kit. Links can include affiliate links.

Read More

2024-05-23 06:30:00 UTC

A new study questions the effectiveness of Secure Erase (EACAS) in fully deleting old images from devices or Mac computers. Researchers found that old images may still be retained on a device even after using Erase Assistant for secure deletion.

Read More

2024-05-23 05:33:00 UTC

Microsoft recently announced that it will be phasing out VBScript in favor of more advanced options like JavaScript and PowerShell by the second half of 2024. In a statement, Microsoft Program Manager Naveen Shankar cited the advancements in technology as the reason behind this decision, emphasizing the power and versatility of the alternative scripting languages.

Read More

2024-05-23 04:20:43 UTC

The UK government is considering requiring victims of ransomware attacks to seek official approval before making payments, according to a recent podcast featuring Tom Uren and Patrick Gray. The discussion also highlighted the importance of governments taking a more proactive approach in defending democracy, despite the challenges involved.

Read More

2024-05-22 19:54:29 UTC

Delaware-based startup SOCRadar has secured a $25 million Series B funding round from PeakSpan Capital and Oxx for their threat intelligence technology. The company has now raised a total of $30.2 million in funding. The news of SOCRadar's successful funding round was reported by SecurityWeek.

Read More

2024-05-22 15:59:52 UTC

Join Alex today for a live session on web hacking, pentesting, and cyber security. Get hands-on experience with live Capture The Flags (CTFs) and gain practical insights into the skills and techniques employed by hackers and pentesters. Don't miss out on this opportunity to enhance your knowledge in the world of cybersecurity.

Read More

2024-05-22 15:57:21 UTC

In the latest episode of "Wait Just an Infosec," CISOs are reminded to shift their focus from compliance tasks to leadership skills in order to effectively tackle cybersecurity issues. Hosted by Jerich Beason, the episode features a discussion with CISOs from WM and Corvus about the evolving role of CISOs and the crucial skills needed to address compliance in cybersecurity. Topics covered include navigating the compliance landscape, handling political challenges, and building a strong security culture. For more insightful content, visit youtube.com/sansinstitute. #Leadership #CyberSecurity #CISO #Compliance.

Read More

2024-05-22 15:13:22 UTC

Get ready for an exciting three days at InfoSecurity Europe 2024, kicking off on June 4th at ExCeL London. Interact with top names and brands in the information security industry, see the latest cybersecurity tech in action, and learn from experts. Don't miss out on this opportunity to learn, explore, and have fun at one of the top cybersecurity events of the year.

Read More

2024-05-22 15:05:24 UTC

In this video series, Jason Lam explores the 8 Domains of the Cloud Security Maturity Model, providing organizations with a framework for achieving high levels of cloud security. The Identity & Access Management (IAM) domain is discussed, focusing on Segregation, Identity Management, and Access Management. Download the Cloud Security Maturity Model for more information, and sign up for LDR520: Cloud Security for Leaders to learn more about cybersecurity and leadership in the cloud. #Cybersecurity #Leadership #cloudsecurity #LDR520.

Read More

2024-05-22 14:00:00 UTC

Despite the new keyless technology using ultra-wideband radio, Teslas can still be stolen with a cheap radio hack. Researchers have discovered that vehicles equipped with this technology are just as vulnerable to theft using "relay attacks" as before.

Read More

2024-05-22 13:31:22 UTC

Two leading privileged access management (PAM) products, BeyondTrust and Delinea, are being compared to determine which is best for managing access, identities, and endpoints. Both offer sophisticated tools, but the best choice will depend on individual IT environments and budgets. Read more on the comparison in the Heimdal Security Blog.

Read More

2024-05-22 13:24:31 UTC

The US government is set to invest $50 million in enhancing cybersecurity measures for hospitals. The Advanced Research Projects Agency for Health (ARPA-H) will allocate the funds towards providing IT teams with tools to better secure hospital environments. This initiative aims to protect healthcare facilities from cyber threats.

Read More

2024-05-22 13:24:02 UTC

Amazon Web Services (AWS) has released its Spring 2024 System and Organization Controls (SOC) reports, which include 177 services in scope. The reports, covering the period from April 1, 2023 to March 31, 2024, demonstrate the company's commitment to expanding its assurance programs and ensuring transparency for customers.

Read More

2024-05-22 13:16:38 UTC

In a recent announcement, Rockwell Automation is advising customers to disconnect their industrial control systems (ICS) from the internet. The company is expressing concern over the vulnerability of internet-exposed ICS systems, especially in light of increasing geopolitical tensions and cyber threats worldwide. The full statement can be found on SecurityWeek's website.

Read More

2024-05-22 13:00:45 UTC

A vulnerable server was recently put online by John Hammond, who is offering curated threat intelligence through CrowdSec. Users can try a free installation of their Security Engines to block malicious attacks. Hammond also offers cybersecurity training through Name Your Price Training. For more information on dark web and cybercrime investigations, viewers can check out his YouTube channel. Hammond encourages support for his channel through Patreon and sponsorship. Follow Hammond on various social media platforms and send him malware samples for analysis. Remember to like, comment, and subscribe to support his YouTube channel.

Read More

2024-05-22 12:21:00 UTC

Rockwell Automation is advising customers to disconnect any industrial control systems not intended for public-facing internet connections to combat cyber threats. The company cited increased geopolitical tensions and cyber activity as the reason for the advisory, urging customers to take immediate action.

Read More

2024-05-22 12:00:27 UTC

A critical vulnerability in Veeam Backup Enterprise Manager has been fixed with an update that addresses multiple vulnerabilities, including one that allowed for authentication bypass. The discovery of the flaw was reported in a post on SecurityWeek.

Read More

2024-05-22 11:40:51 UTC

A critical authentication bypass vulnerability in GitHub Enterprise Server that allowed attackers to gain administrative privileges has been successfully resolved. The issue was discovered and fixed, preventing unauthenticated threats from exploiting the flaw. SecurityWeek reported on the resolution of the critical authentication bypass in GitHub Enterprise Server.

Read More

2024-05-22 11:31:59 UTC

Ivanti has issued patches to fix critical code execution vulnerabilities in its Endpoint Manager software. The updates are designed to address multiple security flaws that could potentially be exploited by cyber attackers. The company's action aims to enhance the security of its Endpoint Manager product.

Read More

2024-05-22 11:31:06 UTC

A critical vulnerability that could allow for authentication bypass in GitHub Enterprise Server has been discovered. The vulnerability, tracked as CVE-2024-4985 and rated with a maximum severity score of 10.0, affects instances of GitHub Enterprise Server using SAML single sign-on authentication. GitHub has since released a fix for the vulnerability. Threat actors could exploit the vulnerability to spoof a SAML response and gain unauthorized access. For more information, visit the Heimdal Security Blog.

Read More

2024-05-22 11:26:24 UTC

Today, SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit is happening virtually. The summit, focused on threat detection and incident response, will take place on Wednesday, May 22nd. The event promises to be fully immersive and informative. More information can be found on SecurityWeek's website.

Read More