Category: Uncategorized
-

Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability [email protected] (The Hacker News)
Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024. Use-after-free bugs, which arise when a programRead…
-

What’s the Right EDR for You? [email protected] (The Hacker News)
A guide to finding the right endpoint detection and response (EDR) solution for your business’ unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints. This is why endpointRead More
-

Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing [email protected] (The Hacker News)
Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users’ credentials from compromised devices. “This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices,” the SonicWall Capture Labs threat research team said in a recent report. TheRead…
-
500,000 Impacted by Ohio Lottery Ransomware Attack Eduard Kovacs
The Ohio Lottery cyberattack conducted by the DragonForce ransomware group has impacted more than 500,000 individuals. The post 500,000 Impacted by Ohio Lottery Ransomware Attack appeared first on SecurityWeek. Read More
-
RSA Conference 2024 – Announcements Summary (Day 4) SecurityWeek News
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco. The post RSA Conference 2024 – Announcements Summary (Day 4) appeared first on SecurityWeek. Read More
-

Researchers Uncover ‘LLMjacking’ Scheme Targeting Cloud-Hosted AI Models [email protected] (The Hacker News)
Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team. “Once initial access was obtained, they exfiltrated cloud credentials and gainedRead More
-
Accenture Lands $789 Million Contract to Bolster U.S. Navy Cybersecurity SecurityWeek News
Accenture Federal Services wins $789 million U.S. Navy SHARKCAGE cybersecurity contract. The post Accenture Lands $789 Million Contract to Bolster U.S. Navy Cybersecurity appeared first on SecurityWeek. Read More
-

New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation [email protected] (The Hacker News)
Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim’s network traffic by just being on the same local network. The “decloaking” method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and hasRead More
-
Dell Says Customer Names, Addresses Stolen in Database Breach SecurityWeek News
Tech giant notifies millions of customers that full names and physical mailing addresses were stolen during a security incident. The post Dell Says Customer Names, Addresses Stolen in Database Breach appeared first on SecurityWeek. Read More
-

Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign [email protected] (The Hacker News)
Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. “The campaign sent emails with content intended to arouse the recipient’s interest and persuade him to click on the link,” the computer emergency response team, CERT Polska, said in a Wednesday bulletin. Clicking on the linkRead More
