Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. [...]
Over 2.5 million end users are at risk as researchers discover 36 compromised Chrome extensions
2024-12-20 • Orange Cyberdefense • Alexandre Matousek, Marine PICHON • win.emmenhtal Open article on Malpedia
2024-12-16 • Zscaler • ThreatLabZ research team • win.riseloader Open article on Malpedia
2024-12-24 • NTT Security Holdings • NTT Security Holdings • js.beavertail, py.invisibleferret Open article on Malpedia
2024-12-12 • Elastic • Daniel Stepanic, Elastic Security Labs, Jia Yu Chan, Salim Bitam, Seth Goodwin • win.quasar_rat Open article on Malpedia
2024-12-20 • Team Cymru • Lewis Henderson Open article on Malpedia
Chinese hackers appear to have compromised Treasury machines via a trusted third party
Chinese government hackers targeted the U.S. Treasury’s highly sensitive sanctions office during a December cyberattack, according to reports. According to The Washington Post, the state-sponsored...
The U.S. government has unveiled a cybersecurity implementation plan for energy modernization, addressing the evolving energy landscape as... The post New US cybersecurity implementation plan for...
The Infrastructure Security Division (ISD) of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is set to submit... The post CISA seeks public input on new ChemLock information...
Kong Ingress Controller is a popular ingress controller for Kubernetes. The Kong Ingress Controller version 3.4 instances have been experiencing a significant performance regression causing...
A Tesla Cybertruck that exploded and burst into flames Wednesday morning just outside the Trump International Hotel Las Vegas has left one person dead and several injured, according to the Las...
Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all...
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024...
Patch Tuesday is Microsoft’s monthly update day for fixing vulnerabilities. Learn its purpose, benefits, and how it enhances system security.
ASEC Blog publishes Ransom & Dark Web Issues Week 1, January 2025 Customer information data from a South Korean children’s bookstore has been leaked on BreachForums. RDP access credentials for a...
The following is the information on Yara and Snort rules (week 1, January 2025) collected and shared by the AhnLab TIP service. 0 YARA Rules 5 Snort Rules Detection name Source ET TROJAN Observed...
Play ransomware, also known as Balloonfly or PlayCrypt, was first identified in June 2022 and has reportedly attacked over 300 organizations worldwide since then. A notable characteristic of the...
Let’s explore some common missteps in securing your AWS OIDC.
2024 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. Below are fourteen of what...
Your messages going back years are likely still lurking online, potentially exposing sensitive information you forgot existed. But there's no time like the present to do some digital decluttering.
Researchers at FortiGuard Labs have identified a prolific attacker group known as "EC2 Grouper" who frequently exploits compromised credentials using AWS tools.
TrustSec has contributed to the Optimism ecosystem both in contributing to contests, and audits and two paid bug bounties. In this post, they talk about the security of Optimism and some of the...
The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails. The post Bad Likert Judge: A Novel Multi-Turn...
The two entities are accused of partnering with intelligence agencies using artificial intelligence to conduct information operations against U.S. audiences. The post US sanctions Russian, Iranian...
Forty nations have to ratify the treaty for it to enter into force, and they have some leeway on how to implement it. The post After UN adoption, controversial cybercrime treaty’s next steps could...
VPNs are handy internet privacy tools, but with so many options available, it's hard to find the best one. To help, I'll tell you what you should look for in a good VPN.
The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China...
Blaming victims, months of silence, and suing security researchers all featured in cybersecurity in 2024. © 2024 TechCrunch. All rights reserved. For personal use only.