Tag: cybersecurity news
From Dark Reading – Millions of Hotel Rooms Worldwide Vulnerable to Door Lock Exploit
Hotel locks have been vulnerable to cyber compromise for decades and are extending their run into the digital age. Read More
From Dark Reading – Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass
The available options for addressing the flaw are limited, leaving many Macs vulnerable to a “GoFetch” attack that steals keys
From Dark Reading – Threat Report: Examining the Use of AI in Attack Techniques
More than ever, it’s critical for organizations to understand the nature of AI-based threats and how they can blunt the
From Dark Reading – DHS Proposes Critical Infrastructure Reporting Rules
CISA will administer the new reporting requirements for cyber incidents and ransomware payments. Read More
From Security Week – Code Execution Flaws Haunt NVIDIA ChatRTX for Windows
[[{“value”:”Artificial intelligence computing giant NVIDIA patches flaws in ChatRTX for Windows and warns of code execution and data tampering risks.
From Dark Reading – Vietnam Securities Broker Suffered Cyberattack That Suspended Trading
Attackers “encrypted” VNDirect’s data in an attack that kept the broker offline for days. Read More
From Dark Reading – ‘Tycoon’ Malware Kit Bypasses Microsoft, Google MFA
Threat actors are widely adopting the fast-growing, low-cost phishing-as-a-service (PhaaS) platform, which is sold via Telegram. Read More
From Cyber Security News – Microsoft Edge Flaw Let Hackers Silently Install Malicious Extensions
[[{“value”:”Guardio Labs has uncovered a significant vulnerability in Microsoft Edge, Microsoft’s flagship web browser, that could allow hackers to install
From Dark Reading – Zero-Day Bonanza Drives More Exploits Against Enterprises
Advanced adversaries are increasingly focused on enterprise technologies and their vendors, while end-user platforms are having success stifling zero-day exploits
From The Hacker News – Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite
Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2).
“The information stealer was delivered via a phishing email, masquerading as an invitation letter
From Security Week – Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own
[[{“value”:”Google ships a security-themed Chrome browser refresh to fix flaws exploited at the CanSecWest Pwn2Own hacking contest. The post Chrome
From Cyber Security News – Agent Tesla’s Added New Tools & Tactics to Its Arsenal
[[{“value”:”The persistent search for money and the threat actors increasingly becoming more sophisticated are driving the alarming rate of malware