Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
1 in 5 companies say state-sponsored attacks try to penetrate supply chain
Roughly one-fifth of enterprise IT administrators have found themselves the target of a state-sponsored attack, according to a survey from HP Wolf. The survey found that of 800 respondents in the IT industry, worldwide 19% reported being the target of an attack on networks, PCs, and internet-facing printers in an apparent effort to penetrate the […]
Black Hat USA: Wi-Fi tracking flaw puts the ‘BS’ in BSSID
LAS VEGAS — Geolocation services for a number of popular mobile hardware vendors can be used to perform widescale Wi-Fi network monitoring, according to a presentation Tuesday at the Black Hat conference here. Researcher Erik Rye of the University of Maryland said that a feature known as a Basic Service Set Identifier (BSSID) can be […]
Most companies are afraid of unseen cybersecurity threats
Companies are afraid of the threat posed by unknown threat actors and exploits, according to research from security monitoring specialist Critical Start, which said that, by and large, administrators are more afraid of what they don’t know than flaws and attacks that are already public. The study, which polled some 1,000 cybersecurity professionals across various […]
Ronin Network hacked, $12 million returned by “white hat” hackers
Gambling blockchain Ronin Network suffered a security incident yesterday when white hat hackers exploited an undocumented vulnerability on the Ronin bridge to withdraw 4,000 ETH and 2 million USDC, totaling $12 million. This figure corresponds to the maximum amount of ETH and USDC that can be withdrawn from the bridge via a single transaction, so […]
New CMoon USB worm targets Russians in data theft attacks
A new self-spreading worm named ‘CMoon,’ capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website. According to Kaspersky researchers who discovered the campaign, CMoon can perform a broad range of functions, including loading additional payloads, snapping screenshots, and launching distributed denial of […]
Proton VPN adds ‘Discreet Icons’ to hide app on Android devices
Proton VPN has announced a series of updates to its Windows and Android apps to help users combat censorship, circumvent blocks, and protect themselves from authoritarian governments due to using forbidden tools. One of the standout features is ‘Discreet Icon,’ a new setting allowing users to disguise the Proton VPN app icon and make it […]
Windows Update downgrade attack “unpatches” fully-updated systems
SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to “unpatch” fully updated Windows 10, Windows 11, and Windows Server systems and reintroduce old vulnerabilities. Microsoft issued advisories on the two unpatched zero-days (tracked as CVE-2024-38202 and CVE-2024-21302) in coordination with the Black Hat talk, […]
macOS Sequoia brings better Gatekeeper, stalkerware protections
Apple’s macOS Sequoia, now in beta testing, will make it harder to bypass Gatekeeper warnings and add system alerts for potential stalkerware threats. Gatekeeper is a security feature that checks all apps downloaded from the Internet to see if they’re developer-signed (approved by Apple) and notarized by checking an extended attribute named com.apple.quarantine that is […]
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. The vulnerability leveraged in these attacks is CVE-2024-4885, a critical-severity (CVSS v3 score: 9.8) unauthenticated remote code execution flaw impacting Progress WhatsUp Gold 23.1.2 and older. Proof-of-concept (PoC) exploits for CVE-2024-4885 are […]
Microsoft 365 anti-phishing feature can be bypassed with CSS
Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails. Specifically, the anti-phishing measure that can be hidden is the ‘First Contact Safety Tip,’ which warns email recipients on Outlook when they receive a message from an unfamiliar address. Certitude analysts who discovered […]