Collaborate Disseminate
Popular US doughnut chain Krispy Kreme has been having trouble with its online ordering system as well as digital payments at their brick-and-mortar shops since late November, and now we finally know why: an 8-K report filed with the US Securities and … Continue reading Krispy Kreme cybersecurity incident disrupts online ordering
As part of an ongoing international crackdown known as Operation PowerOFF, international law enforcement has seized over two dozen platforms used to carry out Distributed Denial-of-Service (DDoS) attacks. These “booter” (aka “stresser… Continue reading 27 DDoS-for hire platforms seized by law enforcement
Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and obsolete counterpart. Until NTLM gets disabled by default, Microsoft is working on shoring up defense… Continue reading Microsoft enforces defenses preventing NTLM relay attacks
On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code with higher privileges. CVE-2024-49138 exploi… Continue reading Microsoft fixes exploited zero-day (CVE-2024-49138)
Attackers are exploiting a vulnerability (CVE-2024-50623) in file transfer software by Cleo – LexiCo, VLTransfer, and Harmony – to gain access to organizations’ systems, Huntress researchers warned on Monday. “We’ve discovered a… Continue reading Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623)
A security issue that could have allowed attackers to serve malicious firmware images to users has been fixed by OpenWrt Project, the organization that helms the development of the popular Linux distribution for embedded devices. About OpenWrt OpenWrt … Continue reading Update your OpenWrt router! Security issue made supply chain attack possible
Microsoft, in collaboration with the Institute of Science and Technology Australia and ETH Zurich, has announced the LLMail-Inject Challenge, a competition to test and improve defenses against prompt injection attacks. The setup and the challenge LLMai… Continue reading Microsoft: “Hack” this LLM-powered service and get paid
Luka Rijeka, a company that offers maritime transport, port, storage of goods and forwarding services in Rijeka, Croatia, has been hacked by the 8Base ransomware group. According to HackManac, the group claimed the attack on their dark web data leak si… Continue reading 8Base hacked port operating company Luka Rijeka
Downloading anything from the internet is a gamble these days: you might think that you are downloading an innocuous app from a legitimate firm but thanks to clever misuse of AI and some social engineering, you can end up with information and cryptocur… Continue reading Windows, macOS users targeted with crypto-and-info-stealing malware
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has published a guidance document titled Choosing Secure and Verifiable Technologies, compiled to assist organizations in making informed decisions when procuring softwa… Continue reading How to choose secure, verifiable technologies?