Collaborate Disseminate
Breaches in 2024 had less impact on consumers’ trust in brands compared to the previous year (a 6.5% decrease from 62% in 2023 to 58% in 2024), according to a recent Vercara report. Most consumers also remain unaware of the role they may play in cyber … Continue reading Consumers wrongly attribute all data breaches to cybercriminals
Building fake, fraudulent online stores has never been easier: fraudsters are registering domain names for a pittance, using the SHOPYY e-commerce platform to build the websites, and leveraging large language models (LLMs) to rewrite existing product l… Continue reading Black Friday shoppers targeted with thousands of fraudulent online stores
A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director Chris Wray confirmed on Wednesday. “We executed court-authorized operati… Continue reading FBI forced Flax Typhoon to abandon its botnet
Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many Zyxel access points (APs) and security routers by sending … Continue reading Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)
Attackers are increasingly using a clever social engineering technique to get users to install malware, Proofpoint researchers are warning. The message warns of a problem but also offers a way to fix it (Source: Proofpoint) Social engineering users to … Continue reading Malware peddlers love this one social engineering trick!
A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials and other data has been compromised in one or more data breaches. Have I Bee… Continue reading 361 million account credentials leaked on Telegram: Are yours among them?
Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same local network. ̶… Continue reading Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)
Since 2013, the first Thursday in May is marked as World Password Day, a day dedicated to raising awareness about the need for using strong, unique passwords to secure out digital lives. Despite decades of often-repeated statements proclaiming the deat… Continue reading Microsoft, Google widen passkey support for its users
The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy… Continue reading UK enacts IoT cybersecurity law
Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that doesn’t sound so bad, you should know… Continue reading Apps secretly turning devices into proxy network nodes removed from Google Play