Collaborate Disseminate
A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director Chris Wray confirmed on Wednesday. “We executed court-authorized operati… Continue reading FBI forced Flax Typhoon to abandon its botnet
Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many Zyxel access points (APs) and security routers by sending … Continue reading Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)
Attackers are increasingly using a clever social engineering technique to get users to install malware, Proofpoint researchers are warning. The message warns of a problem but also offers a way to fix it (Source: Proofpoint) Social engineering users to … Continue reading Malware peddlers love this one social engineering trick!
A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials and other data has been compromised in one or more data breaches. Have I Bee… Continue reading 361 million account credentials leaked on Telegram: Are yours among them?
Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same local network. ̶… Continue reading Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)
Since 2013, the first Thursday in May is marked as World Password Day, a day dedicated to raising awareness about the need for using strong, unique passwords to secure out digital lives. Despite decades of often-repeated statements proclaiming the deat… Continue reading Microsoft, Google widen passkey support for its users
The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy… Continue reading UK enacts IoT cybersecurity law
Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that doesn’t sound so bad, you should know… Continue reading Apps secretly turning devices into proxy network nodes removed from Google Play
Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. “Many of… Continue reading BSAM: Open-source methodology for Bluetooth security assessment
The Federal Trade Commission will require software provider Avast to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes to settle charges that the company and its subsidiaries sold such i… Continue reading Avast ordered to pay $16.5 million for misuse of user data