FBI forced Flax Typhoon to abandon its botnet

A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director Chris Wray confirmed on Wednesday. “We executed court-authorized operati… Continue reading FBI forced Flax Typhoon to abandon its botnet

Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)

Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many Zyxel access points (APs) and security routers by sending … Continue reading Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)

Malware peddlers love this one social engineering trick!

Attackers are increasingly using a clever social engineering technique to get users to install malware, Proofpoint researchers are warning. The message warns of a problem but also offers a way to fix it (Source: Proofpoint) Social engineering users to … Continue reading Malware peddlers love this one social engineering trick!

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)

Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same local network. &#822… Continue reading Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)

UK enacts IoT cybersecurity law

The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy… Continue reading UK enacts IoT cybersecurity law

Apps secretly turning devices into proxy network nodes removed from Google Play

Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that doesn’t sound so bad, you should know… Continue reading Apps secretly turning devices into proxy network nodes removed from Google Play

BSAM: Open-source methodology for Bluetooth security assessment

Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. “Many of… Continue reading BSAM: Open-source methodology for Bluetooth security assessment

Avast ordered to pay $16.5 million for misuse of user data

The Federal Trade Commission will require software provider Avast to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes to settle charges that the company and its subsidiaries sold such i… Continue reading Avast ordered to pay $16.5 million for misuse of user data