[ad_1] Sep 23, 2024The Hacker NewsPassword Management / Data Breach Password resets can be frustrating for end users. Nobody likes being interrupted by the ‘time to change your password’ notification – and they like it even less when the new passwords they create are rejected by their organization’s password policy. IT teams share the pain,…
[ad_1] Sep 23, 2024Ravie LakshmananCybersecurity / Cyber Threat Hold on tight, folks, because last week’s cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling “dream jobs” to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and…
[ad_1] A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor. “Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on just one country,” Kaspersky said in a new analysis. “It’s likely…
[ad_1] Sep 20, 2024Ravie LakshmananEnterprise Security / Network Security Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was “incidentally addressed” by…
[ad_1] Sep 21, 2024Ravie LakshmananNational Security / Cyber Attack Ukraine has restricted the use of the Telegram messaging app by government officials, military personnel, and other defense and critical infrastructure workers, citing national security concerns. The ban was announced by the National Coordination Centre for Cybersecurity (NCCC) in a post shared on Facebook. “I have…
[ad_1] Sep 21, 2024Ravie LakshmananPrivacy / Artificial Intelligence The U.K. Information Commissioner’s Office (ICO) has confirmed that professional social networking platform LinkedIn has suspended processing users’ data in the country to train its artificial intelligence (AI) models. “We are pleased that LinkedIn has reflected on the concerns we raised about its approach to training generative…
[ad_1] A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber attacks against Russian targets. “Rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims’ data and then destroy their infrastructure with a wiper to prevent recovery,” Kaspersky said in a Friday…
[ad_1] An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to target networks. Google-owned Mandiant is tracking the activity cluster under the moniker UNC1860, which it said shares similarities with intrusion sets tracked by…
[ad_1] In IT environments, some secrets are managed well and some fly under the radar. Here’s a quick checklist of what kinds of secrets companies typically manage, including one type they should manage: Passwords [x] TLS certificates [x] Accounts [x] SSH keys ??? The secrets listed above are typically secured with privileged access management (PAM)…
[ad_1] Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The phishing-as-a-service (PhaaS) platform, called iServer, is estimated to have claimed more than 483,000 victims globally, led by Chile (77,000), Colombia (70,000), Ecuador (42,000), Peru (41,500), Spain (30,000), and Argentina…
