Security
Cybercriminals already using AI for most types of scams, FBI warns
Cybercriminals are increasingly relying on generative artificial intelligence (AI) to generate text, images, audio, and videos to amplify their scams, the US Federal Bureau of Investigation (FBI) warns.
Read more about Cybercriminals already using AI for most types of scams, FBI warns
Understanding password hashing and security
Password hashing is an essential part of password security. It is an effective and irreversible way to turn your passwords...
Read more about Understanding password hashing and security
30M protected links exposed by ‘safe’ link-sharing provider
A safe linking service accidentally leaked millions of links that were meant to be private and exposed who created them. Malicious bots wasted no time in exploiting the vulnerability.
Read more about 30M protected links exposed by ‘safe’ link-sharing provider
Hackers claim major breakthrough in Windows and Office license fraud
Massgrave, a piracy group developing activation scripts for Microsoft products, claims to have discovered a new method to permanently activate “almost any version of Windows and Office.”
Read more about Hackers claim major breakthrough in Windows and Office license fraud
Antivirus blind spot: corrupted files turn deadly once user attempts to 'recover' them
Hackers have devised a new malware delivery method: broken or corrupted files that can’t be read by antivirus software. Once the victims attempt to recover them, the files detonate on their systems.
Read more about Antivirus blind spot: corrupted files turn deadly once user attempts to 'recover' them
Most Fortune 500 companies lack security.txt files: how big of the deal is it?
More than two years ago, the Internet Engineering Task Force (IETF), an internet standards body, recommended that entities add a security.txt file for security vulnerability disclosures. However, only 4% of Fortune 500 companies have implemented the file so far.
Read more about Most Fortune 500 companies lack security.txt files: how big of the deal is it?
Data broker exposes 600K background checks and other sensitive files
SL Data Services/Propertyrec, an information research provider that operates at least 16 different websites and offers real estate ownership data and criminal records search information, left 713GB of sensitive data accessible without a password and unencrypted.
Read more about Data broker exposes 600K background checks and other sensitive files
How long will your smart device receive updates? 89% of manufacturers won’t say
Experts recommend updating your devices as soon as possible, as critical vulnerabilities are constantly being discovered. But can you trust your device maker to deliver those updates in the long term? An FTC study suggests no.
Read more about How long will your smart device receive updates? 89% of manufacturers won’t say
Hello, this is your chatbot leaking: WotNot exposes 346K sensitive customer files
Introducing additional hands into the AI supply chain might not be such a great idea. Passports, detailed medical records, resumes, and other sensitive personal records were exposed in a database belonging to WotNot, an Indian AI startup that helps build and customize bots for businesses.
Read more about Hello, this is your chatbot leaking: WotNot exposes 346K sensitive customer files
Hackers can access laptop webcams without activating the LED, researcher finds
Taping the webcam on your laptop isn’t a dumb idea. A security engineer has discovered a way to reflash the webcam firmware on a Lenovo ThinkPad X230 laptop and arbitrarily control its LED independently if the webcam itself is activated. Malware could effectively turn on the camera without an LED.
Read more about Hackers can access laptop webcams without activating the LED, researcher finds
OnePoint Patient Care breach affects 1.7 million people
OnePoint Patient Care (OPPC), a major hospice-dedicated pharmacy, has disclosed that hackers may have obtained medical records, Social Security numbers, and other personal data of 1,741,152 individuals.
Read more about OnePoint Patient Care breach affects 1.7 million people
Microsoft patches four vulnerabilities, some critical and exploited in the wild
Microsoft has fixed four vulnerabilities in its services. The vulnerabilities were detected in Microsoft Copilot Studio, the Partner.Microsoft.Com portal, Azure PolicyWatch, and Dynamics 365 Sales.
Read more about Microsoft patches four vulnerabilities, some critical and exploited in the wild
Users in 23 countries targeted with new Netflix subscription renewal scam
Don’t fall for messages alerting Netflix users about suspended accounts. Cybercriminals are running a malicious campaign and trying to steal Netflix credentials and credit card information, security firm Bitdefender warns.
Read more about Users in 23 countries targeted with new Netflix subscription renewal scam
Critical Firefox and Windows zero-days exploited by Russian hackers
Russian hackers are capitalizing on a critical zero-day vulnerability affecting Firefox, Thunderbird, and the Tor Browser. The cybercrooks can run arbitrary code without any user interaction – just by visiting a web page with an exploit. Mozilla patched the vulnerable products on October 9th.
Read more about Critical Firefox and Windows zero-days exploited by Russian hackers
Tips to avoid phishing scams
Phishing scams, in which cybercriminals impersonate trusted sources to steal sensitive information like login details and credit card numbers, are...
Read more about Tips to avoid phishing scams
OnlyFans alternative leaks private convos, payment data
CafeCanli, a Turkish live video chat provider, has leaked sensitive details on hundreds of thousands of its users.
Read more about OnlyFans alternative leaks private convos, payment data
Novel attack unveiled: Russian hackers using neighbors’ WiFi to launch attacks
Russian state hackers have devised a novel attack method to infiltrate organizations by exploiting nearby WiFi networks. Operating from thousands of miles away, they chain vulnerable WiFi devices until they reach their primary target.
Read more about Novel attack unveiled: Russian hackers using neighbors’ WiFi to launch attacks
North Korean IT worker scams lead to FBI seizure of fake domains, expose new tactics
North Korean IT worker scams still proliferate across the private sector causing billions in losses as the FBI seizes numerous related fake website domains on Friday.
Read more about North Korean IT worker scams lead to FBI seizure of fake domains, expose new tactics
7-Zip affected by dangerous vulnerability: users must update the app manually
The popular file compression program 7-Zip is currently affected by a high-severity vulnerability that allows attackers to execute code on the victim’s machines, Trend Micro’s Zero Day Initiative (ZDI) has disclosed.
Read more about 7-Zip affected by dangerous vulnerability: users must update the app manually
Bojangles data leak: “It’s breach time!”
After learning of suspicious activity on its corporate network, the American fast food chain Bojangles suffered a data breach.
Read more about Bojangles data leak: “It’s breach time!”
