Security
Bojangles data leak: “It’s breach time!”
After learning of suspicious activity on its corporate network, the American fast food chain Bojangles suffered a data breach.
Read more about Bojangles data leak: “It’s breach time!”
WikiLeaks whistleblower Chelsea Manning battles AI surveillance with NSA-proof VPN
Chelsea Manning explain why traditional privacy tools are failing in an era of AI surveillance.
Read more about WikiLeaks whistleblower Chelsea Manning battles AI surveillance with NSA-proof VPN
Ensuring confidentiality in online transactions
Many people and even countries nowadays prefer the cashless approach to exchanging various goods and services. Moreover, online shopping is...
Read more about Ensuring confidentiality in online transactions
Hackers board Palo Alto vulnerability bandwagon: over 2,000 firewalls hacked and counting
If you haven’t already, you should immediately secure access to the management web interface of the Palo Alto Networks (PAN) firewalls. The security company repeated this advice four times in a single document, as hackers leap into action following the disclosure of vulnerabilities.
Read more about Hackers board Palo Alto vulnerability bandwagon: over 2,000 firewalls hacked and counting
Meta boots over 2M fake accounts originating from overseas scam centers
Meta Platforms on Thursday announced the removal of over two million accounts across Facebook, Instagram, and WhatsApp linked to highly organized scam centers run out of multiple countries in Southern Asia.
Read more about Meta boots over 2M fake accounts originating from overseas scam centers
US military officials used China-linked promotional gift shop GS-JJ, exposing over 300K emails
A popular promotional gift platform, gs-jj.com, left 300,000 emails from customers exposed for months. The leak hints at potential Operational Security failures, as the company appears to be operating from China and served 2,500 emails sent from .mil and .gov domains.
Read more about US military officials used China-linked promotional gift shop GS-JJ, exposing over 300K emails
Ransomware gang BianLian ditches encryption, profits from data extortion
BianLian, a notorious Russian ransomware ring, has seemingly abandoned the classic ransomware playbook. The FBI and cyber authorities warn that the gang is now following a new trend and shifting to data exfiltration-based extortion.
Read more about Ransomware gang BianLian ditches encryption, profits from data extortion
How to safely use public Wi-Fi networks
It’s another regular day; you’re at your favorite cafe, sipping on a latte and scrolling through Instagram. Instead of using...
Read more about How to safely use public Wi-Fi networks
Infamous threat actor targets Tesla, gets immediately roasted by cyber pros
Data supposedly belonging to Tesla customers has been leaked by the threat actor IntelBroker. But all isn’t as it seems.
Read more about Infamous threat actor targets Tesla, gets immediately roasted by cyber pros
Strava’s new API agreement will destroy the app, users warn
The popular fitness app Strava is making changes to its API Agreement, which it says will impact less than 0.1% of third-party applications.
Read more about Strava’s new API agreement will destroy the app, users warn
Apple security updates address dangerous zero-day attacks
Apple has released patches for two zero-day vulnerabilities, which were exploited by threat actors in the wild. These flaws enable attackers to craft malicious web content, leading to arbitrary code execution and cross-site scripting attacks.
Read more about Apple security updates address dangerous zero-day attacks
Significant surge in DocuSign impersonation attacks: hackers mimicking government
Attackers are dropping hundreds of instances of new malicious DocuSign phishing links every day, and they appear authentic, cybersecurity firm SlashNext warns.
Read more about Significant surge in DocuSign impersonation attacks: hackers mimicking government
VMware virtual machines under attack: hackers exploit critical vCenter Server flaw
Broadcom is sounding the alarm bells about attackers actively exploiting two critical vulnerabilities in VMware vCenter Server, a widely used control hub for managing virtual computing infrastructure. These vulnerabilities allow hackers to run remote code and completely compromise the systems.
Read more about VMware virtual machines under attack: hackers exploit critical vCenter Server flaw
Major US telecom T-Mobile among victims of China-linked breach
Wireless carrier T-Mobile, along with AT&T, Verizon, Lumen Technologies, and other companies, was breached during a major Chinese spying operation, the Wall Street Journal (WSJ) has reported.
Read more about Major US telecom T-Mobile among victims of China-linked breach
Palo Alto firewalls exploited after critical zero-day vulnerability
Palo Alto Networks has confirmed that threat actors are actively exploiting a critical vulnerability that affects firewalls with management interfaces exposed to the internet.
Read more about Palo Alto firewalls exploited after critical zero-day vulnerability
DNS predators steal 70K websites with simple hack: researchers warned it was coming
In less than half a year, cybercrooks have hijacked 70,000 domains out of an estimated 800,000 that are vulnerable to a simple ‘Sitting Ducks’ attack. Security researchers had warned the attacks were imminent unless owners implemented a simple fix. Yet, few owners did.
Read more about DNS predators steal 70K websites with simple hack: researchers warned it was coming
Hackers now sending physical malicious letters, Swiss authorities warn
Is there anything threat actors won’t do to gain initial access? Swiss authorities are warning about a new sophisticated cybersecurity threat – malicious counterfeit letters.
Read more about Hackers now sending physical malicious letters, Swiss authorities warn
Xobin leak: screening job applicants with AI, but storing personal data in an open bucket
The AI-powered HR tech company Xobin, which specializes in software for screening, shortlisting, and interviewing job applicants, has inadvertently exposed half a million job seekers through an unsecured Google Cloud Storage bucket. Private data, including national IDs, passport copies, and resumes, were publicly accessible for months.
Read more about Xobin leak: screening job applicants with AI, but storing personal data in an open bucket
Ruthless sextortion scammers now threatening to show up at your house
Online sextortion scammers have upped their game using personalized phishing attacks to lure victims and pressure them to pay up – some even using photos of the victim’s own homes and threatening to show up if demands are not met.
Read more about Ruthless sextortion scammers now threatening to show up at your house
EU will hold tech companies liable for faulty software
European Union member states have two years to adopt a new law expanding product liability rules to include digital products such as software, firmware, or online platforms. This will expand users' rights to compensation and make it easier for them to claim damages in court.
Read more about EU will hold tech companies liable for faulty software
