Kategorie

CVE-2021-0146, arising from a debugging functionality with excessive privileges, allows attackers to read encrypted files.

Malicious groups disable features in Alibaba Cloud ECS instances for Monero cryptojacking, according to Trend Micro researchers.

The alert was mumbo jumbo, but it was indeed sent from the bureau's email system, from the agency’s own internet address.

Nepříjemnou sobotu zažil americký Federální úřad pro vyšetřování (FBI). Do jedné z jeho e-mailových schránek se podařilo dostat neznámým hackerům, jménem úřadu odeslali přes sto tisíc zpráv. Žádná data však nezcizili, ani do e-mailů nepřipojili malware, píše agentura Reuters. FBI incident potvrdila ...

A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that it's possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users. "While attacks can exceed 95% accuracy when monitoring a small set of five popular websites, indiscriminate (

Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software. The findings were reported by ESET security researcher Anton Cherepanov last week in a series of tweets. IDA Pro is an Interactive Disassembler that's

Kyberútoky jsou stále častější a nebezpečnější. I proto antivirová společnost Kaspersky vyvinula ve spolupráci s neziskovou vzdělávací organizací DiploFoundation unikátní on-line simulační hru, která má připravit diplomaty a úředníky na nájezdy hackerů. Novinky.cz vyzkoušely hru jako jediné médium v Česku.

To become a Linux developer, you used to need C as your passport. Now Rust can let you be an OS programmer as well.

The U.S. Federal Bureau of Investigation (FBI) on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "sophisticated chain attack." The incident, which was first publicly disclosed by threat intelligence non-profit SpamHaus, involved sending rogue warning emails with the subject line "Urgent: Threat actor in systems"

Whether it's Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring these apps' security settings are properly configured falls on the security team. The challenge lies within how burdensome this responsibility is — each app has tens or hundreds of security settings to configure, in

A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. Tracked as CVE-2021-3064 (CVSS score: 9.8), the security weakness impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Massachusetts-based cybersecurity firm Randori

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of critical vulnerabilities affecting Philips Tasy electronic medical records (EMR) system that could be exploited by remote threat actors to extract sensitive personal data from patient databases. "Successful exploitation of these vulnerabilities could result in patients' confidential data being exposed or extracted

Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-patched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a

Neznámým hackerům se v sobotu podařilo dostat do jedné ze schránek elektronické pošty Federálního úřadu pro vyšetřování (FBI). Uvedla to agentura Bloomberg. Podle organizace Spamhaus Project, která se zabývá kybernetickými hrozbami, hackeři rozeslali z oficiální schránky FBI desítky tisíc vzkazů. Úřad potvrdil, že jeho schránka byla napadena.

Fake warnings and false accusations - it's a "call to distraction"

Europol reports that criminal groups are undermining the EU’s economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.

Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.

Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile.

When Microsoft itself says STOP USING X, where X is one of its own protocols... we think you should listen.

Researchers warn that CVE-2021-34484 can be exploited with a patch bypass for a bug originally addressed in August by Microsoft.