Hot Topics

Vulnerabilities

Ambulance service breach affects 900k, 401K phishing scam targets employee credentials

| | Cyber Threats, Data breaches, Hacking, Vulnerabilities
Data breaches are obviously damaging for victims, but organizations that experience such a cyberattack can also suffer great harm as well. Not only could those entities face massive fines, but they also ...
BlackCloak | Protect Your Digital Life™
vulnerability PixieFail network bug

PixieFail Bugs in UEFI Open Source Implementation Threaten Computers

| | denial of service attacks, Remote Code Execution (RCE), UEFI vulnerabilities
A collection of security vulnerabilities found within the de facto open source implementation of the UEFI specification could expose systems to a range of threats, from remote code execution (RCE) and denial-of-service ...
Security Boulevard

Confessions on MFA and Security Best Practices

| | Blog, Compliance, cyber, firmware, iot, Vulnerabilities
The last couple weeks have brought a few discussions on the topic of multifactor authentication or MFA (sometimes also referred to as 2FA or two factor authentication).  These discussions have been driven ...
Viakoo, Inc
AndroxGh0st malware cloud CISA FBI

Hackers Building AndroxGh0st Botnet to Target AWS, O365, Feds Warn

| | aws, botnets, Cloud, Hackers, Malware, Microsoft
The bad actors behind the Androxgh0st malware are building a botnet they can use to identify victims and exploit vulnerable networks to steal confidential information from such high-profile cloud applications as Amazon ...
Security Boulevard
Beeper, Inc.

Apple Smashes Ban Hammer on Beeper iMessage Users

| | android, Apple, Beeper, E2EE, encryption, end-to-end encryption, Eric Migicovsky, imessage, Privacy, RCS, SB Blogwatch, secure messaging
Empire strikes back: It was only a matter of time. But is this what Eric wanted all along? ...
Security Boulevard
healthcare voice scams

Netcraft Report Surfaces Spike in Online Healthcare Product Scams

| | domain, Fraud, healthcare, Netcraft, scam, TLD, Top Level Domain
The volume of online scams relating to healthcare emanating from inexpensive TLDs is spiking—accounting for as much as 60% of daily domain registrations ...
Security Boulevard
LeftoverLocals Vulnerability: Listening to LLM responses through leaked GPU local memory

LeftoverLocals: Listening to LLM responses through leaked GPU local memory

| | machine learning, Vulnerability Disclosure
By Tyler Sorensen and Heidy Khlaaf We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs ...
Trail of Bits Blog
out-of-band Oklahoma Securities Commission’s Data Availed in Wild

The Evolving Threat Landscape: Where Out-of-Band Communications Fit – Part One

| | cyberattack, Cybersecurity, Incident Response, out-of-band communications, Threat, Threat Intelligence
Out-of-band communication is a necessity to prohibit outsiders from observing internal incident response activities or taunting response teams ...
Security Boulevard
credential stuffing password

GitLab Fixes Password Reset Bug That Allows Account Takeover

| | 2fa, GitLab Vulnerability, Password, software supply chain
GitLab is releasing a patch to fix a vulnerability in its email verification process that bad actors can exploit to reset user passwords and take over accounts. The flaw, CVE-2023-7028, was introduced ...
Security Boulevard
cybercrime ecrime Providing Security Be a Crime

Stupid Human Tricks: Top 10 Cybercrime Cases of 2023

| | cyberattack, cybercrime, Lockbit, MOVEit, Ransomware
Mark Rasch examines 2023 cybercrime cases that appear to be the most impactful—not the most extensive or expensive—just the most “interesting.” ...
Security Boulevard
Load more