Vulnerabilities
Ambulance service breach affects 900k, 401K phishing scam targets employee credentials
Data breaches are obviously damaging for victims, but organizations that experience such a cyberattack can also suffer great harm as well. Not only could those entities face massive fines, but they also ...
PixieFail Bugs in UEFI Open Source Implementation Threaten Computers
A collection of security vulnerabilities found within the de facto open source implementation of the UEFI specification could expose systems to a range of threats, from remote code execution (RCE) and denial-of-service ...
Confessions on MFA and Security Best Practices
The last couple weeks have brought a few discussions on the topic of multifactor authentication or MFA (sometimes also referred to as 2FA or two factor authentication). These discussions have been driven ...
Hackers Building AndroxGh0st Botnet to Target AWS, O365, Feds Warn
The bad actors behind the Androxgh0st malware are building a botnet they can use to identify victims and exploit vulnerable networks to steal confidential information from such high-profile cloud applications as Amazon ...
Apple Smashes Ban Hammer on Beeper iMessage Users
Empire strikes back: It was only a matter of time. But is this what Eric wanted all along? ...
Netcraft Report Surfaces Spike in Online Healthcare Product Scams
The volume of online scams relating to healthcare emanating from inexpensive TLDs is spiking—accounting for as much as 60% of daily domain registrations ...
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
By Tyler Sorensen and Heidy Khlaaf We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs ...
The Evolving Threat Landscape: Where Out-of-Band Communications Fit – Part One
Out-of-band communication is a necessity to prohibit outsiders from observing internal incident response activities or taunting response teams ...
GitLab Fixes Password Reset Bug That Allows Account Takeover
GitLab is releasing a patch to fix a vulnerability in its email verification process that bad actors can exploit to reset user passwords and take over accounts. The flaw, CVE-2023-7028, was introduced ...
Stupid Human Tricks: Top 10 Cybercrime Cases of 2023
Mark Rasch examines 2023 cybercrime cases that appear to be the most impactful—not the most extensive or expensive—just the most “interesting.” ...