A new Mirai-based malware botnet named ‘InfectedSlurs’ has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices. […]
Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets
Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking supply chain attack bomb.”
The post Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets appeared first on SecurityWeek.
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login
A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops.
The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found the weaknesses in the fingerprint sensors from Goodix,
The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found the weaknesses in the fingerprint sensors from Goodix,
185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone
Car parts giant AutoZone says nearly 185,000 individuals were impacted by a data breach caused by the MOVEit hack.
The post 185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone appeared first on SecurityWeek.
Windows Hello Fingerprint Authentication Bypassed on Popular Laptops
Researchers have tested the fingerprint sensors used for Windows Hello on three popular laptops and managed to bypass them.
The post Windows Hello Fingerprint Authentication Bypassed on Popular Laptops appeared first on SecurityWeek.
Sam Altman is Back as OpenAI CEO Just Days After Being Removed, Along With a New Board
San Francisco-based OpenAI has reached an agreement in principle for Sam Altman to return to OpenAI as CEO with a new initial board.
The post Sam Altman is Back as OpenAI CEO Just Days After Being Removed, Along With a New Board appeared first on SecurityWeek.
Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products
Microsoft invites researchers to new bug bounty program focused on vulnerabilities in its Defender products.
The post Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products appeared first on SecurityWeek.
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world.
The activity clusters have been codenamed Contagious Interview and Wagemole, respectively, by Palo Alto Networks Unit 42.
While the first set of attacks
The activity clusters have been codenamed Contagious Interview and Wagemole, respectively, by Palo Alto Networks Unit 42.
While the first set of attacks
AI Solutions Are the New Shadow IT
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot.
Employees are covertly using AI with little regard for established IT and cybersecurity review procedures. Considering ChatGPT’s meteoric rise to 100 million users within 60 days of launch, especially with little
Employees are covertly using AI with little regard for established IT and cybersecurity review procedures. Considering ChatGPT’s meteoric rise to 100 million users within 60 days of launch, especially with little
ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer
The macOS information stealer known as Atomic is now being delivered to target via a bogus web browser update chain tracked as ClearFake.
“This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system,” Malwarebytes’ Jérôme Segura said in a Tuesday analysis.
Atomic
“This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system,” Malwarebytes’ Jérôme Segura said in a Tuesday analysis.
Atomic