A new post-exploitation command-and-control (C2) evasion method called ‘Ghost Calls’ abuses TURN servers used by conferencing apps like Zoom and Microsoft Teams to tunnel traffic through trusted infrastructure. […]
Hacker extradited to US for stealing $3.3 million from taxpayers
Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses. […]
PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins
Splunk researchers developed a system to fingerprint post-logon behavior, using AI to find subtle signals of intrusion.
The post PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins appeared first on SecurityWeek.
WhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers, Meta Says
Meta linked these scams to a criminal scam center in Cambodia — and said it disrupted the campaign in partnership with ChatGPT maker OpenAI.
The post WhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers, Meta Says appeared first on SecurityWeek.
Trend Micro Patches Apex One Vulnerabilities Exploited in Wild
Trend Micro has rushed to fix two Apex One zero-days that may have been exploited by Chinese threat actors.
The post Trend Micro Patches Apex One Vulnerabilities Exploited in Wild appeared first on SecurityWeek.
Microsoft Paid Out $17 Million in Bug Bounties in Past Year
Microsoft handed out $17 million in rewards to 344 security researchers through its bug bounty programs over the past year.
The post Microsoft Paid Out $17 Million in Bug Bounties in Past Year appeared first on SecurityWeek.
MFA matters… But it isn’t enough on its own
MFA blocks 99% of attacks—but weak passwords still let attackers in. Specops helps you enforce strong password policies and MFA everywhere, so one layer doesn’t undo the other. Book your free trial today. […]
Google suffers data breach in ongoing Salesforce data theft attacks
Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group. […]
Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities
An AI extension to the Ox Security platform automatically generates organization specific code to fix vulnerabilities in the codebase.
The post Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities appeared first on SecurityWeek.
National Bank of Canada online systems down due to ‘technical issue’
National Bank of Canada (Banque Nationale du Canada), the sixth largest commercial bank of Canada is currently experiencing a widespread service outage affecting its online banking and mobile app platforms. […]