Switzerland’s National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery. […]
Google paid $12 million in bug bounties last year to security researchers
Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company’s Vulnerability Reward Program (VRP) in 2024. […]
Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials
Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on.
“The polymorphic extensions create a pixel perfect replica of the target’s icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials to
“The polymorphic extensions create a pixel perfect replica of the target’s icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials to
Quantum leap: Passwords in the new era of computing security
Quantum computing threatens to break traditional encryption, putting sensitive data at risk. Learn more from Specops Software about the risks of quantum computing and how to prepare for them. […]
Cobalt Strike Abuse Dropped 80% in Two Years
Fortra has shared an update on the effects of actions taken to reduce the abuse of Cobalt Strike by threat actors.
The post Cobalt Strike Abuse Dropped 80% in Two Years appeared first on SecurityWeek.
Microsoft lifts Windows 11 update block for some AutoCAD users
Microsoft has removed a compatibility hold that prevented some AutoCAD users from installing the Windows 11 2024 Update due to launch and crash issues. […]
Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links
The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024.
“The campaign, which leverages social media to distribute malware, is tied to the region’s current geopolitical climate,” Positive Technologies researchers Klimentiy Galkin and Stanislav Pyzhov said in an analysis published last week.
“The campaign, which leverages social media to distribute malware, is tied to the region’s current geopolitical climate,” Positive Technologies researchers Klimentiy Galkin and Stanislav Pyzhov said in an analysis published last week.
Developer Convicted for Hacking Former Employer’s Systems
Davis Lu was convicted of sabotaging his employer’s systems through malicious code, and deleting encrypted data.
The post Developer Convicted for Hacking Former Employer’s Systems appeared first on SecurityWeek.
Google Paid Out $12 Million via Bug Bounty Programs in 2024
In 2024, Google paid out nearly $12 million in bug bounties through its revamped vulnerability reward programs.
The post Google Paid Out $12 Million via Bug Bounty Programs in 2024 appeared first on SecurityWeek.
Mass Exploitation of Critical PHP Vulnerability Begins
GreyNoise warns of mass exploitation of a critical vulnerability in PHP leading to remote code execution on vulnerable servers.
The post Mass Exploitation of Critical PHP Vulnerability Begins appeared first on SecurityWeek.