Siri Bug Enables Data Theft on Locked Apple Devices – Dark Reading
Malicious actors could potentially exploit this vulnerability if they gain physical access to a user’s device. – Read More
Cyber
Microsoft: Azure DDoS Attack Amplified by Cyber Defense Error – Dark Reading
The sustained cyberattack, likely made worse by a mitigation snafu, disrupted several Azure cloud services for nearly eight hours on July 30. – Read More
Smart Cars Share Driver Data, Prompting Calls for Federal Scrutiny – Dark Reading
Two US senators accuse carmakers of deceptive language and shifty practices in sharing and resale of driver data. – Read More
As the skills gap grows, organizations should do these 3 things to enhance resiliency – CSO Online
The cybersecurity industry needs nearly four million professionals to fill vacant roles, and as adversaries advance their tactics, this figure is set to increase. Meanwhile, this skills shortage significantly impacts…
Dangerous XSS Bugs in RedCAP Threaten Academic & Scientific Research – Dark Reading
The security vulnerabilities, CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396, could lay open proprietary and sensitive research to data thieves. – Read More
DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight – The Hacker News
Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital…
Would Making Ransom Payments Illegal Result in Fewer Attacks? – Dark Reading
If paying a ransom is prohibited, organizations won’t do it — eliminating the incentive for cybercriminals. Problem solved, it seems. Or is it? – Read More
North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS – The Hacker News
The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster,…
Don’t Let Your Domain Name Become a “Sitting Duck” – Krebs on Security
More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at…
Dynamically Evolving SMS Stealer Threatens Global Android Users – Dark Reading
A network of more than 2,600 Telegram bots has helped exfiltrate one-time passwords and data from devices for more than two years. – Read More
Hottest selling product on the darknet: Hacked gen AI accounts – CSO Online
Cybercriminals looking to abuse the power of generative AI to build phishing campaigns and sophisticated malware can now purchase easy access to them from underground marketplaces as large numbers of…
Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware – The Hacker News
Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under…
How To Get the Most From Your Security Team’s Email Alert Budget – The Hacker News
We’ll TL;DR the FUDdy introduction: we all know that phishing attacks are on the rise in scale and complexity, that AI is enabling more sophisticated attacks that evade traditional defenses,…
Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes – The Hacker News
A new malicious campaign has been observed making use of malicious Android apps to steal users’ SMS messages since at least February 2022 as part of a large-scale campaign. The…
Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova – The Hacker News
Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group known as XDSpy. The findings come from cybersecurity firm F.A.C.C.T.,…