Hackers find a ‘Shortcut’ to data stored on iPhones, iPads, and Macs

Hackers find a ‘Shortcut’ to data stored on iPhones, iPads, and Macs

Apple has advised users to patch their devices against a vulnerability affecting the Apple Shortcuts application that can allow hackers to access sensitive data without invoking user permission. Tracked as CVE-2024-23204, the flaw has a critical rating (CVSS 7.5/10) because of its zero-click exploitation, affecting a range of Apple devices including MacBooks, iPhones, iPads, and … Read more

Critical ConnectWise ScreenConnect flaw exploited in the wild: Update

Critical ConnectWise ScreenConnect flaw exploited in the wild: Update

A critical vulnerability patched this week in the ConnectWise ScreenConnect remote desktop software is already being exploited in the wild. Researchers warn that it’s trivial to exploit the flaw, which allows attackers to bypass authentication and gain remote code execution on systems, and proof-of-concept exploits already exist. ScreenConnect is a popular remote support tool with … Read more

Check Point unveils AI-powered Quantum Force firewalls

Check Point unveils AI-powered Quantum Force firewalls

After a year in which AI has become ubiquitous, it’s time to prove that we know how to use it, and to move towards a more professional use of it in our work routine, Check Point CEO Gil Shwed told attendees at the company’s CPX 2024 event in Vienna on Wednesday. The company presented a … Read more

Identity hacking saw sharp rise 2023

Identity hacking saw sharp rise 2023

Threat actors, frequently frustrated by improved enterprise security systems, increased their efforts to compromise credentials in 2023, according to CloudStrike’s 10th annual global threat report released Wednesday. “Threat actors are running into EDR products out there that are making it difficult for them. It’s difficult for them to bring their tools in and use them … Read more

Biden’s maritime cybersecurity actions target China threats

Biden’s maritime cybersecurity actions target China threats

The Biden administration released an ambitious set of initiatives that includes an executive order and a series of other actions to strengthen the cybersecurity of the American marine transportation system (MTS). The administration also wants to pave the way for a revived domestic port crane manufacturing sector to ease US reliance on increasingly distrusted Chinese-made … Read more

Critical infrastructure attacks aren’t all the same: Why it matters to CISOs

Critical infrastructure attacks aren’t all the same: Why it matters to CISOs

Cyberattacks against critical infrastructure are always big news, but recent headlines have once again thrust the threat faced by Western democracies from foreign powers in this domain back onto the agenda of everyday citizens. Most prominently, the director of the US Federal Bureau of Investigation (FBI), Christopher Wray, claimed that  Chinese advanced persistent threat actors … Read more

Critical ConnectWise ScreenConnect flaw exploited in the wild

Critical ConnectWise ScreenConnect flaw exploited in the wild

A critical vulnerability patched this week in the ConnectWise ScreenConnect remote desktop software is already being exploited in the wild. Researchers warn that it’s trivial to exploit the flaw, which allows attackers to bypass authentication and gain remote code execution on systems, and proof-of-concept exploits already exist. ScreenConnect is a popular remote support tool with … Read more

Hackers using stolen credentials to launch attacks as info-stealing peaks

Hackers using stolen credentials to launch attacks as info-stealing peaks

Attackers prefer compromised valid accounts over phishing or any other infection methods to gain access into victim environments, according to an IBM report. “As defenders increase their detection and prevention capabilities, attackers are finding that obtaining valid credentials is an easier route to achieving their goals, considering the alarming volume of compromised yet valid credentials … Read more

Is hybrid encryption the answer to post-quantum security?

Is hybrid encryption the answer to post-quantum security?

If you wear suspenders, do you need a belt? If you have one parachute, do you need a reserve? Many CISOs, security teams, and cryptographers are asking a similar question about encryption algorithms when they choose the next generation of protocols. Do users need multiple layers of encryption? Do they want the complexity and cost, … Read more

New Redis attack campaign weakens systems before deploying cryptominer

New Redis attack campaign weakens systems before deploying cryptominer

Cloud attackers are stepping up their game in a new cryptojacking campaign that targets exposed Redis deployments, researchers warn. Compared to previous attacks against the in-memory data store, the perpetrators make use of certain system weakening commands before installing their cryptocurrency mining malware. Researchers from Cado Security have dubbed the new miner Migo and note … Read more

LockBit ransomware operations seized by law enforcement in ‘Operation Cronos’

LockBit ransomware operations seized by law enforcement in ‘Operation Cronos’

Several operations of the notorious ransomware gang LockBit have been seized by global law enforcement authorities in a coordinated takeover under the banner “Operation Cronos.” Eight “.onion” domains owned by the ransomware group have been taken over by the authorities and as of Tuesday, were displaying a message that read, “The site is now under … Read more

jsplaces