Apple has advised users to patch their devices against a vulnerability affecting the Apple Shortcuts application that can allow hackers to access sensitive data without invoking user permission. Tracked as CVE-2024-23204, the flaw has a critical rating (CVSS 7.5/10) because of its zero-click exploitation, affecting a range of Apple devices including MacBooks, iPhones, iPads, and … Read more

After more than two years the Australian government is back to the top five sectors with the most reported data breaches to the Office of the Australian Information Commissioner (OAIC). The Australian government is also the only of the five sectors that had human error as the top cause of data breaches. The Notifiable Data … Read more

A critical vulnerability patched this week in the ConnectWise ScreenConnect remote desktop software is already being exploited in the wild. Researchers warn that it’s trivial to exploit the flaw, which allows attackers to bypass authentication and gain remote code execution on systems, and proof-of-concept exploits already exist. ScreenConnect is a popular remote support tool with … Read more

After a year in which AI has become ubiquitous, it’s time to prove that we know how to use it, and to move towards a more professional use of it in our work routine, Check Point CEO Gil Shwed told attendees at the company’s CPX 2024 event in Vienna on Wednesday. The company presented a … Read more

Threat actors, frequently frustrated by improved enterprise security systems, increased their efforts to compromise credentials in 2023, according to CloudStrike’s 10th annual global threat report released Wednesday. “Threat actors are running into EDR products out there that are making it difficult for them. It’s difficult for them to bring their tools in and use them … Read more

The Biden administration released an ambitious set of initiatives that includes an executive order and a series of other actions to strengthen the cybersecurity of the American marine transportation system (MTS). The administration also wants to pave the way for a revived domestic port crane manufacturing sector to ease US reliance on increasingly distrusted Chinese-made … Read more

Cyberattacks against critical infrastructure are always big news, but recent headlines have once again thrust the threat faced by Western democracies from foreign powers in this domain back onto the agenda of everyday citizens. Most prominently, the director of the US Federal Bureau of Investigation (FBI), Christopher Wray, claimed that  Chinese advanced persistent threat actors … Read more

A critical vulnerability patched this week in the ConnectWise ScreenConnect remote desktop software is already being exploited in the wild. Researchers warn that it’s trivial to exploit the flaw, which allows attackers to bypass authentication and gain remote code execution on systems, and proof-of-concept exploits already exist. ScreenConnect is a popular remote support tool with … Read more

Attackers prefer compromised valid accounts over phishing or any other infection methods to gain access into victim environments, according to an IBM report. “As defenders increase their detection and prevention capabilities, attackers are finding that obtaining valid credentials is an easier route to achieving their goals, considering the alarming volume of compromised yet valid credentials … Read more

If you wear suspenders, do you need a belt? If you have one parachute, do you need a reserve? Many CISOs, security teams, and cryptographers are asking a similar question about encryption algorithms when they choose the next generation of protocols. Do users need multiple layers of encryption? Do they want the complexity and cost, … Read more

Cloud attackers are stepping up their game in a new cryptojacking campaign that targets exposed Redis deployments, researchers warn. Compared to previous attacks against the in-memory data store, the perpetrators make use of certain system weakening commands before installing their cryptocurrency mining malware. Researchers from Cado Security have dubbed the new miner Migo and note … Read more

Several operations of the notorious ransomware gang LockBit have been seized by global law enforcement authorities in a coordinated takeover under the banner “Operation Cronos.” Eight “.onion” domains owned by the ransomware group have been taken over by the authorities and as of Tuesday, were displaying a message that read, “The site is now under … Read more