Videos
Good afternoon
Google is entering the booming cybersecurity market with a fresh set of security products that leverage both threat intelligence and security operations expertise acquired through Mandiant, a company Google purchased in 2023.
Researchers have uncovered a large network of fake online stores operated by a China-based cybercriminal group called BogusBazaar. This group has defrauded over 850,000 victims so far by creating tens of thousands of deceptive websites.
Google addressed a critical security vulnerability (CVE-2024-4671) in Chrome, the fifth zero-day exploit found this year. This flaw, which resides in the browser's visual rendering component, could grant attackers unauthorized access to data or even control of your computer.
A recent survey found that many people still rely on unsafe methods to manage their passwords, both at work and at home. Over half (54%) admitted to using their memory, and a third (33%) said they use pen and paper to store passwords
Researchers revealed two novel attack methods exploiting a critical feature in Intel's high-end processors, the conditional branch predictor. This vulnerability casts a shadow over billions of processors in use worldwide.
Millions of Docker repositories were found to be harboring malicious content, raising concerns about software supply chain security. Researchers identified roughly 4.6 million repositories containing no legitimate Docker images and linked nearly 3 million of them to large-scale malware and phishing campaigns.
KnowBe4, a renowned name in cybersecurity awareness training, has announced its strategic acquisition of Egress, a UK-based leader in cloud email security solutions. This move signifies a significant step towards building a comprehensive platform that addresses the ever-growing challenge of human error in cybersecurity.
Google Meet is taking a giant leap towards universal online privacy with the expansion of its end-to-end encryption capabilities. Previously exclusive to Google Workspace users, this advanced security feature is now available for calls with individuals outside the Google ecosystem, breaking down barriers and fostering secure communication for everyone.
A security researcher discovered a major flaw in self-service check-in terminals used by Ibis Budget hotels in Europe. The terminals were programmed to display room keycodes when a guest entered a series of dashes instead of a booking reference number.
A security vulnerability impacting a significant number of LG smart TVs was recently disclosed. This flaw could allow attackers to remotely seize control of susceptible devices. Researchers at Bitdefender discovered two critical vulnerabilities (CVE-2023-6317 and CVE-2023-6318) that, when combined, could grant unauthorized users complete control over a targeted LG smart TV.
Even though the cybersecurity pros I work with haven't fallen for the latest LinkedIn scam, seeing it hit my inbox made me realize just how dangerous and believable these attacks are. The sophistication of this one surprised even me, and that's concerning.
A hacking competition called Pwn2Own 2024 in Vancouver awarded over $1.1 million to participants who discovered vulnerabilities in various software and devices. This security competition incentivizes hackers to discover and report vulnerabilities in widely used software and devices.
Cybercriminals are looking for ways to integrate large language models (LLMs) into their attacks, and they have three main options: trying to bypass the safeguards on existing LLMs, building their own LLMs, or using uncensored open-source models.
In a proactive measure to enhance user security, Google has announced an update to its Chrome browser, effectively patching a series of vulnerabilities, including the zero-day flaw CVE-2024-3159, unveiled at the Pwn2Own hacking contest in March 2024.
It’s been three months since the Securities and Exchange Commission’s cyber disclosure rules took effect and rather than creating a deluge of incident revelations, only a trickle has emerged.
APIs were the target of 29% of web attacks in 2023, with cybercriminals exploiting the swiftly growing API economy for new avenues of attack, according to a report from Akamai.
DDoS attacks against the financial services sector historically accounted for about 10-15% of all attacks, however that trend began to rise in 2021, the FS-ISAC and Akamai found.
The NIST Cybersecurity Framework (CSF) 2.0, an evolution of its predecessor, is a comprehensive guide designed to assist organizations across various sectors in managing and mitigating cybersecurity risks effectively.
Google’s new Security Command Center Enterprise (SCC Enterprise) could streamline cloud risk management through AI automation, saving security teams time, experts say. Enhanced with Mandiant threat intelligence and generative AI, SCC Enterprise aims to offer comprehensive insights across the cloud security lifecycle.
Lookout recently discovered an advanced phishing kit exhibiting novel tactics to target cryptocurrency platforms as well as the Federal Communications Commission (FCC) via mobile devices.