Security News > 2022 > August

Cloudflare says some of its employees' credentials were also stolen in an SMS phishing attack similar to the one that led to Twilio's network being breached last week. Although the attackers got their hands on Cloudflare employees' accounts, they failed to breach its systems after their attempts to log in using them were blocked since they didn't have access to their victims' company-issued FIDO2-compliant security keys.

Threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developer's systems with password-stealing malware. The fake packages used typosquatting to impersonate popular software projects and trick PyPI users into downloading them.

A group of computer scientists has identified an architectural error in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys. The bug affects recent Intel CPUs based on the company's Sunny Cove microarchitecture, the authors say.

EaseUS Partition Master: Partition management software review We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. The team who designed EaseUS Partition Master provide a well-designed interface to guide people through highly-technical partition management tasks.

Proof-of-concept exploit code is now publicly available online for a critical authentication bypass security flaw in multiple VMware products that enables attackers to gain admin privileges.A week ago, VMware released updates to address the vulnerability affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation.

VMware found a quarter of all ransomware attacks included double-extortion techniques, with top methods including blackmail, data auction and name and shame The use of deepfakes also shot up this year, by 13 percent to 66 percent of respondents reporting they had featured in an attack. 65 percent of respondents noted that cyberattacks had increased since Russia invaded Ukraine and 62 percent said they'd been on the receiving end of zero-day exploits.

Pros and cons of asymmetric encryption Pros of asymmetric encryption Asymmetric encryption allows the recipient to verify and authenticate the origin of a message, making it easy to avoid encrypted messages from an unknown sender. Cons of asymmetric encryption Asymmetric encryption is slower than symmetric encryption.

The Maui ransomware operation has been linked to the North Korean state-sponsored hacking group 'Andariel,' known for using malicious cyber activities to generate revenue and causing discord in South Korea. State-sponsored North Korean hackers are notorious for orchestrating campaigns with financial motives, so running their own ransomware operation matches their overall strategic goals.

Some of these related terms are vulnerability scanning and penetration testing, commonly known as pen testing. Key differences between vulnerability scanning and pen testing Automation Vulnerability scanning.

A technical support scam, sometimes referred to as "Tech support scam," is a kind of online fraud in which a scammer reaches a target, generally by phone, and pretends to offer a technical support service. Figure A. Some tech support scams have also been using email or even SMS messages, but the rate of success of those is significantly lower than alerts shown directly on the user's screen.