Security News > 2023
2023 has seen its fair share of cyber attacks, however there’s one attack vector that proves to be more prominent than others - non-human access. With 11 high-profile attacks in 13 months and an...
SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed "Pool Party" because theyuse Windows thread pools, these process injection techniques work across all processes and, according to the researchers, they went undetected when tested against five leading EDR/XDR solutions, namely: Palo Alto Cortex, SentinelOne EDR, CrowdStrike Falcon, Microsoft Defender For Endpoint, and Cybereason EDR. "Pool Party" process injection techniques.
A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a...
BlackBerry has decided its plan to split into two separate companies is not a good idea and will instead reorganize itself into two independent divisions. The former smartphone champ has two businesses: cyber security and IoT. Neither has thrived in recent years so, in pursuit of greater shareholder value, the Canadian biz conducted a review it called Project Imperium.
Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently...
Hundreds of suspected people smugglers have been arrested, and 163 potential victims rescued from servitude, as part of an Interpol-coordinated operation dubbed "Turquesa V" that targeted cyber criminals who lure workers into servitude to carry out their scams. When the victims showed up for their first day on the job, they were forced into working for cyber investment scam operations and not allowed to leave.
A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. The researchers used an automated account creation method to assess over 20,000 websites across the Tranco top 1M and evaluate the password creation policies users have to adhere to.
Basically, everyone who believes in a free and safe internet is speaking out against eIDAS. The unintended consequences of the bill are so great that Mozilla recently shared an open letter co-signed by a raft of internet companies concerned that eIDAS will make the internet less secure. Mozilla warned in a separate statement that any EU government could "Issue website certificates for interception and surveillance which can be used against every EU citizen, even those not resident in or connected to the issuing member state."
Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked...
In this Help Net Security interview, Matt Holland, CEO of Field Effect, discusses achieving a balance for businesses between the advantages of using AI in their cybersecurity strategies and the risks posed by AI-enhanced cyber threats. How are cybersecurity companies responding to these AI threats, and what AI-centric products are they developing? Are there any that you believe are particularly effective or innovative?