Security News > 2024 > January
Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. The Terrapin attack targets the SSH protocol, affecting both clients and servers, and was developed by academic researchers from Ruhr University Bochum in Germany.
Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even...
Xerox has officially confirmed that a cyber baddie broke into the systems of its US subsidiary - a week after INC Ransom claimed to have exfiltrated data from the copier and print giant. Xerox Business Solutions, a subsidiary of Xerox, offers a range of products and services, from managed IT and print services, to robotic process automation solutions, and more.
The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel. Spreadsheet::ParseExcel RCE. The first issue that CISA added to its Known Exploited Vulnerabilities is CVE-2023-7101, a remote code execution vulnerability that affects versions 0.65 and older of the Spreadsheet::ParseExcel library.
A helpful summary of which US retail stores are using facial recognition, thinking about using it, or currently not planning on using it. Three years ago, I wrote that campaigns to ban facial recognition are too narrow.
A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security...
"I think more people are coming to accept that a ban, while problematic, may ultimately be the only solution to the ransomware problem," he told The Register. For example, the Biden administration deciding to make ransom payments illegal as of February 1 would be "Problematic, given the lack of overall resilience and maturity across the economy, particularly when you think about all those soft targets the report identifies," Stifel told The Register, echoing the conclusion [PDF] reached by the Ransomware Task Force.
The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least...
As the technological landscape increasingly integrates AI, Cindric anticipates a profound impact on the evolution of APIs, emphasizing the growing importance of API security, authentication, and the challenges posed by zombie endpoints. APIs have been growing at a CAGR of 25% for the past few years, but that growth doubled in 2023, all thanks to AI. We predict that AI-based APIs will continue to drive API growth in 2024 as they go hand in hand.
In this Help Net Security video, John Dwyer, Head of Research at IBM X-Force, discusses how 2024 is poised to be an incredibly impactful year for cyber attacks, driven by world events and access...