Security News > 2024 > March

According to the report, titled Mission Critical: Unlocking the UK AI Opportunity Through Cybersecurity, cyberattacks currently cost the U.K. an estimated £87 billion each year. In a foreword to this new report, Microsoft UK CEO Claire Barclay said the U.K. could only meet its AI aspirations if businesses invested in cybersecurity processes and upgraded their security toolkits to match those of bad actors.

Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions "Are so outdated that security updates are no longer offered for them," the German Federal Office for Information Security has warned today. The BSI worries about attackers breaching those servers by exploiting CVE-2024-21410, a critical elevation of privilege bug that allows attackers to learn a targeted user's NTLM credentials and "Relay" them to authenticate themselves to a vulnerable Exchange Server as the user.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

The newly exposed GoFetch vulnerability affecting Apple's M1, M2 and M3 chips lets an attacker exfiltrate secret keys from cryptographic applications on a targeted system. DMPs - in contrast to classical prefetchers that only store the memory access pattern - "Also take into account the contents of data memory directly to determine what to prefetch," as written in the publication from Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher W. Fletcher, David Kohlbrenner, Riccardo Paccagnella and Daniel Genkin that reveals all of the details about the GoFetch vulnerability.

The U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists,...

Minecraft, with over 500 million registered users and 166 million monthly players, faces significant risks from distributed denial-of-service (DDoS) attacks, threatening server functionality,...

Rew Appel shepherded a public comment-signed by twenty election cybersecurity experts, including myself-on best practices for ballot marking devices and vote tabulation. Hand-marked and hand-counted ballots remove the uncertainty introduced by use of electronic machinery and the ability of bad actors to exploit electronic vulnerabilities to remotely alter the results.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

As recently released research by HUMAN Security's Satori Threat Intelligence team has revealed, researchers Google removing a single free VPN app from its Play Store due to it making devices part of a proxy network used for ad fraud revealed a more widespread problem: the library responsible for the proxy node enrollment has subsequently been found in many more apps, as well as one mobile software development kit. "The LumiApps SDK is available freely for anyone to incorporate into their apps, and they advertise it as a way to make money from your app without resorting to ads. If a developer wanted to monetize their app, they could certainly consider using LumiApps and be unaware of what the code was doing in the background, enrolling the device of the user as a node in a residential proxy network without the user's knowledge. Since the SDK is freely available on the LumiApps website, and advertised both on the dark web and on social media sites, anyone can build it into their apps if they register for an account."

The UK's deputy prime minister, Oliver Dowden, says China has been unsuccessful in its attempts to undermine UK elections. Separately, UK parliamentarians - many of whom are known for their criticism of Beijing - had their email accounts targeted by a China state-linked group in 2021.