Security News

A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. The attackers set up a rogue DHCP server that alters the routing tables so that all VPN traffic is sent straight to the local network or a malicious gateway, never entering the encrypted VPN tunnel.

Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user's IP address.

The City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after suffering a weekend ransomware attack. Wichita is the largest city in Kansas, with a population of 400,000 people, ranking it among the top 50 largest cities in the United States.

The BlackBasta ransomware / cyber extortion gang is behind the recent cyber attack that resulted in the temporary shutdown of operations at Synlab Italia. The group claimed the attack on their leak site on Saturday and says they have exfiltrated approximately 1.5 TB of company and customer data, employees' personal documents, as well as the results of customers' medical tests.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Finland's Transport and Communications Agency is warning about an ongoing Android malware campaign attempting to breach online bank accounts. The McAfee app is malware that will allow threat actors to breach victim's bank accounts.

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgradesThere are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are "Not aware at this time of any malicious attempts to use these persistence techniques in active exploitation of the vulnerability." Okta warns customers about credential stuffing onslaughtCredential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originating from residential proxies before authentication takes place.

The U.K.'s National Cyber Security Centre and other international cyber authorities, including the Federal Bureau of Investigation, have warned about pro-Russia hacktivist attacks targeting providers of operational technology. Pro-Russia hacktivists exploit both virtual network computing remote access software and default passwords to access the software components of internet-exposed industrial control systems associated with OT devices.

HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems. Of...

Microsoft has highlighted a novel attack dubbed "Dirty Stream," which could allow malicious Android apps to overwrite files in another application's home directory, potentially leading to arbitrary code execution and secrets theft. Dirty Stream allows malicious apps to send a file with a manipulated filename or path to another app using a custom intent.