Security News

About a quarter of those probed said their higher education was "Not at all useful" for their working life in cybersecurity; 12 percent said it was "Slightly useful;" and 14 percent described it as "Somewhat useful," adding up to 50 percent for the negatives. On the flip side, 29 percent said their education was "Extremely" useful, and 21 percent said "Very" useful.

The Danish data protection authority has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools. The matter was brought to the agency's attention roughly four years ago by a concerned parent and activist, Jesper Graugaard, who protested how student data is sent to Google without any consideration about the potential for misuse or the impact it could have on those persons in the future.

The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies. Volt Typhoon hackers are known for extensively using living off the land techniques as part of their attacks on critical infrastructure organizations.

The US government today confirmed that China's Volt Typhoon crew comprised "Multiple" critical infrastructure org's IT networks, and warned that the state-sponored hackers are readying "Disruptive or destructive cyberattacks" against these targets. "Volt Typhoon's choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the US authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions," the 12 government agencies warned.

Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions. These files are commonly distributed through third-party sites, allowing you to install apps outside of Google Play.

Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery attacks.Unauthenticated attackers can exploit the two critical CSRF vulnerabilities patched today to target unpatched Expressway gateways remotely.

A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service attacks is likely a hypothetical scenario instead of an actual attack. Last week, Swiss news site Aargauer Zeitung published a story stating that an employee of cybersecurity firm Fortinet said 3 million electric toothbrushes had been infected with Java malware to conduct DDoS attacks against a Swiss company.

A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service attacks is likely a hypothetical scenario instead of an actual attack. Last week, Swiss news site Aargauer Zeitung published a story stating that an employee of cybersecurity firm Fortinet said 3 million electric toothbrushes had been infected with Java malware to conduct DDoS attacks against a Swiss company.

Iran's anti-Israel cyber operations are providing a window into the techniques the country may deploy in the run-up to the 2024 US Presidential elections, Microsoft says. An analysis of Iran's activity, published by Microsoft Threat Analysis Center today, concluded that Iran may again target US elections as it did in 2020, using more sophisticated techniques from a wealth of different groups.

A critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms. Shim is a small open-source bootloader maintained by Red Hat that is designed to facilitate the Secure Boot process on computers using Unified Extensible Firmware Interface.