lemmydev2

Programs are typically sponsored by C-suite executives, while the CISO is often tasked with execution, according to Gartner.

Two rounds of reports and patches may not have completely closed this hole BLACK HAT ASIA  Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files. And, they asserted, the hole could remain exploitable – even after both vendors claim to have patched the problem.…

Get details on the Legit research team's discovery of a dependency confusion vulnerability in an archived Apache project. 

There’s been a lot of fuss about the ‘quantum advantage’ that would arise from the use of quantum processors and quantum systems in general. Yet in this high-noise, high-uncertainty era …read more

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy. [...]

A French hospital was forced to return to pen and paper and postpone medical treatments after a cyber attack. A cyber attack hit Hospital Simone Veil in Cannes (CHC-SV) on Tuesday, impacting medical procedures and forcing personnel to return to pen and paper. The Hospital Simone Veil in Cannes is a public hospital located in Cannes, France. The […]

CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today, urging them to patch their servers immediately. [...]

'GhostR' Claims to Have 5.3 Million Records from Major Screening DatabaseA seemingly financially-driven hacker known as GhostR claimed to have stolen millions of highly-sensitive records from a "know-your-customer" database used by the London Stock Exchange Group to combat financial crimes and enforce global sanctions.

    Photo by Victoria Song / The Verge

Apple could soon let developers in the European Union use its tap-to-pay technology. A report from Reuters reveals that EU regulators could sign off on Apple’s proposal to open the payment system next month, putting a two-year-long legal battle to rest. In 2022, the European Commission accused Apple of abusing “its dominant position in markets for mobile wallets.” It claimed Apple prevented third-party payment apps from using the iPhone’s NFC (near-field communication) hardware “to the benefit of its own solution,” Apple Pay. The European Commission announced earlier this year that Apple committed to allowing third-party payment providers to freely use the iPhone’s NFC capabilities. Apple’s proposal would also give developers access to...

Continue reading…

Accounts with stored payment information went for as little as $0.50 each.

​The United Nations Development Programme (UNDP) is investigating a cyberattack after threat actors breached its IT systems to steal human resources data. [...]

The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. [...]