lemmydev2

In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.

Out of the PAN-OS and into the firewall, a Python backdoor this way comes Palo Alto Networks on Friday issued a critical alert for an under-attack vulnerability in the PAN-OS software used in its firewall-slash-VPN products.…

Some Intel and Lenovo products have an unfixable bug in their firmware that could allow the devices to be hacked. The bug in question has sat unpatched for years and will never be patched because the impacted products have been deemed “end-of-life” and won’t receive any additional software updates. While the…Read more...

FBI Director Chris Wray Warns U.S. Falling Behind to Adversaries in CyberspaceFBI Director Christopher Wray told a congressional panel Thursday the United States faces a wide range of "escalated" digital threats, including sophisticated cyberattacks and emerging risks to networks and critical infrastructure. The FBI took over 1,000 actions against cyber adversaries in 2023.

Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are used by state actors to pull off "individually targeted

Lack of mine investment will also contribute to supply deficit

Announced last year, Google’s proposal to reduce the lifespan of TLS (transport layer security) certificates from 13 months to 90 days could be implemented in the near future. It will certainly improve security and shrink the window of opportunity for bad actors to exploit compromised or stolen certificates and private keys. Unfortunately, it will also dramatically increase the time and energy required to manage TLS certificates. For organizations with only a handful of certificates, this … More → The post How Google’s 90-day TLS certificate validity proposal will affect enterprises appeared first on Help Net Security.

Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors. [...]

Go, go InSpectre Gadget Intel CPU cores remain vulnerable to Spectre data-leaking attacks, say academics at VU Amsterdam.…

A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot. [...]

In early 2023, the World Economic Forum (WEF) launched Cybercrime Atlas, with the intent to map the cybercriminal ecosystem by facilitating collaboration between private and public organizations. What does this collaboration look like in practice? We’ve asked Sean Doyle, the Cybercrime Atlas Initiative’s lead, to tell us more about it. (Sean Doyle’s answers have been edited for length and clarity.) How does the Cybercrime Atlas initiative work? The core of the collaboration is joint research … More → The post WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime appeared first on Help Net Security.

Zack Whittaker / TechCrunch: Researchers found an exposed Azure server with credentials used by Microsoft staff to access internal systems; Microsoft was told Feb. 6 and secured it March 5  —  Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet.