Last week when a security researcher said he could easily obtain the precise location from any one of the millions of users of a widely used phone-tracking app, we had to see it for ourselves. Eric Daigle, a computer science and economics student at the University of British Columbia in Vancouver, found the vulnerabilities in […]
Network security appliances like firewalls are meant to keep hackers out. Instead, digital intruders are increasingly targeting them as the weak link that lets them pillage the very systems those devices are meant to protect. In the case of one hacking campaign over recent months, Cisco is now revealing that its firewalls served as beachheads […]
After failing to achieve “expected results,” Sweden’s National Cyber Security Center (NCSC) is facing a range of reforms, including being brought under the control of the country’s cyber and signals intelligence agency. The failures were assessed as part of a government review, rather than in response to a single incident, but come amid a changing […]
The Cybersecurity and Infrastructure Security Agency is targeting a Sept. 30 deadline to give federal agencies a list of example software products deemed critical for the federal government’s cyber posture. The target date comes from the agency’s responses to a Thursday Government Accountability Office oversight report that examines implementation of a major 2021 cybersecurity executive […]
Apr 23, 2024NewsroomNational Security Agency / Threat Intelligence The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly as early […]
Apr 22, 2024NewsroomNetwork Security / Endpoint Security The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an “industrial scale” from primarily governmental organizations, […]
Apr 22, 2024The Hacker NewsNetwork Security / Cybersecurity The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and […]
As the company also explains in a public security advisory published on Friday, this zero-day bug enables unauthenticated attackers to escape the user’s virtual file system (VFS) and download system files.
The National Security Agency (NSA) issued a cybersecurity information sheet (CIS) on Monday to share best practices for deploying secure and resilient AI systems. The guidance marks the first release from the NSA’s Artificial Intelligence Security Center (AISC), which the agency stood up last year to promote the secure development, integration, and adoption of AI […]