A new Android spyware tool is for sale on the internet. It has more risks than just its tracking features. For a price, anyone can buy it, add their name and logo, and sell it as their own. The tool is named KidsProtect. It looks like a parent monitoring app, …
Read More »
FBI and CISA, along with the Department of Energy and defense partners, released a joint report. Called “Adapting Zero Trust Principles to Operational Technology,” this guide helps critical infrastructure operators protect industrial systems from today’s cyber threats. The new federal guidance strongly urges organizations to adopt an “assume breach” philosophy. This …
Read More »
OpenAI has released a detailed plan for cybersecurity called “Cybersecurity in the Intelligence Age: An Action Plan for Democratizing AI-Powered Cyber Defense.” It describes a five-part strategy to give trusted defenders better AI tools and stop bad use. Artificial intelligence is changing the way we protect against cyber threats. It’s …
Read More »
Hackers are looking for weak TP-Link home routers to spread Mirai-like malware, taking advantage of CVE-2023-33538 in a new round of automated attacks. Current exploit attempts have some technical problems, but researchers say the bug is real and can be dangerous when used with default passwords and outdated firmware. Network …
Read More »
Threat actors are exploiting 3 new Windows security flaws in their attacks to get SYSTEM or higher administrator access. Since the beginning of the month, a security expert called “Chaotic Eclipse” or “Nightmare-Eclipse” has shared proof-of-concept exploit code for all three security problems. Two of the flaws, called BlueHammer and RedSun, …
Read More »
Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called for an important meeting with bank CEOs this week to talk about the cyber dangers from Anthropic’s new AI model. Bessent and Powell met with the group on Tuesday to talk about the risks linked to Anthropic’s Mythos and …
Read More »
Hackers are misusing React2Shell flaw in Next.js apps to carry out an automatic scheme to steal credentials. This has already affected at least 766 servers in less than 24 hours. The threat activity is tracked as “UAT‑10608”. It relies on a custom framework dubbed NEXUS Listener to systematically harvest and …
Read More »
Threat groups linked to Qilin and Warlock ransomware have been seen using the bring your own vulnerable driver (BYOVD) method to disable security tools on compromised computers, as reported by Cisco Talos and Trend Micro. Qilin attacks analyzed by Cisco Talos have been found to deploy a malicious DLL named …
Read More »
The FBI has observed a type of malware named AVrecon, which was used to target many network devices around the world. The malware has a flexible design, allowing new attack tools to be added when new weaknesses are found. This increases the number of devices it can infect. The FBI …
Read More »
Starcloud’s newest funding round sets the company’s value at $1.1 billion. This makes it one of the quickest startups to become a unicorn after completing Y Combinator. The company’s Series A finished 17 months after its demo day. Benchmark and EQT Ventures led the round. This shows that there is interest …
Read More »
InfoSecBulletin Cybersecurity for mankind