On March 1, 2023, the Biden administration published its National Cybersecurity Strategy. This is not an executive order, but an outline of how the administration will guide the evolution of cybersecurity at the national level. The federal government can only impose its wishes on federal agencies. It cannot impose those wishes at …
Read More »FBI warning: Avoid public charging stations at airports and malls
While it may be tempting to top off your phone at one of those free charging stations found in airports or shopping centers, the Federal Bureau of Investigation (FBI) advises against it. In a recent PSA, the agency’s Denver branch notes that bad actors have figured out how to use …
Read More »iPhones Hacked Via iOS Zero-Click Exploit To Deploy Spyware
Microsoft Threat Intelligence experts say a threat group is associated with “QuaDream,” an Israeli-based private sector offensive actor (PSOA). It employed a zero-click exploit called END OF DAYS to compromise the iPhones of high-risk individuals. Reports say QuaDream sells a platform called REIGN to governments for use in law enforcement. A collection …
Read More »OpenAI Launched Bug Bounty Program – Rewards up to $20,000
It’s been almost half a year since the revolutionary ChatGPT was released. Amazingly, it reached 100 million users in just two months. ChatGPT has an unimaginable potential to answer things that need a lot of research. Due to its increasingly demanding usage, securing it from threat actors is also essential. The …
Read More »AI can crack half of common passwords in less than a minute
A new study by a cybersecurity firm has revealed that most commonly used passwords are vulnerable to artificial intelligence (AI) tools and can be cracked almost instantly. AI chatbots like ChatGPT have made it easier to perform tasks just by sending prompts. However, it seems these large tools are also …
Read More »Sophos Web Appliance Critical Flaw Let Attacker Execute Arbitrary Code
Sophos has released a new security advisory that has fixed 3 of its significant vulnerabilities, allowing threat actors to execute arbitrary code injection on Sophos Web Appliance (SWA). CVE(s): CVE-2023-1671 – Pre-Auth Command Injection CVE-2022-4934 – Post-Auth Command Injection CVE-2020-36692 – Reflected XSS via POST method CVE-2023-1671 – Pre-Auth Command Injection in Sophos …
Read More »Pay $20K To Infect Android Devices Via Google Play Store – Darkweb Report
In recent times, it has been observed by the security researchers at Kaspersky’s SecureList that the official Google Play store’s security has become increasingly vulnerable to the schemes of the threat actors. These shady actors have exploited various loopholes to develop tools that can effectively Trojanize the existing Android applications, making them …
Read More »12 Days to Pay Ransom: Palo Alto County Sheriff Office Ransomware Attack
The Palo Alto County Sheriff Office seems to have become the latest victim of a ransomware attack after hacker collective Play ransomware added it to its list. A deadline of 12 days to pay a ransom has been set by the ransomware group, following which they have threatened to publish the stolen …
Read More »Women Hold 25 Percent Of Cybersecurity Jobs Globally In 2022
Women hold 25 percent of cybersecurity jobs globally in 2022, up from 20 percent in 2019, and around 10 percent in 2013. We predict that women will represent 30 percent of the global cybersecurity workforce by 2025, and that will reach 35 percent by 2031. This goes beyond securing corporate …
Read More »New Scam Alerts Users About YouTube Altering Policy
A new YouTube phishing campaign is making rounds in the wild, urging users to read and accept so-called changes in YouTube’s rules and policies. What’s scary is that it abuses YouTube’s authentic email address to lure users into providing their credentials. What’s the new scam? YouTube has published a warning, stating …
Read More »