New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks – post by LinkCyb

Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets. “Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially making it

Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware

A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. “[RustBucket] communicates with command and control (C2) servers to download and execute various payloads,” Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week.  The Apple device management company attributed it

CMD+CTRL Training: Q2 2023 Release in Review – post by LinkCyb

Three New Courses and Eighteen New Labs Security Innovation is proud to add a combined twenty-one new courses and labs to the CMD+CTRL training catalog for Q2 2023. Available to learners on April 25, 2023, our new training content focuses on areas such as Secure Software Development, Infrastructure Design, Systems Integration, Risk Management, and Vulnerability […]

Modernizing Vulnerability Management: The Move Toward Exposure Management – post by LinkCyb

Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of

Improving your bottom line with cybersecurity top of mind

In times of economic downturn, companies may become reactive in their approach to cybersecurity management, prioritizing staying afloat over investing in proactive cybersecurity measures. However, it’s essential to recognize that cybersecurity is a valuable investment in your company’s security and stability. Taking necessary precautions against cybercrime can help prevent massive losses and protect your business’s […]

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud. “This change means users are better protected from lockout and that services can rely on users retaining access, increasing […]

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes – post by LinkCyb

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud. “This change means users are better protected from lockout and that services can rely on users retaining access, increasing […]

Removing the human: When should AI be used in emotional crisis? Lock and Code S03E09

In January, a mental health nonprofit admitted that it had used Artificial Intelligence to help talk to people in distress.  Prompted first by a user’s longing for personal improvement—and the difficulties involved in that journey—the AI tool generated a reply, which, with human intervention, could be sent verbatim in a chat box, or edited and fine-tuned to better […]

Adult content malvertising scheme leads to clickjacking

Malwarebytes’ researchers have found a malvertising scheme that leads to clickjacking. Clickjacking is a form of ad fraud which is also referred to as click fraud or click spam. It is a practice performed by certain dubious advertising networks, where they sometimes use automated programs—from simple to sophisticated bots and botnets—to interact with advertisements online. […]