New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks – post by LinkCyb
Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets. “Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially making it
Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor – post by LinkCyb
An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that’s designed to deploy an updated version of a backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits “strong overlaps” with a hacking crew known as APT35, […]
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware
A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. “[RustBucket] communicates with command and control (C2) servers to download and execute various payloads,” Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week. The Apple device management company attributed it
CMD+CTRL Training: Q2 2023 Release in Review – post by LinkCyb
Three New Courses and Eighteen New Labs Security Innovation is proud to add a combined twenty-one new courses and labs to the CMD+CTRL training catalog for Q2 2023. Available to learners on April 25, 2023, our new training content focuses on areas such as Secure Software Development, Infrastructure Design, Systems Integration, Risk Management, and Vulnerability […]
Modernizing Vulnerability Management: The Move Toward Exposure Management – post by LinkCyb
Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of
Improving your bottom line with cybersecurity top of mind
In times of economic downturn, companies may become reactive in their approach to cybersecurity management, prioritizing staying afloat over investing in proactive cybersecurity measures. However, it’s essential to recognize that cybersecurity is a valuable investment in your company’s security and stability. Taking necessary precautions against cybercrime can help prevent massive losses and protect your business’s […]
Google Authenticator App Gets Cloud Backup Feature for TOTP Codes
Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud. “This change means users are better protected from lockout and that services can rely on users retaining access, increasing […]
Google Authenticator App Gets Cloud Backup Feature for TOTP Codes – post by LinkCyb
Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud. “This change means users are better protected from lockout and that services can rely on users retaining access, increasing […]
Removing the human: When should AI be used in emotional crisis? Lock and Code S03E09
In January, a mental health nonprofit admitted that it had used Artificial Intelligence to help talk to people in distress. Prompted first by a user’s longing for personal improvement—and the difficulties involved in that journey—the AI tool generated a reply, which, with human intervention, could be sent verbatim in a chat box, or edited and fine-tuned to better […]
Adult content malvertising scheme leads to clickjacking
Malwarebytes’ researchers have found a malvertising scheme that leads to clickjacking. Clickjacking is a form of ad fraud which is also referred to as click fraud or click spam. It is a practice performed by certain dubious advertising networks, where they sometimes use automated programs—from simple to sophisticated bots and botnets—to interact with advertisements online. […]