Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft

/in

Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks.
The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers.
“Active since at least 2021, Storm-0940 obtains initial access

The Hacker News – ​Read More

Passkeys are more popular than ever. This research explains why

/in

Some 57% of people surveyed this year for a FIDO Alliance report are aware of passkeys, up from 39% just two years ago.

Latest stories for ZDNET in Security – ​Read More

Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

/in

A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.

Security Latest – ​Read More

Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets

/in

LottieFiles has confirmed that Lottie-Player has been compromised in a supply chain attack whose goal is cryptocurrency theft.

The post Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets appeared first on SecurityWeek.

SecurityWeek – ​Read More

Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns

/in

Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it’s taking the time to improve the experience.
The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release starting in October.
“We are committed to delivering a secure and trusted experience with Recall,” the

The Hacker News – ​Read More

Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital

/in

Bugcrowd has secured $50 million in growth capital facility from Silicon Valley Bank for expansion and innovation.

The post Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital appeared first on SecurityWeek.

SecurityWeek – ​Read More

Major Security Update: Chrome Patches Critical Out-of-Bounds Vulnerability

/in

Not too long ago, we discovered a critical security flaw in Firefox. This week, Chrome is addressing fixes for yet more critical vulnerabilities. Google recently patched vulnerabilities in its Chrome browser, one of which was marked as critical, tracked as CVE-2024-10487. The vulnerability allowed remote attackers to perform out-of-bounds memory access via a crafted HTML page.

Source

TechSplicer – ​Read More

A Step-by-Step Guide to How Threat Hunting Works

/in

Stay ahead of cybercrime with proactive threat hunting. Learn how threat hunters identify hidden threats, protect critical systems,…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Facebook Businesses Targeted in Infostealer Phishing Campaign

/in

The threat actors deceive their victims by impersonating the legal teams of companies, well-known Web stores, and manufacturers.

darkreading – ​Read More

Cybersecurity Job Market Stagnates, Dissatisfaction Abounds

/in

The 2024 ISC2 Cybersecurity Workforce Study found that amid a tightening job market and dynamic cyber-threat environment, ongoing staffing and skills shortages are putting organizations at serious risk. Can AI move the needle in defenders’ favor?

darkreading – ​Read More