NIST Proposes Barring Some of the Most Nonsensical Password Rules

NIST is seeking public feedback on the draft guidelines, which can be submitted via email until October 7. The goal is to promote sensible password practices that enhance security without burdening users or compromising their online identity.

Cyware News – Latest Cyber News – ​Read More

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

A watering hole attack targeted Kurdish websites, distributing malicious APKs and spyware, compromising 25 sites for over a year. French cybersecurity firm Sekoia uncovered the campaign called SilentSelfie, delivering various info-stealers.

Cyware News – Latest Cyber News – ​Read More

Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext

The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users’ passwords in plaintext in its systems.
The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union’s

The Hacker News – ​Read More

California Governor Vetoes Bill to Create First-in-Nation AI Safety Measures

Gavin Newsom vetoed a landmark bill SB 1047 aimed at establishing first-in-the-nation safety measures for large artificial intelligence models.

The post California Governor Vetoes Bill to Create First-in-Nation AI Safety Measures appeared first on SecurityWeek.

SecurityWeek – ​Read More

The US Could Finally Ban Inane Forced Password Changes

Plus: The US Justice Department indicts three Iranians over Trump campaign hack, EU regulators fine Meta $100 million for a password security lapse, and the Tor Project enters a new phase.

Security Latest – ​Read More

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months.
The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it.
“Fake

The Hacker News – ​Read More

HPE Patches Three Critical Security Holes in Aruba PAPI

HPE has released patches for three critical security vulnerabilities in Aruba’s networking access points, which could allow attackers to run code on the systems by sending specially crafted packets to UDP port 8211.

Cyware News – Latest Cyber News – ​Read More

Critical RCE Vulnerability Found in OpenPLC

The most severe issue is a stack-based buffer overflow vulnerability (CVE-2024-34026) that allows an attacker to execute remote code. Users are advised to update to the latest version of OpenPLC to protect against these security risks.

Cyware News – Latest Cyber News – ​Read More

Kia Dealer Portal Flaw Could Let Attackers Hack Millions of Cars

The vulnerabilities could be exploited to remotely control Kia vehicles equipped with remote hardware in under 30 seconds, exposing the sensitive personal information of car owners.

Cyware News – Latest Cyber News – ​Read More

BBTok Targeting Brazil Using the AppDomain Manager Injection Technique

The Brazilian-targeted threat BBTok has a complex infection chain that starts with an email containing an ISO image. The malware compiles C# code directly on the infected machine and uses the AppDomain Manager Injection technique.

Cyware News – Latest Cyber News – ​Read More