Washington’s Cybersecurity Storm of Complacency

/in

If the government truly wants to protect the US’s most vital assets, it must rethink its cybersecurity policies and prioritize proactive, coordinated, and enforceable measures.

darkreading – ​Read More

Cybercriminals target victims in Spain, Germany, Ukraine with Strela Stealer malware

/in

The financially-motivated group tracked as Hive0145 has infected targets with Strela Stealer malware delivered through phishing emails disguised as legitimate invoice notifications.

The Record from Recorded Future News – ​Read More

Two Men Charged For Hacking US Tax Preparation Firms

/in

Two Nigerian nationals, one in Mexico and one in North Dakota, have been charged for hacking into the systems of US tax preparation companies.

The post Two Men Charged For Hacking US Tax Preparation Firms appeared first on SecurityWeek.

SecurityWeek – ​Read More

This startup’s AI platform could replace 90% of your accounting tasks—here’s how

/in

Credit: VentureBeat made with Midjourney

Puzzle, a fintech startup, launches an AI-powered accounting platform that automates 90% of routine tasks, aiming to support accountants and streamline business finances.Read More

Security News | VentureBeat – ​Read More

Microsoft Power Pages Leak Millions of Private Records

/in

Less experienced users of Microsoft’s website building platform may not understand all the implications of the access controls in its low- or no-code environment.

darkreading – ​Read More

CISA, FBI Confirm China Hacked Telecoms Providers for Spying

/in

CISA and the FBI have confirmed that Chinese hackers compromised the networks of telecommunications companies to spy on specific targets.

The post CISA, FBI Confirm China Hacked Telecoms Providers for Spying appeared first on SecurityWeek.

SecurityWeek – ​Read More

Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions

/in

The exploit for a new zero-day vulnerability in Windows is executed by deleting files, drag-and-dropping them, or right clicking on them.

The post Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions appeared first on SecurityWeek.

SecurityWeek – ​Read More

NIST Explains Why It Failed to Clear CVE Backlog

/in

NIST says all known exploited CVEs in the backlog have been addressed, but admitted that clearing the entire backlog by October was optimistic.

The post NIST Explains Why It Failed to Clear CVE Backlog appeared first on SecurityWeek.

SecurityWeek – ​Read More

Cybereason and Trustwave Announce Merger

/in

Cybereason Chairman & CEO Eric Gan believes the merger could help its existing success in some international markets.

The post Cybereason and Trustwave Announce Merger appeared first on SecurityWeek.

SecurityWeek – ​Read More

New RustyAttr Malware Targets macOS Through Extended Attribute Abuse

/in

Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.
The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including

The Hacker News – ​Read More