Pulse of Truth

Infostealer data can include passwords, email and billing addresses, and the embarrassing websites you use. Farnsworth Intelligence is selling to divorce lawyers and other industries.

A single compromised password brought down KNP Logistics, putting 730 employees out of work and highlighting the devastating impact of cyber attacks on British businesses. One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work. KNP Logistics, a Northamptonshire […] The post Weak Password Let Ransomware Gang Destroy 158-Year-Old Company appeared first on Cyber Security News.

Alaska warned passengers to brace for likely delays throughout the day.

Since the ongoing “ToolShell” exploitation campaign, in which threat actors attack on-premise Sharpoint servers using a chain of two recently published vulnerabilities[1,2,3], is still on top of the cyber security news[4,5,6,7], I thought it might be a good time to look at the question of how quickly do we – as a global society – actually patch actively-exploited vulnerabilities when it comes to our internet-facing systems.

We loved keygens back in the day. Our lawyers advise us to clarify that it’s because of the demo-scene style music embedded in them, not because we used them for …read more

The recent Co-op cyberattack exposed more than just lax security. It revealed two deeper, systematic problems within the retail sector; an overreliance on vulnerable third party technology, and the unchecked collection of personal data through so-called loyalty schemes. Both deserve scrutiny and even regulation.

Microsoft announced yesterday that a newly discovered critical remote code execution vulnerability in SharePoint is being exploited. There is no patch available. As a workaround, Microsoft suggests using Microsoft Defender to detect any attacks. To use Defender, you must first configure the AMSI integration to give Defender visibility into SharePoint. Recent versions of SharePoint have the AMSI integration enabled by default.

A new study suggests that certain brain activity patterns may be linked to feeling less groggy in the morning.

The cybersecurity landscape has witnessed an unprecedented surge in malicious scanning activity, with DShield honeypots recording over one million log entries in a single day for the first time in their operational history. This dramatic escalation represents a significant shift from typical honeypot activity patterns, where such high-volume events were previously considered exceptional rather than […] The post DShield Honeypot Scanning Reaches Record-High – 1,000,000+ Logs in a Day appeared first on Cyber Security News.

Delta Air Lines is leaning into dynamic ticket pricing that uses artificial intelligence to individually determine the highest fee you’d willingly pay for flights, according to comments Fortune spotted in the company’s latest earnings call. Following a limited test of the technology last year, Delta is planning to shift away from static ticket prices entirely […]

Silk Road criminal tipped police off to dirty cop who stole 50 seized bitcoins.

The future of cybersecurity awareness might just be… gluten-based.

Comments

The Chinese have a new tool called Massistant.

Massistant is the presumed successor to Chinese forensics tool, “MFSocket”, reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding desktop software. Massistant gains access to device GPS location data, SMS messages, images, audio, contacts and phone services. Meiya Pico maintains partnerships with domestic and international law enforcement partners, both as a surveillance hardware and software provider, as well as through training programs for law enforcement personnel...

404 Media has seen user manuals for Mobile Fortify, ICE’s new facial recognition app which allows officers to instantly look up DHS, State Department, and state law enforcement databases by just pointing a phone at someone’s face.

The announcement marks the second major Salt Typhoon incident in the space of two years

Buy Now, Pay Later (BNPL) apps are everywhere these days. Whether you’re buying sneakers or groceries, chances are you’ve seen the option to split your payments over time. It’s quick and easy. But behind the convenience is a growing privacy concern that most users know little about. A new study from Incogni digs into just how much personal information BNPL apps collect and share. The research looked at eight of the most popular BNPL apps … More → The post Buy Now, Pay Later… with your data appeared first on Help Net Security.

In April, the cybersecurity community held its breath as the Common Vulnerabilities and Exposures (CVE) program was plunged into a moment of existential crisis. In the end, an eleventh-hour reprieve saved the day. While CVEs do not encompass the full scope of network security issues, they are still a critical component to track as part of a security program. Over the last 25 years, the CVE program has evolved into a critical, shared, and global … More → The post Why we must go beyond tooling and CVEs to illuminate security blind spots appeared first on Help Net Security.

Computer scientist Peter Gutmann tells The Reg why it's 'bollocks' The US National Institute for Standards and Technology (NIST) has been pushing for the development of post-quantum cryptographic algorithms since 2016.…

In case you can’t wait for your flash memory to die from write cycling, TeamGroup now has a drive that, via software or hardware, can destroy its own flash chips …read more

The expanded partnership aims to help shore up identity security as attackers increasingly target user credentials

Newly published research shows that the domain name system—a fundamental part of the web—can be exploited to hide malicious code and prompt injection attacks against chatbots.

Three perfect 10s in the last month - ISE, ISE, baby Cisco has issued a patch for a critical 10 out of 10 severity bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow an unauthenticated, remote attacker to run arbitrary code on the operating system with root-level privileges. …

Between March and December of last year, infamous Chinese state-sponsored APT Salt Typhoon gained access to sensitive US National Guard data.