Pulse of Truth

Apple OSes will soon transfer passkeys seamlessly and securely across platforms.

Comments

78% of public sector organizations are operating with significant security debt, flaws left unaddressed for more than a year, according to Veracode. 55% are burdened with ‘critical’ security debt, representing long-standing vulnerabilities with severe risk potential. Public sector flaw remediation timeline based on survival analysis (Source: Veracode) Public sector security debt exceeds industry average The research reveals that public sector entities require an average of 315 days to fix half their software vulnerabilities, significantly higher … More → The post Security flaws in government apps go unpatched for years appeared first on Help Net Security.

This is bad, folks. Very bad.

Law enforcement has more tools than ever to track your movements and access your communications. Here’s how to protect your privacy if you plan to protest.

Citizen Lab says it found ‘digital fingerprints’ of military-grade spyware that Italy has admitted using against activistsThe hacking mystery roiling the Italian prime minister Giorgia Meloni’s rightwing government is deepening after researchers said they had found new evidence that two more journalists were targeted using the same military-grade spyware that Italy has admitted to using against activists.A parliamentary committee overseeing intelligence confirmed earlier this month that Italy had used mercenary spyware made by Israel-based Paragon Solutions against two Italian activists. Continue reading...

Comments

Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. [...]

The new NIST guidance sets out 19 example implementations of zero trust using commercial, off-the-shelf technologies

A string of threat-actor OpSec failures have yielded unexpected windfalls for security researchers and defenders.

Cybercriminals are stealing data and running full-scale businesses around it. Europol’s latest Internet Organised Crime Threat Assessment (IOCTA) report reveals how personal data is now a core currency in the underground economy. Data is the product Cybercriminals go after everything from login credentials to credit card numbers, medical records, and social media accounts. The data criminals collect helps them access accounts, impersonate users, or sell that access to others. Europol stresses that access to an … More → The post Cybercriminals are turning stolen data into a thriving black market appeared first on Help Net Security.

A critical zero-click vulnerability in Microsoft 365 Copilot, dubbed “EchoLeak,” enables attackers to automatically exfiltrate sensitive organizational data without requiring any user interaction. The vulnerability represents a significant breakthrough in AI security research, introducing a new class of attack called “LLM Scope Violation” that could affect other AI-powered applications beyond Microsoft’s platform. The EchoLeak attack […] The post 0-Click Microsoft 365 Copilot Vulnerability Let Attackers Exfiltrates Sensitive Data Abusing Teams appeared first on Cyber Security News.

Comments

Nearly half of of mobile users encounter mobile scams daily, with people in the US and UK more likely to be targeted than those in other regions, according to Malwarebytes. Most users say it’s hard to tell a scam from something real, and very few feel confident in spotting one. Younger generations, like Gen Z and Millennials, are the most exposed. They’re more likely to see scams regularly compared to older users. No channel is … More → The post 44% of mobile users encounter scams every day appeared first on Help Net Security.

98% of CISOs face challenges when using threat intelligence, according to Trellix. The biggest problems are keeping up with changing threats, integration difficulties, and regulatory rules. As a result, threat intelligence defaults to a reactive function within a workstream, rather than an embedded, proactive strategy to build resilience, accelerate response, and stay ahead of threats. “Global threat detection volume from APT actors rose 45% at the beginning of this year, and CISOs are now tasked … More → The post CISOs call for operational threat intelligence integration appeared first on Help Net Security.

Comments

Gavin Blackburn / Euronews: President Emmanuel Macron says France will ban social media access for children under 15 within “a few months” if it is not done at the European level  —  Macron's pledge comes after a 14-year-old pupil fatally stabbed a staff member during a routine bag check at a school in eastern France.

Police in France reportedly arrested a number of suspects this week over the kidnapping and mutilation of a crypto millionaire's father. The post French police arrest more suspects over crypto kidnapping appeared first on Protos.

Alan Wong / Bloomberg: Hong Kong invokes its national security law to ban Taiwanese-made mobile game Reversed Front: Bonfire, marking the first known use of the law to block a game  —  Hong Kong invoked national security laws to ban a video game for the first time, broadening the use of the set of legislation …

That's certainly one way to get the crypto thieves off your back, maybe...

The publicly available exploits provide a near-universal way to bypass key protections.

The botnet’s still alive and evolving Badbox 2.0, the botnet that infected millions of smart TV boxes and connected devices before private security researchers and law enforcement partially disrupted its infrastructure, is readying for a third round of fraud and digital attacks, according to one of the threat hunters who uncovered the original scheme.…

In cybersecurity, there’s an urge to collect as much data as possible. Logs, alerts, metrics, everything. But more data doesn’t necessarily translate to better security. SOCs deal with tens of thousands of alerts every day. It’s more than any person can realistically keep up with. When too much data comes in at once, things get missed. Responses slow down and, over time, the constant pressure can lead to burnout. According to a Vectra AI survey, … More → The post The path to better cybersecurity isn’t more data, it’s less noise appeared first on Help Net Security.

A contract obtained by 404 Media shows that an airline-owned data broker forbids the feds from revealing it sold them detailed passenger data.

Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution. [...]