Pulse of Truth
gizmodo.com
The former county clerk suggested at her sentencing that God would get revenge against prosecutors because she's a "child of God."
www.darkreading.com
A growing number of organizations are taking longer to get back on their feet after an attack, and they're paying high price tags to do so — up to $2M or more.
Fake trading apps on Google Play and Apple's App Store lure victims into "pig butchering" scams that have a global reach. [...]
A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. [...]
www.helpnetsecurity.com
Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface, according to Elastic. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts. The most prevalent malware family observed this year was Cobalt Strike, accounting for 27.02% of infections. Cobalt Strike is a very mature commercial post-exploitation framework with an experienced research and development team. It is so effective … More → The post Cybercriminals capitalize on poorly configured cloud environments appeared first on Help Net Security.
www.scworld.com
Ivanti is advising administrators to get up to date on their patches following a new spell of exploits against Endpoint Manager (EPM).
hackaday.com
Those of us old enough to remember BBS servers or even rainbow banners often go down the nostalgia hole about how the internet was better “back in the day” than …read more
Approximately 5% of all Adobe Commerce and Magento online stores, or 4,275 in absolute numbers, have been hacked in "CosmicSting" attacks. [...]
gizmodo.com
While the storm could pose a threat to fragile electric systems, the National Oceanic and Atmospheric Administration says the danger is minor.
The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware. [...]
Cloudflare recently mitigated another record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion Pps. The post Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps appeared first on SecurityWeek.
The U.S. government has indicted a co-owner of a Minnesota IT company for his participation in an international conspiracy to sell forged license keys for networking devices. [...]
go.theregister.com
And what looks like proof stolen data was never deleted even after ransom paid Building on the success of what's known around here as LockBit Leak Week in February, the authorities say they've arrested a further four individuals with ties to the now-scuppered LockBit ransomware empire.…
www.newscientist.com
Google, Microsoft and others have taken big steps towards error-free devices, hinting that quantum computers that solve real problems aren’t far away
www.theverge.com
Illustration by Alex Castro / The Verge T-Mobile is investing millions of dollars into revamping its cybersecurity practices as part of a settlement with the US Federal Communications Commission. The company will also need to pay the US Treasury $15.75 million in civil penalties — the same amount as its internal cybersecurity investment. The commission says this “groundbreaking” settlement will serve as a model for the industry. Data breaches at T-Mobile in the last few years have leaked social security numbers, addresses, and driver’s license numbers for millions of people. The settlement clears up several T-Mobile investigations involving cybersecurity incidents in 2021, 2022, and 2023. The FCC press release says, “...these investigations developed evidence that the breaches... Continue reading…
thehackernews.com
The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in
www.theverge.com
Illustration by Alex Castro / The Verge Gamers hoping to spend an evening in front of their PlayStation 5 or PlayStation 4 may be out of luck unless they enjoy single-player experiences (have you tried Astro Bot?). Sony’s gaming network is suffering a massive outage on Monday night. The official PSN Service Status page confirms problems affecting everything, “Other, PS Vita, PS3, PS4, PS5, Web.” If it’s PlayStation — it’s not working. The most recent update tagged 9:21PM ET says that for gaming, “You might have difficulty launching games, apps, or network features. We’re working to resolve the issue as soon as possible. Thank you for your patience.” On my end, attempting to launch a game brought up “PS5 error Code WS-116522-7,” and the associated webpage from Sony tells me... Continue reading…
go.theregister.com
Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Exclusive Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment.…
www.theverge.com
See that little circle? That’s a camera. | Photo by Vjeran Pavic / The Verge All around Meta’s Menlo Park campus, cameras stared at me. I’m not talking about security cameras or my fellow reporters’ DSLRs. I’m not even talking about smartphones. I mean Ray-Ban and Meta’s smart glasses, which Meta hopes we’ll all — one day, in some form — wear. I visited Meta for this year’s Connect conference, where just about every hardware product involved cameras. They’re on the Ray-Ban Meta smart glasses that got a software update, the new Quest 3S virtual reality headset, and Meta’s prototype Orion AR glasses. Orion is what Meta calls a “time machine”: a functioning example of what full-fledged AR could look like, years before it will be consumer-ready. But on Meta’s campus, at least, the Ray-Bans were already everywhere. It... Continue reading…
go.theregister.com
LLMs are helpful, but don't use them for anything important AI models just can't seem to stop making things up. As two recent studies point out, that proclivity underscores prior warnings not to rely on AI advice for anything that really matters.…
hackaday.com
It’s a well-known secret that inkjet ink is being kept at artificially high prices, which is why many opt to forego ‘genuine’ manufacturer cartridges and get third-party ones instead. Many …read more
go.theregister.com
Alethe Denis exposes tricks that made you fall for that return-to-office survey Interview A hacker walked into a "very big city" building on a Wednesday morning with no keys to any doors or elevators, determined to steal sensitive data by breaking into both the physical space and the corporate Wi-Fi network.…
www.techspot.com
Researchers from ETH Zurich have devised a machine learning program that can solve Google reCAPTCHA v2 image recognition challenges with perfect accuracy. Although these often-maligned tests are becoming obsolete, they still play an important role in internet security.Read Entire Article
Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. [...]
hackaday.com
If your memory of slot cars as a childhood toy is of lightweight controllers with wire-wound rheostats inside, then you’re many years behind the state of the art when it …read more
www.bloomberg.com
LinkedIn’s AI-training kerfuffle is a stark reminder that telling users they can “opt out” of something is mostly meaningless. But first...
www.eff.org
You may have arrived at this post because you received an email with an attached PDF from a purported hacker who is demanding payment or else they will send compromising information—such as pictures sexual in nature—to all your friends and family. You’re searching for what to do in this frightening situation, and how to respond to an apparently personalized threat that even includes your actual “LastNameFirstName.pdf” and a picture of your house. Don’t panic. Contrary to the claims in your email, you probably haven't been hacked (or at least, that's not what prompted that email). This is merely a new variation on an old scam —actually, a whole category of scams called "sextortion." This is a type of online phishing that is targeting people around the world and preying on digital-age fears. It generally uses publicly available information or information from data breaches, not information obtained from hacking the recipients of the emails specifically, and therefore it is very unlikely the sender has any "incriminating" photos or has actually hacked your accounts or devices. They begin the emails showing you your address, full name, and possibly a picture of your house. We’ll talk about a few steps to take to protect yourself, but the first and foremost piece of advice we have: do not pay the ransom. We have pasted an example of this email scam at the bottom of this post. The general gist is that a hacker claims to have compromised your computer and says[...]
hackaday.com
A few days ago the source code for the popular Winamp music player was released into the world, with as we reported at the time, a licence that left a …read more
www.darkreading.com
Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really a vulnerability.
go.theregister.com
AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more Microsoft has revised the Recall feature for its Copilot+ PCs and insists that the self-surveillance system is secure.…
www.bloomberg.com
What happens when a small business can’t afford a ransomware payment? But first…
Pulse of Truth
!pulse_of_truth@infosec.pubCyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).
This community is automagically fed by an instance of Dittybopper.