FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK […]

The post Fortinet warns of a spike in attacks against TBK DVR devices appeared first on Security Affairs.

Apple this week is rolling out its first Rapid Security Response updates
designed to swiftly patch iPhones and Macs against newly found security holes
that hackers might be already exploiting.

Beginning with iOS 16.4.1, iPadOS 16.4.1 and macOS 13.3.1, Apple customers can
now deploy the latest security fixes for their products faster and more easily.

“Rapid Security Responses are a new type of software release for iPhone, iPad,
and Mac,” says a support article [https://support.apple.com/en-us/H

It’s no secret that humans are the biggest vulnerability to any corporate network. Whether it’s an inability to properly manage password complexity across multiple systems, poor social media habits, or even a lack of awareness with things like email links, online shopping, or app and software usage.

A major problem for businesses, particularly in a post-COVID world with so many people working remotely, is the fact that these security challenges employees face extend very easily to their personal devices, while your visibility and control as corporate IT does not. This potential weakness has precedent as a recent compromise of LastPass was attributed to the compromised home computer belonging to a devops engineer. The trick of course is finding a way to help employees protect themselves as a means to better protect corporate resources while maintaining a budget and avoiding invasions of privacy.

To read this article in full, please click here

The information will be used to ascertain if employers are violating antitrust and privacy laws, for instance, if companies use technologies to artificially reduce wages.

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022. Check Point researchers reported that the infection chains observed in the attacks attributed to North Korea-linked ScarCruft APT group (aka APT37, Reaper, and Group123) since 2022 have stopped heavily relying on malicious documents to deliver malware and instead […]

The post North Korea-linked ScarCruft APT uses large LNK files in infection chains appeared first on Security Affairs.

A modern-day Robin Hood has emerged in the digital realm, targeting Russian
cryptocurrency wallets and diverting funds to support Ukrainian aid efforts.
According to a CoinDesk report on April 27, a threat actor exposed hundreds of
Bitcoin wallets allegedly held by Russian security agencies, including the FSB,
GRU and Foreign Intelligence Service. Blockchain analysis company Chainalysis,
which collaborates with the US government, confirmed the unauthorized
transactions.

“The unknown individual

Students and teachers at the Minneapolis Public School (MPS) District, which
suffered a huge ransomware attack
[https://www.cbsnews.com/minnesota/news/minneapolis-public-schools-say-encryption-virus-infected-tech-systems-data-may-be-compromised/]
at the end of February, have had highly sensitive information about themselves
published on the web, including allegations of abuse by teachers and
psychological reports.

MPS initially said [https://its.mpls.k12.mn.us/mps_systems_data] that it had
ref