Crypto investor data exposed by a SIM swapping attack against a Kroll employee
Security consulting giant Kroll disclosed a data breach resulting from a SIM-swapping attack against one of its employees. Security consulting…
Security
Friday Squid Blogging: China’s Squid Fishing Ban Ineffective
China imposed a “pilot program banning fishing in parts of the south-west Atlantic Ocean from July to October, and parts…
API Abuse – Lessons from the Duolingo Data Scraping Attack
It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained…
Hacking Food Labeling Laws
This article talks about new Mexican laws about food labeling, and the lengths to which food manufacturers are going to…
Whiffy Recon malware triangulates the position of infected systems via Wi-Fi
Experts observed the SmokeLoader malware delivering a new Wi-Fi scanning malware strain dubbed Whiffy Recon. Secureworks Counter Threat Unit (CTU)…
FBI: Patches for Barracuda ESG Zero-Day CVE-2023-2868 are ineffective
The FBI warned that patches for a critical Barracuda ESG flaw CVE-2023-2868 are “ineffective” and patched appliances are still being…
Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035
Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept (PoC) exploit…
Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider
The North Korea-linked Lazarus group exploits a critical flaw in Zoho ManageEngine ServiceDesk Plus to deliver the QuiteRAT malware. The…
Act Now to Prepare for New NCUA Cyber Incident Reporting Requirements
We recently discussed the new SEC rule requiring all registered companies to report material cyber incidents within four (4) days.…
Parmesan Anti-Forgery Protection
The Guardian is reporting about microchips in wheels of Parmesan cheese as an anti-forgery measure.