Microsoft fixes a zero-day – and two curious bugs that take the Secure out of Secure Boot
Is Secure Boot without the Secure just “Boot”?
News & Updates
Emissions From Banned Ozone-Destroying Chemicals Are Mysteriously Rising
Thirty years after countries agreed to ease up on the use of chemicals damaging the ozone layer, there are promising signs that the ozone will be fully recovered by the 2060s. But we’re not out of the woods yet. A study published this month in Nature Geoscience shows that emissions from dangerous gases banned in the…
Detect CVE-2023-28252 & CVE-2023-21554 Exploitation Attempts: Windows Zero-Day Actively Used in Ransomware Attacks and a Critical RCE Flaw
With a growing number of zero-day flaws affecting widely used software products, proactive detection of vulnerability exploitation has been among the most prevalent security use cases since 2021. Microsoft has recently issued a series of security updates relevant to critical flaws affecting its products, including a patch for a zero-day actively exploited in the wild […]
The post Detect CVE-2023-28252 & CVE-2023-21554 Exploitation Attempts: Windows Zero-Day Actively Used in Ransomware Attacks and a Critical RCE Flaw appeared first on SOC Prime.
News & Updates
Attackers Using Public USB Outlets to Spread Malware, FBI Warns
The FBI has warned that charging your phone via a USB cable from a free charging
station could be the worst decision you ever make regarding security.
station could be the worst decision you ever make regarding security.
We often advise people to avoid free Wi-Fi networks or at least use a VPN
solution when connecting to an unknown Wi-Fi, as attackers can control wireless
networks to capture all traffic from the victims’ devices. But connecting your
phone to an unknown outlet that supposedly provides free charging is infinitely
worse.
Some businesses, such as ai
News & Updates
QuaDream ‘Reign’ Spyware Used to Hack iPhones of High-Profile Targets
Security researchers have discovered new evidence of spyware targeting Apple
smartphones during the vulnerable days of iOS 14, dating back to 2021.
smartphones during the vulnerable days of iOS 14, dating back to 2021.
In a report published this week, Citizen Labresearchers of the University of
Toronto identified at least five civil society victims infected with ‘Reign’
spyware developed by Israeli firm QuaDream.
Targets included journalists, political opposition figures, and a non-government
organisation worker, in North America, Central Asia, Southeast Asia, Eu
Cybersecurity Tools
Warning: Threat Actors Compromise 3CX Desktop App in a Supply Chain Attack (Updated)
An ongoing supply chain attack allegedly uses a digitally signed and trojanized variant of the 3CX Voice Over Internet Protocol (VoIP) desktop client to target the company’s clients. The 3CX Phone System engineered by the VoIP IPBX software development company 3CX is utilized daily by over 12 million users and over 600,000 companies, including high-profile […]
The post Warning: Threat Actors Compromise 3CX Desktop App in a Supply Chain Attack (Updated) appeared first on Heimdal Security Blog.
News & Updates
OpenAI starts bug bounty program with cash rewards up to $20,000
Microsoft-backed OpenAI has launched a bug bounty program and is inviting the global community of security researchers, ethical hackers, and technology enthusiasts to help the company identify and address vulnerabilities in its artificial intelligent systems.
“We are excited to build on our coordinated disclosure commitments by offering incentives for qualifying vulnerability information,” OpenAI said in its blog post on Tuesday.
News & Updates
OpenAI Unveils New Bug Bounty Program to Fortify Cybersecurity
To strengthen the security of its state-of-the-art line of products, OpenAI has
launched a novel bug bounty program, inviting registered security specialists to
identify and report potential system flaws.
launched a novel bug bounty program, inviting registered security specialists to
identify and report potential system flaws.
The program boasts attractive incentives, starting at $200 for less significant
bugs and reaching an impressive $20,000 for critical vulnerabilities.
OpenAI said its latest initiative signifies its dedication to cybersecurity as
the organization acknowledges the hazards associated with the sw
Security
FBI Advising People to Avoid Public Charging Stations
The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to
News & Updates
Kodi data breach exposes info and private messages of 400,000 users
A data breach at The Kodi Foundation forum has exposed the personal info of over
400,000 users.
400,000 users.
The non-profit organization is the developer of the Kodi media center, a free
and open-source software entertainment hub and media player.
According to a breach notice published April 8, the Kodi Team learned of
unauthorized access after a data dump of its forum user base (MyBB) was offered
for sale online.
Kodi’s post also revealed how the criminals used compromised admin credentials
to infiltrate