Pulse of Truth

Ivanti is advising administrators to get up to date on their patches following a new spell of exploits against Endpoint Manager (EPM).

A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. [...]

The ability to remain installed and undetected makes Perfctl hard to fight.

Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface, according to Elastic. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts. The most prevalent malware family observed this year was Cobalt Strike, accounting for 27.02% of infections. Cobalt Strike is a very mature commercial post-exploitation framework with an experienced research and development team. It is so effective … More → The post Cybercriminals capitalize on poorly configured cloud environments appeared first on Help Net Security.

Those of us old enough to remember BBS servers or even rainbow banners often go down the nostalgia hole about how the internet was better “back in the day” than …read more

Approximately 5% of all Adobe Commerce and Magento online stores, or 4,275 in absolute numbers, have been hacked in "CosmicSting" attacks. [...]

Fake trading apps on Google Play and Apple's App Store lure victims into "pig butchering" scams that have a global reach. [...]

The former county clerk suggested at her sentencing that God would get revenge against prosecutors because she's a "child of God."

While the storm could pose a threat to fragile electric systems, the National Oceanic and Atmospheric Administration says the danger is minor.

The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware. [...]

Linking Meta smart glasses to a face search engine can ID strangers in a glance.

Cloudflare recently mitigated another record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion Pps.  The post Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps appeared first on SecurityWeek.

The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in

And what looks like proof stolen data was never deleted even after ransom paid Building on the success of what's known around here as LockBit Leak Week in February, the authorities say they've arrested a further four individuals with ties to the now-scuppered LockBit ransomware empire.…

Email accounts inside 5 US companies unlawfully breached through password resets.

    Illustration by Alex Castro / The Verge

T-Mobile is investing millions of dollars into revamping its cybersecurity practices as part of a settlement with the US Federal Communications Commission. The company will also need to pay the US Treasury $15.75 million in civil penalties — the same amount as its internal cybersecurity investment. The commission says this “groundbreaking” settlement will serve as a model for the industry. Data breaches at T-Mobile in the last few years have leaked social security numbers, addresses, and driver’s license numbers for millions of people. The settlement clears up several T-Mobile investigations involving cybersecurity incidents in 2021, 2022, and 2023. The FCC press release says, “...these investigations developed evidence that the breaches...

Continue reading…

Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. [...]

Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Exclusive  Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment.…

    Illustration by Alex Castro / The Verge

Gamers hoping to spend an evening in front of their PlayStation 5 or PlayStation 4 may be out of luck unless they enjoy single-player experiences (have you tried Astro Bot?). Sony’s gaming network is suffering a massive outage on Monday night. The official PSN Service Status page confirms problems affecting everything, “Other, PS Vita, PS3, PS4, PS5, Web.” If it’s PlayStation — it’s not working. The most recent update tagged 9:21PM ET says that for gaming, “You might have difficulty launching games, apps, or network features. We’re working to resolve the issue as soon as possible. Thank you for your patience.” On my end, attempting to launch a game brought up “PS5 error Code WS-116522-7,” and the associated webpage from Sony tells me...

Continue reading…

The U.S. government has indicted a co-owner of a Minnesota IT company for his participation in an international conspiracy to sell forged license keys for networking devices. [...]

Google, Microsoft and others have taken big steps towards error-free devices, hinting that quantum computers that solve real problems aren’t far away

With hundreds of courts and agencies affected, chances are one near you is, too.

LLMs are helpful, but don't use them for anything important AI models just can't seem to stop making things up. As two recent studies point out, that proclivity underscores prior warnings not to rely on AI advice for anything that really matters.…

Alethe Denis exposes tricks that made you fall for that return-to-office survey Interview  A hacker walked into a "very big city" building on a Wednesday morning with no keys to any doors or elevators, determined to steal sensitive data by breaking into both the physical space and the corporate Wi-Fi network.…