Pulse of Truth

The $4.4 billion in crypto is set to be the largest pile of criminal proceeds ever sold off by the US. The former IRS agent who seized the recording-breaking sum, meanwhile, languishes in a Nigerian jail cell.

In this blog i will share different methods through which user and email enum can be done on a particular web application if the error…Continue reading on System Weakness »

70% of customer-facing APIs are secured using HTTPS, leaving nearly one-third of these APIs completely unprotected, according to F5. This is a stark contrast to the 90% of web pages that are now accessed via HTTPS, following the push for secure web communications over the past decade. “APIs are becoming the backbone of digital transformation efforts, connecting critical services and applications across organizations,” said Lori MacVittie, Distinguished Engineer at F5. “However, as our report indicates, … More → The post 30% of customer-facing APIs are completely unprotected appeared first on Help Net Security.

An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. [...]

American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. [...]

Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community," Morphisec researcher Shmuel Uzan said in a new report published today, adding "this malware

On Friday night, cryptocurrency scammers briefly hacked the LEGO website to promote a fake Lego token that could be purchased with Ethereum. [...]

New guidance helps CISOs communicate with Boards to improve oversight of cyber risk.

Google recently confirmed that Kaspersky apps are no longer accepted in the Android ecosystem. The tech giant is apparently complying with a ban imposed by US authorities on the Russian company, but the abrupt removal of these apps could leave mobile users vulnerable to future security threats.Read Entire Article

Zack Whittaker / TechCrunch: Experts have long warned “secure backdoor” systems are impossible; Salt Typhoon's reported hack of US ISPs' wiretap systems is a key example of backdoors' risks  —  News broke this weekend that China-backed hackers have compromised the wiretap systems of several U.S. telecom …

Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. [...]

Alphabet Inc. must lift restrictions that prevent developers from setting up rival marketplaces that compete with its Google Play Store, a judge ruled, upending the search giant’s dominance in the lucrative Android app market.

Hum from 300-megawatt facility allegedly causing stress, lack of sleep.

Electricity demand largely driven by AI and data centers.

When Sean Kelly bought a top-of-the-line vacuum cleaner, he imagined he was making a safe purchase.

Little did he know that the cleaning machine scuttling about his family's feet contained a security flaw that could let anyone see and hear their every move.

Read more in my article on the Hot for Security blog.

Philip Heijmans / Bloomberg: UN report: cyber crime syndicates raked in as much as $37B in 2023 and are growing in Myanmar, Cambodia, Laos, and across Southeast Asia despite police efforts  —  - Operations are becoming more professionalized with use of AI  — Casinos, hotels and SEZs being used by cyber crime groups

American Water Works Co. Inc., which supplies drinking water and wastewater services to more than 14 million people, said hackers had breached its computer networks and systems.

A hacker going by whatdahopper on X recently showed off footage of the Steam Deck booting into macOS Sequoia. It's an impressive technical feat, made possible through the collaborative efforts of an entire group dedicated to bringing macOS to non-Apple hardware. The OS recognizes the device as an iMac Pro.Read Entire Article

Google announced a trio of new theft protection features for Android earlier this year, designed to help secure your device if it's lost or stolen. After launching in beta in Brazil in August, these safeguards are now gradually making their way to more countries, including the United States. Some users...Read Entire Article

Comcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS, and are now informing their respective customers that their data has been compromised. [...]

Threat group given the name 'Salt Typhoon'.

Emmy-nominated filmmaker Cullen Hoback, known for exposing the authors of the QAnon conspiracy theory, is behind this latest investigation. The documentary will air on Tuesday at 9 p.m. EST.Read Entire Article

Radioactive hazards and cyber failings ... what could possibly go wrong? The outfit that runs Britain's Sellafield nuclear waste processing and decommissioning site has been fined £332,500 ($440,000) by the nation's Office for Nuclear Regulation (ONR) for its shoddy cybersecurity practices between 2019 and 2023.…

Comments

Irish data watchdog opens probe after 'numerous complaints' Ireland's Data Protection Commission (DPC) has launched an inquiry into Ryanair's Customer Verification Process for travelers booking flights through third-party websites or online travel agents (OTA).…