Smart devices: using them safely in your home
<div>Many everyday items are now connected to the internet: we explain how to use them safely.</div>
Zyxel Customers Urged to Patch Exploited Bug
<div>Zyxel networking device users are being urged to update their firewalls and VPNs due to active exploitation of a vulnerability (CVE-2023-28771) that enables remote code execution. The flaw affects Zyxel’s ATP, USG Flex, VPN, and ZyWall/USG products and allows attackers to execute OS commands remotely. The vulnerability is being widely […]</div>
HMRC in New Tax Credits Scam Warning
<div>The UK’s tax office, HM Revenue and Customs (HMRC), has warned customers claiming tax credits about new scams targeting their personal and financial information. Fraudsters are using tactics such as posing as HMRC officials and creating a sense of urgency to trick claimants into giving money or sensitive data. Scams […]</div>
SolarWinds Transforms Brand to Signify Ongoing Evolution, Portfolio Expansion, and Customer Empowerment
<div>Refreshed version of iconic SolarWinds logo and vibrant new brand color palette honor company’s historic success while highlighting future vision.</div>
Chrome 114 Released With 18 Security Fixes
<div>Google has released Chrome 114 with 18 security fixes, including 13 vulnerabilities reported by external researchers. Among these, eight are rated as ‘high’ severity, with the most significant being an out-of-bounds write issue in Swiftshader (CVE-2023-2929), which earned a $15,000 bug bounty for the researcher. Other high-severity flaws include a […]</div>
Amazon Settles Ring Customer Spying Complaint
<div>Amazon has agreed to pay $30.8 million to settle privacy complaints related to its Ring home security cameras and Alexa smart speakers. The Federal Trade Commission accused Ring of failing to implement sufficient security measures, leading to privacy violations such as employees spying on female customers. The settlement requires Ring […]</div>
Are Internet Providers ‘Aiding and Abetting’ Crimes?
The internet was on tenterhooks over the question of whether the U.S. Supreme Court would find that online providers like Google, Facebook and others could continue to enjoy protection under the Communications Decency Act Section 230 for the statements and actions of users of their site. In particular, the Supreme Court was presented with an.. The post Are Internet Providers ‘Aiding and Abetting’ Crimes? appeared first on Security Boulevard.
Top macOS Malware Threats Proliferate: Here Are 6 to Watch
<div>Apple's growing market share — in a shrinking PC market — and the growing use of Golang for malware development is pushing a gradual increase in malicious tools targeting macOS environments.</div>
Stellar Cyber integrates with Amazon Security Lake to boost data processing and threat detection
Stellar Cyber announced support for the Amazon Security Lake from Amazon Web Services (AWS). Organizations using the Stellar Cyber Open XDR Platform and AWS can directly ingest data from the Amazon Security Lake into Stellar Cyber, automatically enabling richer data analysis and faster threat detection. Uniquely designed to meet the needs of lean Enterprise and MSSP security teams, the Stellar Cyber Open XDR Platform enables security operations teams to produce consistent security outcomes with
Dark Reading Launches Inaugural CISO Advisory Board
<div>Ten chief information security officers from a variety of verticals will provide valuable insights to Dark Reading on what they see as the industry's most pressing issues.</div>
Cisco Acquiring Armorblox for Predictive and Generative AI Technology
<div><p>Cisco is in the process of acquiring email security firm Armorblox for its predictive and generative artificial intelligence (AI) technology. </p> <p>The post <a rel="nofollow" href="https://www.securityweek.com/cisco-acquiring-armorblox-for-predictive-and-generative-ai-technology/">Cisco Acquiring Armorblox for Predictive and Generative AI Technology</a> appeared first on <a rel="nofollow" href="https://www.securityweek.com/">SecurityWeek</a>.</p></div>
Threat actors can exfiltrate data from Google Drive without leaving a trace
Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident responders “Google Workspace provides visibility into a company’s Google Drive resources using ‘Drive log events,’ for actions such as copying, deleting, downloading, and viewing files. Events that involve external domains also get recorded, like sharing an object
Microsoft Discovers Critical macOS Vulnerability Allowing SIP Bypass
Microsoft's Threat Intelligence team recently uncovered a significant vulnerability in macOS, exposing a flaw in the System Integrity Protection (SIP) mechanism. The vulnerability, dubbed "Migraine," enables attackers with root access to bypass SIP and perform arbitrary operations on macOS devices. This discovery raises concerns about system integrity, the installation of undeletable malware, and the potential compromise of private user data. Microsoft promptly reported the issue to Apple, res
Malicious PyPI Packages Using Compiled Python Code to Bypass Detection
<div>Researchers have discovered a novel attack on the Python Package Index (PyPI) repository that employs compiled Python code to sidestep detection by application security tools. "It may be the first supply chain attack to take advantage of the fact that Python bytecode (PYC) files can be directly executed," ReversingLabs analyst Karlo Zanki said in a report shared with The Hacker News. The package</div>
Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
<div><p>Critical authentication bypass and high-severity command injection vulnerabilities have been patched in Moxa’s MXsecurity product. </p> <p>The post <a rel="nofollow" href="https://www.securityweek.com/moxa-patches-mxsecurity-vulnerabilities-that-could-be-exploited-in-ot-attacks/">Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks</a> appeared first on <a rel="nofollow" href="https://www.securityweek.com/">SecurityWeek</a>.</p></div>
When byte code bites: Who checks the contents of compiled Python files?
During our continuous threat hunting efforts to find malware in open-source repositories, the ReversingLabs team encountered a novel attack that used compiled Python code to evade detection. It may be the first supply chain attack to take advantage of the fact that Python byte code (PYC) files can be directly executed, and it comes amid a spike in malicious submissions to the Python Package Index (PyPI). If so, it poses yet another supply chain risk going forward, since this type of attack
Cyberinsurance Prices Moderate as Premium Hikes Slow
Two reports focused on the cyberinsurance market found prices continued to moderate in the first quarter of 2023, according to the Global Insurance Market Index from Marsh. Average price increases rose by just 11% compared with 28% increases during the fourth quarter of 2022. A Fitch Ratings report found a decline in ransomware incidents helped slow.. The post Cyberinsurance Prices Moderate as Premium Hikes Slow appeared first on Security Boulevard.
Syxsense partners with VLCM to provide customers with endpoint security and management solutions
Syxsense announced a partnership with VLCM, an IT solutions and services provider focused on meeting customer needs for cybersecurity, networking, cloud, big data, and more. VLCM is one of Syxsense’s platinum channel partners and offers Syxsense Manage, Syxsense Secure, and Syxsense Enterprise, for customers looking to unify security and endpoint management. “VLCM is the largest IT solution provider in Utah, and we’re excited to be working with their team of engineers to help streamline endpoint
How Wazuh Improves IT Hygiene for Cyber Security Resilience
<div>IT hygiene is a security best practice that ensures that digital assets in an organization's environment are secure and running properly. Good IT hygiene includes vulnerability management, security configuration assessments, maintaining asset and system inventories, and comprehensive visibility into the activities occurring in an environment. As technology advances and the tools used by</div>
Amazon's Ring agrees to $5.8m settlement over alleged use of its cameras to spy on female customers
<div>The firm will also pay $25m for allegations Alexa stored child voice recordings indefinitely</div>