Experimental News Clipping Site

Tag: malicious actors

  • Hacker News: See the Thousands of Apps Hijacked to Spy on Your Location

    by

    Kurt Seifried
    in

    Source URL: https://www.404media.co/candy-crush-tinder-myfitnesspal-see-the-thousands-of-apps-hijacked-to-spy-on-your-location/ Source: Hacker News Title: See the Thousands of Apps Hijacked to Spy on Your Location Feedly Summary: Comments AI Summary and Description: Yes Summary: The article discusses the alarming exploitation of popular mobile apps by rogue advertisers who harvest sensitive location data without user or developer consent. It highlights how this data…

  • Alerts: CISA Adds One Vulnerability to the KEV Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/08/cisa-adds-one-vulnerability-kev-catalog Source: Alerts Title: CISA Adds One Vulnerability to the KEV Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282 Ivanti Connect Secure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the…

  • The Register: Crims backdoored the backdoors they supplied to other miscreants. Then the domains lapsed

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/08/backdoored_backdoors/ Source: The Register Title: Crims backdoored the backdoors they supplied to other miscreants. Then the domains lapsed Feedly Summary: Here’s what $20 gets you these days More than 4,000 unique backdoors are using expired domains and/or abandoned infrastructure, and many of these expose government and academia-owned hosts – thus setting these hosts…

  • Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/07/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-41713 Mitel MiCollab Path Traversal Vulnerability CVE-2024-55550 Mitel MiCollab Path Traversal Vulnerability CVE-2020-2883 Oracle WebLogic Server Unspecified Vulnerability Users and administrators are also encouraged to…

  • Hacker News: Hackers Claim Breach of Location Data Giant, Threaten to Leak Data

    by

    Kurt Seifried
    in

    Source URL: https://www.404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/ Source: Hacker News Title: Hackers Claim Breach of Location Data Giant, Threaten to Leak Data Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a significant data breach involving Gravy Analytics, a company that sells smartphone location data to the U.S. government. It highlights privacy concerns related to the…

  • Slashdot: New System Auto-Converts C To Memory-Safe Rust, But There’s a Catch

    by

    system automation
    in

    Source URL: https://developers.slashdot.org/story/25/01/03/133213/new-system-auto-converts-c-to-memory-safe-rust-but-theres-a-catch Source: Slashdot Title: New System Auto-Converts C To Memory-Safe Rust, But There’s a Catch Feedly Summary: AI Summary and Description: Yes Summary: Researchers at Inria and Microsoft have introduced a novel system for converting C programming code into memory-safe Rust code to combat memory vulnerabilities, a significant issue in software security. This…

  • CSA: How AI Powers Cybercrime and Defense

    by

    system automation
    in

    Source URL: https://abnormalsecurity.com/blog/key-insights-ethical-hacker Source: CSA Title: How AI Powers Cybercrime and Defense Feedly Summary: AI Summary and Description: Yes Summary: The text addresses the dual role of artificial intelligence in cybercrime and cybersecurity, highlighting how malicious actors leverage AI technologies to enhance their attacks while emphasizing the necessity for defenders to adapt AI-driven solutions. This…

  • Krebs on Security: U.S. Army Soldier Arrested in AT&T, Verizon Extortions

    by

    system automation
    in

    Source URL: https://krebsonsecurity.com/2024/12/u-s-army-soldier-arrested-in-att-verizon-extortions/ Source: Krebs on Security Title: U.S. Army Soldier Arrested in AT&T, Verizon Extortions Feedly Summary: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As…

  • The Register: More telcos confirm Salt Typhoon breaches as White House weighs in

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/30/att_verizon_confirm_salt_typhoon_breach/ Source: The Register Title: More telcos confirm Salt Typhoon breaches as White House weighs in Feedly Summary: The intrusions allowed Beijing to ‘geolocate millions of individuals’ AT&T, Verizon, and Lumen Technologies confirmed that Chinese government-backed snoops accessed portions of their systems earlier this year, while the White House added another, yet-unnamed telecommunications…

  • The Register: ‘That’s not a bug, it’s a feature’ takes on a darker tone when malware’s involved

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/23/firmware_malware_opinion/ Source: The Register Title: ‘That’s not a bug, it’s a feature’ takes on a darker tone when malware’s involved Feedly Summary: Mummy, where do zero days come from? Opinion One of the charms of coding is that malice can be indistinguishable from incompetence. Last week’s Who, Me? story about financial transfer test…