DigiCert to Revoke Thousands of Certificates Following DNS Validation Error
DigiCert, a major certificate authority, to revoke thousands of SSL/TLS certificates because of a Domain Control Verification error. This could affect a lot of websites.…
Author: Cybernoz
X allows users to turn off GROK AI Training due to data concerns
X, the social media platform formerly known as Twitter, is introducing a new feature that allows users to opt out of its AI training program…
VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access
A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by “several” ransomware groups to gain elevated permissions and deploy file-encrypting malware.…
Mandrake Spyware Resurges With New Advanced Evasion
The Android spyware known as Mandrake has made a significant resurgence with a new variant. This Mandrake spyware has been discovered hidden in five seemingly…
Coding practices: The role of secure programming languages
Safety and quality are not features that can be added through testing — they must be integral to the design. Opting for a safer or…
Review: Action1 – Simple and powerful patch management
Although endpoint anti-malware and other security controls are now standard at the operating system level, keeping all endpoint software up-to-date and secure remains an open…
Securing remote access to mission-critical OT assets
In this Help Net Security interview, Grant Geyer, Chief Strategy Officer at Claroty, discusses the prevalent vulnerabilities in Windows-based engineering workstations (EWS) and human-machine interfaces…
Insecure file-sharing practices in healthcare put patient privacy at risk
Healthcare organizations continue to put their business and patients at risk of exposing their most sensitive data, according to Metomic. 25% of publicly shared files…
Proofpoint’s Email Protection Service Exploited to Send Millions of Phishing Emails
A massive phishing campaign dubbed “EchoSpoofing” has exploited a critical vulnerability in Proofpoint’s email protection service, allowing cybercriminals to send millions of perfectly spoofed phishing…
Ransomware Gangs Exploiting VMware ESXi Authentication Bypass Flaw
Microsoft researchers have found a critical vulnerability in VMware’s ESXi hypervisors. Ransomware operators are using this problem to attack systems. This vulnerability, CVE-2024-37085, allows threat…
Hacker Scrapes and Publishes 100,000-Line CrowdStrike IoC List
USDoD hacker scrapes and leaks a 100,000-line Indicator of Compromise (IoC) list from CrowdStrike, revealing detailed threat intelligence data. The leak, posted on Breach Forums,…
U.S. Department Of Justice Urges Court To Reject TikTok Appeal
The U.S. Department of Justice has asked an appeals court to reject legal challenges to a law requiring ByteDance, TikTok’s Chinese parent company, to divest…