MalwareAvast anti-rootkit driver used to seize control of infected systemsSteve ZurierNovember 25, 2024Malware leverages a legitimate – but outdated – Avast kernel driver, which lets it evade defenses and wreak havoc on systems.
Government RegulationsBevy of smart doorbell bugs earn Ekon an FCC penalty for negligenceShaun NicholsNovember 22, 2024The US Federal Communications Commission (FCC) proposed a $734,872 penalty against a smart doorbell manufacturer that was anything but
AI/MLFake ChatGPT, Claude PyPI packages spread JarkaStealer malwareLaura FrenchNovember 22, 2024The packages were installed more than 1,700 times each prior to their removal from the repository.
Patch/Configuration Management2K Palo Alto un-patched firewalls hacked despite warningsSteve ZurierNovember 22, 2024Shadowserver reports 2,000 firewalls were hacked just two days after CISA put the two PAN-OS bugs on the KEV catalog.
AI/MLGoogle’s AI-powered fuzzing tool discovers 26 new vulnerabilitiesLaura FrenchNovember 21, 2024LLM capabilities boosted OSS-Fuzz’s coverage and helped find a 20-year-old flaw in OpenSSL.
Network SecurityNorth Korean IT worker scam linked to Chinese front companiesSteve ZurierNovember 21, 2024SentinelLabs reveals information on four previously unreported Chinese front companies taken down by the U.S. government Oct. 10.
Vulnerability ManagementUbuntu affected by 10-year-old flaws in needrestart packageLaura FrenchNovember 20, 2024The five vulnerabilities could lead to local privilege escalation without user interaction.
RansomwareRussian women stepping up for cybercrime outfitsShaun NicholsNovember 20, 2024Women are increasingly taking on top roles within Russian-speaking threat actor groups.
Data SecurityFBI and CISA warn of continued cyberattacks on US telecomsSteve ZurierNovember 20, 2024China’s campaign against U.S. telecoms has been ongoing for years.
IdentitySemperis HIP conference tries to diagnose healthcare cybersecurityPaul WagenseilNovember 19, 2024Identity protection in healthcare was a dominant theme at last week’s Semperis HIP conference, with many participants offering guidance on how to improve medical cybersecurity.