"Apple's iPhone Mirroring Flaw Exposes Employee Privacy Risks"

"Apple's iPhone Mirroring Flaw Exposes Employee Privacy Risks"

Apple's new iPhone mirroring feature has a privacy flaw. Cybersecurity researchers at Sevco found the bug, which allows personal apps on an iPhone to be listed in a company's software inventory when the feature is used on work computers, posing a major privacy risk for employees. This flaw could expose an employee's use of a Virtual Private Network (VPN), dating apps, health apps, and more. This article continues to discuss the root and potential risks of Apple's iPhone mirroring flaw.

Submitted by Gregory Rigby on

"AI-Powered Cybercrime Cartels on the Rise in Asia"

"AI-Powered Cybercrime Cartels on the Rise in Asia"

The United Nations Office on Drugs and Crime (UNODC) examined Artificial Intelligence (AI) threats in its latest report on cybercrime in Southeast Asia. Cybercriminals have been using generative AI (GenAI) to produce phishing messages in different languages, manipulative chatbots, mass disinformation on social media, and fake documents to get around Know-Your-Customer (KYC) checks. They have also been using it for polymorphic malware that can dodge security software. However, AI-powered cyberattacks involving deepfakes have grown increasingly popular.

Submitted by Gregory Rigby on

"30% of Customer-Facing APIs Are Completely Unprotected"

"30% of Customer-Facing APIs Are Completely Unprotected"

According to F5, 70 percent of customer-facing Application Programming Interfaces (APIs) are HTTPS-secured, leaving nearly one-third unprotected. The average organization manages 421 APIs, mostly in public cloud environments. The security model must cover inbound and outbound API traffic as APIs increasingly connect to AI services such as OpenAI. Current practices prioritize inbound traffic, leaving outbound API calls vulnerable. This article continues to discuss the vulnerability of customer-facing APIs and the problem of divided responsibility for API security within organizations.

Submitted by Gregory Rigby on

"UK Launches New Competition to Spur Cybersecurity Careers"

"UK Launches New Competition to Spur Cybersecurity Careers"

The UK government has recently launched a new competition designed to encourage young people to pursue careers in cybersecurity.  The UK Cyber Team Competition is open to 18–25-year-olds, who will undertake hands-on cyber exercises designed to push their technical expertise and problem-solving abilities.  According to the government, the competition will include simulations of real-world scenarios in areas like cryptography, digital forensics, web exploitation, and network security, designed to mirror the day-to-day challenges cybersecurity professionals face.

Submitted by Adam Ekwall on

"New Generation of Malicious QR Codes Uncovered by Researchers"

"New Generation of Malicious QR Codes Uncovered by Researchers"

Security researchers at Barracuda have discovered a new generation of QR code phishing (quishing) attacks.  The researchers found that there are new techniques that have been designed to evade traditional security defenses by including QR codes built from text-based ASCII/Unicode characters rather than the standard static image.  The researchers noted that this tactic is designed to evade optical character recognition (OCR)-based defenses.  In an email, it will look like a traditional QR code.  To a typical OCR detection system, it appears meaningless.

Submitted by Adam Ekwall on

"Australia Introduces First Standalone Cybersecurity Law"

"Australia Introduces First Standalone Cybersecurity Law"

The Australian government recently introduced the country's first standalone cybersecurity law to Parliament.  The new legislation aims to better protect citizens and organizations against a heightened geopolitical and cyber threat environment.  The Cyber Security Bill 2024 covers many areas, including mandating minimum cybersecurity standards for IoT devices and mandatory ransomware reporting for critical infrastructure organizations.

Submitted by Adam Ekwall on

"Microsoft Fixes Five Zero-Days in October Patch Tuesday"

"Microsoft Fixes Five Zero-Days in October Patch Tuesday"

Microsoft has recently patched two zero-day bugs under active exploitation and three that were publicly disclosed in this month’s Patch Tuesday update round.  The first exploited zero-day bug is CVE-2024-43572, a remote code execution (RCE) vulnerability in the Microsoft Management Console with a CVSS score of 7.8.  Threat actors could pair it with phishing, privilege escalation, or network propagation attacks to achieve data exfiltration, lateral movement, system compromise, and deployment of backdoors.

Submitted by Adam Ekwall on

"New Scanner Finds Linux, UNIX Servers Exposed to CUPS RCE Attacks"

"New Scanner Finds Linux, UNIX Servers Exposed to CUPS RCE Attacks"

A new automated tool created by cybersecurity researcher Marcus Hitchins helps security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) Remote Code Execution (RCE) flaw disclosed by Simone Margaritelli. The flaw enables arbitrary RCE under certain conditions. Akamai later showed that the flaw allowed for 600x amplification in Distributed Denial-of-Service (DDoS) attacks. This article continues to discuss the CUPS RCE flaw and the tool developed by Hitchins to scan environments for devices exposed to CUPS RCE attacks.

Submitted by Gregory Rigby on

"Seeking the Biometric Bill of Rights"

"Seeking the Biometric Bill of Rights"

Katina Michael, a professor in the School for the Future of Innovation in Society and School of Computing and Augmented Intelligence at Arizona State University, calls for better measures to secure sensitive biometric data. Biometric data refers to the unique physical characteristics of a person, including voice, fingerprint, palm, face, and DNA. Such data can help hackers carry out cybercriminal activities. This article continues to discuss Michael's insights and recommendations regarding cybersecurity and privacy for biometrics.

Submitted by Gregory Rigby on
Subscribe to