Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for How to Get a VPN and ...

 How to

Ever feel like the internet is watching you? Like someone's peering over your shoulder, taking mental notes on every website you visit? Well, it might not be as far-fetched as you think. Data breaches are a daily occurrence, and advertisers and even governments constantly track our online activities in some parts   show more ...

of the world. In fact, 6.41 million data records were leaked in the first quarter of 2023 itself! But there's a powerful tool at your disposal to combat these privacy concerns: a Virtual Private Network (VPN). Imagine a secure tunnel that encrypts your internet traffic, scrambling your data and hiding your online identity. That's exactly what a VPN does. Intrigued? In this article, we’ll talk about how to get a VPN, how to choose a VPN, when to use one, and much more! Do You Need a VPN? Whether you need a VPN depends on your online activities and comfort level with privacy. Here are some scenarios where a VPN can be beneficial: Public Wi-Fi: Using unencrypted public Wi-Fi networks at cafes, airports, or hotels exposes your data to potential snooping. A VPN encrypts your traffic, keeping your information safe from prying eyes. Data Privacy: VPNs mask your IP address, making it harder for websites and online services to track your browsing activity. Content Access: VPNs can bypass geo-restrictions, allowing you to access websites and streaming services that might be blocked in your region. Censorship Circumvention: If you live in a country with internet censorship, a VPN can help you access blocked websites and information. Ultimately, the decision to use a VPN is a personal one. If online privacy is a priority, a VPN can offer valuable peace of mind. How to Choose a VPN? Here are some key factors to ponder to ensure you select a VPN that aligns perfectly with your needs: Security: The cornerstone of a VPN is its ability to safeguard your online activity. Look for providers that offer industry-standard encryption protocols like OpenVPN or IKEv2. These protocols scramble your data using complex algorithms, making it virtually unreadable to anyone trying to intercept it. Avoid free VPNs, as they may prioritize cost-cutting measures over robust encryption, potentially leaving your data vulnerable. Privacy: Peace of mind regarding your online privacy should be a top priority. Choose a VPN provider with a strict no-logs policy. This policy guarantees that your online activity, including browsing history, downloaded files, and connection timestamps, isn't tracked, monitored, or stored by the VPN provider. Look for providers based in privacy-friendly jurisdictions with strong data protection laws, such as Switzerland, Iceland, or the British Virgin Islands. These countries generally have minimal government interference and stringent regulations regarding user data retention. Speed and Performance: While VPNs encrypt your data for security, this process can add some overhead, potentially slowing down your internet connection. However, the impact on speed can vary significantly depending on the provider's infrastructure and server network. Here's what to consider: Server Network Size and Distribution: Choose a VPN provider with a large and geographically diverse network of servers. This provides you with more options to connect to a server close to your physical location, minimizing the distance your data travels and maintaining optimal speeds. Modern Infrastructure: Opt for providers that invest in modern server hardware and utilize high-bandwidth connections. This ensures efficient data processing and minimizes the impact on your internet speed. Server Locations: If you plan to use your VPN for bypassing geo-restrictions, having access to servers in specific regions becomes crucial. For instance, if you want to watch a show only available on a US streaming platform, you'll need a VPN provider with servers located in the United States. The more server locations a provider offers, the greater your flexibility in accessing content from around the world. Device Compatibility: Ensure the VPN provider offers user-friendly apps or software compatible with the devices you use most frequently. Look for providers that support a wide range of platforms, including Windows, macOS, iOS, Android, Linux, and even smart TVs or routers. This allows you to seamlessly extend your VPN protection across all your devices. Customer Support: Reliable customer support is vital in case you encounter any issues with the VPN setup, connection problems, or troubleshooting technical difficulties. Look for providers with multiple support channels, such as live chat, email support, or a comprehensive knowledge base filled with tutorials and FAQs. Additional Tips: Read online reviews and comparisons of different VPN providers. Consider trying a money-back guarantee to test out a VPN before committing. Be wary of providers with overly-aggressive advertising or unrealistic promises. When Should I Use a VPN? A VPN offers a versatile tool for enhancing online security and privacy in various scenarios. Here's a detailed breakdown of situations where using a VPN is highly recommended: Connecting to Public Wi-Fi: Public Wi-Fi networks, readily available in cafes, airports, hotels, and even some public spaces, often lack robust security measures. When using public Wi-Fi, your data travels unencrypted, making it vulnerable to potential snooping by hackers or malicious actors. A VPN encrypts your internet traffic, creating a secure tunnel that safeguards your data from unauthorized access. This is especially crucial when accessing sensitive information like bank accounts, online payments, or personal documents on public Wi-Fi. Accessing Geo-restricted Content: Geo-restrictions are limitations imposed by websites or streaming services based on your geographical location. For instance, a popular TV show might be unavailable in your region due to licensing agreements. A VPN allows you to bypass these restrictions by connecting you to a server in a different location. This makes it appear as though you're browsing the internet from that location, granting you access to the previously restricted content. However, it's important to note that circumventing geo-restrictions might violate the terms of service of certain platforms, so be sure to check their policies before using a VPN for this purpose. Using P2P File Sharing: P2P (peer-to-peer) file sharing involves directly connecting with other users to share files. While convenient for sharing large files, P2P networks can be breeding grounds for security risks. Malicious actors might monitor P2P activity to steal copyrighted content or even inject malware into shared files. A VPN encrypts your P2P traffic and masks your IP address, protecting your identity and online activity from prying eyes. Sending Sensitive Information Online: Whenever you transmit sensitive information online, such as banking details, credit card information, or social security numbers, using a VPN adds an extra layer of security. By encrypting your data, a VPN makes it virtually unreadable in transit, significantly reducing the risk of interception by hackers or eavesdroppers. This is particularly important when accessing online banking portals, making online purchases, or filing tax returns. Censorship Circumvention: In countries with internet censorship, certain websites or information might be blocked by the government. A VPN can help you bypass these restrictions by connecting you to a server in a location with unrestricted internet access. This allows you to access censored information and exercise your right to free speech online. However, it's essential to be aware of the local laws regarding internet censorship and VPN usage in your region. Protecting Yourself from Targeted Advertising: Many websites and online services track your browsing activity to build user profiles and target you with relevant advertisements. A VPN hides your IP address, making it harder for websites to track your online movements and significantly reducing the amount of targeted advertising you encounter. Enhancing Online Privacy: VPNs provide a valuable shield for those concerned about online privacy. By encrypting your internet traffic and masking your IP address, a VPN makes it more difficult for websites and online services to track your browsing activity and collect your data. This allows you to enjoy a more private and anonymous online experience. How to Get a VPN and Set It Up: A Step-by-Step Guide Now that you understand the benefits of a VPN, here’s how to get a VPN on different devices: Windows 10 & 11 Choose a VPN Provider: Select a reputable VPN provider based on the factors mentioned earlier. Download the VPN application for Windows from the provider's website. Install the VPN App: Double-click the downloaded installer file and follow the on-screen instructions. Grant necessary permissions if prompted. Launch the VPN App: Open the VPN application and log in using your account credentials provided by the VPN service. Connect to a VPN Server: The app interface will typically display a list of available server locations. Choose a server based on your needs (e.g., speed, location for bypassing geo-restrictions). Connect and Enjoy Secure Browsing: Click the "Connect" button for the chosen server. The application will establish the VPN connection, and a notification will indicate a successful connection. macOS Download the VPN App: Visit your chosen VPN provider's website and download the macOS application installer. Install the VPN App: Double-click the downloaded installer file and follow the installation prompts. Enter your administrator password when required. Launch the VPN App: Open the VPN application and sign in with your VPN service account credentials. Connect to a VPN Server: The app interface will usually display a list of available VPN servers. Choose a desired server location. Connect and Secure Your Connection: Click the "Connect" button for the chosen server. The application will establish the VPN connection, and a notification will confirm a successful connection. iOS Download the VPN App: Open the App Store on your iPhone or iPad and search for your chosen VPN provider's app. Download and install the app. Launch the VPN App: Open the VPN app and log in with your VPN service account details. Configure the VPN Connection: Follow the in-app instructions to establish the VPN connection. You might need to grant the app permission to add VPN configurations. Connect and Secure Your Mobile Browsing: Tap the "Connect" button within the app. The app will initiate the VPN connection, and a notification will indicate a successful connection. Android Download the VPN App: Open the Google Play Store on your Android device and search for your chosen VPN provider's app. Download and install the app. Launch the VPN App: Open the VPN app and log in with your VPN service account credentials. Configure the VPN Connection: Follow the on-screen instructions within the app to set up the VPN connection. You might need to grant the app permission to establish a VPN profile. Connect and Secure Your Mobile Browsing: Tap the "Connect" button within the app. The app will initiate the VPN connection, and a notification will confirm a successful connection. When Should I Pay for a VPN? While free VPNs might seem like a tempting option, there are significant drawbacks that make them unsuitable for most users who prioritize online security and privacy. Here's a breakdown of why paying for a VPN might be the smarter choice: Stronger Security and Privacy: Encryption Strength: Free VPNs often use weaker encryption protocols compared to their paid counterparts. Paid VPNs typically utilize robust encryption protocols like OpenVPN or IKEv2, offering a higher level of protection for your data. No-Logs Policy: Scrutinize the logging policy of any VPN service. Free VPNs might track and store your online activity, potentially selling your data to third parties. Paid VPN providers with strict no-logs policies ensure your activity remains private and isn't logged on their servers. Faster Speeds and Performance: Server Infrastructure: Free VPNs usually have a limited number of servers, often overloaded with users. This translates to slower connection speeds and potential buffering issues, especially when streaming content or downloading files. Paid VPNs invest in a vast network of servers spread across different locations. This allows for better distribution of user traffic, resulting in faster and more consistent connection speeds. More Server Options: Geo-Restrictions: Free VPNs may offer a handful of servers, limiting your ability to bypass geo-restrictions effectively. Paid VPNs offer a much wider range of server locations, allowing you to connect to servers in specific countries to access geo-blocked content or websites. Reliable Customer Support: Technical Assistance: Free VPNs often lack dedicated customer support, leaving you to troubleshoot any issues on your own. Paid VPNs typically offer responsive customer support teams to assist you with setup problems, configuration queries, or technical difficulties. Who Should Definitely Consider a Paid VPN? Here are some user profiles that would significantly benefit from the features and security offered by a paid VPN: Frequent Public Wi-Fi Users: If you regularly connect to public Wi-Fi networks, a paid VPN's strong encryption is crucial to safeguard your data from snooping attempts. Privacy-Conscious Individuals: For users who prioritize online privacy and data protection, a paid VPN with a strict no-logs policy offers the peace of mind they deserve. Gamers: Online gamers can benefit from a paid VPN's ability to reduce lag and optimize ping times for a smoother gaming experience. Business Users: Businesses handling sensitive information should always opt for a paid VPN with robust security features to protect confidential data. Streamers and Content Consumers: Paid VPNs with a large server network enable users to access geo-restricted streaming services and content libraries. Key Takeaways A VPN encrypts your internet traffic and protects your online privacy, especially on public Wi-Fi. Choose a VPN provider with strong security, a no-logs policy, and a large server network. Paid VPNs generally offer better security, speed, and features than free VPNs. Use a VPN on public Wi-Fi, to bypass geo-restrictions, or for any activity where you want to secure your online identity. Setting up a VPN is easy and can be done on most devices in just a few steps. FAQs Can I get a free VPN? Some VPN providers offer limited free versions, but premium features often require a subscription. How much does a VPN cost? VPN costs vary depending on the provider and subscription plan, ranging from free to monthly or yearly fees. How do I create a VPN? Creating a VPN typically involves setting up a server, configuring protocols, and ensuring security measures. How do I install a free VPN? Free VPNs can be installed by downloading the provider's app from their website or app store and following the installation instructions. What is the safest VPN? The safest VPNs prioritize strong encryption, a no-logs policy, and robust security features, such as NordVPN, ExpressVPN, and CyberGhost.

image for Shielding Your Data: ...

 How to

Imagine this: a spreadsheet holding your company's financial secrets, a client list with confidential contact details, or even a personal budget with sensitive information. Suddenly, a shiver runs down your spine as you realize that anyone with access to your computer could peek into this data vault! This   show more ...

isn't just a hypothetical scenario. According to Deloitte, 32% of successful breaches involve phishing techniques and unauthorized access to files. However, don’t worry! In this article, we’ll teach you how to password protect an Excel file, how to encrypt an excel sheet, and much more to keep your data safe. What is Password Protection? Password protection restricts access to a file. In Excel's context, this means requiring a valid password to open, modify, or view the workbook's contents. Imagine a vault safeguarding your data; the password serves as the key. How to Choose the Right Level of Password Protection in Excel? Excel provides a toolbox of password protection features, each offering distinct advantages depending on your security needs. Here are the options available: Workbook Protection: Function: Prevents unauthorized users from opening or modifying the entire workbook structure. This includes adding, deleting, or rearranging worksheets. Use Cases: Ideal for workbooks containing sensitive data that should not be tampered with. Security Strength: While it deters casual access, a determined user with advanced tools might be able to bypass it. Impact on Collaboration: Disallows any modification until the password is provided. Encryption: Function: Encrypts the entire workbook's content, rendering it unreadable without the password. It acts like a digital vault, scrambling the data itself. Use Cases: Perfect for highly confidential information requiring the strongest protection. Think financial records, trade secrets, or personal data. Security Strength: Encryption offers robust security, making the data unreadable without a password. Impact on Collaboration: Any access or modification requires a password like workbook protection. Hidden Sheets: Function: While not strictly password protection, hiding sensitive sheets within a workbook adds an extra layer of obscurity. Users won't see the hidden sheets unless they know how to unhide them. Use Cases: Suitable for information that doesn't require the strongest protection but could benefit from an additional layer of privacy. Security Strength: Hidden sheets can be easily unhidden by users familiar with Excel functionalities. Impact on Collaboration: Hidden sheets remain inaccessible to collaborators unless unhidden manually. Worksheet Protection: Function: Allows specific users with the password to modify or format specific worksheets within the workbook, while others can only view them. This offers granular control over access permissions. Use Cases: Ideal for workbooks containing both sensitive and non-sensitive information. You can password-protect specific worksheets containing confidential data while allowing collaborators to view or edit others. Security Strength: Worksheet protection relies on the password's strength. Impact on Collaboration: Enables a collaborative environment with controlled access levels. Cell Protection: Function: Locks individual cells, preventing unauthorized editing of specific data points. Imagine a locked safe within a larger vault (the workbook). Use Cases: Useful for protecting specific data points within a worksheet, such as formulas or critical values. Security Strength: Cell protection relies on the overall workbook password strength. Impact on Collaboration: Allows for collaborative editing while safeguarding sensitive data points within the worksheet. Choosing the Right Option: The best protection level depends on your specific needs. Consider these factors: Data Sensitivity: How critical is the information in your Excel file? Collaboration Needs: Will you be sharing the file with others, and if so, what level of access do they require? Security Requirements: Are there any industry regulations or internal policies dictating the level of data protection needed? When Should You Password Protect an Excel File? Data breaches and unauthorized access are constant threats in today's digital world. Password protection for Excel files is a vital security measure, safeguarding sensitive information. Here are some key scenarios where password protection becomes essential: Financial Data: Excel is a popular tool for managing financial records. Spreadsheets containing salaries, bank account details, investment plans, or tax information require the highest level of security. Password protection ensures only authorized individuals with the password can access and modify this sensitive data. Confidential Information: Many businesses use Excel to store confidential information, such as trade secrets, marketing strategies, customer lists, or product development plans. A data leak could have disastrous consequences. Password protection is a first line of defense, preventing unauthorized access to this critical information. Personally Identifiable Information (PII): Data breaches involving PII, such as social security numbers, addresses, phone numbers, or medical records, can have severe legal and financial ramifications. If your Excel files contain any PII, password protection is non-negotiable. Compliance with Regulations: Certain industries and organizations have strict data security regulations. For example, the healthcare sector may need to comply with HIPAA (Health Insurance Portability and Accountability Act), which mandates specific safeguards for patient data. Password protection can be a crucial element in demonstrating adherence to such regulations. Internal Data Security Policies: Many companies have internal policies governing data security. These policies may mandate password protection for any spreadsheet containing sensitive or confidential information. Following these policies ensures consistency and minimizes the risk of data breaches within the organization. Collaboration with External Parties: When sharing Excel files with external partners, clients, or vendors, password protection adds an extra layer of security. It ensures only the intended recipients can access the information, mitigating the risk of accidental or unauthorized disclosure. Sensitive Calculations or Formulas: Spreadsheets containing complex formulas or calculations that underpin critical business decisions can benefit from password protection. This prevents accidental modification or tampering with these formulas, which could have significant consequences. Intellectual Property: Excel can be used to store intellectual property like product designs, research data, or creative content. Password protection safeguards these valuable assets from unauthorized access and potential theft. Even seemingly non-sensitive data, if leaked, can have detrimental consequences. Password protection provides peace of mind, knowing your information is secure. How to Password Protect an Excel File? Here's a step-by-step guide to password-protecting your Excel file: Open your Excel workbook. Click on the "File" tab. Select "Info" from the left-hand menu. Click on "Protect Workbook" and choose "Encrypt with Password." Enter your desired password in the "Password" box and retype it in the "Verify Password" box. Click "OK" to save the password protection. Important Note: Choose a strong password - a combination of uppercase and lowercase letters, numbers, and symbols. Avoid using personal information or easily guessable words. How to Change or Remove Your Excel File Password? To change your password: Follow steps 1-4 mentioned above. Enter the existing password in the "Password" box. Create and confirm a new password. Click "OK" to save the changes. To remove password protection: Follow steps 1-4 mentioned above. Leave the "Password" and "Verify Password" boxes empty. Click "OK" to remove the password protection. Remember: Once you remove the password, there's no way to recover it. Ensure you have no further need for password protection before removing it. Encrypting an Excel Document In Excel, you can take password protection to the next level by encrypting your file. Encryption scrambles the workbook's contents, making it unreadable without the password. Here's how: Follow steps 1-4 mentioned in the "How to Password Protect an Excel File" section. A window titled "Encrypt Document" will appear. Choose the desired encryption level (128-bit or 256-bit) - higher encryption offers stronger protection but may take longer to process. Click "OK" to encrypt the file. Important Note: Encryption offers robust security but comes with a slight performance trade-off. Choose the encryption level based on your file's sensitivity and processing needs. Password Protection vs. Encryption While both password protection and encryption offer security for your Excel files, they achieve this in different ways and offer varying levels of protection. Here's a more detailed breakdown of their key differences: Strengths and Weaknesses: Password Protection: Strengths: Easy to implement, provides basic access control, doesn't impact file performance. Weaknesses: Doesn't scramble the data, a determined attacker with advanced tools might crack the password and access the information. Encryption: Strengths: Offers a higher level of security by scrambling the data itself, making it unreadable without the password. More resistant to brute-force attacks where hackers try to guess the password. Weaknesses: It can slightly impact file performance because the encryption process can be more complex than basic password protection. Choosing Between Password Protection and Encryption: The best choice depends on the sensitivity of your data and the level of security you require. Here's a decision-making guide: Use Password Protection for: Files containing moderately sensitive information, such as internal budgets or project timelines. Situations where you need to restrict access but don't require the strongest possible encryption. When collaborating with others and wanting to share the password for viewing or editing purposes easily. Use Encryption for: Highly sensitive data, like financial records, personal information, or trade secrets. Scenarios where you need maximum security to protect your data from unauthorized access, even from sophisticated attacks. When sharing files electronically, and want to ensure an extra layer of protection during transmission. Benefits of Password Protection Password protection offers a multitude of advantages, safeguarding your data and ensuring its integrity. Here's a deeper dive into the key benefits: Restricted Access: This is the most fundamental benefit. Password protection acts as a gatekeeper, preventing unauthorized individuals from even opening the Excel file. This is crucial for protecting sensitive information like financial data, client details, or confidential company strategies. Data Security: Beyond restricting access, password protection goes a step further. It prevents unauthorized users from modifying, deleting, or altering your data within the workbook. This safeguards against accidental or intentional data breaches, ensuring the accuracy and reliability of your information. Privacy: For workbooks containing personal identifiable information (PII) like social security numbers, addresses, or phone numbers, password protection becomes paramount. It shields this sensitive data from prying eyes, protecting individuals' privacy and preventing potential identity theft or misuse of personal information. Compliance: Many industries and organizations have strict data security regulations in place. Password protection can be a crucial element in complying with these regulations, such as HIPAA (Health Insurance Portability and Accountability Act) in the healthcare sector or the GDPR (General Data Protection Regulation) for data privacy in the European Union. Implementing password protection demonstrates your commitment to data security and helps you meet regulatory requirements. Peace of Mind: Knowing that your data is secured behind a password barrier provides invaluable peace of mind. You can work with confidence, assured that your sensitive information is not at risk of unauthorized access or accidental modification. This fosters a sense of control and reduces the stress associated with data security concerns. Version Control: Password protection can be used in conjunction with version control features offered by Excel. By restricting editing access, you can ensure that only authorized users can modify the data, preventing accidental overwrites or unauthorized changes to previous versions. Improved Collaboration: In controlled collaboration environments, password protection can be beneficial. You can share the workbook with authorized users while maintaining control over editing capabilities. This allows for teamwork while safeguarding sensitive data from accidental or unauthorized modifications. What Happens if I Forget or Lose My Password? Can Microsoft Retrieve Them? Unfortunately, Microsoft cannot retrieve lost or forgotten passwords for Excel files. The password serves as a one-way key to decrypt the data. Losing it essentially renders the file inaccessible. This is why it's crucial to choose a strong password you can remember and store it securely, perhaps using a password manager. Here are some tips for managing your Excel file passwords: Choose a memorable password: Use a combination of words, numbers, and symbols that you can easily recall. Consider using a mnemonic phrase, a sentence you can easily remember that helps you create a complex password. Don't store the password in the file itself: This defeats the purpose of password protection. Use a password manager: A password manager securely stores your passwords for various applications, including Excel files. Write it down: If you can't trust your memory, write down the password on a piece of paper and store it in a secure location, separate from your computer. Key Takeaways Password protection and encryption are essential tools for safeguarding sensitive data in Excel files. Understand the different protection levels (workbook protection, encryption, sheet hiding, worksheet protection, cell protection) to choose the right approach for your needs. Create strong, memorable passwords and store them securely using a password manager or a written note in a safe location. Regularly back up your Excel files and consider permission levels when collaborating with others to ensure comprehensive data security. Losing your password can permanently lock you out of your data; prioritize safe password management practices. FAQs How do you put a password on an Excel file? To put a password on an Excel file, open the file, go to the File menu, click on Info, then click on Protect Workbook and select Encrypt with Password. How do I protect an Excel file with a password and read-only? To protect an Excel file with a password and read-only, open the file, go to the File menu, click on Save As, then click on Tools, General Options, and enter a password under Password to modify. How to password protect a file? To password protect a file, open the file, go to the File menu, click on Info, then click on Protect Document and select Encrypt with Password. How do I protect an Excel spreadsheet from viewing? To protect an Excel spreadsheet from viewing, open the file, go to the Review tab, click on Protect Sheet, and then select a password. How secure is a password protected Excel File? The security of a password protected Excel file depends on the strength of the password. It is generally secure, but using a strong, unique password is recommended for better security.

image for Navigating the Evolv ...

 Features

By Shrikant Navelkar, Director, Clover Infotech Due to the significant advancements in the IT industry, the adoption of cloud computing has rapidly shifted from being a mere concept to an essential requirement for companies of all sizes across various sectors. However, merely selecting a cloud service provider and a   show more ...

compatible architecture is not enough. To fully leverage the potential of this technology, a thorough reassessment of existing operations, processes, and business culture may be necessary. According to Gartner, it is projected that seventy percent of enterprise workloads will migrate to the cloud by 2024. Despite this, three out of four organizations lack a suitable cloud strategy. Regardless of their stage in the cloud journey, every business requires a well-defined cloud strategy. A comprehensive cloud strategy should be business-driven, addressing key issues of "what" and "why," and aligning closely with the organization's overarching business objectives. What is a Cloud Strategy? A cloud strategy refers to a company’s plan for adopting and using cloud computing services and resources. It can include the following key elements: cloud adoption roadmap, cloud service model evaluation, cloud provider evaluation, cloud governance, and application modernization. Overall, a cloud strategy enables a company to adopt cloud computing in a systematic and well-defined and governed manner. Here are the trending cloud strategies for 2024: Democratization of AI Cloud infrastructure has a big role in democratizing AI by providing accessible, scalable, and cost-effective resources for individuals and organizations of all sizes. Through on-demand access to AI tools, frameworks, and services, coupled with elastic scalability and pay-as-you-go pricing models, cloud platforms enable experimentation, innovation, and deployment without the need for extensive upfront investment. This accessibility lowers barriers to entry, allowing smaller businesses, startups, and individual developers to participate in the AI-driven innovation. Optimization of Hybrid and Multi-Clouds Environment Organizations are increasingly adopting a multi-hybrid cloud approach, which combines public, private, and edge cloud environments, to leverage the strengths of each while mitigating their respective limitations. However, if its usage is not optimized then it can lead to wastage of resources, time and funds. Hence, optimizing the use of a multi-hybrid cloud is emerging as a significant trend in cloud computing as it allows for flexibility, security, compliance, and cost-efficiency enabling businesses to address their diverse needs effectively. Making the cloud sustainable Considering the growing environmental awareness, major cloud service providers such as Amazon, Microsoft, Oracle, and Google have each committed to achieving net-zero emissions, not only within their own operations but also to assist their customers in reducing their carbon footprints. Furthermore, these cloud service providers have outlined plans to procure 100 percent of the energy for their operations from renewable sources. Thus, the push towards greener and sustainable cloud is emerging as a significant trend in 2024. Revolutionizing Data Management with Edge Computing Edge computing is emerging as a pivotal trend in cloud computing due to its ability to process data closer to its source, reducing latency, enhancing bandwidth efficiency, and bolstering privacy and security by keeping sensitive data local. This approach enables applications to operate offline, ensuring uninterrupted functionality in remote or unstable environments, while also offering scalability and flexibility to adapt to diverse use cases. As the Internet of Things (IoT) expands and the need for real-time data analytics intensifies, edge computing is poised to revolutionize how data is managed, paving the way for innovation and efficiency across industries. Simplification of Cloud Computing Simplifying the cloud for non-technical people, and making it more user-friendly is a rapidly rising trend. No-code and low-code tools are allowing non-technical people to develop applications that would previously have required a trained software engineer. Additionally, many cloud providers are offering drag-and-drop features and natural language tools that minimize or eliminate the need for technical skills. This trend is democratizing the use of cloud tools and services. In conclusion, as we navigate the ever-evolving landscape of cloud computing in 2024, it's evident that embracing innovation and staying agile are key to achieving success in this dynamic environment. By adopting strategies that prioritize flexibility, scalability, security, and sustainability, organizations can harness the full potential of cloud technologies to drive growth, streamline operations, and deliver exceptional value to their customers. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

image for How to Block Scam Li ...

 How to

In an era where phone calls seemed to be on the decline, scammers proved otherwise by inundating our cell phones with relentless calls, employing deceitful tactics to extract information and money from unsuspecting victims. Initially perceived as a modern-day nuisance akin to telemarketers, these calls soon revealed a   show more ...

more sinister nature. Interrupting important moments like work meetings, they posed a significant threat beyond mere annoyance. Truecaller, a spam-blocking app, reported that approximately 70 million Americans collectively lost $40 billion due to phone scams, including calls and texts, in 2022. Amidst this growing concern, many individuals are seeking solutions to How to Block Scam Likely Calls and protect themselves from potential harm. Is there a foolproof method to thwart these scams permanently? Which apps can be relied upon to safeguard against such threats? Here's everything you need to know. What is a Spam Call? A spam call refers to an unwanted telephone call received from an unknown source, typically targeting a large number of individuals simultaneously. These calls are often initiated with the intention of deceiving recipients into providing sensitive information or financial gain. Various forms of spam calls exist, including telemarketing, robocalls, spoofing, as well as scams impersonating legitimate entities such as the IRS or insurance companies. Engaging with spam calls can exacerbate the issue, potentially leading to an increase in the frequency of such calls. Responding to or answering spam calls may result in your phone number being flagged as active and susceptible to scams. Consequently, scammers may target your number more frequently in the belief that you are more likely to divulge sensitive information inadvertently or willingly. Thus, avoiding interacting with spam calls whenever possible is advisable to minimize their occurrence.  How to Block Scam Likely Calls Blocking spam calls can help reduce the annoyance and potential risks of receiving unwanted calls. Here's how you can block spam calls on your smartphone: 1) Use Built-in Call Blocking Features: Many smartphones come with built-in call-blocking features that allow you to block specific phone numbers. On both Android and iOS devices, you can typically access these features by going to the Phone app, selecting the spam call in your call history, and choosing the option to block the number. 2) Enable Caller ID and Spam Protection: Some smartphones offer caller ID and spam protection features that automatically identify and block potential spam calls. You can enable these features in your device settings or through dedicated apps to detect and block spam calls. 3) Install Third-Party Call Blocking Apps: There are several third-party apps available for both Android and iOS devices that offer advanced call-blocking features. These apps can help block spam calls based on community reports, identify unknown callers, and provide additional security features. 4) Register with the National Do Not Call Registry: In some countries, such as the United States, you can register your phone number with the National Do Not Call Registry to reduce the number of telemarketing calls you receive. While this may not eliminate all spam calls, it can help reduce their frequency. 5) Report Spam Calls: Most smartphones allow you to report spam calls directly from your call history. Reporting spam calls helps phone carriers and regulatory agencies identify and take action against spammers. Additionally, consider reporting spam calls to your phone carrier or relevant authorities if you continue to receive them despite blocking individual numbers. Utilizing these methods can effectively block spam calls and improve your overall calling experience. How to Stop Scam Likely Calls on Landline? Stopping scam likely calls on a landline can help reduce the annoyance and potential risks of receiving unwanted calls. Here are some methods to prevent scam likely calls on your landline: 1) Use a Call Blocking Device: Invest in a call-blocking device or service designed explicitly for landline phones. These devices typically use caller ID and other parameters to automatically identify and block scam likely calls. 2) Enable Caller ID Services: Make sure your landline phone service includes caller ID functionality. This lets you see the incoming caller's phone number before answering, helping you identify potential scam likely calls. 3) Utilize Call Blocking Features: Many landline phones come with built-in call-blocking features that allow you to block specific phone numbers or categories of calls, such as anonymous or unknown callers. Refer to your landline phone's user manual or contact your phone service provider for instructions on activating these features. 4) Register with the National Do Not Call Registry: In some countries, such as the United States, you can register your landline phone number with the National Do Not Call Registry to reduce the number of telemarketing calls you receive. While this may not eliminate all scam likely calls, it can help reduce their frequency. 5) Screen Calls: Consider screening incoming calls by letting them go to voicemail and only answering calls from recognized numbers. Scammers are less likely to leave a message, so this can help filter out potential scam likely calls. 6) Report Scam Likely Calls: If you continue to receive scam likely calls on your landline despite taking preventive measures, consider reporting them to your phone service provider or relevant authorities. Reporting scam likely calls helps phone carriers and regulatory agencies identify and take action against scammers. By implementing these strategies, you can minimize the impact of scam likely calls on your landline and protect yourself from potential scams and fraud. How to Stop Spam Calls Free? Stopping spam calls for free requires a combination of tactics and tools to help reduce their frequency. Here are some methods you can use to stop spam calls without spending money: Use Built-in Call Blocking Features: Many smartphones come with built-in call blocking features that block specific phone numbers or categories of calls. Check your phone's settings or call management options to see if these features are available. Install a Call Blocking App: Several free call-blocking apps are available for Android and iOS devices. These apps use crowdsourced databases of known spam numbers and advanced algorithms to identify and block spam calls automatically. Some popular free call blocking apps include Hiya, Nomorobo, and RoboKiller. Enable Do Not Disturb Mode: Most smartphones have a "Do Not Disturb" mode that allows you to silence calls and notifications from unknown or unwanted numbers. You can customize the settings to allow calls from your contacts while blocking calls from unknown numbers or numbers not in your address book. Register with the National Do Not Call Registry: In countries like the United States, you can register your phone number with the National Do Not Call Registry for free. While this may not eliminate spam calls, it can reduce the number of telemarketing calls you receive. Screen Calls Manually: If you receive a call from an unfamiliar number, let it go to voicemail and only return the call if it's from a legitimate contact. Scammers are less likely to leave voicemails, which can help filter out spam calls. Report Spam Calls: If you receive a spam call, consider reporting it to your phone carrier or relevant regulatory authorities. Reporting spam calls helps phone carriers identify and block suspicious numbers, ultimately reducing the number of spam calls received by others. How to Stop Unwanted Calls on Cell Phone? Stopping unwanted calls on your cell phone can be frustrating, but you can use several effective methods to minimize or eliminate them. Here's a detailed guide on how to stop unwanted calls on your cell phone: 1) Activate Call Blocking Features: Many smartphones come with built-in call blocking features that allow you to block specific phone numbers or categories of calls. Check your phone's settings or call management options to see if these features are available. Android devices often have a "Block numbers" option in the call settings, allowing you to input the numbers you want to block manually. iPhones have a "Block this Caller" option in the contact details or recent calls list, which prevents the selected number from contacting you via phone calls, messages, or FaceTime. 2) Install Call Blocking Apps: Consider downloading and installing call blocking apps from trusted sources. These apps use crowdsourced databases of known spam numbers and advanced algorithms to automatically identify and block spam calls. Popular call-blocking apps include Hiya, Nomorobo, RoboKiller, and Truecaller. Many of these apps offer free versions with basic features and premium versions with additional functionality. 3) Enable Do Not Disturb Mode: Most smartphones have a "Do Not Disturb" mode that allows you to silence calls and notifications from unknown or unwanted numbers. Customize the settings to allow calls from your contacts while blocking calls from unknown numbers or numbers not in your address book. You can also schedule Do Not Disturb mode to activate automatically during certain times, such as at night or during meetings. 4) Register with the National Do Not Call Registry: In countries like the United States, you can register your cell phone number with the National Do Not Call Registry for free. While this may not eliminate spam calls, it can reduce the number of telemarketing calls you receive. To register your number, visit the official website of the National Do Not Call Registry and follow the instructions to add your cell phone number to the list. 5) Screen Calls Manually: If you receive a call from an unfamiliar number, let it go to voicemail and only return it if it's from a legitimate contact. Scammers are less likely to leave voicemails, so this can help filter out spam calls and prevent you from engaging with potential scams. 6) Report Spam Calls: Consider reporting a spam call to your cell phone carrier or relevant regulatory authorities if you receive it. Reporting spam calls helps phone carriers identify and block suspicious numbers, ultimately reducing the number of spam calls others receive. Code to Block Spam Calls on Android You can utilize built-in features or third-party apps to block spam calls on an Android device. Here's how you can do it using both methods: 1) Using Built-in Call Blocking Features: Open Phone App: Launch the Phone app on your Android device. Access Call Settings: Tap on the three-dot menu icon (usually located in the top-right corner) and select "Settings" or "Call settings" from the dropdown menu. Block Numbers: Look for the option named "Blocked numbers," "Call blocking," or similar. Tap on it to access the list of blocked numbers. Add Numbers to Block List: To block a specific number, tap on "Add a number" or a similar option, then enter the phone number you want to block. Block Unknown Numbers: Some Android devices allow you to block unknown or private numbers. Enable this option if available. 2) Using Third-Party Call Blocking Apps: Download a Call Blocking App: Visit the Google Play Store and search for call-blocking apps such as Truecaller. Download and install the app of your choice. Open the App: Launch the call blocking app after installation. Follow Setup Instructions: The app will guide you through the setup process, which may include granting permissions to access your contacts and call history. Enable Call Blocking: Navigate to the app's settings and enable call blocking features. You may have options to block specific numbers, block unknown numbers, or use community-based blocking lists. Customize Blocking Settings: Explore the app's settings to customize blocking rules according to your preferences. You can often adjust settings such as blocking spam, telemarketing, or international calls. Update Block Lists: Call blocking apps frequently update their databases of known spam numbers. Regularly update the app to ensure the most effective call blocking. By following these steps, you can effectively block spam calls on your Android device using either the built-in call blocking features or third-party call blocking apps available on the Google Play Store. How to Block Unwanted Calls on Landline Free? Blocking unwanted calls on a landline for free typically involves using the call blocking features provided by your phone service provider. Here's how you can do it: Contact Your Service Provider: Call your landline service provider and inquire about the call blocking options available to you. Many service providers offer free call blocking features as part of their service packages. Ask About Call Screening or Call Rejection: Some landline service providers offer call screening or call rejection features that allow you to block specific numbers or types of calls. Inquire if these features are available for free with your plan. Activate Call Blocking Features: Follow the instructions provided by your service provider to activate the call-blocking features on your landline. This may involve accessing your account settings online, using a mobile app provided by your provider, or calling customer service for assistance. Block Specific Numbers: Once the call blocking features are activated, you can typically block specific numbers by adding them to a block list. You may be able to do this online, through a mobile app, or by dialing a particular code on your landline phone. Explore Additional Options: Some service providers offer additional call blocking options, such as blocking anonymous or private numbers, blocking international calls, or blocking calls from certain area codes. Explore these options to customize your call further blocking settings. Regularly Update Block List: Make sure to update your block list to add new unwanted numbers and remove any numbers you no longer wish to block. By utilizing the call blocking features provided by your landline service provider, you can effectively block unwanted calls on your landline for free. Contact your service provider for assistance if you're unsure about the specific call blocking options available. How to Stop Spam Calls on Android for Free? Stopping spam calls on Android for free can be done using built-in features or third-party apps. Here's how: 1) Use Built-in Call Blocking Features: Block Numbers Manually: Open the Phone app, go to Recent Calls or Call History, tap on the number you want to block, and select Block/Block number. Enable Call Blocking: Some Android devices offer native call blocking features. Go to Settings > Calls/Call Settings > Call Blocking/Block Numbers and activate the feature. You can then add numbers to block manually. 2) Activate Do Not Disturb Mode: Android's Do Not Disturb mode allows you to silence calls from unknown numbers or those not in your contacts. Go to Settings > Sound & vibration > Do Not Disturb and customize the settings. 3) Install a Call Blocking App: There are several free call blocking apps available on the Google Play Store, such as Truecaller, Hiya, and Call Control. These apps can identify and block spam calls automatically based on community reports and personal settings. 4) Enable Carrier Call Blocking: Some mobile carriers offer free call blocking services. Contact your carrier to inquire about available options and activate call blocking features provided by them. 5) Report Spam Calls: If you receive spam calls, report them to your carrier and to regulatory agencies like the Federal Trade Commission (FTC) in the United States. This helps in identifying and taking action against spam callers. 6) Regularly Update Call Blocking Settings: Stay vigilant and update your call blocking settings regularly. Add new spam numbers to your block list and adjust settings based on your preferences and call patterns. By utilizing these methods, you can effectively stop spam calls on your Android device for free. Experiment with different options to find the best solution that works for you.  The Bottom Line! Being bombarded with constant scam likely calls can be frustrating and leave us feeling powerless. However, as we have discussed in this blog post, there are several steps we can take to protect ourselves against these fraudulent calls. By being cautious and implementing call-blocking techniques such as registering for the National Do Not Call Registry and using spam detection apps, we can significantly reduce our chances of falling victim to such scams. Additionally, it is crucial for us to stay informed about current scams and be aware of common red flags like receiving unexpected calls asking for personal information or making unrealistic promises. Let's not forget the power of saying "no" and hanging up if a call seems suspicious. Together, we can take a stand against scam likely calls and protect ourselves and our loved ones from financial harm. Remember, prevention is always better than cure when it comes to dealing with scammers. By following these tips, we can feel confident in our ability to handle these unwanted calls and safeguard our privacy and well-being. Key Highlights Scam likely calls pose a significant threat to privacy and security, with millions falling victim to phone scams annually. Effective strategies exist to block scam likely calls and protect against fraudulent activity. Utilize call-blocking apps and features provided by your phone carrier to filter out potential scam calls. Enable features such as "Scam Likely" identification and call blocking on your smartphone to automatically detect and block suspicious calls. Be cautious of providing personal information over the phone and report scam calls to relevant authorities or organizations. Stay informed about common scam tactics and remain vigilant to avoid falling victim to fraudulent schemes. FAQ's 1) What are "Scam Likely" calls? "Scam Likely" calls are phone calls flagged by your phone carrier or caller ID app as potentially fraudulent or spam based on known scam patterns or community reports. 2) Why do I receive "Scam Likely" calls? Scammers use various techniques like spoofing to manipulate caller ID information and appear as legitimate entities or numbers. "Scam Likely" calls are attempts to deceive you into answering the phone and potentially falling for a scam. 3) How can I block "Scam Likely" calls? You can block "Scam Likely" calls using your phone's built-in call blocking features, third-party call blocking apps, or by activating services provided by your carrier to identify and block spam calls. 4) Can I block "Scam Likely" calls manually? Yes, most smartphones allow you to block numbers manually. You can add "Scam Likely" numbers to your block list through your phone's settings or the call history/contacts section. 5) Are there any apps to help block "Scam Likely" calls? Yes, several apps like Truecaller, and Call Control are available for download on app stores. These apps can automatically identify and block "Scam Likely" calls based on community reports and spam databases.

image for GoFetch: Apple CPU e ...

 Business

In mid-March, researchers from several U.S. universities published a paper demonstrating a hardware vulnerability in Apples M series CPUs. These CPUs, based on the ARM architecture and designed by Apple, power most of its newer laptops and desktops, as well as some iPad models. The issue could potentially be exploited   show more ...

to break encryption algorithms. The attack that uses this vulnerability was dubbed GoFetch. The combination of a juicy topic and a big-name manufacturer like Apple led to this highly technical paper being picked up by a wide range of media outlets — both technical and not so much. Many ran with alarmist headlines like Dont Trust Your Private Data to Apple Laptops. In reality, the situation isnt quite that dire. However, to really get to the bottom of this new problem, we need to delve a little into how CPUs work — specifically by discussing three concepts: data prefetching, constant-time programming, and side-channel attacks. As always, well try to explain everything in the simplest terms possible. Data prefetching The CPU of a desktop computer or laptop executes programs represented as machine code. Loosely speaking, its a bunch of numbers — some representing instructions and others representing data for calculations. At this fundamental level, were talking about very basic commands: fetch some data from memory, compute something with this data, and write the result back to memory. Youd think these operations should be executed in this order. Heres a simple example: a user enters their password to access a cryptocurrency wallet. The computer needs to read the password from RAM, run a few computing operations, check that this is the correct password, and only then grant access to the confidential data. If this were the way todays CPUs executed all code, our computers would be painfully slow. So how do you speed things up? You do a lot of optimization — such as data prefetching. Data prefetching works like this: if the program code contains a command to fetch data, why not load it ahead of time to speed things up? Then, should the data come in handy at some point, weve just made the program run a bit faster. No big deal if it doesnt come in handy: wed just discard it from the CPUs cache and fetch something else. Thats how basic data prefetching works. Apple CPUs make use of a newer prefetcher known as data memory-dependent prefetcher, or DMP. In a nutshell, DMP is more aggressive. Commands to fetch data from memory are not always explicit. Pointers to specific memory locations might be the result of computing work that still needs to be performed, or they might be stored in a data array that the program will access later. DMP tries to guess which data in the program is a pointer to a memory location. The logic is the same: if something looks like a pointer, try fetching data at that address. The guessing process relies on the history of recent operations — even if they belong to a completely different program. In 2022, another study demonstrated that DMP tends to confuse pointers with other data the program is working with. This isnt necessarily a problem by itself — loading the wrong stuff into the CPU cache isnt a big deal. But it becomes a problem when it comes to encryption algorithms. DMP can break constant-time programming under certain conditions. Lets talk about this next. Constant-time programming Theres a simple rule: the time it takes to process data must not depend on the nature of that data. In cryptography, this is a fundamental principle for protecting encryption algorithms from attacks. Often, malicious actors try to attack the encryption algorithm by feeding it data and observing the encrypted output. The attacker doesnt know the private key used to encrypt the data. If they figure out this key, they can decrypt other data, such as network traffic or passwords saved in the system. Poor encryption algorithms process some data faster than others. This gives the malicious actor a powerful hack tool: simply by observing the algorithms runtime, they can potentially reconstruct the private key. Most encryption algorithms are immune to this type of attack: their creators made sure that computing time is always the same, regardless of the input data. Algorithm robustness-tests always include attempts at violating this principle. This is what happened, for example, in the Hertzbleed attack. However, to make actual key theft possible, the attack must use a side channel. Side-channel attack If DMP prefetching sometimes confuses regular application data with a memory pointer, does that mean it can mistake a piece of a private key for a pointer? It turns out it can. The researchers demonstrated this in practice using two popular data encryption libraries: Go Crypto (Go developers standard library), and OpenSSL (used for network traffic encryption and many other things). They investigated various encryption algorithms — including the ubiquitous RSA and Diffie-Hellman, as well as Kyber-512 and Dilithium-2, which are considered resistant to quantum computing attacks. By trying to fetch data from a false pointer thats actually a piece of a private key, DMP essentially leaks the key to the attacker. Theres one catch: the hypothetical malware needed for this attack has no access to the cache. We dont know what DMP loaded there or which RAM address it fetched the data from. However, if a direct attack isnt possible, theres still a chance of extracting information through a side channel. What makes this possible is a simple feature of any computer: data loaded into the CPU cache is processed faster than data residing in regular RAM. Lets put this attack together. So, we have malware that can feed arbitrary data to the encryption algorithm. The latter loads various data into the cache, including a secret encryption key. DMP sometimes mistakenly fetches data from an address thats actually a piece of this key. The attacker can find out indirectly that data has been prefetched from a certain address by measuring the time it takes the CPU to access certain pieces of data: if the data was cached, accessing it will be slightly faster than otherwise. This was exactly how the researchers broke the constant-time programming principle: we can feed arbitrary text to the algorithm and watch the processing time vary. So, is your data at risk? In practice, extracting an encryption key requires dozens to hundreds of thousands of computing operations as we feed data into the algorithm and indirectly monitor cache status. This is a sure-fire attack, but a very resource-intensive one: stealing a key takes an hour at best — more than ten hours at worst. And for all this time, the computing effort will keep the device running almost at full capacity. The GoFetch website has a video demonstration of the attack, where the private key is extracted bit by bit — literally. Screenshot from the research demo video. Source However, thats not what makes the attack impractical. Weve repeatedly mentioned that the attack requires malware to be installed on the victims computer. As you can imagine, if this is the case, the data is already compromised by definition. There are likely far simpler ways to get to it at this point. This is the reason why the OpenSSL developers didnt even consider the researchers report: such attacks fall outside their security model. All studies like this can be compared to civil engineering. To make a structure robust, engineers need to study the characteristics of the materials to be used, the given locations soil properties, make provisions for the risk of earthquakes, and do many other things. In most cases, even a poorly constructed building will stand for decades without problems. However, a rare combination of circumstances may lead to disaster. Attack scenarios like GoFetch are designed to avert such disasters that lead to mass leaks of user secrets. The researchers are going to continue studying this fairly new prefetching mechanism. Intel processors also use it starting with the 13th generation, but theyve proved insusceptible to this particular kind of attack proposed in the research paper. Whats important is that the vulnerability cant be patched: it will continue to affect Apples M1 and M2 CPUs for their entire lifespan. The only way to prevent this type of attack is by modifying encryption algorithms. One possibility involves restricting the calculations to the CPUs energy-efficient cores, as DMP only works on high-performance cores. Another one is obfuscating encryption keys before loading them into RAM. A side effect of these methods is performance degradation — but the user would hardly even notice. In turn, Apple M3 CPUs feature a special flag that disables DMP optimization for particularly sensitive operations. Lets summarize. Theres no immediate threat to data stored on Apple devices — hardly anyone would try using a technique this complex to steal that data. Nevertheless, the work of these U.S. researchers is still valuable because it sheds some light on hitherto-unknown operating aspects of how the latest CPUs work. Their efforts aim to prevent future problems that might arise if an easier exploit is discovered.

image for Thread Hijacking: Ph ...

 A Little Sunshine

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a private discussion, which is modified   show more ...

to include a malicious link or attachment. Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop. In Sept. 2023, the Pennsylvania news outlet LancasterOnline.com published a story about Adam Kidan, a wealthy businessman with a criminal past who is a major donor to Republican causes and candidates, including Rep. Lloyd Smucker (R-Pa). The LancasterOnline story about Adam Kidan. Several months after that piece ran, the story’s author Brett Sholtis received two emails from Kidan, both of which contained attachments. One of the messages appeared to be a lengthy conversation between Kidan and a colleague, with the subject line, “Re: Successfully sent data.” The second missive was a more brief email from Kidan with the subject, “Acknowledge New Work Order,” and a message that read simply, “Please find the attached.” Sholtis said he clicked the attachment in one of the messages, which then launched a web page that looked exactly like a Microsoft Office 365 login page. An analysis of the webpage reveals it would check any submitted credentials at the real Microsoft website, and return an error if the user entered bogus account information. A successful login would record the submitted credentials and forward the victim to the real Microsoft website. But Sholtis said he didn’t enter his Outlook username and password. Instead, he forwarded the messages to LancasterOneline’s IT team, which quickly flagged them as phishing attempts. LancasterOnline’s Executive Editor Tom Murse said the two phishing messages from Mr. Kidan raised eyebrows in the newsroom because Kidan had threatened to sue the news outlet multiple times over Sholtis’s story. “We were just perplexed,” Murse said. “It seemed to be a phishing attempt but we were confused why it would come from a prominent businessman we’ve written about. Our initial response was confusion, but we didn’t know what else to do with it other than to send it to the FBI.” The phishing lure attached to the thread hijacking email from Mr. Kidan. In 2006, Kidan was sentenced to 70 months in federal prison after pleading guilty to defrauding lenders along with Jack Abramoff, the disgraced lobbyist whose corruption became a symbol of the excesses of Washington influence peddling. He was paroled in 2009, and in 2014 moved his family to a home in Lancaster County, Pa. The FBI hasn’t responded to LancasterOnline’s tip. Messages sent by KrebsOnSecurity to Kidan’s emails addresses were returned as blocked. Messages left with Mr. Kidan’s company, Empire Workforce Solutions, went unreturned. No doubt the FBI saw the messages from Kidan for what they likely were: The result of Mr. Kidan having his Microsoft Outlook account compromised and used to send malicious email to people in his contacts list. Thread hijacking attacks are hardly new, but that is mainly true because many Internet users still don’t know how to identify them. The email security firm Proofpoint says it has tracked north of 90 million malicious messages in the last five years that leverage this attack method. One key reason thread hijacking is so successful is that these attacks generally do not include the tell that exposes most phishing scams: A fabricated sense of urgency. A majority of phishing threats warn of negative consequences should you fail to act quickly — such as an account suspension or an unauthorized high-dollar charge going through. In contrast, thread hijacking campaigns tend to patiently prey on the natural curiosity of the recipient. Ryan Kalember, chief strategy officer at Proofpoint, said probably the most ubiquitous examples of thread hijacking are “CEO fraud” or “business email compromise” scams, wherein employees are tricked by an email from a senior executive into wiring millions of dollars to fraudsters overseas. But Kalember said these low-tech attacks can nevertheless be quite effective because they tend to catch people off-guard. “It works because you feel like you’re suddenly included in an important conversation,” Kalember said. “It just registers a lot differently when people start reading, because you think you’re observing a private conversation between two different people.” Some thread hijacking attacks actually involve multiple threat actors who are actively conversing while copying — but not addressing — the recipient. “We call these mutli-persona phishing scams, and they’re often paired with thread hijacking,” Kalember said. “It’s basically a way to build a little more affinity than just copying people on an email. And the longer the conversation goes on, the higher their success rate seems to be because some people start replying to the thread [and participating] psycho-socially.” The best advice to sidestep phishing scams is to avoid clicking on links or attachments that arrive unbidden in emails, text messages and other mediums. If you’re unsure whether the message is legitimate, take a deep breath and visit the site or service in question manually — ideally, using a browser bookmark so as to avoid potential typosquatting sites.

 Malware and Vulnerabilities

Nvidia's AI-powered ChatRTX app launched just six week ago but already has received patches for two security vulnerabilities that enabled attack vectors, including privilege escalation and remote code execution.

 Malware and Vulnerabilities

This vulnerability, assigned as CVE-2024-1313 with a CVSS score of 6.5, allows low-privileged Grafana users to delete dashboard snapshots belonging to other organizations using the snapshot's keys, impacting the integrity of the system.

 Companies to Watch

The round was led by Two Bear Capital, with participation from Blu Ventures, Canaan Partners, Cisco Investments, and Liquid 2 Ventures. Pre-seed investors Westwave Capital and Acrobator Ventures also expanded their equity positions.

 Breaches and Incidents

First called out on X/Twitter by AI entrepreneur Parth Patel – and confirmed to be happening to others by security blogger Brian Krebs – the campaign appears to be targeting specific individuals, who are flooded with password reset requests.

 Companies to Watch

Bedrock Security, a Menlo Park, CA-based data security company, raised $10M in Seed funding. The round was led by Greylock. The company intends to use the funds to expand operations and development efforts.

 Trends, Reports, Analysis

According to the indictment, between 2015 and 2024, the APT31 group, linked to China’s Ministry of State Security, targeted thousands of U.S. and Western politicians, foreign policy experts, academics, journalists, and democracy activists.

 Trends, Reports, Analysis

The discovery and exploitation of zero-day vulnerabilities in enterprise-specific software and appliances appears to be outpacing the leveraging of zero-day bugs overall, judging by Google's latest research.

 Feed

It has been discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library. Included in this archive are not only the advisory but additional data and a testing script to see if you're affected.

 Feed

This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts   show more ...

Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.

 Feed

Debian Linux Security Advisory 5649-1 - Andres Freund discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library.

 Feed

Debian Linux Security Advisory 5648-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

 Feed

Ubuntu Security Notice 6707-4 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn   show more ...

discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6704-4 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux   show more ...

kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.

 Feed

The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. It said "new project creation and new user registration" was temporarily halted to mitigate what it said was a "malware upload campaign." The incident was resolved 10 hours later, on March 28, 2024, at

 Feed

A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024," the Black Lotus Labs team at Lumen

 Feed

Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities to find and fix security issues early on, leaving businesses vulnerable to

 Feed

Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by security researcher Skyler Ferrante. It has been described as a case of improper

 Feed

Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based

 A Little Sunshine

Source: krebsonsecurity.com – Author: BrianKrebs Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being   show more ...

copied on a private discussion, which is modified to include a […] La entrada Thread Hijacking: Phishes That Prey on Your Curiosity – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 A Little Sunshine

Source: krebsonsecurity.com – Author: BrianKrebs Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts   show more ...

that prevent the devices from being used until the recipient responds […] La entrada Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 A Little Sunshine

Source: krebsonsecurity.com – Author: BrianKrebs The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move   show more ...

comes just days after a report by KrebsOnSecurity forced Onerep’s […] La entrada Mozilla Drops Onerep After CEO Admits to Running People-Search Networks – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 A Little Sunshine

Source: krebsonsecurity.com – Author: BrianKrebs It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest.   show more ...

But it’s not every day you run across […] La entrada The Not-so-True People-Search Network from China – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.troyhunt.com – Author: Troy Hunt Let’s get straight to the controversial bit: email address validation. A penny-drop moment during this week’s video was that the native browser address validator rejects many otherwise RFC compliant forms. As an example, I asked ChatGTP about the validity   show more ...

of the pipe symbol during the live stream and according […] La entrada Weekly Update 392 – Source: www.troyhunt.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 backdoor

Source: securelist.com – Author: Anderson Leite, Lisandro Ubiedo DinodasRAT, also known as XDealer, is a multi-platform backdoor written in C++ that offers a range of capabilities. This RAT allows the malicious actor to surveil and harvest sensitive data from a target’s computer. A Windows version of this RAT   show more ...

was used in attacks against government entities […] La entrada DinodasRAT Linux implant targeting entities worldwide – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cryptocurrency

Source: securityboulevard.com – Author: Wajahat Raja Recent reports about legal proceedings, a 34-year-old Russian-Canadian national, Mikhail Vasiliev, has been handed a sentence of almost four years in Canadian prison. Vasiliev’s involvement in the global ransomware scheme known as LockBit led to this   show more ...

outcome. The United States Department of Justice (DoJ) initially charged him with conspiring […] La entrada LockBit Hacker Sentenced To 4 Years Jail Plus Fined $860K – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Company News

Source: securityboulevard.com – Author: wpengine ForgePoint Capital and Prefix Capital Double-Down on Data Store and Object Security as Lead Investors Symmetry Systems, provider of cutting-edge Data Store and Object Security (DSOS), today announced a $15 million Series A funding round led by Prefix Capital   show more ...

and ForgePoint Capital, two premier venture funds investing in foundational and transformative technologies. […] La entrada Symmetry Systems Ramps Up Hybrid-Cloud Data Security with $15 Million Series A Funding – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 aiMSSP

Source: securityboulevard.com – Author: Pushpendra Mishra Threat management is a process that is used by cybersecurity analysts, incident responders and threat hunters to prevent cyberattacks, detect cyberthreats and respond to security incidents. Why is threat management important? Most IT and security teams   show more ...

face information fragmentation, which can lead to blind spots in security operations teams. […] La entrada What is Threat Management? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Nick Rieniets Welcome to the first installment of our blog series dedicated to shedding light on the intricacies of bot mitigation. In this series, we will explore the fundamental systems and methodologies crucial for discerning between bots and humans. Whether you’re   show more ...

already utilizing a bot mitigation solution or in the process […] La entrada Building Strong Defences: The Intricacies of Effective Bot Mitigation – Part 1 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: Kevin Smith How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the   show more ...

more people that have access to […] La entrada The Importance of User Roles and Permissions in Cybersecurity Software – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Careers

Source: securityboulevard.com – Author: Ryan Healey-Ogden However, a government organization would never offer you money through a text message. Most likely, benefits will be given directly to your bank or CRA/IRS account.  The enticing factor to victims is that the text messages commonly include personal   show more ...

information, which gives a sense of legitimacy. However, it is […] La entrada Tax scams: Scams to be aware of this tax season – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 2FA

Source: securityboulevard.com – Author: Richi Jennings First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support. Apple is under fire for not rate limiting its unskippable password-reset prompts. And for having iDevices go BLOOP in the wee small   show more ...

hours—even if on silent. Scrotes are exploiting the flaw, trying to […] La entrada Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Grip Security Blog Cybersecurity is much like a relentless game of “whac-a-mole”–the advent of new technologies invariably draws out threats that security teams must quickly address. Take, for example, the internet boom in the late 20th century. Businesses flocked   show more ...

to embrace newfound tech capabilities, revolutionizing how we conduct business, communicate globally, […] La entrada AI Apps: A New Game of Cybersecurity Whac-a-Mole | Grip – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Fraud Management & Cybercrime , Governance & Risk Management Amid COVID-19 Ransomware Woes, Sanaz Yashar’s Frustration Sparked Zafran’s Birth Michael Novinson (MichaelNovinson) • March 28, 2024   show more ...

    Sanaz Yashar, co-founder and CEO, Zafran (Image: Eric Sultan) A startup led by an ex-Mandiant manager […] La entrada From Despair to Disruption: Zafran Takes on Cyber Mitigation – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Jody Paterson Senior Director of Product, SailPoint The co-founder, CEO and Chairman of ERP Maestro, inc (The first cloud based SAP security and GRC solution provider for enterprises). He was awarded a Stevie Award for “company of the year”, won Inc 5000   show more ...

“fastest growing company” 3 years in a row, […] La entrada Live Webinar | Secure Your SAP Transformation: An Identity Security Perspective – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini American fast-fashion firm Hot Topic hit by credential stuffing attacks Hot Topic suffered credential stuffing attacks that exposed customers’ personal information and partial payment data. Hot Topic, Inc. is an American fast-fashion company   show more ...

specializing in counterculture-related clothing and accessories, as well as licensed music. The company was the victim of credential stuffing attacks against its website and mobile […] La entrada American fast-fashion firm Hot Topic hit by credential stuffing attacks – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Cisco addressed high-severity flaws in IOS and IOS XE software Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to trigger a denial-of-service (DoS) condition. Cisco this week released patches to address multiple   show more ...

IOS and IOS XE software vulnerabilities. An unauthenticated attacker can exploit […] La entrada Cisco addressed high-severity flaws in IOS and IOS XE software – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini Google: China dominates government exploitation of zero-day vulnerabilities in 2023 Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. Google’s Threat Analysis Group   show more ...

(TAG) and its subsidiary Mandiant reported that in 2023 97 zero-day vulnerabilities were exploited in […] La entrada Google: China dominates government exploitation of zero-day vulnerabilities in 2023 – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024 Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024. Google addressed several vulnerabilities in the Chrome   show more ...

web browser this week, including two zero-day vulnerabilities, tracked as CVE-2024-2886 and CVE-2024-2887, which […] La entrada Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024 – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening to leak three terabytes of alleged stolen data. The INC Ransom   show more ...

extortion gang added the National Health Service (NHS) of Scotland […] La entrada INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the 2023 Pwn2Own to its Known   show more ...

Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2023-24955 Microsoft SharePoint Server […] La entrada CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini The DDR Advantage: Real-Time Data Defense This is the advantage of Data Detection and Response (DDR) for organizations aiming to build a real-time data defense. In cybersecurity, and in life, by the time you find out that something went wrong it is often   show more ...

too late. The advantage of Data […] La entrada The DDR Advantage: Real-Time Data Defense – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini Finnish police linked APT31 to the 2021 parliament attack The Finnish Police attributed the attack against the parliament that occurred in March 2021 to the China-linked group APT31. The Finnish Police attributed the March 2021 attack on the parliament to   show more ...

the China-linked group APT31. The Finnish authorities investigated multiple […] La entrada Finnish police linked APT31 to the 2021 parliament attack – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 botnet

Source: securityaffairs.com – Author: Pierluigi Paganini TheMoon bot infected 40,000 devices in January and February A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team at Lumen Technologies uncovered an   show more ...

updated version of “TheMoon” bot targeting end-of-life (EoL) small […] La entrada TheMoon bot infected 40,000 devices in January and February – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini UK, New Zealand against China-linked cyber operations UK, Australia and New Zealand are accusing China-linked threat actors of cyber operations against UK institutions and parliamentarians. GCHQ’s National Cyber Security Centre believes that   show more ...

China-linked cyberespionage group APT31 was responsible for cyber attacks against UK parliamentarians’ emails in 2021. The UK […] La entrada UK, New Zealand against China-linked cyber operations – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier New York Times op-ed on the Chinese dominance of the squid industry: China’s domination in seafood has raised deep concerns among American fishermen, policymakers and human rights activists. They warn that China is expanding its maritime reach in ways that are   show more ...

putting domestic fishermen around the world at a […] La entrada Friday Squid Blogging: The Geopolitics of Eating Squid – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments Carl Engelbrecht • March 29, 2024 7:53 AM Why do technologists who know better continue to propagate the erroneous statement “ransomware attacks”. Ransomware is launched by a click of a mouse [FULL STOP]. Tom • March 29, 2024 9:20 AM   show more ...

@Carl Engelbrecht – I think the description […] La entrada Lessons from a Ransomware Attack against the British Library – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: B. Schneier About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I’ve been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I’m a fellow and lecturer   show more ...

at Harvard’s Kennedy School, a board member of EFF, […] La entrada AI and Trust – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securelist.com – Author: Nikolay Frolov In the modern world, we are surrounded by a multitude of smart devices that simplify our daily lives: smart speakers, robotic vacuum cleaners, automatic pet feeders and even entire smart homes. Toy manufacturers are striving to keep up with these trends, releasing   show more ...

more and more models that can also […] La entrada An educational robot security research – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: go.theregister.com – Author: Team Register Apple device owners, consider yourselves warned: a targeted multi-factor authentication bombing campaign is under way, with the goal of exhausting iUsers into allowing an unwanted password reset. First called out on X/Twitter by AI entrepreneur Parth Patel –   show more ...

and confirmed to be happening to others by security blogger Brian […] La entrada Apple fans deluged with phony password reset requests – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Americans

Source: go.theregister.com – Author: Team Register More than half of Americans are using ad blocking software, and among advertising, programming, and security professionals that fraction is more like two-thirds to three-quarters. According to a survey of 2,000 Americans conducted by research firm Censuswide,   show more ...

on behalf of Ghostery, a maker of software to block ads and […] La entrada Majority of Americans now use ad blockers – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Businesses

Source: go.theregister.com – Author: Team Register Thousands of companies remain vulnerable to a remote-code-execution bug in Ray, an open-source AI framework used by Amazon, OpenAI, and others, that is being abused by miscreants in the wild to steal sensitive data and illicitly mine for cryptocurrency. This is   show more ...

according to Oligo Security, which dubbed the unpatched […] La entrada ‘Thousands’ of businesses at mercy of miscreants thanks to unpatched Ray AI flaw – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 accused

Source: go.theregister.com – Author: Team Register To spy on rival Snapchat and get data on how the app was being used, Meta – when it was operating as Facebook – allegedly initiated a program called Project Ghostbusters, which intercepted data traffic from mobile apps. And it used that data to harm its   show more ...

competitors’ ad business. […] La entrada Meta accused of snarfing people’s Snapchat data via traffic decryption – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register The discovery and exploitation of zero-day vulnerabilities in enterprise-specific software and appliances appears to be outpacing the leveraging of zero-day bugs overall, judging by Google’s latest research. In a report published today, the web   show more ...

giant’s Threat Analysis Group (TAG) and Mandiant division said they tracked 97 total zero-day vulnerabilities […] La entrada Miscreants are exploiting enterprise tech zero days more and more, Google warns – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register The parent company of The Big Issue, a street newspaper and social enterprise for homeless people, is wrestling with a cybersecurity incident claimed by the Qilin ransomware gang. In a post made to the gang’s leak site, the miscreants claim to have stolen   show more ...

550 GB of company data and, […] La entrada Street newspaper appears to have Big Issue with Qilin ransomware gang – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-03
Aggregator history
Friday, March 29
FRI
SAT
SUN
MON
TUE
WED
THU
MarchAprilMay