Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for A Breach, an Apology ...

 Cyber News

SK Group Chairman Chey Tae-won issued a public apology at the SK Telecom headquarters, following a recent SK Telecom cyberattack that affected millions of users. The cyberattack on SK Telecom, which came to light in April, raised a concerns over data security, especially among SK Telecom’s 24 million customers. The   show more ...

chairman’s statement was direct and apologetic, signaling a shift in tone after initial criticisms over the company’s slow and unclear communication. “On behalf of the SK Group, I would like to sincerely apologize,” Chairman Chey said, standing before reporters and officials at the company’s Seoul headquarters. [caption id="attachment_102453" align="aligncenter" width="1024"] Source: SK Telecom[/caption] The SK Telecom data breach, which involved the suspected leakage of SIM card-related data due to malware planted by hackers, has not resulted in confirmed secondary damage as of yet. However, the chairman acknowledged the growing concerns among customers who were left in the dark in the days following the attack. SK Telecom Data Breach that Shook Consumer Confidence According to SK Telecom, the malware was detected around 11:40 PM on April 19, 2025. The company said it acted immediately by notifying the Korea Internet & Security Agency (KISA) and removing the malicious code. A joint public-private investigation is currently underway to reveal the scope and origin of the breach. The affected data reportedly includes information related to SIM cards, but the company confirmed that there have been no verified instances of data being exploited, sold on the dark web, or used for fraudulent activities. Despite this, the incident created a ripple effect of anxiety. Customers, especially those traveling or relying on their mobile devices for daily tasks, expressed frustration with the delays in service and a lack of transparency. Lines at customer service centers grew longer, and concerns mounted on social media. Chairman Chey addressed these sentiments head-on: “We apologize to all of you who have had to wait a long time in the store due to your busy schedule or who are anxious due to a tight schedule before leaving the country. We also believe that many people are still worried about whether or not they will be affected.” He continued, “I am particularly sorry about the lack of communication and response following the accident.” Taking Responsibility This is not the first time a major telecom company in South Korea has been the target of a cyberattack. However, what makes this case stand out is the high-profile response from SK Group's top executive and the sweeping internal reforms announced in the wake of the breach. Chey accepted full responsibility for the shortcomings in customer communication and the initial handling of the situation. “We failed to look closely at the customer's position, and this is something that all of us, including myself, must deeply reflect on,” he said. “I believe that the criticism from not only the customer, but also the media, the National Assembly, and government agencies is justified, and I humbly accept it.” What SK Telecom Is Doing Now SK Telecom said it has already implemented several immediate measures to contain the situation and prevent further damage: Removal of the malware from affected systems. Isolation of compromised equipment from the network. System-wide investigation to determine possible weak points. Blocking of illegal SIM card changes and abnormal authentication attempts. Suspension of usage and customer guidance in the event of suspicious activity. Additionally, the company is actively promoting its free SIM card protection service, which helps prevent unauthorized copying or use of SIM cards. This service sets a security function on the customer’s SIM card and is being recommended to all users as a precaution. Chairman Chey offered his thanks to customers who have already adopted the service: “We would like to express our sincere gratitude to the 24 million customers who trusted us and signed up for our SIM card protection service.” He also reassured customers that the company will support SIM card replacements for those seeking faster resolutions. A Repair Within SK Group Beyond immediate technical fixes, the chairman announced strategic long-term initiatives to rebuild consumer trust and modernize cybersecurity measures across all of SK Group’s subsidiaries. Key among them is the establishment of an ‘Information Protection Innovation Committee’, which will include external experts. The goal, according to Chey, is to design improvement measures from a “neutral and objective perspective.” Further, the group plans to inspect the overall security systems across its companies and expand investments in cybersecurity infrastructure. This group-wide evaluation signals a more centralized approach to managing and mitigating risks, acknowledging that the breach is not just a Telecom issue, but a company-wide learning moment. Chey also recognized the efforts of various stakeholders working to resolve the situation. “I would like to express my sincere gratitude to T World, the customer center, government and airport officials, and all company members who are working hard on the front lines to resolve this situation,” he said. A Moment for Reflection and Reform In a closing remark that struck a more introspective tone, Chey reflected on the importance of customer trust and the values that define SK Group. “Customer trust is the reason why SK Group exists,” he said. “SK Group will use this incident as an opportunity to return to the most fundamental question in order to restore customer trust. We will once again examine what the most important essence of a company should be.” He ended his address with a heartfelt commitment to right the wrongs caused by the incident: “Once again, we deeply apologize to everyone who experienced any inconvenience. We will do our best to resolve the issue.” Conclusion As the investigation into the data breach continues, all eyes will be on how SK Telecom and SK Group implement the promised reforms. For customers, the biggest concern remains not just whether their data is safe today, but whether the systems they rely on will be secure in the future. The public apology by one of South Korea’s most influential business leaders may signal a turning point—not just for SK Group, but for how corporations in the country respond to crises involving data privacy and cybersecurity. Only time will tell if these promises turn into meaningful protection for the millions who place their trust in SK Telecom’s services every day.

image for Click-Free Credentia ...

 Firewall Daily

Security researchers have uncovered a severe vulnerability affecting the Microsoft Telnet Client, which allows remote attackers to harvest user credentials without any interaction from the victim. This "0-Click Telnet Vulnerability" exploits the MS-TNAP authentication mechanism built into Telnet, a legacy   show more ...

protocol still presents on many Windows systems.  Exploiting Microsoft Telnet Through MS-TNAP  The vulnerability exists in the MS-TNAP (Microsoft Telnet Authentication Protocol), a feature of the Microsoft Telnet Client. The attack method involves luring a victim into connecting to a rogue Telnet server, either via telnet.exe or a telnet:// URI link. If the server is within a Trusted Zone or configured for silent authentication, the Telnet client will automatically send NTLM credentials to the attacker without displaying any warning to the user.  This silent transmission of credentials makes the attack particularly effective in internal networks or environments where IP addresses have been incorrectly added to Trusted Sites or the Intranet Zone without protocol specificity.  As the proof-of-concept (PoC) reveals, an attacker can complete the MS-TNAP authentication process and intercept sensitive NTLM authentication material. These stolen hashes can then be used for NTLM relay attacks or subjected to offline password cracking using tools like Hashcat.  Zones and Silent Credential Leakage  Microsoft Windows utilizes zone-based security settings to determine how authentication prompts are handled when connecting to a remote server. While servers in the Internet Zone will prompt the user with a clear warning message— "You are about to send your password information to a remote computer in the Internet zone. This might not be safe. Do you want to send anyway (y/n):"  —Servers in the Intranet Zone or Trusted Sites Zone may trigger no prompt at all. This becomes a major security concern when organizations configure zone settings using generic IP addresses like 192.168.1.1 rather than specifying http://192.168.1.1, unintentionally applying trust to all protocols, including Telnet. Since the Microsoft Telnet Client checks trust based on the full protocol and host combination (telnet://host), using protocol-specific entries in zone configuration is vital to prevent silent authentication.  Real-World Demonstration and Exploit Use  The PoC, developed by Hacker Fantastic of Hacker House, simulates a malicious Telnet server that listens on port 23 and logs NTLM authentication data from connecting clients. Detailed debug outputs showcase the entire exchange of NTLM Type 1, 2, and 3 messages, including domain names, usernames, hostnames, and encrypted responses.  Captured hashes are saved in formats compatible with tools like Hashcat. An example cracking session showed successful recovery of credentials at a speed of over 11,000 hashes per second using NetNTLMv2 mode (-m 5600), resulting in full credential disclosure such as:  ADMINISTRATOR::WIN-ROTQIHG6IIG:317c02ac078a3c43:...:Password1  These logs confirm the ease with which credentials can be harvested, all without requiring the user to click anything beyond the initial telnet:// link—hence the “0-click” designation.  Conclusion   To mitigate the critical 0-Click Telnet vulnerability, Microsoft administrators should disable the Telnet Client unless necessary and, if used, disable NTLM authentication via the registry. Avoid adding IPs without protocol specifiers to Trusted or Intranet Zones, and replace Telnet with SSH for secure communication.   Regular audits of security settings are essential to prevent risks. In corporate environments, attackers can exploit Telnet to leak credentials, highlighting the need for strict security controls around authentication and network trust zones. Given the exploit's stealth and ease, organizations must prioritize addressing this vulnerability to protect network integrity.

image for Unsophisticated Hack ...

 Cyber News

Unsophisticated hackers are increasingly targeting industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems in the energy and transportation sectors, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned in an advisory yesterday. “Although these activities often   show more ...

include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage,” CISA said in the May 6 alert. CISA – along with the FBI, the Environmental Protection Agency (EPA), and the Department of Energy (DOE) – urged critical infrastructure asset owners and operators to implement guidance for reducing the risk of attacks on ICS/SCADA systems. Russia-Linked Groups Have Tampered with ICS/SCADA Controls: Cyble CISA didn’t name the threat actors targeting ICS/SCADA systems, but Cyble has reported on Russia-linked threat groups Z-Pentest, Sector 16, the People’s Cyber Army and other groups hacking into operational technology (OT) control panels in energy and water systems and tampering with settings. In one case, Z-Pentest claimed to have disrupted a U.S. oil well system, a claim that was unconfirmed. The groups often post screen recordings of members tampering with operational control panel settings. While it’s not clear how much ICS expertise the groups have or how much damage they’re capable of doing, Cyble said in one report that Z-Pentest “should be taken seriously, as the group has demonstrated an apparent ability to penetrate these environments and access – and tinker with – operational control panels.” The hacktivist groups often cite support for Ukraine as the reason for their cyberattacks in the U.S. and other countries, which have included Canada, Australia, France, South Korea, Taiwan, Italy, Romania, Germany, and Poland. In addition to Russia-linked groups, China-linked threat actors are believed to have compromised U.S. critical infrastructure, potentially in preparation for an invasion of Taiwan. Critical Infrastructure Cybersecurity Guidance CISA and the other federal agencies issued guidance for critical infrastructure organizations “to improve their cybersecurity posture against cyber threat activities specifically and intentionally targeting internet connected OT and ICS.” The guidance includes: Removing OT connections to the public internet: “OT devices lack authentication and authorization methods that are resistant to modern threats and are quickly found by searching for open ports on public IP ranges with search engine tools to target victims with OT components,” the guidance says. Changing default passwords immediately and using strong, unique passwords: “Recent analysis of this cyber activity indicates that targeted systems use default or easily guessable (using open source tools) passwords. Changing default passwords is especially important for public-facing internet devices that have the capability to control OT systems or processes.” Securing remote access to OT networks: “If remote access is essential, upgrade to a private IP network connection to remove these OT assets from the public internet and use virtual private network (VPN) functionality with a strong password and phishing-resistant multifactor authentication (MFA) for user remote access.” Segmenting IT and OT networks: “Segmenting critical systems and introducing a demilitarized zone for passing control data to enterprise logistics reduces the potential impact of cyber threats and reduces the risk of disruptions to essential OT operations.” Practicing and maintaining the ability to operate OT systems manually: “The capability for organizations to revert to manual controls to quickly restore operations is vital in the immediate aftermath of an incident. Business continuity and disaster recovery plans, fail-safe mechanisms, islanding capabilities, software backups, and standby systems should all be routinely tested to ensure safe manual operations in the event of an incident.” The agencies also recommended regular communication with managed service providers, system integrators, and system manufacturers for system-specific configuration guidance for securing OT environments.

image for DDoS-for-Hire Empire ...

 Cyber News

In a coordinated international operation dubbed "PowerOFF," law enforcement agencies from Poland, the United States, Europol, and several other countries have dismantled a major DDoS-for-hire ecosystem responsible for enabling millions of distributed denial-of-service attacks globally. The crackdown culminated   show more ...

in the arrest of four administrators in Poland and the seizure of nine illicit domains by U.S. authorities, which were central to the infrastructure of criminal “booter” and “stresser” services. These platforms allowed users — often with no technical background — to pay small fees in exchange for launching large-scale cyberattacks on websites, online services, or corporate infrastructure. The now defunct platforms – Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut – facilitated widespread attacks between 2022 and 2025. According to Europol, the action represents a significant blow to the availability and accessibility of such illegal services, which are often used by amateur cybercriminals, hacktivists, and even teenagers to disable services and extort victims. Law Enforcement Zeroes In on Criminal Infrastructure The arrests in Poland were carried out by the Central Bureau for Combating Cybercrime (CBZC) in collaboration with the regional prosecutor’s office in Łódź. Authorities searched multiple properties and seized computers, mobile devices, and financial records. All four suspects were alleged to be administrators of criminal platforms offering subscription-based access to DDoS attacks. [caption id="attachment_102483" align="aligncenter" width="600"] One of the arrested suspect being escorted by Polish authorities. (Source: CBZC)[/caption] The investigation began after the CBZC uncovered links between Polish nationals and a larger criminal network operating globally. The suspects are accused of managing platforms that facilitated attacks against businesses, schools, government portals, and other digital services across Europe and beyond. Simultaneously, the U.S. Department of Justice seized nine domains that functioned as front-ends for these DDoS-for-hire services. The domains — many of which masqueraded as legitimate network testing tools — have been replaced with a seizure notice as part of the legal action coordinated with international cybercrime units. Operation PowerOFF: A Global Collaboration The takedown is the latest success under "Operation PowerOFF," an ongoing international campaign against DDoS-for-hire marketplaces. The joint initiative includes law enforcement and cyber agencies from the United Kingdom, Germany, the Netherlands, Poland, and the United States, coordinated through Europol’s European Cybercrime Centre (EC3). In a statement, Europol described the operation as part of a sustained global effort to dismantle the infrastructure that enables cybercriminals to conduct large-scale disruption at the click of a button. Since PowerOFF launched in 2018, Europol has coordinated multiple waves of disruption targeting booter services. This latest phase focused on infrastructure takedown, arresting operators, and issuing warnings to thousands of users who had previously registered on DDoS-for-hire platforms. Accessible and Dangerous: The Rise of DDoS-for-Hire DDoS-for-hire services, often marketed as “stressers,” have lowered the barrier to entry for launching attacks. For as little as $10 to $50, a user can rent access to a service that floods a target’s network with traffic, knocking it offline. While marketed for legitimate testing, these services are overwhelmingly used for criminal purposes — including extortion, competition takedowns, and school disruption. CBZC reports that the arrested Polish operators had built an international user base and processed payments through cryptocurrency to mask identities. Forensic analysis of seized infrastructure revealed hundreds of thousands of DDoS attacks originating from the platforms. These services falsely give the impression that cybercrime is low-risk, but authorities are now tracking infrastructure, operators, and even customers of such DDoS-for-hire services. Continued Pressure on Users and Operators As part of the operation, thousands of DDoS service users worldwide received “cease and desist” notifications, warning them of the legal risks of engaging in or facilitating cyberattacks. Law enforcement emphasized that users are not anonymous, even when paying in crypto or using VPNs. Security experts have welcomed the crackdown, noting that while booters remain persistent, targeting their infrastructure disrupts both the supply and demand side of the ecosystem. “Every seized domain, every arrested admin, and every disrupted wallet makes it harder for these services to operate,” said a Poland-based threat intelligence analyst. “This isn’t just about enforcement — it’s about deterrence.” Law enforcement agencies have promised to maintain pressure. Europol and CBZC say further arrests and domain seizures are likely as part of the ongoing investigation. Authorities also encouraged organizations to strengthen DDoS mitigation measures and to report suspected attacks promptly. “This is a strong signal that cybercrime doesn’t pay,” said Poland’s CBZC in a statement. “We’re not just taking down platforms — we’re dismantling the false sense of impunity behind them.” Also read: The Era of Web DDoS Tsunamis and Strategies for Defense

image for Clothing Retailer To ...

 Compliance

The California Privacy Protection Agency (CPPA) has announced that national clothing retailer Todd Snyder, Inc. must pay a $345,178 fine and make substantial changes to its privacy practices. The decision comes after the agency's Enforcement Division found that the company violated several key provisions of the   show more ...

California Consumer Privacy Act (CCPA). These issues reflect broader concerns the CPPA has previously highlighted. In fact, the agency had issued an enforcement advisory last year cautioning businesses about the risks of collecting too much information when consumers exercise their privacy rights. Privacy Violations Identified by CPPA The CPPA's Enforcement Division alleged that Todd Snyder failed to comply with California’s privacy law in multiple ways: Failure to Process Consumer Opt-Out Requests: For a period of 40 days, the company’s privacy portal was not properly configured. As a result, requests from consumers to opt out of the sale or sharing of their personal data were not processed. Excessive Information Collection: When customers submitted privacy-related requests, the company required them to provide more personal information than was necessary to process these requests. This ran counter to CCPA guidelines, which emphasize minimal data collection. Unnecessary Identity Verification: Consumers were also required to verify their identity even to opt out of personal data sales or sharing — a step that is generally not required under CCPA unless sensitive information is being accessed or deleted. Todd Snyder’s Settlement and Compliance Measures To resolve the allegations, Todd Snyder has agreed to: Pay a $345,178 fine. Implement internal changes to better support consumer privacy rights. Properly configure its online privacy portal to ensure opt-out requests are received and processed correctly. Provide CCPA compliance training for its employees. The settlement marks one of several enforcement actions by the CPPA aimed at ensuring businesses take their responsibilities under California’s privacy laws seriously. Michael Macko, who leads the agency’s Enforcement Division, commented on the case: "Businesses should scrutinize their privacy management solutions to ensure they comply with the law and work as intended, because the buck stops with the businesses that use them. Using a consent management platform doesn’t get you off the hook for compliance.” The Importance of Opt-Out Rights The CPPA stressed that this case highlights the importance of opt-out rights under the CCPA. These rights give Californians the ability to limit how businesses collect, use, and share their personal data — a vital control as companies increasingly gather and analyze information from every customer interaction. Tom Kemp, Executive Director of the CPPA, reinforced the agency's message: “Opt-out rights are one way for Californians to assert control over their personal information and protect themselves from real harms. The board’s decision should serve as an important reminder that our Enforcement Division is scrutinizing what businesses are doing to honor Californians’ privacy rights.” According to the CPPA, improper use or sharing of personal information can expose consumers to serious risks, especially when data relates to sensitive topics like health, immigration, finances, religion, or ethnicity. A Broader Pattern of Enforcement This is not the first time the CPPA has taken action against companies for violating privacy laws. In recent months, the agency has ramped up enforcement to protect consumers, reflecting a broader commitment to ensuring privacy regulations are properly implemented and enforced. Some recent actions include: American Honda Motor Co. was ordered to pay a $632,500 fine and revise its privacy practices, marking the second-highest fine in the history of the CCPA. Background Alert, a data broker known for claiming it could uncover “scary” amounts of personal information, was required to either shut down operations or pay a significant penalty. National Public Data, Inc., a Florida-based data broker, faced enforcement action after a data breach exposed millions of Americans’ Social Security numbers and other personal data. The CPPA also launched the Consortium of Privacy Regulators, a bipartisan coalition designed to support enforcement of privacy laws nationwide. In addition, the agency has partnered with international privacy watchdogs in Korea, France, and the United Kingdom, showing its commitment to cross-border collaboration in safeguarding Californians' data. These efforts come on the heels of several other actions, including penalties against unregistered data brokers and an investigative sweep into how these entities are complying with California’s Delete Act, a law aimed at helping consumers permanently delete personal data held by data brokers. A Reminder to Review Compliance Beyond enforcement, the CPPA remains focused on its mission to educate both consumers and businesses about privacy rights and obligations. The agency regularly issues advisories and guidance documents, helping organizations navigate complex compliance issues. Businesses operating in California — or offering goods and services to Californians — are required to understand and honor the privacy choices of consumers. The Todd Snyder case reinforces the need to: Audit and test privacy systems regularly. Minimize data collection for privacy request processing. Avoid unnecessary identity verification for opt-out requests. Ensure that third-party privacy platforms and tools are compliant. While the fine itself may be manageable for a large retailer, the reputational and operational consequences of non-compliance can be significant. The CPPA’s increasing activity sends a clear signal: businesses must take consumer privacy seriously, or face the consequences. As California continues to lead the way in privacy protection, businesses across the country and beyond are expected to align their practices with its standards. The case against Todd Snyder is one of many — and it likely won’t be the last.

image for Google Rolls Out May ...

 Firewall Daily

Google has published its Android Security Bulletin for May 2025, delivering critical updates to the Android ecosystem. This monthly update resolves 46 vulnerabilities, one of which—CVE-2025-27363—has already been exploited in the wild.  CVE-2025-27363, a high-severity vulnerability with a CVSS score of 8.1, lies   show more ...

at the core of Google's May 2025 Android Security Bulletin. Located in the Android System component, this flaw enables local code execution without requiring elevated privileges or user interaction, posing a serious risk to device integrity, particularly if platform and service mitigations are bypassed.   The vulnerability, which stems from the widely used FreeType open-source font rendering library, was first identified by Facebook researchers in March 2025 and has since been observed in limited, targeted exploitation.   Google described it as the most critical issue addressed in this update, stating, “The most severe of these issues is a high security vulnerability in the System component that could lead to local code execution with no additional execution privileges needed,” in its advisory released on May 5, 2025.  Key Details from the May 2025 Android Security Bulletin  The May bulletin breaks down the vulnerabilities into two patch levels:  2025-05-01 Security Patch Level  2025-05-05 Security Patch Level  Devices that receive the 2025-05-05 update will also be protected from all previously disclosed issues.  Highlights from the bulletin include  46 vulnerabilities addressed across core components like System, Framework, Kernel, and third-party hardware drivers.  Android partners were informed at least a month in advance of the bulletin's publication.  Source code patches will be released into the Android Open Source Project (AOSP) within 48 hours of publication.  Other High-Severity Vulnerabilities Patched  Apart from CVE-2025-27363, several other critical issues have been resolved. These include:  Framework Vulnerabilities (Examples)  CVE-2025-0087 — Elevation of Privilege (EoP) affecting Android versions 13, 14, and 15. CVE-2025-26426 — EoP issue impacting Android 13, 14, and 15. System Component Vulnerabilities CVE-2025-26420, CVE-2025-26421 — High-severity EoP bugs patched in multiple versions. CVE-2025-26430 — Local EoP affecting Android 15. Google Play System Updates  Fixes for issues in:  Documents UI  Permission Controller  WiFi subsystem  Third-Party Component Vulnerabilities  The bulletin also lists vulnerabilities tied to hardware vendors and chipset manufacturers. These include:  Arm (Mali GPU Drivers)  CVE-2025-0072  CVE-2025-0427  Imagination Technologies (PowerVR GPU)  Multiple CVEs including CVE-2024-49739 and CVE-2024-47891  MediaTek  CVE-2025-20666 — High-severity issue in MediaTek modem components  Qualcomm  Multiple issues including:  CVE-2025-21467 and CVE-2025-21468 — High-risk flaws affecting camera and location services  Vulnerabilities in closed-source Qualcomm components  Google Play Protect and Platform-Level Defenses  Google emphasizes the importance of Google Play Protect, which is:  Enabled by default on devices with Google Mobile Services  Designed to detect and warn users about Potentially Harmful Applications (PHAs)  A vital layer of defense, especially for users installing apps from outside the Play Store  In addition, Google notes that newer Android versions include enhanced mitigations that make exploitation harder.  How to Check Your Security Patch Level  Users can check and update their Android version to ensure they have the latest protection. Devices with the following patch strings are considered secure:  [ro.build.version.security_patch]:[2025-05-01]  [ro.build.version.security_patch]:[2025-05-05]  Google encourages device manufacturers to bundle all fixes in a single OTA update for streamlined user security.  Conclusion   CVE-2025-27363 remains the only vulnerability in the May 2025 Android Security Bulletin confirmed to be actively exploited, highlighting the urgency for users to apply updates without delay, particularly those using Android 10 or later. Google has announced that corresponding patches will be made available in the Android Open Source Project (AOSP) within 48 hours.  Users are strongly encouraged to check their device’s security patch level and install the latest updates as soon as they become available. Full technical details, patch information, and related resources can be found in the official Android Security Bulletin—May 2025 on the Android developer portal. 

image for Safeguarding your br ...

 Threats

In April, the release of version 136 of Google Chrome finally addressed a privacy issue for the browser thats been widely known about since 2002 (which issue, btw, is also present in all other major browsers). This was real bad news for unscrupulous marketers, whod been exploiting it wholesale for 15 years. From this   show more ...

menacing description, you might be surprised to learn that the threat is a familiar and seemingly harmless convenience: links that your browser highlights a different color after you visit them. From a blue sky to purple rain Changing the color of links to visited sites (by default from blue to purple) was first introduced 32 years ago in the NCSA Mosaic browser. After that, this user-friendly practice was adopted by almost all browsers in the 1990s. And it later became the standard for Cascading Style Sheets (CSS) — a language for adding stylization to web pages. Such recoloring occurs by default in all popular browsers today. However, as early as in 2002, researchers noticed that this feature could be abused by placing hundreds or thousands of invisible links on a page and using JavaScript to detect which of them the browser renders as visited. In this way, a rogue site could partially uncover a users browsing history. In 2010, researchers discovered that this technique was being used in the wild by some major sites to snoop on visitors — among which were YouPorn, TwinCities, and 480 other sites then popular. It was also found that platforms like Tealium and Beencounter were offering history-sniffing services, while the advertising firm Interclick was implementing this technology for analytics, and even faced legal action. Although it won the lawsuit, the major browsers have since modified their code for processing links to make it impossible to read whether a link was visited or not. However, advances in web technologies created new workarounds for snooping on browsing history. A 2018 study described four new ways to check the state of links — two of which affected all tested browsers except the Tor Browser. One of the vulnerabilities — CVE-2018-6137 — made it possible to check visited sites at up to 3000 links per second. Meanwhile new, increasingly sophisticated attacks to extract browsing history continue to appear. Why history theft is dangerous Exposing your browsing history, even partially, poses several threats to users. Not-so-private life. Knowing what sites you visit (especially if it relates to medical treatment, political parties, dating/gambling/porn sites, and similar sensitive topics), attackers can weaponize this information against you. They can then tailor a scam or bait to your individual case — be it extortion, a fake charity, the promise of new medication, or something else. Targeted checks. A history-sniffing site could, for example, run through all the websites of the major banks to determine which one you use. Such information can be of use to both cybercriminals (say, for creating a fake payment form to fool you) and legitimate companies (say, for seeing which competitors youve looked at). Profiling and deanonymization. Weve written many times about how advertising and analytics companies use cookies and fingerprinting to track user movements and clicks across the web. Your browsing history serves as an effective fingerprint, especially when combined with other tracking technologies. If an analytics firms site can see what other sites you visited and when, it essentially functions as a super-cookie. Guarding against browser history theft Basic protection appeared in 2010 almost simultaneously in the Gecko (Firefox) and WebKit (Chrome and Safari) browser engines. This guarded against using basic code to read the state of links. Around the same time, Firefox 3.5 introduced the option to completely disable the recoloring of visited links. In the Firefox-based Tor Browser, this option is enabled by default — but the option to save browsing history is disabled. This provides a robust defense against the whole class of attacks but sorely impacts convenience. Unless you sacrifice an element of comfort, however, sophisticated attacks will still be able to sniff your browsing history. Attempts are underway at Google to significantly change the status quo: starting with version 136, Chrome will have visited link partitioning enabled by default. In brief, it works like this: links are only recolored if they were clicked from the current site; and when attempting a check, a site can only see clicks originating from itself. The database of website visits (and clicked links) is maintained separately for each domain. For example, suppose bank.com embeds a widget showing information from banksupport.com, and this widget contains a link to centralbank.com. If you click the centralbank.com link, it will be marked as visited — but only within the banksupport.com widget displayed on bank.com. If the exact same banksupport.com widget appears on some other site, the centralbank.com link will appear as unvisited. Chromes developers are so confident that partitioning is the long-awaited silver bullet that theyre nurturing tentative plans to switch off the 2010 mitigations. What about users? If you dont use Chrome, which, incidentally has plenty of other privacy issues, you can take a few simple precautions to ward off the purple menace. Update your browser regularly to stay protected against newly discovered vulnerabilities. Use incognito or private browsing if you dont want others to know what sites you visit. But read this post first — because private modes are no cure-all. Periodically clear cookies and browsing history in your browser. Disable the recoloring of visited links in the settings. Use tools to block trackers and spyware, such as Private Browsing in Kaspersky Premium, or a specialized browser extension. To find out how else browsers can snoop on you, check these blogposts out: Privacy under attack: nasty surprises in Chrome, Edge, and Firefox Tor Browser and anonymity: what you need to know Privacy-Preserving Attribution technology by Mozilla What Google Ad Topics is, and how to disable it The sound of online trackers

 Feed

A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally. WhatsApp originally filed the lawsuit against NSO Group in 2019,

 Feed

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan. The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times and continues to be available on the open-source registry.

 Feed

Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is

 Feed

Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there's a problem: they stop short of where the most sensitive user activity actually happens—the browser. This isn’t a small omission. It’s a structural

 Feed

Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by

 Feed

Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world. In connection with the operation, Polish authorities have arrested four individuals and the United States has seized nine domains that are associated with the now-defunct platforms. "The suspects are believed to be behind six separate

 Feed

A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.  "This is due to the create_wp_connection() function missing a capability check and

 Cyber Security News

Source: thehackernews.com – Author: . A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy   show more ...

Pegasus spyware, targeting over 1,400 individuals globally. WhatsApp […] La entrada NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the   show more ...

security solution. There are several actions that could […] La entrada Researcher Says Patched Commvault Bug Still Exploitable – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed   show more ...

triggered the security solution. There are several actions […] La entrada ‘Easily Exploitable’ Langflow Vulnerability Requires Immediate Patching – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed   show more ...

triggered the security solution. There are several actions […] La entrada CISA Warns 2 SonicWall Vulnerabilities Under Active Exploitation – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Addressing

Source: www.darkreading.com – Author: Michael Sink Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution.   show more ...

There are several actions that could trigger this […] La entrada Addressing the Top Cyber-Risks in Higher Education – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Arielle Waldman Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security   show more ...

solution. There are several actions that could trigger this […] La entrada Ongoing Passkey Usability Challenges Require ‘Problem-Solving’ – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Simon Sharwood New Zealand’s government has signaled its support for a bill to ban social media for children under 16, but without explicitly making it a government initiative. The bill that will enact the ban was put forwarded on Tuesday by member of Parliament Catherine   show more ...

Wedd and is what New Zealand […] La entrada New Zealand kind-of moves to ban social media for under-16s, require age checks for new accounts – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Iain Thomson A California jury has awarded Meta more than $167 million in damages from Israeli surveillanceware slinger NSO Group, after the latter exploited a flaw in WhatsApp to allow its government customers to spy on supposedly secure communications. In May 2019   show more ...

engineers at WhatsApp discovered a zero-click, zero-day vulnerability in […] La entrada Super spyware maker NSO must pay Meta $168M in WhatsApp court battle – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Computacenter

Source: go.theregister.com – Author: Iain Thomson A now-former manager at Computacenter claims he was unfairly fired after alerting management that a colleague was repeatedly giving his girlfriend unauthorized access to Deutsche Bank’s server rooms. Computacenter is a globe-spanning British IT services   show more ...

provider that, in the USA, operates computers systems for Deutsche Bank at the latter’s […] La entrada Computacenter IT guy let girlfriend into Deutsche Bank server rooms, says fired whistleblower – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones The US Department of Defense (DoD) is overhauling its “outdated” software procurement systems, and insists it’s putting security at the forefront of decision-making processes. Katie Arrington, CIO at the DoD, established the department’s   show more ...

Software Fast Track (SWFT) initiative via a Monday memo [PDF], which promised to reform how software […] La entrada Pentagon declares war on ‘outdated’ software buying, opens fire on open source – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Being a lifelong learner isn’t easy. SWE wants to support and recognize members who are passionate about learning and growth. Source Views: 0 La entrada Advance Power User se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

The Mid-Career Professionals Affinity Group represents members in the 10-25 year range of career experience. Source Views: 0 La entrada Mid-Career Professionals Affinity Group Spotlight se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

7 steps to increase your chances of being accepted as a WE23 speaker Source Views: 0 La entrada WE23 Call for Participation (CFP) Is Now Open se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

The Society of Women Engineers proudly announces the recipients of the 2023 WE Local Awards Program. SWE strives to advance and honor the contributions of women at all stages of their careers and recognize the successes of SWE members and individuals who enhance the engineering profession through contributions to the   show more ...

industry, education, and the community. […] La entrada 2023 WE Local Awards se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

The Eastlake High School SWENext Club is inspiring students to be the next generation of diverse engineers and innovators. Learn more about their club below! Source Views: 0 La entrada SWENext Club Features: Eastlake High School SWENext Club se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

As you get closer to high school graduation, it is a great idea to start scheduling in-person tours at your local colleges and top colleges of choice. Below are some great questions to ask during college tours! Source Views: 0 La entrada What to Ask at College Tours se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido By Byron V. Acohido The response to our first LastWatchdog Strategic Reel has been energizing — and telling. Related: What is a cyber kill chain? The appetite for crisp, credible insight is alive and well. As the LinkedIn algo picked up steam and auto-captioning   show more ...

kicked in, it became clear that […] La entrada RSAC Strategic Reel: Cyber experts on the front lines unpack ‘Shadow AI,’ ‘Ground Truth’ – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido By Byron V. Acohido As organizations brace for the rising tide of machine identities and prepare for a post-quantum cryptographic era, a quiet but crucial shift is underway in the financial sector: the deployment of a new, private PKI standard designed   show more ...

specifically to meet banking’s complex operational and compliance needs. […] La entrada Benchmarks Q&A: What the finance sector’s new X9 PKI standard signals for other industries – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world. In connection with the operation, Polish authorities have arrested four individuals and the United States has   show more ...

seized nine domains that are associated with the now-defunct platforms. “The […] La entrada Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to   show more ...

and including version 1.0.82.  “This is due to the create_wp_connection() […] La entrada OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775,   show more ...

CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when […] La entrada SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there’s a problem: they stop   show more ...

short of where the most sensitive user activity actually happens—the browser. This isn’t […] La entrada Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: thehackernews.com – Author: . Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of   show more ...

Broadcom, leveraged CVE-2025-29824, a privilege escalation […] La entrada Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apache Parquet

Source: securityaffairs.com – Author: Pierluigi Paganini F5 Labs researchers released a PoC tool to find servers vulnerable to the Apache Parquet vulnerability CVE-2025-30065. A working proof-of-concept exploit for the critical Apache Parquet vulnerability CVE-2025-30065 has been released by F5 Labs, allowing   show more ...

the identification of vulnerable servers. The tool, called “canary exploit,” is available on the […] La entrada Canary Exploit tool allows to find servers affected by Apache Parquet flaw – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems. The US cybersecurity agency CISA, the FBI, EPA, and the DoE issued a joint alert to warn of cyberattacks   show more ...

targeting US-based organizations in the oil and natural […] La entrada Unsophisticated cyber actors are targeting the U.S. Energy sector – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini NSO Group must pay WhatsApp over $167M in damages for a 2019 hack targeting 1,400+ users, per U.S. jury ruling after a five-year legal battle. A U.S. jury ordered NSO Group to pay WhatsApp over $167M for using Pegasus spyware to target over 1,400 people,   show more ...

violating U.S. laws. After […] La entrada NSO Group must pay WhatsApp over $167M in damages for attacks on its users – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FreeType flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a FreeType flaw, tracked as CVE-2025-27363 (CVSS score   show more ...

of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. In mid-March, Meta warned that the out-of-bounds write vulnerability CVE-2025-27363 may have been […] La entrada U.S. CISA adds FreeType flaw to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Threat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published. Arctic Wolf researchers observed threat actors beginning to exploit a high-severity vulnerability, tracked as CVE-2024-7399 (CVSS score: 8.   show more ...

8), in the Samsung MagicINFO content management system (CMS) just days after proof-of-concept (PoC) exploit […] La entrada Samsung MagicINFO flaw exploited days after PoC exploit publication – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-05
Aggregator history
Wednesday, May 07
THU
FRI
SAT
SUN
MON
TUE
WED
MayJuneJuly