Biztonsági szemle

A Python script for sending bulk SMS texts with phishing links relies on hijacked AWS SNS tenants.

CISA's recently introduced framework for hardware bill of materials is an important step in addressing semiconductor risks. But further tracking beyond manufacturing is critical to its usefulness.

The feds disrupted a Russian intelligence SOHO router botnet notable for being built with Moobot malware rather than custom code.

As hacking techniques evolve to capture video recognition data, security pros say the industry will need more AI-based tools that focus on zero-trust, threat detection, and MFA.

Artificial intelligence companies and other organizations that do not properly inform consumers regarding privacy policy changes that would permit the utilization of their data for strengthening AI tools are poised to face charges from the Federal...

SecurityWeek reports that more than 100 security vulnerabilities have been collectively fixed by Intel and AMD for their respective products as part of this month's Patch Tuesday.

Eight spyware firms in Spain, Italy, and the United Arab Emirates including Variston IT, Mollitiam Industries, TrueL IT, Cy4Gate, RCS Labs, Negg Group, IPS Intelligence, and Protect Electronic Systems had their networks of fraudulent accounts on...

Operations at German battery manufacturer Varta's production plants have been disrupted following a cyberattack that targeted portions of its IT systems on Feb. 12, reports BleepingComputer. "[The attack] affects the five production plants and the...

Major Minnesota-based regional internet service provider U.S. Internet had internal emails and emails from thousands of individuals served by its Securence division spanning over a decade exposed due to an unsecured server, according to Krebs on...

Nearly 385M records exposed by misconfigured Zenlayer cloud database Global on-demand edge cloud services provider Zenlayer had almost 385 million records, or 57.46 GB of data, exposed as a result of a misconfigured cloud database that did not have...

Attacks exploiting the critical Domain Name System Security Extensions vulnerability, tracked as CVE-2023-50387 and dubbed "KeyTrap," could be deployed against systems leveraging DNSSEC-validating DNS resolvers and facilitate a massive disruption of...

BleepingComputer reports that organizations have been advised by Microsoft regarding the active exploitation of a critical Exchange Server zero-day flaw, tracked as CVE-2024-21410, prior to it being remediated as part of this month's Patch Tuesday.