Security Week

While China-linked Muddling Meerkat’s operations look like DNS DDoS attacks, it seems unlikely that denial of service is their goal, at least in the near term.

The post Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report appeared first on SecurityWeek.

The Federal Communications Commission leveraged nearly $200 million in fines against wireless carriers AT&T, Sprint, T-Mobile and Verizon for illegally sharing customers’ location data.

The post FCC Fines Wireless Carriers for Sharing User Locations Without Consent appeared first on SecurityWeek.

SafeBase has raised north of $50 million since launching in 2020 with plans to simplify vendor risk assessment disclosures.

The post SafeBase Scores $33M Series B Investment appeared first on SecurityWeek.

A vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply chain attack.

The post Vulnerability in R Programming Language Could Fuel Supply Chain Attacks appeared first on SecurityWeek.

Microsoft provides an easy and logical first step into GenAI for many organizations, but beware of the pitfalls.

The post Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues appeared first on SecurityWeek.

CEOs of major tech companies are joining a new artificial intelligence safety board to advise the federal government on how to protect the nation’s critical services from “AI-related disruptions.”

The post Tech CEOs Altman, Nadella, Pichai and Others Join Government AI Safety Board Led by DHS’ Mayorkas appeared first on SecurityWeek.

New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy.

The post CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure appeared first on SecurityWeek.

History of TikTok and how it many view it as a national security threat.

The post How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat appeared first on SecurityWeek.

In 2023, Google said it blocked 2.28 million bad applications from being published on Google Play and banned 333,000 developer accounts.

The post Google Says it Blocked 2.28 Million Apps from Google Play Store appeared first on SecurityWeek.

The majority opinion is that a cybersecurity professional body is long overdue and would benefit cybersecurity and cybersecurity practitioners.

The post Should Cybersecurity Leadership Finally be Professionalized? appeared first on SecurityWeek.

US healthcare giant is warning millions of current and former patients that their personal information was exposed to third-party advertisers.

The post Kaiser Permanente Data Breach Impacts 13.4 Million Patients appeared first on SecurityWeek.

Jennifer Leggio makes the case for more alcohol-free networking events at conferences, and community-building opportunities for sober individuals working in cybersecurity.

The post Beyond the Buzz: Rethinking Alcohol as a Cybersecurity Bonding Ritual appeared first on SecurityWeek.

An analysis conducted by Honeywell shows that much of the USB-borne malware targeting industrial organizations can still cause OT disruption.

The post Honeywell: USB Malware Attacks on Industrial Orgs Becoming More Sophisticated appeared first on SecurityWeek.

Okta warned of a spike in credential stuffing attacks using anonymizing services such as Tor, DataImpulse, Luminati, and NSocks.

The post Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies appeared first on SecurityWeek.

Financial Business and Consumer Solutions (FBCS) says compromised information may include names, dates of birth, Social Security numbers, and account information.

The post Collection Agency FBCS Says Data Breach Exposed Nearly 2 million People appeared first on SecurityWeek.

A Belarusian hacker activist group claims to have infiltrated the network of the country’s main KGB security agency and accessed personnel files of over 8,600 employees.

The post Hackers Claim to Have Infiltrated Belarus’ Main Security Service appeared first on SecurityWeek.

A new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices.

The post Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices appeared first on SecurityWeek.

More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.

The post Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day appeared first on SecurityWeek.

More than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives.

The post Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses appeared first on SecurityWeek.

Noteworthy stories that might have slipped under the radar: Volkswagen hacked by Chinese threat group, DDoS service shut down, Rubrik IPO.

The post In Other News: China Hacked Volkswagen, DDoS Service Shutdown, Rubrik IPO appeared first on SecurityWeek.