Security
Headlines
HeadlinesLatestCVEs

Latest News

Data Security Posture Management: Accelerating Time to Value

Data discovery and classification are foundational for data security, data governance, and data protection.

DARKReading
Open in Source
#auth
Relationship broken up? Here’s how to separate your online accounts

The internet has made breaking up a lot harder. The Modern Love Digital Breakup Checklist can help you separate locations, accounts, and more.

SpaceX, CNN, and The White House internal data allegedly published online. Is it real?

A cybercriminal posted free data sets on the infamous BreachForums, but are these actually worth looking at?

Hackers Posed as Google Support to Steal $243 Million in Crypto

Hackers stole $243M from a single victim by posing as Google and Gemini support, resetting 2FA to access…

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 16-22)

Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let's dive into the details and see what lessons we can glean

Why 'Never Expire' Passwords Can Be a Risky Decision

Password resets can be frustrating for end users. Nobody likes being interrupted by the ‘time to change your password’ notification – and they like it even less when the new passwords they create are rejected by their organization’s password policy. IT teams share the pain, with resetting passwords via service desk tickets and support calls being an everyday burden. Despite this, it’s commonly

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF's implementation of the tinydhcp server stemming from a lack of

Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls

Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted (E2EE) protocol to secure audio and video calls. The protocol has been dubbed DAVE, short for Discord's audio and video end-to-end encryption ("E2EE A/V"). As part of the change introduced last week, voice and video in DMs, Group DMs, voice channels, and Go Live streams are expected to

A week in security (September 16 – September 22)

A list of topics we covered in the week of September 16 to September 22 of 2024

New PondRAT Malware Hidden in Python Packages Targets Software Developers

Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT (aka SIMPLESEA), a known macOS backdoor that has been previously attributed to the Lazarus Group and deployed in