Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

Google says it recently fixed an authentication weakness that allowed crooks to circumvent email verification needed to create a Google Workspace account, and leverage that to impersonate a domain holder to third-party services that allow logins through Google's "Sign in with Google" feature.

Krebs on Security
#google#oauth#auth#blog
Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue

Several vendors for consumer and enterprise PCs share a compromised crypto key that should never have been on the devices in the first place.

CrowdStrike Outage Losses Estimated at a Staggering $5.4B

Researchers track the healthcare sector as experiencing the biggest financial losses, with banking and transportation following close behind.

Targeted PyPi Package Steals Google Cloud Credentials from macOS Devs

The campaign is laser-targeted, bucking the trend of "spray-and-pray" malicious open source packages turning up in code repositories seemingly every other day.

Companies Struggle to Recover From CrowdStrike's Crippling Falcon Update

The cybersecurity firm says that 97% of sensors are back online, but some organizations continue to recover, with costs tallied at $5.4 billion for the Fortune 500 alone.

US Offers $10M Reward for Information on North Korean Hacker

The individual is part of a DPRK-backed group known as Andariel, which is known for using the 'Maui' ransomware strain to target and extort healthcare entities.

Nvidia Embraces LLMs & Commonsense Cybersecurity Strategy

Nvidia doesn't just make the chips that accelerate a lot of AI applications — the company regularly creates and uses its own large language models, too.

Distributing Security Responsibilities (Responsibly)

Outlining the wider organization's proactive role in fortifying the security program allows the security team to focus on the most pressing issues that only they can solve.

Could Intel Have Fixed Spectre & Meltdown Bugs Earlier?

Intel works closely with academic researchers on hardware flaws and coordinates efforts with other vendors to roll out fixes for emerging vulnerabilities. That wasn't always the case.

This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a "sophisticated AI-powered phishing-as-a-service platform"