Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Police Broke Tor Anonymity to Arrest Dark Web Users in Major CSAM Bust

German authorities dismantled Boystown, a notorious Dark Web platform for CSAM, by deanonymizing Tor users in 2021. This…

HackRead
Open in Source
#vulnerability#web#microsoft#git#java#auth
LinkedIn Addresses User Data Collection for AI Training

The company announced an update to its privacy policy, acknowledging it is using customer data to train its AI models.

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East

An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to target networks. Google-owned Mandiant is tracking the activity cluster under the moniker UNC1860, which it said shares similarities with intrusion sets tracked by Microsoft, Cisco Talos, and

North Korean APT Bypasses DMARC Email Policies in Cyber-Espionage Attacks

How the Kimsuky nation-state group and other threat actors are exploiting poor email security — and what organizations can do to defend themselves.

Vice Society Pivots to Inc Ransomware in Healthcare Attack

Inc ransomware — one of the most popular among cybercriminals today — meets healthcare, the industry sector most targeted by RaaS.

This Windows PowerShell Phish Has Scary Potential

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it's unlikely that many programmers fell for this scam, it's notable because less targeted versions of it are likely to be far more successful against the average Windows user.

Talk of election security is good, but we still need more money to solve the problem

This year, Congress only allocated $55 million in federal grant dollars to states for security and other election improvements.

Hacker Claims “Minor” Data Breach at DELL; Leaks Over 10,000 Employee Details

A hacker claims Dell suffered a “minor” breach, exposing over 10,000 employee records. The incident raises cybersecurity concerns…

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software, according to new findings from Huntress. "Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product’s default credentials," the cybersecurity company said. Targets of the emerging threat include plumbing, HVAC (heating,

CVE-2024-8909: Chromium: CVE-2024-8909 Inappropriate implementation in UI

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**