#web

A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities, and private companies. Song Wu, 39, has been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft.

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here's a closer look at the size of this scheme, and some findings about who may be responsible.

Austin, TX, 18th September 2024, CyberNewsWire

Cary, North Carolina, 18th September 2024, CyberNewsWire

The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only to be stunned when the machine claimed victory. Fast forward to today, would we have imagined just three years ago that a chatbot could write essays, handle customer support calls, and even craft commercial

A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being tracked by Google-owned Mandiant under the moniker UNC2970, which it said overlaps with a threat group known as TEMP.Hermit, which is

Google has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects against online threats. "With the newest version of Chrome, you can take advantage of our upgraded Safety Check, opt out of unwanted website notifications more easily and grant select permissions to a site for one time only,"

Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a

If an attacker launches many login attempts in parallel then the attacker can have more guesses at a password than the brute force protection configuration permits. This is due to the brute force check occurring before the brute force protector has locked the user. **Acknowledgements:** Special thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.

The latest Secure by Design alert from CISA outlines recommended actions security teams should implement to reduce the prevalence of cross-site scripting vulnerabilities in software.