Below I’ve curated cyber security news from the world-wide-web – the lefthand column is from “The Hacker News” website and on the right is news from “Security Week”. Both are top cyber security news sites. In the very least this shows that threats are daily and they are very real.
Hacker News
- A SaaS Security Challenge: Getting Permissions...by info@thehackernews.com (The Hacker News) on May 8, 2024 at 2:18 pm
Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user’s base permission is determined by their role, while additional permissions […]
- New Spectre-Style 'Pathfinder' Attack Targets...by info@thehackernews.com (The Hacker News) on May 8, 2024 at 2:17 pm
Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm. The techniques have been collectively dubbed Pathfinder by a group of academics from […]
- Hijack Loader Malware Employs Process Hollowing,...by info@thehackernews.com (The Hacker News) on May 8, 2024 at 10:58 am
A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. "These enhancements aim to increase the malware's stealthiness, thereby remaining undetected for longer periods of time," Zscaler […]
- The Fundamentals of Cloud Security Stress Testingby info@thehackernews.com (The Hacker News) on May 8, 2024 at 10:58 am
״Defenders think in lists, attackers think in graphs,” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list security gaps directly related to […]
- Hackers Exploiting LiteSpeed Cache Bug to Gain...by info@thehackernews.com (The Hacker News) on May 8, 2024 at 7:03 am
A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been […]
- Russian Hacker Dmitry Khoroshev Unmasked as...by info@thehackernews.com (The Hacker News) on May 7, 2024 at 3:49 pm
The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development […]
- APT42 Hackers Pose as Journalists to Harvest...by info@thehackernews.com (The Hacker News) on May 7, 2024 at 1:25 pm
The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google […]
- China-Linked Hackers Used ROOTROT Webshell in...by info@thehackernews.com (The Hacker News) on May 7, 2024 at 12:55 pm
The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to light last month, singled out MITRE's Networked Experimentation, Research, and Virtualization […]
- New Case Study: The Malicious Commentby info@thehackernews.com (The Hacker News) on May 7, 2024 at 10:42 am
How safe is your comments section? Discover how a seemingly innocent 'thank you' comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read the full real-life case study here. When is a ‘Thank you’ not a ‘Thank you’? When […]
- Google Simplifies 2-Factor Authentication Setup...by info@thehackernews.com (The Hacker News) on May 7, 2024 at 10:02 am
Google on Monday announced that it's simplifying the process of enabling two-factor authentication (2FA) for users with personal and Workspace accounts. Also called 2-Step Verification (2SV), it aims to add an extra layer of security to users' accounts to prevent takeover attacks in case the […]
Security Week
- Token Security Raises $7 Million Seed Funding for...by Kevin Townsend on May 8, 2024 at 6:04 pm
Tel Aviv-based firm emerged from stealth with $7 million seed funding led by TLV Partners with participation from SNR and angel investors. The post Token Security Raises $7 Million Seed Funding for Machine-First Identity Security appeared first on SecurityWeek.
- Shields Up: How to Minimize Ransomware Exposureby Torsten George on May 8, 2024 at 5:16 pm
Organizations need to look beyond preventive measures when it comes to dealing with today’s ransomware threats and invest in ransomware response. The post Shields Up: How to Minimize Ransomware Exposure appeared first on SecurityWeek.
- New ‘TunnelVision’ Technique Leaks Traffic...by Ionut Arghire on May 8, 2024 at 1:01 pm
A new VPN bypass technique allows threat actors to snoop on victims’ traffic by forcing it off the VPN tunnel using built-in features of DHCP. The post New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System appeared first on SecurityWeek.
- Healthcare Cybersecurity Firm Blackwell Raises...by Eduard Kovacs on May 8, 2024 at 12:43 pm
Healthcare cybersecurity company Blackwell Security has raised $13 million and appointed Geyer Jones as its first CEO. The post Healthcare Cybersecurity Firm Blackwell Raises $13 Million appeared first on SecurityWeek.
- Brandywine Realty Trust Hit by Ransomware by Ionut Arghire on May 8, 2024 at 11:40 am
Philadelphia-based real estate company Brandywine Realty Trust shuts down systems following a ransomware attack. The post Brandywine Realty Trust Hit by Ransomware appeared first on SecurityWeek.
- Android Update Patches Critical Vulnerabilityby Ionut Arghire on May 8, 2024 at 11:26 am
Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component. The post Android Update Patches Critical Vulnerability appeared first on SecurityWeek.
- RSA Conference 2024 – Announcements Summary...by SecurityWeek News on May 8, 2024 at 11:17 am
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco. The post RSA Conference 2024 – Announcements Summary (Day 2) appeared first on SecurityWeek.
- University System of Georgia Says 800,000...by Ionut Arghire on May 8, 2024 at 9:40 am
University System of Georgia says Social Security numbers and bank account numbers were compromised in the May 2023 MOVEit hack. The post University System of Georgia Says 800,000 Impacted by MOVEit Hack appeared first on SecurityWeek.
- The UK Says a Huge Payroll Data Breach by a...by Associated Press on May 7, 2024 at 6:41 pm
The UK Ministry of Defense said a breach at a third-party payroll system exposed as many as 272,000 armed forces personnel and veterans. The post The UK Says a Huge Payroll Data Breach by a ‘Malign Actor’ Has Exposed Details of Military Personnel appeared first on SecurityWeek.
- LockBit Ransomware Mastermind Unmasked, Chargedby Ionut Arghire on May 7, 2024 at 5:15 pm
Charges and sanctions announced against Dimitry Yuryevich Khoroshev, the alleged developer and operator of LockBit ransomware. The post LockBit Ransomware Mastermind Unmasked, Charged appeared first on SecurityWeek.
WordPress News
- WordPress 6.5.3 Maintenance Releaseby Aaron Jorbin on May 7, 2024 at 4:42 pm
WordPress 6.5.3 is now available! This minor release features 12 bug fixes in Core and 9 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement. WordPress 6.5.3 is a short-cycle release. The next major […]
- WP Briefing: Episode 78: Guided Growth:...by Brett McSherry on April 29, 2024 at 12:00 pm
Explore the transformative world of the WordPress Contributor Mentorship Program with guest host Angela Jin and special guest and sponsored contributor Hari Shanker. Whether you're a long-time WordPress enthusiast or new to the scene, this episode is packed with insights, stories, and tips to help […]
- How WordPress Is Creating a Faster Webby Felix Arntz on April 15, 2024 at 2:00 pm
WordPress's massive reach of over 40% of the web comes with a similarly large responsibility. Read about what the WordPress project is doing to enhance performance for its users and the web.
- WP Briefing: Episode 77: Let’s Talk About Data...by Brett McSherry on April 15, 2024 at 12:00 pm
Explore the WordPress Data Liberation project in this exclusive behind-the-scenes episode discussing WordPress migrations. Joining us is WordPress Executive Director Josepha Haden Chomphosy, along with special guest and sponsored contributor Jordan Gillman. Together, they'll look at how the project […]
- WordPress 6.5.2 Maintenance and Security Releaseby Aaron Jorbin on April 9, 2024 at 10:00 pm
Note: Due to an issue with the initial package, WordPress 6.5.1 was not released. 6.5.2 is the first minor release for WordPress 6.5. This security and maintenance release features 2 bug fixes on Core, 12 bug fixes for the Block Editor, and 1 security fix. Because this is a security release, it is […]
- WP Briefing: Episode 76: A WordPress 6.5 Sneak...by Brett McSherry on April 2, 2024 at 8:18 pm
Join WordPress Executive Director, Josepha Haden Chomphosy, as she offers an exclusive preview of the upcoming WordPress 6.5 release, accompanied by special guest Dave Smith, one of the Editor Tech leads for this release. Don’t miss this opportunity for an insider’s look!
- WordPress 6.5 “Regina”by Matt Mullenweg on April 2, 2024 at 6:42 pm
WordPress 6.5 "Regina" is here! Named in honor of Regina Carter, renowned jazz violinist and educator, this release was made possible by over 700 contributors. Download WordPress 6.5 “Regina” today.
- WordPress 6.5 Release Candidate 4by Lauren Stein on March 28, 2024 at 4:34 pm
WordPress 6.5 RC4 is ready for download and testing. Reaching this phase of the release cycle is an important milestone. Check out what's coming in this release and how to get involved with the open source project.
- WordPress 6.5 Release Candidate 3by Lauren Stein on March 19, 2024 at 4:19 pm
WordPress 6.5 RC3 is ready for download and testing. Reaching this phase of the release cycle is an important milestone. Check out what's coming in this release and how to get involved with the open source project.
- WP Briefing: Episode 75: WordCamp Asia 2024...by Brett McSherry on March 18, 2024 at 12:00 pm
WordCamp Asia 2024 was a dynamic three-day celebration of collaboration, diversity, and innovation in the WordPress project. This week, Executive Director Josepha Haden Chomphosy shares her insights and experiences from the event, which featured one of the largest Contributor Days in the region, a […]