Latest Tweets

Latest Ransomware and Zero Day

The Big Feed

  • I. Overview According to the monitoring by NSFOCUS, since the beginning of 2024, a new-type botnet family with a high level of anti-tracking awareness—XorBot—has been continuously updating its versions and introducing new features, undergoing significant changes.

  • An anonymous reader quotes a report from 404 Media: Instagram is flooded with hundreds of AI-generated influencers who are stealing videos from real models and adult content creators, giving them AI-generated faces, and monetizing their bodies with links to dating sites, Patreon, OnlyFans competitors, and various AI apps. The practice, first reported by 404 Media…

  • MalBot November 21, 2024, 3:50am 1 There is an increase in SVG attachments used in phishing emails (Scalable Vector Graphics, an XML-based vector image format).

  • This Week in Rust 574

    Hello and welcome to another issue of This Week in Rust! Rust is a programming language empowering everyone to build reliable and efficient software. This is a weekly summary of its progress and community. Want something mentioned? Tag us at @ThisWeekInRust on X (formerly Twitter) or @ThisWeekinRust on mastodon.social, or send us a pull request.…

  • Maxar, or the security company working on secret projects of the US government 1. Sells satellite images of Ukraine to the Russians.2. Data of Maxar employees will be hacked. The leak is detected in a week (!) Instead of conclusions https://molfar.com/blog/chy-kupuyut-rosiyany-v-maxar-i-planet-foto-shchob-obstrilyuvaty-ukrainu

  • MITRE has released its annual list of the top 25 most dangerous software weaknesses for 2024, highlighting critical vulnerabilities that pose significant risks to software systems worldwide.

  • A race condition vulnerability in Apple’s WorkflowKit has been identified, allowing malicious applications to intercept and manipulate shortcuts on macOS systems.

  • In 2024, businesses reported taking an average of 7.3 months to recover from cybersecurity breaches – 25% longer than expected and over a month past the anticipated timeline of 5.9 months, according to Fastly.

  • The Common Weakness Enumeration (CWE) Top 25 list for 2024 has been released, and it provides a critical roadmap for addressing the most pervasive and hazardous vulnerabilities that plague modern software systems. Based on an analysis of 31,770 Common Vulnerabilities and Exposures (CVE) records, this list highlights the most critical software weaknesses that attackers could…

  • In a detailed report by Trend Micro, the emergence of a new LODEINFO malware campaign has been linked to Earth Kasha, a threat group operating within what the researchers term the APT10 Umbrella. This campaign reflects significant updates to Earth Kasha’s tactics, targeting government agencies and high-tech industries across Japan, Taiwan, and India.

  • Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software. The vulnerability, which carries a CVSS score of 10, could allow unauthenticated attackers to access sensitive data, escalate privileges, and potentially execute arbitrary code on vulnerable systems.

  • The U.S. Department of Justice announced charges against five individuals accused of orchestrating a sophisticated phishing scheme that targeted employees across the nation. The defendants allegedly stole “intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals,” according to United States Attorney Martin…

  • In this podcast Tom Uren and Patrick Gray talk about what the People’s Liberation Army cyber operators have been up to. They used to be China’s most visible cyber operators but have since disappeared.

  • Maryland continues to push the envelope on mobile driver’s license (mDL) adoption in the U.S., announcing this week the launch of a new free app that enables businesses to accept mDLs and digital IDs for in-person age verification.

  • SECON & eGISEC 2025

    SECON & eGISEC 2025KINTEX, KoreaMarch 19-21, 2025

  • The UK government has published its inaugural inclusion monitoring report on digital identity services, highlighting the results of a mandatory survey for certified digital identity providers. The survey evaluates factors such as technology, accessibility, and data collection practices to ensure services adhere to the UK’s Digital Identity and Attributes Trust Framework (DIATF). The report was…

  • Kuwait is struggling with an immense digital transition following its Vision 2035, which strives to diversify the economy and strengthen its position as a regional financial hub. A key component of this change is the emphasis on digital identity and biometric technology, which are critical for updating government services and enhancing national security.

  • Deepfake detection, not so long ago guarding a niche corner of the internet, has erupted into a veritable battle royal, as fraudsters send a stream of deepfakes into the arena, spurring the appearance of more and more defenders from the biometrics field.

  • Australian legislation could force social media firms to take steps to prevent those under 16 years of age from accessing platforms such as X, TikTok, Facebook and Instagram – Copyright GETTY IMAGES NORTH AMERICA/AFP/File Michael M. Santiago

  • Over the last few months, we’ve been working on making a number of meaningful updates to Fairwinds Insights. We’ve delivered some great new functionality that our Insights customers will definitely benefit from. One of the biggest improvements is the change to reporting Common Vulnerabilities and Exposures (CVEs) by affected workload to reporting them by image,…