A day after the SEC filed 13 charges against Binance and CEO Changpeng Zhao, as well as BAM Trading and BAM Management, it has requested a temporary restraining order to freeze assets for all of the parties involved, according to a filing on Tuesday. The filing shows that the motion was granted. The order is
The number of vulnerabilities exploited in 2022 has grown by 55% compared to 2021, shows a new report by Palo Alto Networks’ Unit 42. The Network Threat Trends Research Report, volume 2, also suggests Linux malware emerged as a growing concern last year, particularly since 90% of public cloud instances are running on Linux. The
by Paul Ducklin Last week, Progress Software Corporation, which sells software and services for user interface development, devops, file management and more, alerted customers of its MOVEit Transfer and related MOVEit Cloud products about a critical vulnerability dubbed CVE-2023-34362. As the name suggests, MOVEit Transfer is a system that makes it easy to store and
Jun 06, 2023Ravie LakshmananMobile Security / Malvertising Thousands of adware apps for Android have been found to masquerade as cracks or modded versions of popular apps to redirect users to serve unwanted ads to users as part of a campaign ongoing since October 2022. “The campaign is designed to aggressively push adware to Android devices
Ceci Kurzman has spent much of her career building and investing in brands and serving as one of the few Black female board members for companies, including Lanvin, Revlon and Warner Music+. While investing on behalf of some clients interested in beauty and personal care, Kurzman saw a gap in what kinds of products were
Apple didn’t announce any significant AI updates during its Worldwide Developers Conference keynote today, but it did quietly roll out some minor computer vision upgrades with its latest iPhone software, iOS 17. In addition to now letting users turn their own photos into stickers by cutting out the subject of their photos, another new feature
A critical Zyxel vulnerability is being widely exploited by threat actors targeting the vendor’s network devices, researchers said. Trapa Security researchers initially discovered the OS command injection vulnerability, tracked as CVE-2023-28771. Zyxel published an advisory on April 25 disclosing the vulnerability with patches available for each of the company’s affected devices, including its firewall, VPN
A critical security threat has been discovered in the MOVEit Transfer file transfer software that would enable attackers to steal data from organizations. The zero-day vulnerability, which was uncovered by Progress last week, is an SQL injection weakness found in the managed file transfer (MFT) product. This flaw (CVE-2023-34362) can grant escalated privileges and unauthorized
Jun 05, 2023Ravie LakshmananZero Day / Cyber Attack Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. “Exploitation is often followed by deployment of a web shell with data exfiltration capabilities,” the Microsoft Threat Intelligence team
Tomorrow’s the big day, and we’re expecting big things – well, one really big thing for sure. Apple will kick of WWDC 2023 at 10AM PT Monday June 5 with its customary keynote. As ever, the event will focus on the latest versions of the company’s operating systems, namely: iOS/iPadOS 17, macOS 14 and watchOS
Welcome back to The Station, your central hub for all past, present and future means of moving people and packages from Point A to Point B. Rebecca Bellan here, and yup, I’m still steering the ship. The biggest news this week has been Elon Musk’s visit to China, a move that has the potential to
US and South Korean security agencies have issued a joint warning regarding North Korea’s use of social engineering tactics in cyber-attacks. The document was published on Thursday by the Federal Bureau of Investigation (FBI), the US Department of State, the National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS), the National Police
A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by the EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in cybersecurity education and training, released its Certified Chief Information Security Officer Hall of
YouTube was the slowest major platform to disallow misinformation during the 2020 U.S. election and almost three years later, the company will toss that policy out altogether. The company announced Friday that it would reverse its rules around election denialism, allowing some previously prohibited false claims, effective immediately. Axios first reported the changes. “In the
A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target for similar ploys They hacked into corporate emails, stole money from people and businesses, and tricked others into transferring the loot. Nigerian nationals Solomon Ekunke Okpe and Johnson Uke Obogo ran a sophisticated fraud scheme
Welcome to the TechCrunch Exchange, a weekly startups-and-markets newsletter. It’s inspired by the daily TechCrunch+ column where it gets its name. Want it in your inbox every Saturday? Sign up here. This week, I explore how one VC is feeling about a big chunk of her portfolio pivot into AI. And I have some updates
Enzo Biochem, a biotechnology company renowned for producing and distributing DNA-based tests designed to identify viral and bacterial diseases, has recently confirmed in a filing with the Securities and Exchange Commission (SEC) that it fell victim to a ransomware attack. The malicious cyber assault has exposed the confidential information of 2.47 million patients, including names,
by Paul Ducklin IT’S HARDER THAN YOU THINK No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of
Jun 03, 2023Ravie LakshmananEndpoint Security / Linux An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal. Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an “extremely high degree of similarity” between Royal and BlackSuit.
All new Tesla Model 3 vehicles will now qualify for the full $7,500 federal EV tax credit, according to a change in Tesla’s website. The EV tax credits were mandated by Congress last August as part of the Inflation Reduction Act, with the goal of ending U.S. reliance on China for batteries. The full $7,500 tax
Given the reliance of today’s digital world on APIs and the fact that attacks targeting them continue to rise sharply, API security cannot be an afterthought. Given the increasing reliance of today’s digital world on APIs and the fact that cyberattacks targeting them continue to rise sharply, API security cannot be an afterthought. Here is
On Monday, Apple is more than likely going to reveal its long-awaited augmented or mixed reality ‘Reality Pro’ headset during the keynote of its annual WWDC developer conference in California. It’s an announcement that has been tipped or teased for years now, and reporting on the topic has suggested that at various times, the project
A critical vulnerability in Progress Software’s MoveIt Transfer is under exploitation, according to a report from Rapid7. The zero-day vulnerability, which Progress disclosed Wednesday, is a SQL injection flaw that could lead to escalated privileges and potential unauthorized access in the managed file transfer (MFT) product. Currently, there is no patch available for the flaw,
Security researchers at ReversingLabs have discovered a novel attack that used compiled Python code to evade detection. According to ReversingLabs reverse engineer Karlo Zanki, this could be the first instance of a supply chain attack capitalizing on the direct execution capability of Python byte code (PYC) files. The method introduces another supply chain vulnerability for
by Paul Ducklin Researchers at firmware and supply-chain security company Eclypsium claim to have found what they have rather dramatically dubbed a “backdoor” in hundreds of motherboard models from well-known hardware maker Gigabyte. In fact, Eclypsium’s headline refers to it not merely as a backdoor, but all in upper case as a BACKDOOR. The good
Jun 02, 2023Ravie LakshmananBotnet / Malware Spanish-speaking users in Latin America have been at the receiving end of a new botnet malware dubbed Horabot since at least November 2020. “Horabot enables the threat actor to control the victim’s Outlook mailbox, exfiltrate contacts’ email addresses, and send phishing emails with malicious HTML attachments to all addresses
As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency The application programming interface (API) is an unsung hero of the digital revolution. It provides the glue that sticks together diverse software components in order to create new user
PropTech firm Aurum is acquiring NestAway, a once high-flying Indian startup operating in the same space, for up to $10.9 million, in a deal that marks a near complete erosion in value for the startup’s investors. Eight-year-old NestAway raised $115 million over the years and was valued at $227 million in a funding round in
Follow me on Twitter @Jacqmelinek for breaking crypto news, memes and more. Welcome back to Chain Reaction. Although there are a lot of builders in the crypto space, the total money being invested into the crypto market has hit 32-month lows in May. Cryptocurrency monthly exchange volume, which calculates spot market volume across all crypto
Cybersecurity firm Eclypsium has uncovered a potential backdoor in Gigabyte systems, raising concerns about the security of the technology supply chain. Writing in a blog post on Wednesday, the company explained it used its automated heuristics to detect suspicious behavior within Gigabyte systems. Further analysis revealed that firmware in these systems was dropping and executing
- 1
- 2
- 3
- …
- 311
- Next Page »