Microsoft is warning investors it may receive a fine from European privacy regulators adding up to at least hundreds of millions of dollars over targeted advertising on its LinkedIn social network.
KeePass has addressed the CVE-2023-32784 vulnerability, which allowed the retrieval of the clear-text master password from the client’s memory. The company fixed the bug with the release of KeePass version 2.54.
The database was exposed on May 16, 2023. Researchers identified the exposure on May 25, 2023, and since then, the information has remained exposed. Currently, the server holds over 100,000 customer records, totaling 400 GB in size.
Microsoft says SMB signing (aka security signatures) will be required by default for all connections to defend against NTLM relay attacks, starting with today’s Windows build (Enterprise edition) rolling out to Insiders in the Canary Channel.
The issue, disclosed last week by firmware and hardware security company Eclypsium, is that the firmware of more than 270 Gigabyte motherboards drops a Windows binary that is executed at boot-up to fetch and execute a payload from Gigabyte’s servers.
Online sellers are being targeted in a new campaign launched this week to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks.
The documentary, BREAKING the CODE: Cyber Secrets Revealed, reveals that the Australian Signals Directorate developed three payloads it could deploy to ISIL fighters’ smartphones and PCs “without ISIL having to interact with the device in any way.”
Mandiant has attributed the attack to UNC4857, a new threat cluster, and named the delivered webshell LemurLoot. Microsoft, on the other hand, is confident that the threat actor behind the Cl0p ransomware is responsible for the attack.
Forced verification and deepfake cases multiply at alarming rates in the UK and continental Europe, according to Sumsub. In Germany alone, forced verification grew by 1500% as a proportion of all fraud cases to 5% of all fraud in Q1 2023.
At institutions like the University of Texas at Austin, MIT, the University of Georgia, and UC Berkeley, cyber clinics are working to protect local institutions from cyber threats by training and deploying students to government and community groups.