Bleeping Computer

MAY 6, 2023

Twitter disclosed that a 'security incident' caused private tweets sent to Twitter Circles to show publicly to users outside of the Circle. [.

Technology 138

Technology 138

The Hacker News

MAY 6, 2023

An advanced persistent threat (APT) actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism.

Encryption 101

Encryption 101

Malwarebytes

MAY 6, 2023

We like to imagine we’re in total control of our desktop experience, carefully curated to look and work the way we want it to. However, every so often a story comes along which reminds us how little control we have when the big players notice one another's existence. A recent Windows update really wants you to use Edge instead of rival browsers, to the extent that some features in those rival browsers are breaking.

Adware 98

Adware Software Media Ransomware 98

Security Affairs

MAY 6, 2023

A reflected cross-site scripting vulnerability is the Advanced Custom Fields plugin for WordPress exposed over 2 million sites to hacking. Assetnote researchers discovered a reflected cross-site scripting vulnerability, tracked as CVE-2023-29489 (CVSS score: 6.1), in the Advanced Custom Fields plugin for WordPress. The ACF field builder allows users to quickly and easily add fields to WP edit screens with only the click of a few buttons.

Authentication 98

Authentication Hacking Engineering Cybersecurity 98

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

MAY 6, 2023

Google and Apple have announced that they are looking for input from industry participants and advocacy groups on a draft specification to alert users in the event of suspected unwanted tracking. Samsung, Tile, Chipolo, eufy Security, and Pebblebee have stated that they will support the specification in future products. The specification will consist of a set of best practices and protocols for accessory manufacturers whose products have built-in location-tracking capabilities.

Manufacturing 96

Manufacturing Technology Ransomware 96

Security Affairs

MAY 6, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues

Data breaches 97

Data breaches Malware Mobile Spyware 97

Security Affairs

MAY 6, 2023

A security problem caused the public sharing of private tweets sent to Twitter Circles to users outside of the Circle, the company admitted. Since August 2022, the Twitter Circle feature allows users to send tweets to a restricted circle of users, these messages are not visible to Twitter users outside the Circle. As reported by BleepingComputer , around April 7, some Twitter users noticed the issue.

Hacking 95

Hacking Accountability Risk Cybersecurity 95

SecureBlitz

MAY 6, 2023

Facial recognition technology is now more than six decades old. In the 1960s, a research team conducted experiments on whether computers could recognize faces. Researchers used a primitive tool to map eyes, hairlines, and noses. The computer’s job was to find matches, but it failed. Modern-day advances More recently, developers unveiled what is now known […] The post How Far Have Facial Recognition Searches Come?

Technology 78

Technology Cybersecurity 78

Security Affairs

MAY 6, 2023

The FBI disrupted once again the illegal eBook library Z-Library the authorities seized several domains used by the service. The Federal Bureau of Investigation (FBI) seized multiple domains used by the illegal shadow eBook library Z-Library. Z-Library is the world’s largest illegal library and claims to offer more than 11 million e-books for download.

Accountability 87

Accountability Hacking Cybersecurity Cybercrime 87

Bleeping Computer

MAY 6, 2023

A new proof-of-concept (PoC) exploit for an actively exploited PaperCut vulnerability was released that bypasses all known detection rules. [.

80

80

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

MAY 6, 2023

Plus: Apple and Google plan to stop AirTag stalking, Meta violated the FTC’s privacy order, and how to tell if your car is tracking you.

Hacking 79

Hacking 79

Security Boulevard

MAY 6, 2023

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Enigma 2023 – Justin Brookman – ‘What Public Interest AI Auditors Can Learn From Security Testing: Legislative And Practical Wins’ appeared first on Security Boulevard.

Education 52

Education InfoSec Cybersecurity 52

SecureWorld News

MAY 6, 2023

In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes. Dd (Catharina) Budiharto is the founder of Cyber Point Advisory LLC, a fractional CISO firm providing cybersecurity advisory services to small and mid-size businesses (SMBs).

Cybersecurity 58

Cybersecurity CISO Government InfoSec 58