-
CVE-2022-30190: Zero Click Zero Day in Microsoft Support Diagnostic Tool Exploited in the Wild
PRIVACY PRIVACY CVE-2022-30190: Zero Click Zero Day in Microsoft Support Diagnostic Tool Exploited in the Wild Microsoft confirms remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that has been exploited in the wild since at least April. Background On May 27, a security researcher going by nao_sec posted on Twitter about an “interesting”…
-
So Many CVEs, So Little Time: Zero In and ‘Zero Click’ into the Current Vulnerability Landscape
PRIVACY PRIVACY Among the thousands of vulnerabilities disclosed so far in 2022, we highlight five and explain why they matter. With over 6,000 vulnerabilities disclosed this year, cyber security teams have faced, as usual, a challenge to keep up, especially as a number of these software bugs have captured significant media attention. In this article,…
-
The Limits of Cyber Operations in Wartime
PRIVACY PRIVACY Interesting paper by Lennart Maschmeyer: “The Subversive Trilemma: Why Cyber Operations Fall Short of Expectations“: Abstract: Although cyber conflict has existed for thirty years, the strategic utility of cyber operations remains unclear. Many expect cyber operations to provide independent utility in both warfare and low-intensity competition. Underlying these expectations are broadly shared assumptions…
-
Three BEC Suspects Arrested in “Killer Bee” Sting
PRIVACY PRIVACY Interpol helps Nigerian investigators pounce Read More
-
Security and Human Behavior (SHB) 2022
PRIVACY PRIVACY Today is the second day of the fifteenth Workshop on Security and Human Behavior, hosted by Ross Anderson and Alice Hutchings at the University of Cambridge. After two years of having this conference remotely on Zoom, it’s nice to be back together in person. SHB is a small, annual, invitational workshop of people…
-
UK Privacy Tsar: Stop Excessive Data Collection from Rape Victims
PRIVACY PRIVACY Information commissioner wants immediate end to the practice Read More
-
Conti ransomware explained: What you need to know about this aggressive criminal group
PRIVACY PRIVACY Conti has been one of the most aggressive ransomware operations over the past two years and continues to victimize many large companies as well as government, law enforcement and healthcare organizations. Researchers warn that unlike other ransomware groups that generally care about their reputation, Conti doesn’t always deliver on its promises to victims.…
-
5 top deception tools and how they ensnare attackers
PRIVACY PRIVACY Security-savvy organizations understand that it’s best to assume that their systems are breached. It’s one reason why zero-trust architectures get so much attention nowadays, and it’s why more enterprises have threat hunters who go on the lookout for attackers that are already active on their networks. This practice has grown popular because threats…
-
Turkish Airline Exposes Flight and Crew Info in 6.5TB Leak
PRIVACY PRIVACY Misconfigured AWS bucket to blame for privacy snafu Read More
-
Hacker steals Verizon employee database after tricking worker into granting remote access
PRIVACY PRIVACY A database of contact information for hundreds of Verizon employees is in the hands of cybercriminals, after a member of staff was duped into granting a hacker access to their work PC. Read more in my article on the Hot for Security blog. Read More