Notices tagged with cybersecurity, page 5

#Chrome extensions with 6 million installs have hidden tracking code

https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/

#privacy #cybersecurity

CVE fallout: The splintering of the standard vulnerability tracking system has begun

#CVE #Cybersecurity #Commentary #IT #Standardization

https://go.theregister.com/feed/www.theregister.com/2025/04/18/splintering_cve_bug_tracking/

CISA has updated the KEV catalogue.

- CVE-2025-31200: Apple Multiple Products Memory Corruption Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-31200

- CVE-2025-31201: Apple Multiple Products Arbitrary Read and Write Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-31201

- CVE-2025-24054: Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-24054 #CISA #cybersecurity #infosec #Apple #Microsoft

Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes clearances

#Trump #Cybersecurity #SentinelOne #ChrisKrebs #ExecutiveOrder

https://go.theregister.com/feed/www.theregister.com/2025/04/17/krebs_quits_sentinelone/

Security Firm @SophosXOps published another report, this one on incidents at small and medium-sized businesses by @thepacketrat and Anna Szalay. One of the things I always look for in these reports are easy #cybersecurity wins -- and this report has a bunch of them.

First off - take a look at this chart: Top 15 dual-use tools. Imagine the pain you can cause threat actors by blocking the use of these tools and disrupting their playbooks!

For #cybersecurity experts, that spike in #data leaving the system is a key indicator of a #breach, Berulis explained.

When Berulis asked his IT colleagues whether they knew why the data was exfiltrated or whether anyone else had been using containers to run code on the system in recent weeks, no one knew anything about it or the other unusual activities on the network….

#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity

Russ Handorf, who served in the #FBI for a decade in various #cybersecurity roles, also reviewed Berulis' extensive technical forensic records & analysis….

"All of this is alarming," he said. "If this was a publicly traded company, I would have to report this [breach] to the Securities and Exchange Commission…."

#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity

CVE, global source of cybersecurity info, was hours from being cut by DHS

#DHS #Cybersecurity #LastMinuteSave #CyberthreatIntelligence #Takeover

https://arstechnica.com/security/2025/04/crucial-cve-flaw-tracking-database-narrowly-avoids-closure-to-dhs-cuts/

In the very last minute, CISA extends funding to ensure 'no lapse in critical CVE services' for the next 11 months. Potential catastrophe of epic proportions averted....for now.

https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/

#cve #security #mitre #infosec #cybersecurity #cisa

📣 EMERGENCY UPDATES 📣

Apple pushed updates for 2 new zero-days that may have been actively exploited.

🐛 CVE-2025-31200 (CoreAudio),
🐛 CVE-2025-31201 (RPAC):
- iOS and iPadOS 18.4.1
- macOS Sequoia 15.4.1
- tvOS 18.4.1
- visionOS 2.4.1

#apple #cybersecurity #infosec #security #ios

Russians lure European diplomats into malware trap with wine-tasting invite

#Malware #CozyBear #CyberSecurity #ProvenTactics #RussianHacking

https://go.theregister.com/feed/www.theregister.com/2025/04/16/cozy_bear_grapeloader/

Hackers retain access to over 14,000 Fortinet VPNs, public scans by Shadowserver Foundation have revealed.

#hack #cybersecurity #Fortinet #VPN

https://cnews.link/fortinet-hackers-maintaining-access-despite-patches-1/

The CVE program going away is the least of my worries. Not saying it's not important, it absolutely is. But compared to secret police and concentration camps it's nothing.

#CVE #mitre #cybersecurity

Holy Shit (for the second time today)!

Mitre says their US government funding for CVE expires tomorrow and this is going to be a total catastrophe of epic proportions.

https://www.nextgov.com/cybersecurity/2025/04/mitre-backed-cyber-vulnerability-program-lose-funding-wednesday/404585/

#cve #security #mitre #infosec #cybersecurity

Outstanding and alarming reporting by @npr here on what appears to be major violations of security and data privacy protocol by the DOGE folks on National Labor Relations Board Data. Big props to the brave whistleblower, Daniel Berulis, who has come forward despite receiving threatening notes with personal information and pictures taken from overhead (drones?) of him walking his dog.
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
#cybersecurity #doge #privacy

From yesterday.

KrebsonSecurity: Trump Revenge Tour Targets Cyber Leaders, Elections https://krebsonsecurity.com/ @briankrebs #cybersecurity #infosec

Holy Shit!

This is a huge must-read on a brave whistleblower revealing DOGE staff disabling monitoring tools, deleted logs, and even one staffer tried to log in via a Russian IP address.

https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security

#privacy #security #whistleblower #infosec #cybersecurity

& data has nothing to do w/making the govt more efficient or cutting spending.

Meanwhile, acc/to the disclosure & records of internal comms, members of the #DOGE team asked that their activities not be logged on the system & then appeared to try to cover their tracks behind them, turning off monitoring tools & manually deleting records of their access—evasive behavior several #cybersecurity experts compared to what #criminal or #StateSponsored #hackers might do.

#law #Trump #Musk #InfoSec

The #whistleblower's account is corroborated by internal documentation & was reviewed by 11 technical experts across other govt agencies & the private sector. In total, NPR spoke to >30 sources across govt, private sector, #labor movement, #cybersecurity & #law enforcement who had their own concerns about how #DOGE & the #Trump admin might be handling sensitive #data, & the implications for its exposure. The following account comes from the whistleblower's ofcl disclosure & interviews w/ #NPR.

For #cybersecurity professionals, a failure to log activity is a cardinal sin & contradicts best practices as recommended by the National Institute of Standards & Technology [#NIST] & the #DHS's #CISA, as well as the #FBI & the #NSA.

"That was a huge red flag," said Berulis. "That's something that you just don't do. It violates every core concept of security & best practice."

#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity