New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

A new variant of the Mirai botnet exploits CVE-2024-3721 to target DVR systems, using a new infection method. Researchers from Russian cybersecurity firm Kaspersky discovered a new variant of... Read more »

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

BadBox 2.0 malware has infected millions of IoT devices globally, creating a botnet used for cyber criminal activities, the FBI warns. The FBI published a Public Service Announcement (PSA)... Read more »

Balancing cybersecurity and client experience for high-net-worth clients

In this Help Net Security interview, Renana Friedlich-Barsky, EVP and CISO at LPL Financial, discusses how threat actors are targeting high-net-worth clients and exploiting digital touchpoints in wealth management.... Read more »

CISOs, are you ready for cyber threats in biotech?

The threat landscape in the bioeconomy is different from what most CISOs are used to. It includes traditional risks like data breaches, but the consequences are more complex. A... Read more »

fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic

fiddleitm is an open-source tool built on top of mitmproxy that helps find malicious web traffic. It works by checking HTTP requests and responses for known patterns that might... Read more »

US lawmakers say UK has ‘gone too far’ by attacking Apple’s encryption

US politicians are calling for Congress to rewrite the US Cloud Act to prevent the UK issuing orders to require US tech companies to introduce ‘backdoors’ in end-to-end encrypted... Read more »

Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques

Using the MITRE ATT&CK framework as a baseline, organizations are generally improving year-over-year in understanding security information and event management (SIEM) detection coverage and quality, but plenty of room... Read more »

Employees repeatedly fall for vendor email compromise attacks

In just 12 months, attackers attempted to steal more than $300 million via vendor email compromise (VEC), with 7% of engagements coming from employees who had engaged with a... Read more »

Over 950K weekly downloads at risk in ongoing supply chain attack on Gluestack packages

A supply chain attack hit NPM, threat actors compromised 16 popular Gluestack packages, affecting 950K+ weekly downloads. Researchers from Aikido Security discovered a new supply chain attack targeted NPM,... Read more »

Security Affairs newsletter Round 527 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new... Read more »
Subscribe to our Newsletter