Posted by Oliver Chang, OSS-Fuzz team Since launching in 2016, Google’s free OSS-Fuzz code testing service has helped get over
Vendor specific news
Vendor announcements
Detecting credential access without losing cred
Experts from Red Canary, MITRE, and CrowdStrike share detection and testing guidance to keep credentials out of the wrong hands.Red
Password-stealing “vulnerability” reported in KeePass – bug or feature?
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed
Password-stealing “vulnerability” reported in KeePass – bug or feature?
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed
Latest
Rootpipe Reborn (Part II)
@CodeColorist continues writing about bugs, such as CVE-2019-8521 and CVE-2019-8565 that provide a mechanism to elevate privileges to root on
OneNote Documents Increasingly Used to Deliver Malware
Key Findings: The use of Microsoft OneNote documents to deliver malware via email is increasing. Multiple cybercriminal threat actors are
7 Key Takeaways for Financial Services from Recent Research
Although the financial services cybersecurity programs are some of the most mature in the world, cybercriminals continue to find ways
ChatGPT: Is its use of people’s data even legal?
In the world of AI and machine learning, the sudden massive popularity of language learning models is a hot topic.
GitHub code-signing certificates stolen (but will be revoked this week)
There was a breach, so the bad news isn’t great, but the good news isn’t too bad…Naked SecurityRead More
The White House on Quantum Encryption and IoT Labels
A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered
Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin
On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin
Serious Security: MD5 considered harmful – to the tune of $600,000
It’s not just the hashing, by the way. It’s the salting and the stretching, too!Naked SecurityRead More
Book review: How has social media rewired our minds?
With the reinstatement of previously banned Twitter luminaries including Donald Trump and Kathy Griffin, now’s the perfect time to do
Accidentally Crashing a Botnet
As part of our research into the cryptomining botnet kmsdbot, we rendered it useless.BlogRead More
Abuse of Privilege Enabled Long-Term DIB Organization Hack
From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to an advanced cyberattack on a
Taming Big SAP Data Landscapes
New workload-optimized, six to 16-socket servers deliver performance and scale to support the largest SAP HANA TDI environments.Blog | DellRead
Under the Hood: Dell PowerProtect Data Manager
An overview of the architecture of Dell’s software-defined data protection platform.Blog | DellRead More
Dell Technologies Named CRN’s 2022 Tech Innovator Award Winner
Dell VxRail satellite and dynamic nodes named Winner in the Hyperconverged Infrastructure category.Blog | DellRead More
TikTok “Invisible Challenge” porn malware puts us all at risk
An injury to one is an injury to all. Especially if the other people are part of your social network.Naked
Configuration Probing: Your Backups Might Be Your Greatest Weakness
Configuration files exist to make life easier for developers and website operators. In a world without configuration files, every instance
Getting Personal About Employee IT Needs
Workforce personas help ensure employees have the right technology to be most productive and have a positive user experience.Blog |
Expanding API Security Awareness at API World
API security should be a primary concern for organizations. Learn about the three principles of APIs to help protect against
Pro Bono at Dell: Giving Our Expertise Year-round
How team members can lend their time and talent pro bono to support nonprofits creating meaningful impact around the world.Blog
Wordfence 7.8.0 Is Out! Here Is What Is Included
Wordfence 7.8.0 is out! A huge thanks to our quality assurance team, our team of developers and our ops team
28th November– Threat Intelligence Report
For the latest discoveries in cyber research for the week of 28th November, please download our Threat Intelligence Bulletin. Top
Chrome fixes 8th zero-day of 2022 – check your version now
There isn’t a rhyme to remind you which months have browser zero-days… you just have to keep your eyes and
Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown
Those numbers or names that pop up when a call comes up? They’re OK as a hint of who’s calling,
S3 Ep110: Spotlight on cyberthreats – an expert speaks [Audio + Text]
Latest episode – security expert John Shier explains what the real-life cybercrime stories in the Sophos Threat Report can teach
Speed up your computer with these 5 quick tips
When you turn on your computer in the morning, do you have enough time to brew a cup of coffee
CryptoRom “pig butchering” scam sites seized, suspects arrested in US
Five tips to keep yourself, and your friends and family, out of the clutches of “chopping block” scammers…Naked SecurityRead More
Security Culture Matters when IT is Decentralized
Decentralization can make enterprises more agile but it also makes IT and network security more complex. Creating a strong security
WannaRen Returns as Life Ransomware, Targets India
This blog entry looks at the characteristics of a new WannaRen ransomware variant, which we named Life ransomware after its
Audience Hijacking ? A Retailer?s Grinch This Holiday Season
Understand the significant threat that audience hijacking poses to customer online buying journeys and retailers? revenue this holiday season.BlogRead More
Looking for love in all the wrong (internet) places
We have seen scams trying to lure guys into relationships for many years. This was so common that back in
Mind the Gap
By Ian Beer, Project Zero Note: The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor,
How to hack an unpatched Exchange server with rogue PowerShell code
Review your servers, your patches and your authentication policies – there’s a proof-of-concept outNaked SecurityRead More
Five Ways to Improve Security Through Modern Endpoint Management
Struggling with an IT-security gap? Learn how modern endpoint management helps strengthen your security profile.Blog | DellRead More
64 x 400GbE: A Faster, Greener Data Center
Data centers are scaling up to accommodate the continuous growth of network traffic.Blog | DellRead More
Demystifying Observability in the SRE Process
Dell IT shares a closer look at observability techniques that can help your organization improve site stability with SRE.Blog |
Wartime Sparks Unpredictable Shifts in DDoS Targeting
DDoS cyberattacks targeting European customers on the Akamai Prolexic platform are increasing worldwide, In response, Akamai unveiled its new DDoS
Manage Akamai Features at the Edge with EdgeWorkers and EdgeKV
EdgeWorkers and EdgeKV lets you set feature flags that tailor content to different website visitors.BlogRead More
Driving our Customers’ Businesses Forward
Dell Technologies is helping customers and partners realize their digital future in any environment.Blog | DellRead More
How social media scammers buy time to steal your 2FA codes
The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server… but the
21st November– Threat Intelligence Report
For the latest discoveries in cyber research for the week of 21st November, please download our Threat Intelligence Bulletin. Top
Secure, Isolate and Recover Critical Data with Google Cloud
Dell expands Google Cloud portfolio with PowerProtect Cyber Recovery vault to recover critical data from cyberattacks.Blog | DellRead More
Bringing Dell Data Services and Software Innovations to AWS
Helping organizations bring cloud capabilities to the enterprise and enterprise capabilities to public clouds.Blog | DellRead More
Four Steps: Effective API Security Using a Digital Bonding Strategy
Focus on API security as part of your digital bonding strategy, because APIs are already connecting your business activities.BlogRead More
Moving Sustainability Forward with Dell APEX
Dell APEX, by design, is a significant step forward in embracing Dell’s commitment to the Green Data Center.Blog | DellRead
Managing Your Organization’s Digital Transformation Costs with Dell APEX
Learn how businesses like yours are investing in digital transformation, featuring Forrester research.Blog | DellRead More
Enabling Open Embedded Systems Management on PowerEdge Servers
Simplify and scale IT operations with Open Embedded Systems Management.Blog | DellRead More
Akamai Is Delighted to Partner with Teneo and Bytes Software Services
Akamai?s partnerships with Teneo and Bytes Software Solutions help us to adapt, grow, and innovate in an ever-changing landscape.BlogRead More
Earth Preta Spear-Phishing Governments Worldwide
We break down the cyberespionage activities of advanced persistent threat (APT) group Earth Preta, observed in large-scale attack deployments that
S3 Ep109: How one leaked email password could drain your business
Latest episode – listen now! Cybersecurity news plus loads of great advice…Naked SecurityRead More
Black Friday and retail season – watch out for PayPal “money request” scams
Don’t let a keen eye for bargains lead you into risky online behaviour…Naked SecurityRead More
Coming Soon: Backup Target from Dell APEX
Focus on innovation, not infrastructure, with backup storage from Dell APEX.Blog | DellRead More
Simplified Data Protection – the New PowerProtect Data Manager Appliance
Modern and secure multicloud data protection made easy.Blog | DellRead More
Dell Delivers Cyber Recovery Guarantee
Increase confidence in data recovery.Blog | DellRead More
What?s New for Developers: November 2022
Read about the EdgeGrid PHP client update, EdgeWorkers news, the Terraform Provider 3.0 release, and the new Build, Deliver &
How to be a savvy online shopper this holiday season
With the holiday shopping season starting earlier and earlier, you’ve probably already jumped into the world of holiday online shopping
Global Cyber Risk at Elevated Level
North America Least Prepared for CyberattacksTrend Micro Research, News and PerspectivesRead More
Talking Democratization of Citizen Services with Oswaldo Mestre, Jr.
In this episode of TechBeat, AB welcomes Oswaldo Mestre, Jr., Director of Citizen Services and Chief Services Officer for the
Email Security Best Practices for Phishing Prevention
Trend Micro Research reported a 137.6% growth in phishing attacks blocked and detected in 2021. Explore the latest phishing trends
City of Buffalo 311 Receives Global Recognition from Smart City Expo World Congress
In just 48 hours, collaboration between the City of Buffalo, the University of Buffalo, and Cisco enabled the city’s call
Costa Rica State of Emergency Declared After Ransomware Attacks
In late April, after weeks of major ransomware attacks, Costa Rica declared a state of emergency. Newly-elected President Rodrigo Chaves
Firefox fixes fullscreen fakery flaw – get the update now!
What’s so bad about a web page going fullscreen without warning you first?Naked SecurityRead More
The New Face of Hacktivism
For decades, hacktivism has been associated with groups like Anonymous. Recently, though, something has changed. An entirely new kind of
Build the Private 5G Network of Your Dreams
Achieving your business’ 5G connectivity dreams doesn’t have to be a challenge. Dell Technologies Services makes it a simple reality.Blog
SD-WAN Integration: Routing Traffic to Optimize Network Performance
Optimize network performance with SD-WAN integration to automatically route traffic to the nearest Akamai Secure Internet Access point of presence.BlogRead
Pilfered Keys: Free App Infected by Malware Steals Keychain Data
Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused
Dell Technologies Helps Power NASA’s Artemis I to the Moon
Talk about mission critical systems.Blog | DellRead More
Will Cloud-Native Network Security Oust Firewalls?
Security threats have already begun to outpace cloud firewalls. It’s a fact. But organizations exploring new cloud-native solution find themselves
Electricity/Energy Cybersecurity: Trends & Survey Response
Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper
Using AI as an offensive cyber weapon
AI is a double-edged sword. It has enabled the creation of software tools that have helped to automate tasks such
Log4Shell-like code execution hole in popular Backstage dev tool
Researchers at cloud coding security company Oxeye have written up a critical bug that they recently discovered in the popular
Not Just for the Government: Using the NIST Framework to Secure WordPress
When setting up a WordPress website, it is easy to focus on the look and feel of the website, while
Akamai?s Perspective on November?s Patch Tuesday
Every Patch Tuesday stirs up the community. See Akamai’s insights and recommendations on what to focus on, and patch, patch,
Tackle Your Cloud Challenges, One Scenario at a Time
Forrester?s quick start cards cover 18 common issues with cloud migrations and operations, and suggest actions to mitigate each one.BlogRead
Deliver AI at any Scale: Dell/NVIDIA Enterprise Architecture
Deploy and manage the world’s most demanding AI models at any scale with a flexible, modular, enterprise-ready technology stack.Blog |
“Gucci Master” business email scammer Hushpuppi gets 11 years
Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world…Naked SecurityRead More
Innovation by Design
Concept Luna drives revolutionary ideas to inspire the future of sustainable product design.Blog | DellRead More
Catch the AI Wave with Powerful Super Computing Solutions
Dell accelerates AI-driven outcomes.Blog | DellRead More
Speed is Currency in Financial Services
New Dell Validated Design enables financial services to analyze data faster to improve customer experiences and outpace competitors.Blog | DellRead
Shift into High Gear with High Performance Computing
Dell APEX High Performance Computing enables you to focus on innovation, we manage the rest.Blog | DellRead More
14th November– Threat Intelligence Report
For the latest discoveries in cyber research for the week of 14th November, please download our Threat Intelligence Bulletin. Top
Protect Your Data from the Most Sophisticated Cyberthreats
Content-based analysis with advanced machine learning delivers confidence that data can be recovered from sophisticated cyberthreats.Blog | DellRead More
Dangerous SIM-swap lockscreen bypass – update Android now!
A bit like leaving the front door keys under the doormat…Naked SecurityRead More
Accelerated Computing Specialists – ebb3
Learn about Dell’s partnership with ebb3 in delivering technology solutions for architecture, engineering and construction companies.Blog | DellRead More
Kominfo Selects Cisco to Power First-Ever Hybrid G20 Summit in Indonesia
Indonesia’s Ministry of Communication and Information (Kominfo) has selected Cisco to power the first-ever hybrid G20 2022 Summit in Bali,
New phishing campaign posing as Spain’s Tax Agency
There’s a brand new phishing campaign on the run in Spain that poses as the Spanish Tax Agency, Agencia Tributaria. blog.avast.com
Improve user security with UX design using these tips
Neglecting user security puts users at risk financially, professionally and even sometimes physically. When it comes to user experience, we
CVE-2019-8561: A Hard-to-Banish PackageKit Framework Vulnerability in macOS
This blog entry details our investigation of CVE-2019-8561, a vulnerability that exists in the macOS PackageKit framework, a component used
Dell PowerEdge Servers – Accelerating Performance with AMD for What’s Next
Looking for world-record performance that requires less space in a data center and that can be air-cooled, look no further.Blog
S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?
Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks – listen now!Naked SecurityRead More
Twitter Blue means bad things for the platform’s security
Shortly after acquiring Twitter, Elon Musk announced that Twitter will be launching an $8 monthly subscription that gives users the
KmsdBot: The Attack and Mine Malware
Akamai security research has observed a new malware: a cryptominer with dreams of DDoS functionality. Read about kmdsbot in this
Evolving Digital Experiences at the Edge
The modern application has evolved and shifted to the edge. This inevitable adoption is improving the digital experience for end
Operational Considerations for Open RAN
What are the key operator considerations for deployment of Open RAN.Blog | DellRead More
World Cup 2022: Watch out for scams
In less than two weeks, the largest sporting event in the world will begin: The FIFA World Cup 2022. According
Emergency code execution patch from Apple – but not an 0-day
Not a zero-day, but important enough for a quick-fire patch to one system library…Naked SecurityRead More
4 Types of Cyber Crime Groups
Discover the four main types of cyber crime groups: access as a service, ransomware as a service, bulletproof hosting, and
Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!
In all the excitement, we kind of lost count ourselves. Were there six 0-days, or only four?Naked SecurityRead More
Driving Machine Learning Solutions to Success Through Model Interpretability
A data science project’s success or failure can rest on a few key factors. Discover how to increase your chances
Collaboration is Key to a More Secure Future
Deepening the Dell and National Cybersecurity Alliance relationship.Blog | DellRead More
On-Ramping Traffic to a Cloud-Based Secure Web Gateway
Though cloud-based secure web gateways (SWGs) eliminate many problems, it?s important to select the right approach to on-ramping traffic based