As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain.  Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide. Data from the Imperva Threat Research team’s

This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? ????️‍♀️) We're talking password-stealing bots, sneaky extensions that spy on you, and even cloud-hacking ninjas! ???? It's enough to make you want to chuck your phone in the ocean.

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories, and their respective

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few

Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISK:STATION is an "

Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after

Over 1,500 Android devices have been infected by a new strain of Android banking malware called ToxicPanda that allows threat actors to conduct fraudulent banking transactions. "ToxicPanda's main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called on-device fraud (ODF)," Cleafy researchers Michele Roviello, Alessandro Strino

The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed

Google's cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security. "We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025," Mayank Upadhyay, vice president of engineering and distinguished engineer at

Meta has been fined 21.62 billion won ($15.67 million) by South Korea's data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent. The country's Personal Information Protection Commission (PIPC) said Meta gathered information such as

INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation. Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure. "Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59

Budget season is upon us, and everyone in your organization is vying for their slice of the pie. Every year, every department has a pet project that they present as absolutely essential to profitability, business continuity, and quite possibly the future of humanity itself. And no doubt that some of these actually may be mission critical. But as cybersecurity professionals, we understand that

The Canadian government on Wednesday ordered ByteDance-owned TikTok to dissolve its operations in the country, citing national security risks, but stopped short of instituting a ban on the popular video-sharing platform. "The decision was based on the information and evidence collected over the course of the review and on the advice of Canada's security and intelligence community and other

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers' Amazon Web Services (AWS) credentials. The package in question is "fabrice," which typosquats a popular Python library known as "fabric," which is designed to execute shell commands remotely over

Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability has been described as stemming from a lack of input validation to the web-based management

An ongoing phishing campaign is employing copyright infringement-related themes to trick victims into downloading a newer version of the Rhadamanthys information stealer since July 2024. Cybersecurity firm Check Point is tracking the large-scale campaign under the name CopyRh(ight)adamantys. Targeted regions include the United States, Europe, East Asia, and South America. "The campaign

A threat actor with ties to the Democratic People's Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices. Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware families such as

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that

Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts. The "intriguing" campaign, codenamed CRON#TRAP, starts with a malicious Windows shortcut (LNK) file likely distributed in the form of a ZIP archive via a phishing email. "What makes the CRON#

We’ve all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers (CISOs). This gap is driving the rise of the virtual CISO (vCISO) model, offering a cost-effective

High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called ElizaRAT and a new stealer payload dubbed ApoloStealer on specific victims of interest, Check Point

Let’s face it—traditional security training can feel as thrilling as reading the fine print on a software update. It’s routine, predictable, and, let’s be honest, often forgotten the moment it's over. Now, imagine cybersecurity training that’s as unforgettable as your favorite show. Remember how "Hamilton" made history come alive, or how "The Office" taught us CPR (Staying Alive beat, anyone?)?

The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier this March. The U.S. Department of Justice (DoJ)

Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT "provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer," Fortinet FortiGuard Labs researcher Xiaopeng Zhang said in an analysis published last week. "However, threat actors have

Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two critical bugs that could result in unauthenticated command execution. The flaws affect Access Points running Instant AOS-8 and AOS-10 - AOS-10.4.x.x: 10.4.1.4 and below Instant AOS-8.12.x.x: 8.12.0.2 and below Instant AOS-8.10.x.x:

Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning (ML) related open-source projects. These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published last week. The server-side weaknesses "allow attackers to hijack important servers in the

Cyber threats are intensifying, and cybersecurity has become critical to business operations. As security budgets grow, CEOs and boardrooms are demanding concrete evidence that cybersecurity initiatives deliver value beyond regulation compliance. Just like you wouldn’t buy a car without knowing it was first put through a crash test, security systems must also be validated to confirm their value.

⚠️ Imagine this: the very tools you trust to protect you online—your two-factor authentication, your car’s tech system, even your security software—turned into silent allies for hackers. Sounds like a scene from a thriller, right? Yet, in 2024, this isn’t fiction; it’s the new cyber reality. Today’s attackers have become so sophisticated that they’re using our trusted tools as secret pathways,

Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend

Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it’s now being reimagined as a powerful post-detection technology that enhances incident response processes. By leveraging behavioral insights during alert triage and investigation, SOCs can transform their workflows to become more

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in

The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said

Why is it that in every recent Presidential election I’ve found myself saying, “We’re a nation of (now) some 330 million people, and these are the best two we can pick from to lead us?” In a recent piece, Wall Street Journal defined the choice as Awful versus Empty. (Google will get you there, though […]

I was saddened to be told of the recent death of my old friend Ed Lovette. He had a long and distinguished career in military, law enforcement, and the CIA. Ed was a thinking man’s instructor. We took each other’s classes. He went through my LFI-I course back in the day , and about thirty […]

Recently saw this on YouTube, from a grandmaster competition shooter who is also in law enforcement. I agree with him. I’ve said for years that while a shooting match is not a gunfight, a gunfight most certainly is a shooting match. Competition experience makes shooting under pressure the norm. Wyatt Earp competed in the informal […]

…remind them of this. I was recently reading “Andrew Jackson and the Miracle of New Orleans” by Brian Kilmeade and Don Yeager. The War of 1812 was going badly for the Americans. The British had burned the White House, and a huge contingent of British troops was in Louisiana planning to march north in conquest. […]

This is, without doubt, the stupidest coffee device I have ever bought. But I have bought it.

I completed Mass Effect 2 a couple of days ago for the first time. This article contains spoilers…

A misspelling of former President Donald Trump's name occurred on an optional ballot review screen in Virginia, prompting an unfounded claim on social media of "election fraud." The error was a typo that appeared only on the ballot review screen, not on actual ballots, and would not affect any votes, election officials said.

The post Typo in Trump’s Name on Ballot Review Screen Is Not ‘Election Fraud’ appeared first on FactCheck.org.

Social media users have spread a quote attributed to Democratic Rep. Jamie Raskin, claiming he said "we won’t be certifying the election" if former President Donald Trump wins. Raskin responded, saying the quote is "100% fabricated" and that "America is having a free and fair election and Congress will certify the winner." The origin of the posts appears to be a misleading account of Raskin's comments in February.

The post Raskin Didn’t Say He ‘Won’t Be Certifying the Election’ appeared first on FactCheck.org.

Q: What will happen in Donald Trump’s New York state criminal case now that he is president-elect?

A: Trump is scheduled to be sentenced on Nov. 26, but the judge could decide that sentencing is no longer appropriate. If Trump does receive a sentence, it could be appealed, or the judgment could be deferred until 2029, when Trump would be out of office.

FULL QUESTION

What happens if Trump wins the election and then he gets sentenced at the end of the month?

The post Trump’s New York Case: What Happens Now? appeared first on FactCheck.org.

Some social media posts falsely claimed that CBS News reported there was "cheating" in the 2024 presidential election that benefitted President-elect Donald Trump. We found no evidence of such a report, and a CBS News spokesperson said the outlet "did not report or say there was cheating in the election."

The post Posts Falsely Claim CBS News Reported ‘Cheating’ in Election appeared first on FactCheck.org.

I was overwhelmed by the response to my last post, and so grateful for the reminder that there is still connection to be found online, I just need to push through my own self-consciousness to find it. And I have many good models for this behavior, people who are quick with a kind and supportive word, people who do not shy away from nuance.

Today I spent the day offline in the company of people like this, a small group of friends that gathers once a month to share our love of stationery: pens, ink, paper, notebooks, planners, postal mail, and the like. We sit around a big table and journal together while chatting, snacking, and drinking lattes carefully crafted by FunkyPlaid. The middle of the table soon fills with stickers, stamps, inks, and washi tapes that we’ve brought to share with each other.

As I look around the table at these treasured people, I think about how much work goes into building community. Healthy communities take intention, upkeep, energy, and shared values. This gathering happens every month because we invest all of this into making it happen. As hosts, FunkyPlaid and I make sure people feel cared for with food and drink in a clean and welcoming space. As guests, everyone brings what they want to share, and expresses interest in what they are interested in (and refrains from expressing disdain for what they aren’t).

It’s a lot of work, joyful work. And this work results in a day each month to anticipate, and memories to hold close the rest of the month. I hope never to take this community for granted.

- JOE ABERCROMBIE, The Devils

For more info about this title, follow this Amazon Associate link.

Oh, this is going to be good!!!

TJ Klune's Somewhere Beyond the Sea is down four positions, ending the week at number 5. For more info about this title, follow this Amazon Associate link.

Abigail Owen's The Games Gods Play is down one spot, finishing the week at number 6. For more info about this title, follow this Amazon Associate link.

Rebecca Yarros' Iron Flame is down one position, ending the week at number 9. For more info about this title, follow this Amazon Associate link.

Rebecca Yarros' Fourth Wing is down four positions, ending the week at number 15. For more info about this title, follow this Amazon Associate link.

In paperback:

Rebecca Yarros' Fourth Wing debuts at number 1. For more info about this title, follow this Amazon Associate link.

Sarah J. Maas' A Court of Thorns and Roses is up one position, ending the week at number 3. For more info about this title, follow this Amazon Associate link.

Sarah J. Maas' A Court of Mist and Fury is up five positions, ending the week at number 7. For more info about this title, follow this Amazon Associate link.

Stephen King's Holly is down four spots, finishing the week at number 15. For more info about this title, follow this Amazon Associate link.

Rebecca Yarros' Iron Flame is up three positions, ending the week at number 6. For more info about this title, follow this Amazon Associate link.

TJ Klune's Somewhere Beyond the Sea is down three positions, ending the week at number 8. For more info about this title, follow this Amazon Associate link.

Abigail Owen's The Games Gods Play is down five spots, finishing the week at number 11. For more info about this title, follow this Amazon Associate link.

In paperback:

Rebecca Yarros' Fourth Wing mtaintains its position at number 1. For more info about this title, follow this Amazon Associate link.

Sarah J. Maas' A Court of Thorns and Roses maintains its position at number 3. For more info about this title, follow this Amazon Associate link.

Sarah J. Maas' A Court of Mist and Fury is down four positions, ending the week at number 11. For more info about this title, follow this Amazon Associate link.

Raven Kennedy's Goldfinch debuts at number 14. For more info about this title, follow this Amazon Associate link.

Stephen King's Holly maintains its position at number 15. For more info about this title, follow this Amazon Associate link.