China’s National Computer Network Emergency Response Technical Team warned that the open-source AI agent OpenClaw has weak default security settings that attackers could exploit to gain system control. Attackers can use prompt injection, embedding malicious instructions in web pages to trick the AI into leaking sensitive data. Researchers showed that features like link previews in […]
The Canadian government intends to ban the Flipper Zero and similar devices, citing them as tools used by thieves for car theft. The Flipper Zero is a portable pen-testing tool capable of experimenting with and debugging various hardware and digital devices through multiple protocols like RFID, radio, NFC, infrared, and Bluetooth. Users have showcased the […]
The UK’s National Cyber Security Center (NCSC) has called on law firms in the country to arm themselves against ransomware. In 2021, eighteen law firms informed the British regulator SRA that they had fallen victim to a ransomware attack. Documents from 60 court cases were stolen from one law firm and then published on the […]
2023 Data Breach Investigations Report of which the dataset currentlycontains 953,894 incidents, of which 254,968 are confirmed breaches shows that the use of stolen credentials forms 44.7% of the cases. But what else can we learn? 74% of all breaches include the human element, with people being involved either via Error,Privilege Misuse, Use of stolen […]
There is an everlasting need to mitigate Web3 Blockchain risks and security threats. Web3 applications run on blockchain platforms and are gaining popularity, but they come with security risks. Smart contracts are a major source of risk, as they can contain vulnerabilities that can be exploited by attackers. Web3 applications are also vulnerable to phishing […]
Almost half of all Dutch company websites are vulnerable to attacks by cyber criminals due to vulnerabilities in software, configurations and web services. The result is often data theft or extortion through ransomware. “Entrepreneurs are insufficiently aware of the risks,” says cybersecurity specialist ID Control based on three studies of web shops, government websites and […]
The Bundesamt für Sicherheit in der Informationstechnik (BSI), part of the German Ministry of Internal Affairs, has investigated web shops which show that they are often unsafe. Seven out of ten researched webshop platforms use vulnerable JavaScript libraries. In addition, almost all solutions had inadequate password policies and nearly half of the products use end-of-life […]
A cybersecurity insurer predicts that a 13% growth to 1,900 CVEs monthly would include 270 high-severity and 155 critical-severity vulnerabilities. The predictions are based on data collected over the last ten years. For most CVEs, the time to exploit is within 90 days of public disclosure, while the majority of exploits take place within the […]
Irish university MTU Cork has decided to close all four campuses for two days and cancel all classes due to an intrusion into its IT systems. The attack took place last weekend and would have been detected at an early stage. The university gives no details about what kind of attack it is exactly and […]
A zero-day vulnerability in FortiOS SSL VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations.” “The attacks entailed the exploitation of CVE-2022-42475, a heap-based buffer overflow flaw that could enable an unauthenticated remote attacker to execute arbitrary code via specifically crafted requests.”