Andoryu Botnet Exploits Critical Ruckus Wireless Flaw for Widespread Attack

Andoryu Botnet Exploits Critical Ruckus Wireless Flaw for Widespread Attack,

A nascent botnet called Andoryu has been found to exploit a now-patched critical security flaw in the Ruckus Wireless Admin panel to break into vulnerable devices.
The flaw, tracked as CVE-2023-25717 (CVSS score: 9.8), stems from improper handling of HTTP requests, leading to unauthenticated remote code execution and a complete compromise of wireless Access Point (AP) equipment.
Andoryu was 

,

A nascent botnet called Andoryu has been found to exploit a now-patched critical security flaw in the Ruckus Wireless Admin panel to break into vulnerable devices.
The flaw, tracked as CVE-2023-25717 (CVSS score: 9.8), stems from improper handling of HTTP requests, leading to unauthenticated remote code execution and a complete compromise of wireless Access Point (AP) equipment.
Andoryu was 

, ,
https://thehackernews.com/2023/05/andoryu-botnet-exploits-critical-ruckus.html

Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users

Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users,

Twitter is officially beginning to roll out support for encrypted direct messages (DMs) on the platform, more than six months after its chief executive Elon Musk confirmed plans for the feature in November 2022.
The « Phase 1 » of the initiative will appear as separate conversations alongside existing direct messages on users’ inboxes. Encrypted chats carry a lock icon badge to visually

,

Twitter is officially beginning to roll out support for encrypted direct messages (DMs) on the platform, more than six months after its chief executive Elon Musk confirmed plans for the feature in November 2022.
The « Phase 1 » of the initiative will appear as separate conversations alongside existing direct messages on users’ inboxes. Encrypted chats carry a lock icon badge to visually

, ,
https://thehackernews.com/2023/05/twitter-finally-rolling-out-encrypted.html

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets,

GitHub has announced the general availability of a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code.
The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ago, said it’s also extending push protection to all public repositories at no extra cost.
The

,

GitHub has announced the general availability of a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code.
The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ago, said it’s also extending push protection to all public repositories at no extra cost.
The

, ,
https://thehackernews.com/2023/05/github-extends-push-protection-to.html

Cloud : Amazon, Google et Microsoft bientôt obligés de former une co-entreprise avec une société européenne ?

Cloud : Amazon, Google et Microsoft bientôt obligés de former une co-entreprise avec une société européenne ?,

Selon un nouveau projet de l’ENISA, le gendarme de la cybersécurité de l’Union européenne, les géants du cloud non européens pourraient être obligés de créer des coentreprises avec des sociétés européennes, à chaque fois qu’ils seraient amenés à traiter des « données sensibles ».

,

Selon un nouveau projet de l’ENISA, le gendarme de la cybersécurité de l’Union européenne, les géants du cloud non européens pourraient être obligés de créer des coentreprises avec des sociétés européennes, à chaque fois qu’ils seraient amenés à traiter des « données sensibles ».

, ,
https://www.01net.com/actualites/cloud-amazon-google-et-microsoft-bientot-obliges-de-former-une-co-entreprise-avec-une-societe-europeenne.html

Google Announces New Privacy, Safety, and Security Features Across Its Services

Google Announces New Privacy, Safety, and Security Features Across Its Services,

Google unveiled a slew of new privacy, safety, and security features today at its annual developer conference, Google I/O. The tech giant’s latest initiatives are aimed at protecting its users from cyber threats, including phishing attacks and malicious websites, while providing more control and transparency over their personal data.
Here is a short list of the newly introduced features –

,

Google unveiled a slew of new privacy, safety, and security features today at its annual developer conference, Google I/O. The tech giant’s latest initiatives are aimed at protecting its users from cyber threats, including phishing attacks and malicious websites, while providing more control and transparency over their personal data.
Here is a short list of the newly introduced features –

, ,
https://thehackernews.com/2023/05/google-announces-new-privacy-safety-and.html

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft,

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines.
The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023.
Akamai security

,

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines.
The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023.
Akamai security

, ,
https://thehackernews.com/2023/05/experts-detail-new-zero-click-windows.html

Sophisticated DownEx Malware Campaign Targeting Central Asian Governments

Sophisticated DownEx Malware Campaign Targeting Central Asian Governments,

Government organizations in Central Asia are the target of a sophisticated espionage campaign that leverages a previously undocumented strain of malware dubbed DownEx.
Bitdefender, in a report shared with The Hacker News, said the activity remains active, with evidence likely pointing to the involvement of Russia-based threat actors.
The Romanian cybersecurity firm said it first detected the

,

Government organizations in Central Asia are the target of a sophisticated espionage campaign that leverages a previously undocumented strain of malware dubbed DownEx.
Bitdefender, in a report shared with The Hacker News, said the activity remains active, with evidence likely pointing to the involvement of Russia-based threat actors.
The Romanian cybersecurity firm said it first detected the

, ,
https://thehackernews.com/2023/05/sophisticated-downex-malware-campaign.html

Why Honeytokens Are the Future of Intrusion Detection

Why Honeytokens Are the Future of Intrusion Detection,

A few weeks ago, the 32nd edition of RSA, one of the world’s largest cybersecurity conferences, wrapped up in San Francisco. Among the highlights, Kevin Mandia, CEO of Mandiant at Google Cloud, presented a retrospective on the state of cybersecurity. During his keynote, Mandia stated:
« There are clear steps organizations can take beyond common safeguards and security tools to strengthen their

,

A few weeks ago, the 32nd edition of RSA, one of the world’s largest cybersecurity conferences, wrapped up in San Francisco. Among the highlights, Kevin Mandia, CEO of Mandiant at Google Cloud, presented a retrospective on the state of cybersecurity. During his keynote, Mandia stated:
« There are clear steps organizations can take beyond common safeguards and security tools to strengthen their

, ,
https://thehackernews.com/2023/05/why-honeytokens-are-future-of-intrusion.html

Avortement aux États-Unis : Google ne supprime pas systématiquement l’historique de localisation

Avortement aux États-Unis : Google ne supprime pas systématiquement l’historique de localisation,

Google Maps

Google s’était engagé, en juillet dernier, à supprimer l’historique de localisation des utilisateurs se rendant dans des centres pratiquant l’avortement aux États-Unis. Ces données peuvent être utilisées en cas de poursuites dans des États américains où l’avortement est devenu interdit. Dans un cas sur deux, Google ne respecterait pas son engagement.

,

Google Maps

Google s’était engagé, en juillet dernier, à supprimer l’historique de localisation des utilisateurs se rendant dans des centres pratiquant l’avortement aux États-Unis. Ces données peuvent être utilisées en cas de poursuites dans des États américains où l’avortement est devenu interdit. Dans un cas sur deux, Google ne respecterait pas son engagement.

, ,
https://www.01net.com/actualites/avortement-aux-etats-unis-google-ne-supprime-pas-systematiquement-lhistorique-de-localisation.html

Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison

Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison,

A U.K. national has pleaded guilty in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform.
Joseph James O’Connor, who also went by the online alias PlugwalkJoe, admitted to « his role in cyberstalking and multiple schemes that involve computer hacking, including the July 2020 hack of Twitter, » the U.S. Department of

,

A U.K. national has pleaded guilty in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform.
Joseph James O’Connor, who also went by the online alias PlugwalkJoe, admitted to « his role in cyberstalking and multiple schemes that involve computer hacking, including the July 2020 hack of Twitter, » the U.S. Department of

, ,
https://thehackernews.com/2023/05/mastermind-behind-twitter-2020-hack.html