Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain unauthorized access to cloud resources. “This case does highlight an inherent risk in using service tags as a single mechanism for vetting incoming network […]
Cyber News
@Levi B. “Those who are not familiar with the term “bit-squatting” should look that up” Are you sure you want to go down that rabbit hole? It’s an instant of a general class of problems that are never going to go away. And why in “Web servers would usually have error-correcting (ECC) memory, in which […]
Cyber News
Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People’s Republic of China (PRC). “The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. foreign affairs,” Google Threat Analysis Group (TAG) researcher Billy Leonard said in […]
Cyber News
Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus. The phishing attacks were aimed at a pharmaceutical company, a Russian research institute dealing with microbiology and vaccine development, and the aviation sector, expanding beyond their initial focus of […]
Cyber News
Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system. According to DEVCORE security researchers, the shortcoming […]
Cyber News
Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an “explorable visual timeline” by capturing screenshots of what appears on users’ screens every five seconds, which are […]
Cyber News
Why Threat Modeling Is a Game-Changer for Your Cybersecurity Strategy As cyber threats become more sophisticated and relentless, staying a step ahead isn’t just an advantage—it’s essential. Traditional “wait and react” security measures aren’t enough anymore. Businesses need a proactive approach that goes beyond defense and into prediction, which is where threat modeling comes in. […]
Cyber Thoughts
Peru has set a lower squid quota for 2024. The article says “giant squid,” but that seems wrong. We don’t eat those. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Cyber News
This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, […]
Cyber News