Cybersecurity

#IvantiWorkspaceControl hardcoded key flaws expose #SQL credentials

https://www.bleepingcomputer.com/news/security/ivanti-workspace-control-hardcoded-key-flaws-expose-sql-credentials/

#Ivanti #IWC #cybersecurity

How can #OpenSource AI boost European digital sovereignty?

Why is #cybersecurity a critical dimension of the open source agenda?

During the #OSAwards project, we aim to explore some of the most intriguing questions of the current open source landscape.

Eleven open source experts. Two webinars. One playlist.

Replay the #OSAwards conversations and subscribe to stay tuned for future webinars: https://www.youtube.com/@EuropeanOpenSourceAcademy/playlists

Join us June 26 at the #openSUSE Conference in #Nuremberg for a full day of #workshops focused on the #Cyber Resilience Act (#CRA) & #NIS2 Directive.
How will new #EU laws shape the future of #opensource? Discover what #SMEs need to know!
#CyberSecurity https://events.opensuse.org/

#Apple will end support for #Intel Macs next year, macOS 27 will require Apple Silicon

https://9to5mac.com/2025/06/09/apple-will-end-support-for-intel-macs/

#Mac #AppleSilicon #cybersecurity

Stolen #Ticketmaster data from #Snowflake attacks briefly for sale again

https://www.bleepingcomputer.com/news/security/stolen-ticketmaster-data-from-snowflake-attacks-briefly-for-sale-again/

#cybersecurity #DataBreach #music

Over 84,000 #Roundcube instances vulnerable to actively exploited flaw

https://www.bleepingcomputer.com/news/security/over-84-000-roundcube-instances-vulnerable-to-actively-exploited-flaw/

#cybersecurity

#Paragon says it canceled contracts with #Italy over government’s refusal to investigate #spyware attack on journalist

https://techcrunch.com/2025/06/09/paragon-says-it-cancelled-contracts-with-italy-over-governments-refusal-to-investigate-spyware-attack-on-journalist/

#cybersecurity #privacy #journalism #politics

#Sensata Technologies says personal data stolen by #ransomware gang

https://www.bleepingcomputer.com/news/security/sensata-technologies-says-personal-data-stolen-by-ransomware-gang/

#cybersecurity #privacy #DataBreach

#Grocery wholesale giant #UnitedNaturalFoods hit by #cyberattack

https://www.bleepingcomputer.com/news/security/grocery-wholesale-giant-united-natural-foods-hit-by-cyberattack/

#UNFI #food #cybersecurity #WholeFoods #Amazon

"In a victory for personal privacy, a New York federal district court judge today granted a preliminary injunction in a lawsuit challenging the U.S. Office of Personnel Management’s (OPM) disclosure of records to DOGE and its agents.

Judge Denise L. Cote of the U.S. District Court for the Southern District of New York found that OPM violated the Privacy Act and bypassed its established cybersecurity practices under the Administrative Procedures Act. The court will decide the scope of the injunction later this week. The plaintiffs have asked the court to halt DOGE agents’ access to OPM records and for DOGE and its agents to delete any records that have already been disclosed. OPM’s databases hold highly sensitive personal information about tens of millions of federal employees, retirees, and job applicants.

“The plaintiffs have shown that the defendants disclosed OPM records to individuals who had no legal right of access to those records,” Cote found. “In doing so, the defendants violated the Privacy Act and departed from cybersecurity standards that they are obligated to follow. This was a breach of law and of trust. Tens of millions of Americans depend on the Government to safeguard records that reveal their most private and sensitive affairs.”"

https://www.eff.org/press/releases/privacy-victory-judge-grants-preliminary-injunction-opmdoge-lawsuit

#USA #Trump #Musk #DOGE #OPM #CyberSecurity #Privacy #DataProtection

New #Mirai #botnet infect #TBK #DVR devices via command injection flaw

https://www.bleepingcomputer.com/news/security/new-mirai-botnet-infect-tbk-dvr-devices-via-command-injection-flaw/

#cybersecurity

Threat Actor Claims #TikTok Breach, Puts 428 Million Records Up for Sale

https://hackread.com/threat-actor-tiktok-breach-428-million-records-sale/

#cybersecurity #DataBreach #privacy

#Trump administration takes aim at #Biden and #Obama #cybersecurity rules

https://techcrunch.com/2025/06/07/trump-administration-takes-aim-at-biden-and-obama-cybersecurity-rules/

#politics

#Malware found in #NPM packages with 1 million weekly downloads

https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/

#cybersecurity

Malicious #npm packages posing as utilities delete project directories

https://www.bleepingcomputer.com/news/security/malicious-npm-packages-posing-as-utilities-delete-project-directories/

#cybersecurity

#Apple warns #Australia against joining #EU in mandating #iPhone app #sideloading

https://www.neowin.net/news/apple-warns-australia-against-joining-eu-in-mandating-iphone-app-sideloading/

#cybersecurity #privacy

After its data was wiped, #KiranaPro’s co-founder cannot rule out an external hack

https://techcrunch.com/2025/06/06/after-its-data-was-wiped-kiranapros-co-founder-cannot-rule-out-an-external-hack/

#cybersecurity #India #groceries

A cybersecurity issue left phone numbers linked to Google accounts completely vulnerable, according to a researcher. It would take an hour to obtain a U.S. number, eight minutes for a U.K. one and less than a minute for some other countries.

"Phone numbers are a goldmine for SIM swappers. A researcher found how to get this precious piece of information from any Google account," writes @josephcox@infosec.exchange for @404media.

https://flip.it/zBdlAw

#Google #Cybersecurity #OnlinePrivacy #Tech #TechNews

#Citibank emailed me an alert. The same bank that constantly warns me about email scams. And, yet, they misconfigured their email so it comes as a spoofed email. My email provider delivered it anyway because Citi has a "relaxed" policy in their DNS that says that EMAIL FROM A SPOOFING SERVER CAN BE DELIVERED so long as the signature passes. Yep, servers spoofing them are not a major red flag and the email should be delivered to the inbox anyway. The email provider is not to blame here.

A major bank should not do it this way.

The spoofing SMTP server check failed because the sending IP address is not authorized by Citibank's SPF record for info6.citi.com to send their email. This has been going on for years. Do you want Citibank email from a server not authorized by them to send it?

This relaxed attitude by corporations is why people get scammed.

Authentication-Results: mail.protonmail.ch; spf=fail smtp.mailfrom=info6.citi.com
Authentication-Results: mail.protonmail.ch; arc=none smtp.remote-ip=173.213.5.122

#citi #CyberSecurity #EmailSecurity

#NewYork state lawmakers vote to stop #NYPD’s attempt to block radio communications from public

https://nypost.com/2025/06/05/us-news/new-york-state-lawmakers-vote-to-stop-nypds-attempt-to-block-radio-communications-from-public/

#cybersecurity

Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight

https://www.wired.com/story/cybercriminals-are-hiding-malicious-web-traffic-in-plain-sight/

#cybercrime #cybersecurity

Report on the Malicious Uses of #AI

https://www.schneier.com/blog/archives/2025/06/report-on-the-malicious-uses-of-ai.html

#OpenAI #ChatGPT #cybersecurity

New #PathWiper data wiper #malware hits critical infrastructure in #Ukraine

https://www.bleepingcomputer.com/news/security/new-pathwiper-data-wiper-malware-hits-critical-infrastructure-in-ukraine/

#cybersecurity

Critical #Fortinet flaws now exploited in #Qilin #ransomware attacks

https://www.bleepingcomputer.com/news/security/critical-fortinet-flaws-now-exploited-in-qilin-ransomware-attacks/

#cybersecurity

"We disclose a novel tracking method by Meta and Yandex potentially affecting billions of Android users. We found that native Android apps—including Facebook, Instagram, and several Yandex apps including Maps and Browser—silently listen on fixed local ports for tracking purposes.

These native Android apps receive browsers' metadata, cookies and commands from the Meta Pixel and Yandex Metrica scripts embedded on thousands of web sites. These JavaScripts load on users' mobile browsers and silently connect with native apps running on the same device through localhost sockets. As native apps access programatically device identifiers like the Android Advertising ID (AAID) or handle user identities as in the case of Meta apps, this method effectively allows these organizations to link mobile browsing sessions and web cookies to user identities, hence de-anonymizing users' visiting sites embedding their scripts.

This web-to-app ID sharing method bypasses typical privacy protections such as clearing cookies, Incognito Mode and Android's permission controls. Worse, it opens the door for potentially malicious apps eavesdropping on users’ web activity."

https://localmess.github.io/

#CyberSecurity #Android #Meta #Yandex #Surveillance #Privacy #DataProtection #GDPR #MobileApps