The Hacker News Daily Updates.

"Google Authenticator App introduces cloud backup for TOTP codes."

Views expressed in this cybersecurity, cybercrime, cyber espionage update are those of the reporters and correspondent.  Accessed on 25 April 2023, 1432 UTC.  Content provided by email subscription to "The Hacker News Daily Updates."

Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGsmNNrDCpxlDFdscdHbKdDprhT ("The Hacker News Daily Updates")

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Hacker News Daily Updates

Audience Hijacking in 2023: What It Is and How to Combat It In this survey report, you’ll discover what your industry peers are doing to combat audience hijacking and affiliate fraud. Download Now Sponsored

LATEST NEWS Apr 25, 2023

Modernizing Vulnerability Management: The Move Toward Exposure Management Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding ... Read More

Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week.  The Apple device management company attributed ... Read More

Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis Google's cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape.  Powering the cybersecurity suite is Sec-PaLM, a specialized large language model (LLM) that's "fine-tuned for security use cases." The idea is to take advantage of the latest advances in AI to ... Read More

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) to the cloud. "This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and ... Read More

Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris's endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher and Ivan Kwiatkowski said in an analysis published today. "The threat actor targets government ... Read More

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack. "The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before ... Read More

Study: 84% of Companies Use Breached SaaS Applications - Here's How to Fix it for Free! A recent review by Wing Security, a SaaS security company that analyzed the data of over 500 companies, revealed some worrisome information. According to this review, 84% of the companies had employees using an average of 3.5 SaaS applications that were breached in the previous 3 months. While this is concerning, it isn't much of a surprise. The exponential growth in SaaS usage has security ... Read More

Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri revealed in a report published last week. The plugin in question is Eval PHP, released by a developer named flashpixx. It allows users to insert PHP code pages and posts of WordPress sites that's then executed every time the posts ... Read More

Audience Hijacking in 2023: What It Is and How to Combat It In this survey report, you’ll discover what your industry peers are doing to combat audience hijacking and affiliate fraud. Download Now Sponsored