lemmydev2

This one weird trick can stop Windows updates dead in their tracks Turns out Microsoft's latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to break Windows updates.…

Benjamin Mullin / New York Times: Ziff Davis sues OpenAI, alleging it used Ziff Davis' content to train AI models; sources say Ziff Davis is seeking at least hundreds of millions of dollars  —  Ziff Davis, which owns more than 45 media properties, is accusing the tech company of infringing on the publisher's copyrights and diluting its trademarks.

Internet company Yahoo Inc. — backed by owner Apollo Global Management Inc. — would bid for the Chrome web browser if a federal court orders Google to divest it as a remedy for maintaining an illegal monopoly, a senior executive said.

An alleged member of the notorious Scattered Spider cybercrime group was extradited from Spain to the US on Wednesday, according to a Department of Justice official.

ANY.RUN research identified a large-scale data leak event triggered by a false positive in Microsoft Defender XDR. The security platform incorrectly flagged benign files as malicious, leading to their automatic submission to ANY.RUN’s public sandbox for analysis. As a result, over 1,700 sensitive documents were uploaded and indexed publicly. The leak, which involved corporate data […] The post Microsoft Defender XDR False Positive Leads to Massive Data Leak of 1,700+ Sensitive Documents appeared first on Cyber Security News.

Interesting: The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors. The problem? Attackers can completely sidestep these monitored calls by leaning on io_uring instead. This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms...

Crooks exploit the death of Pope Francis, using public curiosity and emotion to launch scams and spread malware, an old tactic during global events. On April 24, 2025, after Pope Francis’ death, cybercriminals launched scams and malware attacks, exploiting public curiosity, grief, and confusion. Cybercriminals are ready to exploit any event of global interest, it […]

A new government illuminates the environmental impact of generative AI.

arXiv:2504.16836v1 Announce Type: new Abstract: The Onion Router (Tor) is a controversial network whose utility is constantly under scrutiny. On the one hand, it allows for anonymous interaction and cooperation of users seeking untraceable navigation on the Internet. This freedom also attracts criminals who aim to thwart law enforcement investigations, e.g., trading illegal products or services such as drugs or weapons. Tor allows delivering content without revealing the actual hosting address, by means of .onion (or hidden) services. Different from regular domains, these services can not be resolved by traditional name services, are not indexed by regular search engines, and they frequently change. This generates uncertainty about the extent and size of the Tor network and the type of content offered. In this work, we present a large-scale analysis of the Tor Network. We leverage our crawler, dubbed Mimir, which automatically collects and visits content linked within the pages to collect a dataset of pages from more than 25k sites. We analyze the topology of the Tor Network, including its depth and reachability from the surface web. We define a set of heuristics to detect the presence of replicated content (mirrors) and show that most of the analyzed content in the Dark Web (82% approx.) is a replica of other content. Also, we train a custom Machine Learning classifier to understand the type of content the hidden services offer. Overall, our study provides new[...]

arXiv:2504.16550v1 Announce Type: new Abstract: Intrusion Detection Systems (IDSs) are integral to safeguarding networks by detecting and responding to threats from malicious traffic or compromised devices. However, standalone IDS deployments often fall short when addressing the increasing complexity and scale of modern cyberattacks. This paper proposes a Collaborative Intrusion Detection System (CIDS) that leverages Snort, an open-source network intrusion detection system, to enhance detection accuracy and reduce false positives. The proposed architecture connects multiple Snort IDS nodes to a centralised node and integrates with a Security Information and Event Management (SIEM) platform to facilitate real-time data sharing, correlation, and analysis. The CIDS design includes a scalable configuration of Snort sensors, a centralised database for log storage, and LogScale SIEM for advanced analytics and visualisation. By aggregating and analysing intrusion data from multiple nodes, the system enables improved detection of distributed and sophisticated attack patterns that standalone IDSs may miss. Performance evaluation against simulated attacks, including Nmap port scans and ICMP flood attacks, demonstrates our CIDS's ability to efficiently process large-scale network traffic, detect threats with higher accuracy, and reduce alert fatigue. This paper highlights the potential of CIDS in modern network environments and explores future enhancements, such as integrating[...]

While AI adoption is widespread, its impact on productivity, trust, and team structure varies sharply by role and region, according to Exabeam. The findings confirm a critical divide: 71% of executives believe AI has significantly improved productivity across their security teams, yet only 22% of analysts — those closest to the tools — agree. This perception gap reveals more than a difference in opinion; it underscores a deeper issue with operational effectiveness and trust. Executives … More → The post One in three security teams trust AI to act autonomously appeared first on Help Net Security.

MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and procedures (TTPs) used to target VMware ESXi hypervisors. About MITRE ATT&CK MITRE ATT&CK is a regularly updated public knowledge base that charts how real-world threat actors behave. It also lists known/documented threat actor groups, malware, and (some) past high-profile campaigns. It’s used by cyber defenders and vendors for threat modeling and … More → The post Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs appeared first on Help Net Security.