Feed aggregator

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-38475 Apache HTTP Server Improper Escaping of Output Vulnerability
• CVE-2023-44221 SonicWall SMA100 Appliances OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released two Industrial Control Systems (ICS) advisories on May 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-121-01 KUNBUS GmbH Revolution Pi
   
• ICSMA-25-121-01 MicroDicom DICOM Viewer

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

It's time to start your garden. You can get seeds, plants and more delivered straight to your door with these garden delivery services.

Check out these free and easy-to-use internet speed tests online to ensure you get the speeds you’re paying for.

Commvault has shared indicators of compromise associated with the exploitation of a vulnerability by state-sponsored hackers.

The post More Details Come to Light on Commvault Vulnerability Exploitation appeared first on SecurityWeek.

The owner of Facebook and WhatsApp has forecast an increase in CapEx due to higher IT infrastructure costs to power its AI strategy

There's new and better technology out there, but passwords just won't go away.

Article URL: https://karpathy.bearblog.dev/vibe-coding-menugen/

Comments URL: https://news.ycombinator.com/item?id=43856240

Points: 1

# Comments: 0

Article URL: https://www.bloomberg.com/news/features/2025-04-30/elon-musk-s-spacex-is-forming-a-city-government-in-starbase-texas

Comments URL: https://news.ycombinator.com/item?id=43856236

Points: 1

# Comments: 1

Article URL: https://stephenfollows.com/p/what-netflixs-patents-reveal

Comments URL: https://news.ycombinator.com/item?id=43856225

Points: 1

# Comments: 0

Article URL: https://worklifenotes.com/2025/04/30/practical-guide-to-ntia-compliant-sbom/

Comments URL: https://news.ycombinator.com/item?id=43856213

Points: 1

# Comments: 0

Article URL: https://ostwilkens.se/blog/sun-coverage

Comments URL: https://news.ycombinator.com/item?id=43856208

Points: 2

# Comments: 0

In an online world filled with extraordinarily sophisticated cyberattacks—including organized assaults on software supply chains, state-directed exploitations of undiscovered vulnerabilities, and the novel and malicious use of artificial intelligence (AI)—small businesses are forced to prioritize a different type of cyberattack: The type that gets through.

Without robust IT budgets or fully staffed cybersecurity departments, small businesses often rely on their own small stable of workers (including sole proprietors with effectively zero employees) to stay safe online. That means that what worries these businesses most in cybersecurity is what is most likely to work against them.

Here are the three biggest cybersecurity threats to small businesses right now. They may sound basic or even crude, but they are the biggest threats precisely because they are so effective.

1. Phishing

In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts.

Cybercriminals do this by sending messages—like emails and texts—disguised as legitimate communications from major businesses (think Slack, Uber, FedEx, and Google). These messages frequently warn recipients about a problem with their accounts, like a password that needs to be updated, a policy change that requires a login, or a delayed package that has to be approved.

But when victims follow the links within these malicious messages, they are brought to a website that, while appearing genuine, is completely controlled by cybercriminals. Lured in by similar color schemes, company logos, and familiar layouts, victims “log in” to their account by entering their username and password. In reality, those usernames and passwords are delivered directly to cybercriminals on the other side of the website.

In phishing attacks, there never is a genuine problem with a user’s account, and there never is a real request for information from the company. Instead, the entire back-and-forth is a charade.

As devastating as this is, the more complex threat of phishing lies in its adaptability. Whereas early phishing scams arrived almost entirely through emails, modern phishing scams can reach victims through malicious websites, text messages, social media, and even mobile app downloads.

In 2024, Malwarebytes found more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Disguised as apps such as TikTok, Spotify, and WhatsApp, these Android apps can trick victims into handing over their associated usernames and passwords when asking them to login.

Understandably, some small business owners might discount the threat of losing their login credentials to consumer tools like Spotify and TikTok. But here, the threat of phishing is compounded by another enormous problem in cybersecurity, which is that too many individuals and businesses reuse passwords across multiple accounts. That means that email login credentials that were successfully stolen in a phishing scam could also provide access to a small business’s financial accounts, payroll services, and even tax info.

Further, if a hacker were to use their wrongful access to steal customer data, then a small business might also have to front the cost for sending out data breach notifications, per their state’s regulations.

How to protect your business:

• Use unique, strong passwords for each online account and store and create these passwords using a password manager
• Enable “multifactor authentication” on all important business accounts so that hackers who steal passwords cannot access accounts with only usernames and passwords
• Do not click on links from unknown senders
• If you’re asked for login information through an email or online message, do not input your login info in the email or through whatever link you’re directed towards. Instead, navigate to the site directly.

2. Social media account takeover

Social media is not just a vital tool for promoting many small businesses, it can often be the entire business itself.

YouTube video creators, Twitch streamers, and lifestyle influencers on TikTok and Instagram are effectively small business owners. They make a product and they earn revenue just like many online businesses—through ads and sponsored partnership deals.

If any of these social media business owners lost their login credentials through a phishing scam or data breach, they could potentially lose access to their entire operation.

In 2023, famous YouTube tech personality Linus Sebastian suffered a hack of three different YouTube channels associated with his company, Linus Media Group. The hackers hijacked the channels to spread cryptocurrency scams, while deleting some of the group’s old videos in the process. The attack was largely reminiscent of a 2022 YouTube account hack that repurposed a 2018 interview with Apple CEO Tim Cook to fool viewers into following a separate cryptocurrency scam.

Both incidents reveal the real threat to small businesses everywhere.

Social media account hacks are not only a risk to content creators—they’re a risk to any business with a legitimate online audience. Once scammers have control of any business’s social media account, they can send fraudulent messages to people on the business’s behalf and promote online scams that could tarnish the business’s reputation for years to come. Hackers could even swipe sensitive information before access is restored.

While social media hacks are often the byproduct of successful phishing attacks, cybercriminals can also gain wrongful access to a social media account through separate data breaches.

Hackers frequently buy usernames and passwords on the dark web from prior data breaches. They then use those login credentials on a variety of online accounts that belong to the same owner—entering the username and password for, say, a breached LinkedIn account into the username and password fields for QuickBooks, Shopify, and Hubspot. When people and businesses reuse passwords across accounts, hackers find an easy way in.

How to protect your business:

• Use unique, strong passwords for each account and store and create these passwords using a password manager
• Enable “multifactor authentication” on all important business accounts so that hackers who steal passwords cannot access accounts with only usernames and passwords
• Avoid phishing attacks by refusing to click on links from unknown senders
• Do not download any attachments from unknown senders or from unexpected emails. These attachments could contain malware that steals passwords, data, and multifactor authentication codes.

3. Ransomware

Ransomware is more than a cyberthreat—it is an existential one, threatening to lock down computer systems, remove vital data, and waste potentially hundreds of thousands of dollars in recovery.

But because most ransomware news coverage focuses on major, multibillion dollar corporations that get hit with disruptive attacks, many boutique businesses might assume that ransomware gangs would never bother with a small outfit like theirs.

In reality, ransomware gangs do not care about the size, budget, or resources of their victims, because ransomware itself has become increasingly easy to scale and deploy.

Modern gangs operate on a “Ransomware-as-a-Service” model, where ransomware developers lease out their malicious software to “affiliates” who, if successful in launching an attack, return a small portion of their ill-gotten gains back to the ransomware developers at the top. LockBit, which was once the most active ransomware gang in history, had at least 194 affiliates doing its dirty work.

While LockBit most frequently attacked large conglomerates and governments, another Ransomware-as-a-Service group called Phobos was more than happy to prey on smaller organizations.

In 2024, when the US Department of Justice charged a Russian national named Evgenii Ptitsyn for his alleged involvement into running Phobos, its indictment revealed that one of the ransomware gang’s affiliates allegedly extorted a Maryland-based healthcare provider out of just $2,300. Other victims cited in the indictment included a marketing and data analytics firm in Arizona, a Connecticut public school system, and an automotive company out of Ohio.

According to data analyzed by Malwarebytes’ business unit ThreatDown, these smaller victims were the bread and butter of Phobos. Unlike other ransomware gangs that demanded up to $1 million or more from each victim in 2023, Phobos operators demanded an average of $1,719 from victims, with a median demand of just $300.

How to protect your business:

• Block common forms of entry. Patch known vulnerabilities in internet-facing software and disable or harden the login credentials for remote work tools like RDP ports and VPNs.
• Prevent intrusions and stop malicious encryption. Stop threats early before they can infiltrate or infect your endpoints. Use always-on cybersecurity software that can prevent exploits and malware used to deliver ransomware.
• Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
• Don’t get attacked twice. Once you’ve isolated an outbreak and stopped a first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Article URL: https://lwn.net/Articles/1019217/

Comments URL: https://news.ycombinator.com/item?id=43856195

Points: 1

# Comments: 0

Article URL: https://nerimity.com

Comments URL: https://news.ycombinator.com/item?id=43856193

Points: 1

# Comments: 0

Article URL: https://www.theregister.com/2025/04/30/gpu_pcie_droop/

Comments URL: https://news.ycombinator.com/item?id=43856189

Points: 1

# Comments: 0

Article URL: https://seattlein2025.org/2025/04/30/statement-from-worldcon-chair-2/

Comments URL: https://news.ycombinator.com/item?id=43856188

Points: 1

# Comments: 0

Article URL: https://alexwlchan.net/2025/copying-sqlite-databases/

Comments URL: https://news.ycombinator.com/item?id=43856186

Points: 2

# Comments: 0

Article URL: https://tandasat.github.io/blog/2025/04/02/sss.html

Comments URL: https://news.ycombinator.com/item?id=43856170

Points: 1

# Comments: 0

ESET has analyzed Spellbinder, the IPv6 SLAAC spoofing tool Chinese APT TheWizards uses to deploy its WizardNet backdoor.

The post Chinese APT’s Adversary-in-the-Middle Tool Dissected appeared first on SecurityWeek.