Scams Phone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victims Phil Muncaster 18 Jan 2024 • , 4 min. read It’s every parent’s worst nightmare. You get a call from an unknown number and on the other end of the line hear
Month: January 2024
Jan 20, 2024NewsroomZero Day / Cyber Espionage An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. “UNC3886 has a track record of utilizing zero-day vulnerabilities
Russian threat group Coldriver has expanded its targeting of Western officials with the use of malware to steal sensitive data, Google’s Threat Analysis Group (TAG) has revealed. Coldriver, AKA Star Blizzard, is linked to Russia’s intelligence service, the FSB. It is known to focus on credential phishing campaigns targeting high-profile NGOs, former intelligence and military
Scams, Digital Security Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible deal Phil Muncaster 17 Jan 2024 • , 5 min. read If you’re on social media or use Google Shopping, the chances are you’ve
In the current digital landscape, data has emerged as a crucial asset for organizations, akin to currency. It’s the lifeblood of any organization in today’s interconnected and digital world. Thus, safeguarding the data is of paramount importance. Its importance is magnified in on-premises Exchange Server environments where vital business communication and emails are stored and
One of the UK’s leading cybersecurity agencies has announced plans to convene a new group of industry experts who will help it track existing and emerging threats to the nation. The National Cyber Security Centre (NCSC) said its new Cyber League would bring together both its own and third-party experts to “work on the biggest
Jan 18, 2024NewsroomSupply Chain Attacks / AI Security Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to “conduct a supply chain compromise of TensorFlow releases on GitHub and PyPi by compromising
With elections expected to occur in over 50 countries in 2024, the misinformation threat will be top of mind. OpenAI, the developer of the AI chatbot ChatGPT and the image generator DALL-E, has announced new measures to prevent abuse and misinformation ahead of big elections this year. In a January 15 post, the firm announced
Business Security By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk Phil Muncaster 16 Jan 2024 • , 5 min. read Cloud computing is an essential component of today’s digital landscape. IT infrastructure, platforms and software are more likely to
Jan 17, 2024NewsroomBotnet / Cloud Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for “victim identification and exploitation in target networks.” A Python-based malware, AndroxGh0st was first documented by Lacework in December 2022, with the
Crypto heists increased in volume by 42% in 2023, with 283 incidents, according to an analysis by consumer awareness firm Comparitech. This compares to 199 crypto theft incidents in 2022. However, the total monetary value stolen in 2023 fell by 51% in 2022, from $3.55bn to $1.75bn. Worryingly, $16.93m of crypto has already been stolen
Jan 16, 2024NewsroomBotnet / Malware The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South Korea. WebHard, short for web hard drive, is a popular online file storage system used to upload, download, and share files in the country. While webhards
The British Library has begun restoring its online services as it continues to recover from last year’s ransomware attack. Sir Roly Keating, Chief Executive at the institution, confirmed in a blog post that the main British Library catalogue will return online on Monday, January 15. This includes details of its printed books, journals, maps, music
Jan 15, 2024NewsroomOperational Technology / Network Security Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if successfully exploited, could allow attackers to execute arbitrary code on affected systems. Romanian cybersecurity firm Bitdefender, which discovered the flaw in Bosch BCC100 thermostats last August, said the issue could be
Cybercriminal are exploiting employee desires for job satisfaction and orgnaizations’ promise of benefits with a flurry of phishing scams. Pay raises, promotions, holiday bonuses and other ‘life-impacting’ updates are attractive phishing lures, email security provider Cofense warned in a January 10 blog post. A typical approach is to embed links to commodity software used by
Video The cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC’s X account right ahead of the much-anticipated decision about Bitcoin ETFs 12 Jan 2024 The US Securities and Exchange Commission’s (SEC) X account was hacked this week to post an unauthorized tweet
Jan 14, 2024NewsroomCyber Attack / Vulnerability The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout show. The intrusions, which targeted around 22 Danish energy organizations in May 2023, occurred in two distinct waves, one which exploited a
The US Cybersecurity and Infrastructure Security Agency (CISA) has urged critical infrastructure organizations to address vulnerabilities affecting nine industrial control systems (ICS) products. The report, dated January 11, 2024, highlighted a series of high and critical severity vulnerabilities in products widely used in sectors like energy, manufacturing and transportation. Users and administrators in these sectors
Business Security How wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risks Mario Micucci 11 Jan 2024 • , 4 min. read In the untold expanse of online information and communication, the ability to find the signal in the noise and discern the authenticity of data
Jan 13, 2024NewsroomVulnerability / Network Security Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. “An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series
A vulnerability has been discovered in a popular Bosch smart thermostat, allowing potential attackers to send commands to the device and replace its firmware, according to Bitdefender. The vulnerability impacts the Wi-Fi microcontroller that acts as a network gateway for the thermostat’s logic microcontroller. The Bosch smart thermostat products BCC101, BCC102 and BCC50, from version
Mobile Security WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don’t get taken for a ride. Phil Muncaster 10 Jan 2024 • , 5 min. read Mobile applications make the world go round. Instant communication services are among the most popular apps on iOS and Android alike – US
Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a necessity. In this context, Mike Tyson’s famous adage, “Everyone
Cyber threat intelligence giant Mandiant has shared the results of its investigation on its recent X account hijacking following a wave of crypto-related X account hacks. On January 3, 2024, the X (formerly Twitter) account of Mandiant, a subsidiary of Google Cloud, was taken over and began sending its 123,5000 followers links to a cryptocurrency
Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stop The least surprising headline from 2023 is that ransomware again set new records for a number of incidents and the damage inflicted. We saw new headlines every week, which included a who’s-who of big-name organizations. If MGM, Johnson
The global cyber insurance market is projected to be worth $90.6bn by 2033, at a growth rate of 22.3% CAGR from 2023, according to an analysis by Market.Us. The industry is expected to reach $14.8bn by the end of 2024, a significant rise from a projected valuation of $12.1bn in 2023. The report highlighted the
We Live Progress Is AI companionship the future of not-so-human connection – and even the cure for loneliness? Imogen Byers 09 Jan 2024 • , 7 min. read Modern technology permeates almost every facet of our lives, shaping our day-to-day in ways both subtle and obvious – and indeed in ways we probably never anticipated.
IT professionals have developed a sophisticated understanding of the enterprise attack surface – what it is, how to quantify it and how to manage it. The process is simple: begin by thoroughly assessing the attack surface, encompassing the entire IT environment. Identify all potential entry and exit points where unauthorized access could occur. Strengthen these
A new decryptor key has been created for victims of the Babuk Tortilla ransomware variant, Cisco Talos has confirmed. These keys will be added to a generic Babuk decryptor previously created by Avast Threat Labs. This will enable users to download the single decryptor containing all currently known Babuk keys. Targeting Babuk Ransomware Variations Babuk
Jan 09, 2024The Hacker NewsSaaS Security / Data Security Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to files, repositories, and boards can be shared with anyone, anywhere. This encourages teamwork that helps create