North Korean hackers stole at least $600m in cryptocurrency in 2023, around a third of the total value of such heists, according to blockchain intelligence firm TRM. Despite the eye-watering sum, this figure represents a 30% reduction on cryptocurrency stolen by Democratic People’s Republic of Korea (DPRK)-linked hackers compared to 2022, at $850m. The researchers
Month: January 2024
Steeped in AI and the security risks of its use, the 2023 SANS Holiday Hack Challenge was an enrichening experience of navigating a series of 21 objectives that tested and broadened multiple cybersecurity skills. The best challenges for me were hunting down AI hallucinations in a pentest report, escalating privileges on a Linux system, searching
Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, “only 59% of organizations say their cybersecurity strategy has changed over the past two years.” This stagnation in strategy adaptation can be traced back to several key issues. Talent Retention Challenges: The cybersecurity field is rapidly advancing,
Cyber-attacks targeting Web3 cost organizations $1.84bn in 2023 across 751 incidents, according to Certik’s Hack3d: The Web3 Security Report 2023. The average cost per incident was $2.45m in 2023. However, there was a wide disparity between the losses suffered, with the 10 most costly attacks alone accounting for $1.11bn. The highest costs occurred in Q3,
Video What are some of the key cybersecurity trends that people and organizations should have on their radars this year? 05 Jan 2024 As 2024 dawns, it’s time to look ahead to the challenges that are set to face people and organizations across the world this year. In this week’s video, ESET Chief Security Evangelist
Jan 06, 2024NewsroomMalware / Cyber Attack The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice. The findings come from cybersecurity company ClearSky, which said the Windows-based malware “crashes the operating system in a way that it cannot be rebooted.” The intrusions have been attributed to an Iranian
The US Justice Department (DoJ) announced that 19 individuals involved in managing and using the late xDedic cybercrime marketplace have been charged with lengthy prison sentences. The list includes two xDedic administrators, Pavlo Kharmanskyi, a Ukrainian man who was arrested while trying to enter the US, and Alexandru Habasescu, of Moldovan nationality, who was arrested
How To Losing your keys, your wallet – or anything else, really – can be a pain, but there is a wide world of trackers that can help you locate your missing things – with awesome accuracy Márk Szabó 04 Jan 2024 • , 6 min. read Ever had that brief moment of worry when
Jan 06, 2024NewsroomCyber Espionage / Supply Chain Attack Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands have been targeted as part of a new cyber espionage campaign undertaken by a Türkiye-nexus threat actor known as Sea Turtle. “The infrastructure of the targets was susceptible to supply chain
DNA testing firm 23andMe has argued the victims are responsible for the breach of highly sensitive genomics data on its systems last year. In a written reply to Tycko & Zavareei LLP, a law firm representing victims of the breach in a class action lawsuit filed in the courts in November 2023, 23andMe accused users
Picture this: you stumble upon a concealed secret within your company’s source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute
Security experts have begun the year in combative mood after a leading security vendor called on the US government to ban ransomware payments. Noted for its work in ransomware decryption, Emsisoft revealed new analysis this week claiming that 2207 US hospitals, schools and government entities were directly impacted by ransomware in 2023. It argued that
Jan 04, 2024NewsroomCryptocurrency Miner / Malware Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices. The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken
Russian intelligence hacked online surveillance cameras to spy on air defense activities and critical infrastructure in Kyiv ahead of recent missile strikes, the Security Service of Ukraine (SSU) has revealed. The Kremlin was able to remotely control two residential cameras, which it used to collect information to target critical infrastructure in Ukraine’s capital Kyiv. This
As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike,
Court cases and tribunals in Australia have been impacted by a cybersecurity incident, with attackers potentially accessing recordings of hearings, according to the Court Services Victoria (CSV). The CSV revealed the incident in a statement on January 2, 2024. This public notice came some 12 days after the CSV was first alerted to the cyber
Jan 02, 2024The Hacker NewsBrowser Security / Threat Protection Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it
Jan 01, 2024NewsroomEncryption / Network Security Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection’s security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS score: 5.9), the exploit has been described as the