Jul 10, 2024NewsroomData Breach / Malware A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious
admin
Evolve Bank & Trust, a prominent US banking-as-a-service company, has recently confirmed that a cyber-attack earlier in 2024 compromised the personal data of millions of customers. In a statement filed with Maine’s attorney general on July 8, Evolve confirmed that the breach affected at least 7.6m individuals, including over 20,000 customers in Maine. This disclosure
Jul 09, 2024NewsroomVulnerability / Network Security Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances. “The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks,” InkBridge
Cybersecurity researchers have uncovered a new advanced persistent threat (APT) targeting Russian government entities, dubbed CloudSorcerer. This sophisticated cyberespionage tool, discovered by Kaspersky in May 2024 and discussed in an advisory published by the firm on June 8, is designed for stealth monitoring, data collection and exfiltration, utilizing Microsoft Graph, Yandex Cloud and Dropbox for
Jul 08, 2024NewsroomCyber Espionage / Cloud Security A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, the tradecraft adopted by the threat actor bears similarities with that
Brazil’s National Data Protection Authority (ANPD) has issued a preventive measure halting Meta’s processing of personal data for the training of artificial intelligence (AI) systems. The action comes in response to concerns over the company’s updatedprivacy policy, which permits the use of publicly available data and user-generated content from platforms like Facebook, Messenger and Instagram
Jul 05, 2024The Hacker NewsCloud Security / Attack Surface The attack surface isn’t what it once was and it’s becoming a nightmare to protect. A constantly expanding and evolving attack surface means risk to the business has skyrocketed and current security measures are struggling to keep it protected. If you’ve clicked on this article, there’s
The EU Commission has opened applications for over €210m ($227.3m) in funding for cybersecurity and digital skills programs. The latest funding round of the Digital Europe Programme (DEP) will provide €35m ($37.8m) to projects protecting large industrial installations and critical infrastructures. A further €35m will be used for the deployment of state-of-the-art cybersecurity technologies and
Video Social media sites are designed to make their users come back for more. Do laws restricting children’s exposure to addictive social media feeds have teeth or are they a political gimmick? 04 Jul 2024 Social media platforms have become a near-constant presence in our daily lives. They are a great tool to stay connected
Jul 05, 2024NewsroomNetwork Security / DDoS Attack French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European
Vinted, the leading online platform for second-hand sales, has been fined €2,385,276 ($2,582,730) for breaching the EU’s General Data Protection Regulation (GDPR) in relation to personal data deletion requests. The fine was issued on July 2 by the Lithuanian Data Protection Office (VDAI), the country where Vinted UAB’s global headquarters are based. It follows a
Scams, Social Media Here’s how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platform Christian Ali Bravo 01 Jul 2024 • , 4 min. read As one of today’s most popular social media platforms, YouTube is often in
Jul 05, 2024The Hacker NewsCybersecurity / Identity Protection Identity theft isn’t just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don’t be caught off guard. Join us for a groundbreaking
Europol has released a position paper today highlighting significant challenges posed by privacy enhancing technologies (PET) in home routing to lawful interception by law enforcement. The report emphasizes that home routing, which allows telecommunications service providers to maintain services for customers traveling abroad by routing communications through the home network, creates barriers for law enforcement
Scams From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation Christian Ali Bravo 03 Jul 2024 • , 5 min. read Booking.com has become one of the main go-to platforms for travelers looking for holiday accommodation deals, but also for services like car rentals
Jul 04, 2024NewsroomVulnerability / Critical Infrastructure Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition. “The [remote code execution] vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load
WordPress plugins are currently facing significant security risks due to a recent discovery detailed in a security advisory published by Patchstack today. The advisory references a Polyfill supply chain attack initially reported on June 25 by Sansec. This attack targets Polyfill.js, a widely used JavaScript library that enables modern functionality on older web browsers lacking native
Artificial Intelligence (AI) is a hot topic at the moment. It’s everywhere. You probably already use it every day. That chatbot you’re talking to about your lost parcel? Powered by conversational AI. The ‘recommended’ items lined up under your most frequently brought Amazon purchases? Driven by AI/ML (machine learning) algorithms. You might even use generative
Jul 03, 2024The Hacker NewsOSINT / Artificial Intelligence Recently the Office of the Director of National Intelligence (ODNI) unveiled a new strategy for open-source intelligence (OSINT) and referred to OSINT as the “INT of first resort”. Public and private sector organizations are realizing the value that the discipline can provide but are also finding that
Election 2024 mobile political spam volumes have seen a threefold increase compared with 2022 midterms. The data comes from recent research by Proofpoint, which also suggests that US voters increasingly turn to digital platforms for information, making them more susceptible to cybercriminal activities. With 60% of US adults preferring digital media for news and 86% using
The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual “State of Ransomware 2024” report that the average ransom payment has increased 500% in the last year with organizations that paid a ransom reporting an
The EU Commission has informed Meta that its ‘pay or consent’ model breaches EU law as it does not allow users to freely consent to their personal data being collected for advertising purposes. The Commission’s preliminary view is that the tech giant’s new approach is not compliant with Article 5(2) of the Digital Markets Act
Jul 01, 2024NewsroomSupply Chain / Software Security A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow “any malicious actor to claim ownership over thousands of unclaimed
Google blocked over 10,000 instances of Dragon Bridge activity in Q1 2024, a China-affiliated influence operator that pushes pro-People’s Republic of China (PRC) views online. The tech giant also disrupted over 65,000 instances of Dragon Bridge activity across YouTube and Blogger in 2023. The Threat Analysis Group (TAG) at Google described the group as the
ESET Research, Threat Reports A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Jiří Kropáč 27 Jun 2024 • , 2 min. read These past six months painted a dynamic landscape of Android Financial threats – malware going after victims’
Jun 28, 2024NewsroomSoftware Security / DevOps GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3,
Large organizations have significantly strengthened their cyber workforce in 2024, according to cyber consultancy Wavestone. In its Cyber Benchmark 2024 report, Wavestone found that, on average, companies with over $1bn in revenues have one expert dedicated to cybersecurity for 1086 employees. In 2023, the same organizations had one cyber professional for 1285 employees – a
Video Learn about the categories of threats that ‘topped the charts’ and the kinds of techniques that bad actors leveraged most commonly in the first half of this year. 28 Jun 2024 This week, the ESET research team released the H1 2024 issue of ESET Threat Report that examines the key trends and developments that
Jun 29, 2024NewsroomCybersecurity / Website Security Google has announced that it’s going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority’s inability to address security issues in a timely manner. “Over the past several years, publicly disclosed incident reports
Remote software provider TeamViewer has been hit by a cyber-attack that it has attributed to Russian state-affiliated threat actor Midnight Blizzard/APT29. The firm revealed it identified suspicious behavior on a standard employee account within its corporate IT environment on Wednesday, June 26. It has tied the incident to the credentials of that account. TeamViewer said
- « Previous Page
- 1
- …
- 10
- 11
- 12
- 13
- 14
- …
- 116
- Next Page »