Most CISOs now plan on the basis that a cyber-attack or data breach will happen, but there is still work to do to if organizations are to survive a crisis and recover, warned industry experts. Effective cyber crisis management is a key part of resilience. According to a panel of CISOs and cyber experts at
admin
Jun 08, 2024NewsroomVulnerability / Programming Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system. According to
A new vulnerability has been found in the EmailGPT service, a Google Chrome extension and API service that utilizes OpenAI’s GPT models to assist users writing emails within Gmail. The flaw discovered by Synopsys Cybersecurity Research Center (CyRC) researchers is particularly alarming because it enables attackers to gain control over the AI service simply by
Scams $90,000/year, full home office, and 30 days of paid leave, and all for a job as a junior data analyst – unbelievable, right? This and many other job offers are fake though – made just to ensnare unsuspecting victims into giving up their data. Márk Szabó 06 Jun 2024 • , 5 min. read
Jun 07, 2024The Hacker NewsCyber Hygiene / Webinar 2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here’s the shocking truth: many of these attacks could have been prevented
Both enterprises and consumer-facing organizations should look to move away from passwords in favor of more secure, and convenient, forms of authentication. This was the view of experts on authentication, speaking at Infosecurity Europe 2024. The sheer number of passwords the average business user, or consumer, now needs to remember causes practical difficulties as well as
Jun 06, 2024NewsroomBotnet / DDoS Attack The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale. “Muhstik is a well-known threat targeting IoT devices and Linux-based servers, notorious for its ability to infect devices and utilize them for
Smaller firms and charities face the same growing security risks as their larger peers, but lack of budgets and resources need not be a barrier to improving security, according to industry experts. Security leaders from smaller organizations told Infosecurity Europe 2024 that it is not just financial constraints that limit options in smaller organizations. A
Jun 05, 2024NewsroomCyber Espionage / Threat Intelligence An unnamed high-profile government organization in Southeast Asia emerged as the target of a “complex, long-running” Chinese state-sponsored cyber espionage operation codenamed Crimson Palace. “The overall goal behind the campaign was to maintain access to the target network for cyberespionage in support of Chinese state interests,” Sophos researchers
Leading London hospitals have been forced to cancel operations and divert emergency patients following a cyber-attack on a critical supplier. The incident has affected Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts and primary care services in South East London, according to a statement from NHS England on June 4. This follows a
How To Password leaks are increasingly common and figuring out whether the keys to your own kingdom have been exposed might be tricky – unless you know where to look Márk Szabó 03 Jun 2024 • , 6 min. read Recently, I came across a report detailing “the mother of all breaches” – or to
Jun 04, 2024NewsroomCyber Attack / Malware Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog. Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent threat (APT) group called
Ransomware activity increased in 2023 compared to 2022, according to Google-owned Mandiant. This is despite broadscale law enforcement operations against prominent ransomware groups, including ALPHV/BlackCat. Mandiant shared ransomware research findings in a new report published on June 3, 2024. The threat intelligence firm observed a 75% increase in posts on ransomware groups’ data leak sites
Jun 03, 2024NewsroomSoftware Security / Supply Chain Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that’s designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a “logger for gulp and gulp
First American, a major insurance company in the US, has confirmed that a ransomware attack led to the loss of sensitive data for thousands of people. The cyber-attack, which occurred in late December 2023, forced First American to shut down some systems, including its website. The company later reported to the US Securities and Exchange
Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. “These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets,” the Microsoft Threat Intelligence team
Events like the upcoming 2024 Paris Olympic Games, taking place from July 26, 2024, provides threat actors with the opportunity to disrupt a highly anticipated event that attracts global attention. With more than 15 million tourists expected to descend into Paris during the games, there are huge safety and security risks for authorities to manage
Video A woman in London has been misidentified as a shoplifter by a facial recognition system amid fresh concerns over the technology’s accuracy and reliability 31 May 2024 A woman from London has been wrongly accused of being a shoplifter after being flagged by a facial-recognition system, the BBC reports. The tech, called Facewatch, is
Jun 01, 2024NewsroomAI-as-a-Service / Data Breach Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. “We have suspicions that a subset of Spaces’ secrets could have been accessed without authorization,” it said in an advisory. Spaces offers a way for users to create,
The BBC has confirmed a breach of its pension scheme, exposing the personal data of many of its employees. The public service broadcaster revealed that attackers copied files containing some BBC Trust members’ personal details from a cloud-based storage device. The information includes names, National Insurance numbers, dates of birth and home addresses. The BBC
In the age of digital transformation, Artificial Intelligence (AI) has swiftly become a cornerstone of organizational operations. Recruitment – a process that all organizations of any size will have to undertake at some point – is no exception. However, the talent acquisition landscape is a bit of a minefield with an average of over 250
May 31, 2024NewsroomNetwork Security / Cyber Attack More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users’ access to the internet. The mysterious event, which took place between October 25 and 27, 2023, and impacted a
A new operation coordinated by Europol has targeted several significant malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. Dubbed “Endgame” and conducted between May 27 and 29 2024, the operation aimed to disrupt criminal networks by arresting high-value targets, dismantling their infrastructure and freezing illicit proceeds. The targeted malware facilitated ransomware and other malicious
Hundreds of cybersecurity professionals, analysts and decision-makers came together earlier this month for ESET World 2024, a conference that showcased the company’s vision and technological advancements and featured a number of insightful talks about the latest trends in cybersecurity and beyond. The topics ran the gamut, but it’s safe to say that the subjects that
May 30, 2024NewsroomLinux / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to a use-after-free bug in the netfilter component that permits
A malicious email campaign has been discovered leveraging piano-themed messages to perpetrate advance fee fraud (AFF) scams. These campaigns, active since at least January 2024, primarily target students and faculty at North American colleges and universities. However, industries such as healthcare and food and beverage services have also been affected. According to Proofpoint, who discovered
Digital Security A new white paper from ESET uncovers the risks and opportunities of artificial intelligence for cyber-defenders Phil Muncaster 28 May 2024 • , 5 min. read Artificial intelligence (AI) is the topic du jour, with the latest and greatest in AI technology drawing breathless news coverage. And probably few industries are set to
May 29, 2024NewsroomSoftware Security / Supply Chain Cybersecurity researchers have warned of a new malicious Python package that has been discovered in the Python Package Index (PyPI) repository to facilitate cryptocurrency theft as part of a broader campaign. The package in question is pytoileur, which has been downloaded 316 times as of writing. Interestingly, the
Cybersecurity firm Check Point has urged customers to review their VPN configurations to prevent potential exploitation by threat actors seeking initial access to enterprise networks. Writing in a security advisory on Monday, the company reported that VPNs from various cybersecurity vendors have been increasingly targeted. In particular, Check Point has observed attempts to breach its
An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in prison and a $250,000 fine. He was arrested
- « Previous Page
- 1
- …
- 15
- 16
- 17
- 18
- 19
- …
- 118
- Next Page »