Apr 27, 2024NewsroomCyber Attack / Malware Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file (“signal-2023-12-20-160512.ppsx”)
admin
US government and critical infrastructure entities were sent 1754 ransomware vulnerability notifications under the Ransomware Vulnerability Warning Pilot (RVWP) program in 2023, resulting in 852 vulnerable devices being secured or taken offline. The highest number of alerts were sent to government facilities (641), which encompasses a range of federal, state and local government organizations, including
Join us as we speak to the Nobel Prize-winning astronomer Michel Mayor about the intersection of technology and scientific discovery, the art of making science accessible to all, and the imperative of nurturing environmental stewardship among the youth. In this short video, Professor Mayor offers his quick takes on: the role of technology in driving
Apr 26, 2024NewsroomSupply Chain Attack / Software Security Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from
The US government has taken down Samourai Wallet, a cryptocurrency mixing service that executed over $2bn in unlawful transactions and laundered over $100m in criminal proceeds. In an April 24 press release, the US Department of Justice (DoJ) announced that Samourai’s web servers and domain were seized following a law enforcement operation in collaboration with
Video The director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges, as well as why he became involved with Starmus 24 Apr 2024 We speak to Todd Douglas Miller, the director of the Apollo 11 movie and a recipient of the Stephen Hawking medal for
Apr 25, 2024NewsroomMalware / Cyber Threat The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, “aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from
The US Senate has voted on a bill that will either ban TikTok or force its parent company, ByteDance, to forfeit ownership of the social media app. TikTok skeptics in the US claimed a landslide victory, with 79 senators voting in favor of the bill and 18 against. The vote occurred on April 24, ten
Kids Online Should children’s apps come with ‘warning labels’? Here’s how to make sure your children’s digital playgrounds are safe places to play and learn. Phil Muncaster 11 Apr 2024 • , 6 min. read Our children spend more time on their phones than ever. Some 80% of European 9-16-year-olds access the internet from their
Apr 24, 2024NewsroomCyber Attack / Cyber Espionage The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021. This includes the
The US Department of State has taken action against individuals allegedly involved in the commercial spyware sector, imposing visa restrictions on 13 individuals and their immediate family members. According to a blog post published by the US Department of State (DoS) on Monday, the move is part of a broader effort to counter the misuse
Scams Here’s how cybercriminals target cryptocurrencies and how you can keep your bitcoin or other crypto safe Phil Muncaster 15 Apr 2024 • , 6 min. read Bitcoin is on a tear. The world’s largest digital currency by market cap passed its previous record value of nearly $69,000 in early March. It’s now worth an
Apr 23, 2024NewsroomSupply Chain Attack / Application Security Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a malicious package with the
Scammers have been observed employing a sophisticated tactic to steal Toncoins (TON) from Telegram users globally. This scheme, uncovered by researchers at Kaspersky and described in a report published today, has been operational since November 2023 and exploits the growing popularity of both TON and the messaging platform Telegram. Targets from various regions have fallen
Video Almost 400 people in India and Pakistan have fallen victim to an ongoing Android espionage campaign called eXotic Visit 12 Apr 2024 Could your messaging app of choice have been authored by a threat actor known as Virtual Invaders? As described by ESET researchers this week, this is what happened to the victims of
Apr 22, 2024NewsroomNetwork Security / Endpoint Security The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an “industrial scale” from primarily governmental organizations,
The Russian-backed threat actor known as Sandworm has become such a prominent ally of the Kremlin in the Ukraine war that Mandiant has decided to graduate the group into a named Advanced Persistent Threat (APT) group, APT44. In a new report, the Google-owned cybersecurity firm revealed that Sandworm has been responsible for almost all the
Kids Online From promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children. Here’s how to help them stay safe. Imogen Byers 16 Apr 2024 • , 5 min. read In today’s digital world, ads are practically unavoidable. From pop-up ads on your daily Wordle to sneaky affiliate posts on your
A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server IP address has been previously identified as associated with
The Akira ransomware group has generated around $42m in proceeds in the period from March 2023 to January 2024, according to a joint advisory from Europol and US and Dutch government agencies. The ransomware-as-a-service (RaaS) actor is believed to have impacted over 250 organizations across North America, Europe and Australia during this period, with a
Scams What are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn’t who they claim to be? Phil Muncaster 18 Apr 2024 • , 5 min. read Our world is becoming more impersonal as it becomes more digital-centric. And because we can’t
Apr 20, 2024NewsroomVulnerability / Network Security Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as “intricate” and a combination of two bugs in versions PAN-OS 10.2,
A new study by CyberSN warns that the overall number of cybersecurity job postings in the US decreased by 22% from 2022 to 2023. The cyber job platform provider added that this decline is alarming and could impact national security, as some of these roles are essential for maintaining organizational and national cyber defenses. The
Apr 19, 2024NewsroomNetwork Security / Firmware Security Technology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as well as its enhanced successor referred to
Quishing attacks, a form of phishing that leverages QR codes, have significantly increased, climbing from a mere 0.8% in 2021 to 10.8% in 2024. The figures come from the latest Egress report, which also suggests a notable decrease in attachment-based payloads, which halved from 72.7% to 35.7% over the same period. According to the new
Apr 18, 2024NewsroomIncident Response / Cyber Espionage Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform. “The documents contained
Threat actors have been observed exploiting unpatched Atlassian servers and deploying a Linux variant of Cerber ransomware, also known as C3RB3R. The attacks capitalize on CVE-2023-22518, a critical security vulnerability in Atlassian Confluence Data Center and Server, enabling an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, threat actors
Apr 17, 2024NewsroomRansomware / Cyber Espionage A previously undocumented “flexible” backdoor called Kapeka has been “sporadically” observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent threat (APT) group tracked as Sandworm (aka
A substantial 93% of enterprises admitting to a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss. This alarming statistic, unveiled by Pentera’s latest research efforts, underscores the escalating challenges organizations face in safeguarding their digital assets against evolving cyber-threats. The report, published today, comprehensively analyzes how enterprises worldwide
Apr 16, 2024NewsroomSupply Chain / Software Security Security researchers have uncovered a “credible” takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. “The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names
- « Previous Page
- 1
- …
- 16
- 17
- 18
- 19
- 20
- …
- 116
- Next Page »