May 16, 2024NewsroomVulnerability / Network Security Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all operating systems and Wi-Fi clients,
admin
A cyber-attack has disrupted auction house Christie’s attempts to sell art and other high-value items worth an estimated $840m. Among the items up for auction are a Vincent van Gogh painting valued at $35m and a rare wine. The cyber-attack has taken Christie’s website offline, possibly last week, preventing potential buyers from viewing the lots
ESET Research, Threat Reports An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024 Jean-Ian Boutin 14 May 2024 • , 2 min. read ESET APT Activity Report Q4 2023–Q1 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented
May 15, 2024NewsroomData Breach / Cyber Crime Law enforcement agencies have officially seized control of the notorious BreachForums platform, an online bazaar known for peddling stolen data, for the second time within a year. The website (“breachforums[.]st”) has been replaced by a seizure banner stating the clearnet cybercrime forum is under the control of the
Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded – a dramatic rise from 139 in 2022 and 783 in 2021. This surge was primarily attributed to MOVEit file transfer software vulnerabilities,
May 14, 2024NewsroomBluetooth / Vulnerability Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version
A recent study conducted by the Sysdig Threat Research Team (TRT) has shed light on a novel cyber attack dubbed “LLMjacking,” which exploits stolen cloud credentials to target cloud-hosted large language model (LLM) services. The attackers gained access to these credentials from a vulnerable version of Laravel (CVE-2021-3129), according to a blog post published on
The chief information security officer (CISO) role has been under increased scrutiny from regulators over the past few years. This is especially true in the US, where the former CSO of Uber, Joe Sullivan, was sentenced to three years of probation and to pay a $50,000 fine in 2023 after a 2016 breach exposed the
Cybersecurity professionals have an urgent duty to secure AI tools, ensuring these technologies are only used for social good, was a strong message at the RSA Conference 2024. AI bring enormous promise in the real-world setting, such as diagnosing health conditions faster and with more accuracy. However, with the pace of innovation and adoption of
As cybercriminals and threat actors increase their tooling and capabilities, new sophisticated attack techniques are emerging and it is vital that defenders stay abreast of this evolution. Daniel Blackford, senior manager, threat research at Proofpoint, explained: “A lot of money is following into the hands of bad actors, they’re being very successful. That has allowed
The UK’s AI Safety Institute has made its AI testing and evaluation platform available to the global AI community as of 10 May, 2024. The platform, called Inspect, is set to pave the way for the safe innovation of AI models, according to the AI Safety Institute and Department for Science, Innovation and Technology (DIST).
A well-known threat actor is selling what they claim to be a legitimate trove of highly sensitive internal data stolen from Europol this month. “IntelBroker” took to hacking site BreachForums on Friday to advertise their wares. “In May 2024 Europol suffered a data breach and lead [sic] to the exposure of FOUO [for official use
The Black Basta ransomware group and its affiliates compromised hundreds of organizations worldwide between April 2022 and May 2024, according to a new report from several US government agencies. The Joint Cybersecurity Advisory (CSA) was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and Multi-State Information
A ransomware attack on US private healthcare giant Ascension has led to ambulances being diverted and patient appointments being postponed. Ascension confirmed the attack on May 9 after detecting unusual activity on select technology network systems on May 8. The healthcare provider, which operates 140 hospitals across the US, said that several hospitals are currently
A recent incident involving an MS-SQL (Microsoft SQL) honeypot has shed light on the sophisticated tactics employed by cyber-attackers relying on Mallox ransomware (also known as Fargo, TargetCompany, Mawahelper, etc.). The honeypot, set up by the Sekoia research team, was targeted by an intrusion set utilizing brute-force techniques to deploy the Mallox ransomware via PureCrypter,
Critical vulnerabilities have been found within Cinterion cellular modems. Disclosed during a Kaspersky presentation at OffensiveCon in Berlin on May 11, these flaws could allow remote attackers to execute arbitrary code, posing a significant threat to the integrity of millions of industrial devices reliant on these modems. The identified vulnerabilities, including CVE-2023-47610, highlight severe security weaknesses within
In this day and age, technology and business are inextricably linked. Digital transformation has ushered in unparalleled opportunities for organizations that act with agility in response to the blistering pace of change and look for ways to harness the potential of technology to advance their business. However, the growing reliance on digital systems, coupled with
With Starmus Earth: The Future of Our Home Planet around the corner, we sat down with David Eicher, the Astronomy Magazine editor-in-chief and one of the event’s speakers, to hear his thoughts on a diverse range of subjects – from the most pressing challenges facing our home planet to the mysteries of the universe and the
Scams Once your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over Phil Muncaster 02 May 2024 • , 4 min. read It’s a nightmare scenario for any cryptocurrency user. You fall victim
Video Organizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or not 03 May 2024 The Simone Veil hospital in Cannes, France – which fell victim to a disruptive ransomware attack two weeks ago – has announced
We Live Science, Video As Starmus Earth draws near, we caught up with Dr. Garik Israelian to celebrate the fusion of science and creativity and venture where imagination flourishes and groundbreaking ideas take flight 07 May 2024 Some time ago, we briefly spoke to Dr. Garik Israelian, one of the founders of the Starmus Festival,
Digital Security Can AI effortlessly thwart all sorts of cyberattacks? Let’s cut through the hyperbole surrounding the tech and look at its actual strengths and limitations. Cameron Camp 09 May 2024 • , 3 min. read Predictably, this year’s RSA Conference is buzzing with the promise of artificial intelligence – not unlike last year, after
Video More than 40,000 security experts descended on San Francisco this week. Let’s now look back on some of the event’s highlights – including the CISA-led ‘Secure by Design’ pledge also signed by ESET. 10 May 2024 That’s a wrap on this year’s RSA Conference! More than 40,000 security professionals descended on San Francisco this
Digital Security We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024 10 May 2024 • , 1 min. read We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor
“When I talk about climate change with people, I spend hardly any time on the science of climate change,” says Katharine Hayhoe, a leading climate science communicator and a speaker at Starmus Earth: The Future of Our Home Planet. The festival is almost here, and we’re delighted to publish an extensive interview with Dr. Hayhoe
May 10, 2024NewsroomBrowser Security / Vulnerability Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on
May 10, 2024The Hacker NewsArtificial Intelligence / Threat Hunting Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, “The Future of Threat Hunting is Powered by Generative AI,” where you’ll explore how AI tools are shaping the future
May 10, 2024NewsroomMalware / Cyber Espionage The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at two South Korean cryptocurrency firms. “Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads and exfiltration of
The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. “The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Street Journal, Workable, and
May 13, 2024NewsroomSoftware Security / Malware Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control (C2) framework within a PNG image of the project’s logo. The package employing this steganographic trickery is requests-darwin-lite, which
- « Previous Page
- 1
- …
- 17
- 18
- 19
- 20
- 21
- …
- 118
- Next Page »