Video With just weeks to go before the US presidential election, the FBI and the CISA are warning about attempts to sow distrust in the electoral process 20 Sep 2024 With just weeks to go before the US presidential election, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are
admin
Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The phishing-as-a-service (PhaaS) platform, called iServer, is estimated to have claimed more than 483,000 victims globally, led by Chile (77,000), Colombia (70,000), Ecuador (42,000), Peru (41,500), Spain (30,000), and Argentina (29,000).
A lack of cyber security expertise and employee training threatens the protection of cloud environments, according to new research by Check Point Software. In its 2024 Cloud Security Report, the firm found that 61% of organizations experienced at least one security incident related to public cloud use in the past year, a significant increase from
ESET Research ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos ESET Research 17 Sep 2024 • , 1 min. read Telegram, with nearly a billion monthly users, is a juicy target for cybercriminals, especially if they can exploit a zero-day vulnerability
Sep 20, 2024Ravie LakshmananEncryption / Digital Security Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. “This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can’t be accessed by anyone, not even Google,”
Security researchers have found new evidence of TeamTNT activity dating back to 2023, despite a commonly held belief that the group “evaporated” in 2022. TeamTNT was a prolific threat actor known for cryptojacking attacks, which use victims’ IT resources to illegally mine for cryptocurrency. The likely German-speaking actor first emerged in 2019 and became infamous for
Business Security Proper disclosure of a cyber-incident can help shield your business from further financial and reputational damage, and cyber-insurers can step in to help Tony Anscombe 18 Sep 2024 • , 4 min. read ‘Seek legal advice’, this has to be my top recommendation if you have suffered a cyber-incident that could be deemed
Sep 19, 2024Ravie LakshmananEnterprise Security / DevOps GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user
AT&T has agreed to pay $13m to the US telco regulator to settle a long-running investigation into whether it failed to protect customer data stored in the cloud. The Federal Communications Commission (FCC) explained that the incident stemmed from a supply chain breach in January 2023 when threat actors exfiltrated AT&T customer data from a
Digital Security Artificial intelligence is just a spoke in the wheel of security – an important spoke but, alas, only one Cameron Camp 16 Sep 2024 • , 3 min. read That was fast. While the RSA Conference was oozing AI (with or without merit) from every orifice, the luster faded quickly. With a recent
Sep 18, 2024Ravie LakshmananBrowser Security / Privacy Google has announced that it’s rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects against online threats. “With the newest version of Chrome, you can take advantage of our upgraded Safety Check,
Ransomware attacks are surging in the UK, with threat actors possibly encouraged by the propensity of victim organizations to pay up, according to a new study from Cohesity. The security vendor polled over 3100 IT and security decision-makers in eight countries and multiple sectors to compile its Global cyber resilience report 2024. It revealed that,
Sep 17, 2024Ravie LakshmananCryptocurrency / Malware Cryptocurrency exchange Binance is warning of an “ongoing” global threat that’s targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud. Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim’s clipboard activity and
Socia media giant Meta is resuming its controversial plans to use Facebook and Instagram user posts to train generative AI (GenAI). The practice is effectively banned in the EU at present after the Irish Data Protection Commission (DPC) requested the firm pause its project, in a move Meta branded as “a step backwards for European
Sep 16, 2024Ravie LakshmananSpyware / Threat Intelligence Apple has filed a motion to “voluntarily” dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical “threat intelligence” information. The development was first reported by The Washington Post on Friday. The iPhone maker said its efforts,
A case involving a medical record hack affecting hundreds of patients and employees at a Pennsylvania healthcare company has been settled for a record-breaking $65m. Filed in March 2023, the case involved nearly 135,000 patients and employees of Lehigh Valley Health Network (LVHN), an independent healthcare network based in Pennsylvania. The plaintiffs, represented by class-action
Sep 13, 2024Ravie LakshmananVirtual Reality / Vulnerability Details have emerged about a now-patched security flaw impacting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device’s virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. “A novel attack that can
Read more about disinformation campaigns targeting the US Presidential Elections Malicious actors are spreading false claims that US voter registration databases have been breached, according to a new alert issued by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). The agencies said the claims are designed to manipulate public opinion and undermine confidence
Video, Ransomware ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends 13 Sep 2024 This week, ESET researchers published a deep dive into the recent activities of the CosmicBeetle cybercrime group. Among other notable things, CosmicBeetle was found to abuse the infamy of
Sep 14, 2024Ravie LakshmananEnterprise Security / Threat Intelligence Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. “An OS command injection vulnerability in
Ireland’s data protection authorities have launched a probe into Google’s AI model, and whether it complies with GDPR. The Irish Data Protection Commission (DPC), An Coimisiún um Chosaint Sonraí, is the EU’s lead privacy regulator for Google. The DPC has opened a cross-border statutory inquiry into Google Ireland, under Section 110 of the Data Protection
Scams Learn about the main tactics used by scammers impersonating Best Buy’s tech support arm and how to avoid falling for their tricks Phil Muncaster 11 Sep 2024 • , 5 min. read For three decades, Geek Squad has been a trusted name in tech for anyone needing IT support. The Best Buy subsidiary dispenses
Sep 13, 2024Ravie LakshmananEnterprise Security / Vulnerability Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua. “When Hadooken is executed, it drops a Tsunami malware
Nearly all (95%) version upgrades of open source software contain at least one breaking change that causes other components to fail, with patches having a 75% chance of causing a break, according to Endor Labs. The security vendor revealed the findings in its third annual Dependency Management Report, which is based on Endor Labs vulnerability
ESET researchers have mapped the recent activities of the CosmicBeetle threat actor, documenting its new ScRansom ransomware and highlighting connections to other well-established ransomware gangs. CosmicBeetle actively deploys ScRansom to SMBs in various parts of the world. While not being top notch, the threat actor is able to compromise interesting targets. CosmicBeetle replaced its previously
Sep 12, 2024Ravie LakshmananWeb Security / Content Management WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily. The enforcement is expected to come into effect starting October 1, 2024. “Accounts with commit access can push updates and changes to
Microsoft heaped more work onto sysadmins this week after fixing four zero-day vulnerabilities being actively exploited in the wild. First on the list is CVE-2024-43491 – a CVSS 9.8 remote code execution (RCE) bug in Microsoft Windows Update which requires no privileges or user interaction, and of low attack complexity. “This vulnerability emerged due to a
Sep 11, 2024Ravie LakshmananWindows Security / Vulnerability Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important,
SonicWall customers have been urged to patch a critical vulnerability in their firewalls after security researchers warned it is being actively exploited in ransomware attacks. The CVSS 9.3-rated vulnerability (CVE-2024-40766) was originally published on August 22 by the security vendor, before an update on September 6 claimed it was being actively exploited. “An improper access
Sep 09, 2024Ravie LakshmananVulnerability / Hardware Security A novel side-channel attack has been found to leverage radio signals emanated by a device’s random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab
- « Previous Page
- 1
- …
- 6
- 7
- 8
- 9
- 10
- …
- 118
- Next Page »