Business Security, Critical Infrastructure Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat Phil Muncaster 19 Jun 2024 • , 5 min. read Hacktivism surged back into mainstream consciousness with Russia’s invasion of Ukraine in February 2022. Less than two years later, politically-motivated
Jun 20, 2024NewsroomFirmware Security / Vulnerability Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been described as a case of a buffer overflow stemming from the use
Individuals in China have been targeted by a QR code-based phishing (quishing) campaign which uses QR codes in fake official documents to deceive victims, according to new research by Cyble Research and Intelligence Labs (CRIL). As part of the campaign, Microsfot Word files masquerade as official documents from the Chinese Ministry of Human Resources and
Jun 19, 2024NewsroomCybercrime / Crypto Security Crypto exchange Kraken revealed that an unnamed security researcher exploited an “extremely critical” zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken’s Chief Security Officer, Nick Percoco, on X (formerly Twitter), stating it
More than nine in 10 (92%) organizations experienced an average of six credential compromises caused by email-based social engineering attacks in 2023, according to a new report by Barracuda. Scamming and phishing continued to make up the vast majority (86%) of social engineering attacks last year. There were some notable trends in how attackers are
Business Security Don’t get hacked in the first place – it costs far less than dealing with the aftermath of a successful attack Cameron Camp 17 Jun 2024 • , 3 min. read We watch real life attacks in horror, where companies simply try to defend against attackers stomping on their networks in real time,
Jun 18, 2024NewsroomPrivacy / Encryption A controversial proposal put forth by the European Union to scan users’ private messages for detection child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused messaging service of the same name. “Mandating mass scanning of
Los Angeles County Department of Public Health (DPH) has disclosed a data breach impacting more than 200,000 individuals. The data stolen includes personal, medical and financial information. The incident, which took place between February 19 and 20, 2024, was caused by an attacker gaining the log-in credentials of 53 Public Health employees through a phishing
Jun 17, 2024NewsroomRouter Security / Vulnerability ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. “Certain ASUS router models have authentication bypass vulnerability,
Researchers at cybersecurity provider ESET detected five cyber espionage campaigns starting in 2022, targeting Android users with trojanized apps in Egypt and Palestine. In a new report, ESET provided further details on these campaigns, which it attributed with medium confidence to the Arid Viper hacking group. The ESET researchers named the multistage spyware used to
ESET Research The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023 ESET Research 14 Jun 2024 • , 2 min. read In this episode of the ESET Research Podcast, we dissect the most interesting findings
Jun 16, 2024NewsroomCybercrime / SIM Swapping Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The move
Microsoft President Brad Smith had admitted security failings by the firm in enabling Chinese state hackers access the emails of US government officials in the summer of 2023. In testimony at Congress to members of the US House Committee on Homeland Security on June 13, 2024, Smith said the tech giant accepts responsibility for all
Video The spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry app 14 Jun 2024 This week, ESET researchers released their findings about five campaigns that used trojanized apps to target Android users in Egypt and Palestine. Initiated in 2022,
Jun 15, 2024Newsroom Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. “The group’s latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage and
Three weeks before the UK general election, Matthew Feeney, head of tech and innovation at the UK-based Centre for Policy Studies, warned about the deepfake threat to election integrity in a new report. The tech policy expert said that technological advances have made deepfakes easier and cheaper than ever to produce. However, he cautioned against
ESET researchers have identified five campaigns targeting Android users with trojanized apps. Most probably carried out by the Arid Viper APT group, these campaigns started in 2022 and three of them are still ongoing at the time of the publication of this blogpost. They deploy multistage Android spyware, which we named AridSpy, that downloads first-
Jun 14, 2024NewsroomPrivacy / Ad Tracking Google’s plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. “While the so-called ‘Privacy Sandbox’ is advertised as an improvement
Ascension has revealed that ransomware attackers gained access to its systems after an employee accidently downloaded a malicious file. The incident, which took place in May 2024, forced the US private healthcare provider to divert ambulances and postpone patient appointments. Additionally, the attack prevented access to electronic health records (EHR), and took down various systems
Jun 13, 2024NewsroomVulnerability / Software Security The security risks posed by the Pickle format have once again come to the fore with the discovery of a new “hybrid machine learning (ML) model exploitation technique” dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine learning
Vulnerabilities in edge services and infrastructure devices are being increasingly exploited by cyber threat actors, according to a new report by WthSecure. Edge services, pieces of software installed at the edge of a network and accessible from both the internet and the internal network, are attractive to threat actors because they make a perfect initial
Jun 12, 2024NewsroomKubernetes / Endpoint Security Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Cloud security firm Wiz, which shed light on the activity, said it’s an updated variant of a financially motivated operation that was first documented by CrowdStrike in March 2023. “In this incident,
Phishing continues to be one of the most favored ways of compromising systems for hacking groups, Abnormal Security has found. In its latest report, Email Security Threats in Europe: Insights into Attack Trends, the email security provider observed that the volume of phishing attacks targeting organizations in Europe increased by 112.4% between April 2023 and
Digital Security Drumroll, please! The winners of the 2024 European Cybersecurity Blogger Awards have been chosen, and we couldn’t be prouder – WeLiveSecurity has been named the Best Cybersecurity Vendor Blog! 10 Jun 2024 • , 2 min. read We’re delighted to announce that WeLiveSecurity has been named the Best Cybersecurity Vendor Blog at this
Jun 11, 2024The Hacker NewsEndpoint Security / Incident Response Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand their client
The winners of the European Cybersecurity Blogger Awards were announced at a ceremony held at Tapa Tapa, London, on June 5 at Infosecurity Europe 2024 . The awards celebrated the industry’s best blogs, podcasts, and vlogs, as well as the exceptional talent who contribute to these forums. The award ceremony was organised by Eskenzi PR, sponsored
Jun 10, 2024NewsroomPhishing Attack / Cybercrime Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024, Canadian cybersecurity firm eSentire disclosed last
Multiple security vulnerabilities have been found in the WooCommerce Amazon Affiliates (WZone) plugin, according to Patchstack. This premium WordPress plugin, developed by AA-Team and boasting over 35,000 sales, is designed to assist site owners and bloggers in monetizing their websites via the Amazon affiliate program. The vulnerabilities identified are serious, impacting all tested versions, including
Video Ticketmaster seems to have experienced a data breach, with the ShinyHunters hacker group claiming to have exfiltrated 560 million customer data. Watch as Tony discusses the story and provides useful tips on how to protect people’s data. 07 Jun 2024 Ticketmaster has reportedly been breached by a hacker group known as ShinyHunters, who claim
Jun 08, 2024NewsroomArtificial Intelligence / Privacy Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an “explorable visual timeline” by capturing screenshots of what appears on users’
- « Previous Page
- 1
- …
- 14
- 15
- 16
- 17
- 18
- …
- 118
- Next Page »