0 Comments
Jun 08, 2024NewsroomVulnerability / Programming Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system. According to
0 Comments
A new vulnerability has been found in the EmailGPT service, a Google Chrome extension and API service that utilizes OpenAI’s GPT models to assist users writing emails within Gmail.  The flaw discovered by Synopsys Cybersecurity Research Center (CyRC) researchers is particularly alarming because it enables attackers to gain control over the AI service simply by
0 Comments
Jun 07, 2024The Hacker NewsCyber Hygiene / Webinar 2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here’s the shocking truth: many of these attacks could have been prevented
0 Comments
Both enterprises and consumer-facing organizations should look to move away from passwords in favor of more secure, and convenient, forms of authentication. This was the view of experts on authentication, speaking at Infosecurity Europe 2024. The sheer number of passwords the average business user, or consumer, now needs to remember causes practical difficulties as well as
0 Comments
Jun 06, 2024NewsroomBotnet / DDoS Attack The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale. “Muhstik is a well-known threat targeting IoT devices and Linux-based servers, notorious for its ability to infect devices and utilize them for
0 Comments
Jun 05, 2024NewsroomCyber Espionage / Threat Intelligence An unnamed high-profile government organization in Southeast Asia emerged as the target of a “complex, long-running” Chinese state-sponsored cyber espionage operation codenamed Crimson Palace. “The overall goal behind the campaign was to maintain access to the target network for cyberespionage in support of Chinese state interests,” Sophos researchers
0 Comments
Ransomware activity increased in 2023 compared to 2022, according to Google-owned Mandiant. This is despite broadscale law enforcement operations against prominent ransomware groups, including ALPHV/BlackCat. Mandiant shared ransomware research findings in a new report published on June 3, 2024. The threat intelligence firm observed a 75% increase in posts on ransomware groups’ data leak sites
0 Comments
Jun 03, 2024NewsroomSoftware Security / Supply Chain Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that’s designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a “logger for gulp and gulp
0 Comments
Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. “These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets,” the Microsoft Threat Intelligence team
0 Comments
Jun 01, 2024NewsroomAI-as-a-Service / Data Breach Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. “We have suspicions that a subset of Spaces’ secrets could have been accessed without authorization,” it said in an advisory. Spaces offers a way for users to create,
0 Comments
The BBC has confirmed a breach of its pension scheme, exposing the personal data of many of its employees. The public service broadcaster revealed that attackers copied files containing some BBC Trust members’ personal details from a cloud-based storage device. The information includes names, National Insurance numbers, dates of birth and home addresses. The BBC
0 Comments
May 31, 2024NewsroomNetwork Security / Cyber Attack More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users’ access to the internet. The mysterious event, which took place between October 25 and 27, 2023, and impacted a
0 Comments
A new operation coordinated by Europol has targeted several significant malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot.  Dubbed “Endgame” and conducted between May 27 and 29 2024, the operation aimed to disrupt criminal networks by arresting high-value targets, dismantling their infrastructure and freezing illicit proceeds. The targeted malware facilitated ransomware and other malicious
0 Comments
Hundreds of cybersecurity professionals, analysts and decision-makers came together earlier this month for ESET World 2024, a conference that showcased the company’s vision and technological advancements and featured a number of insightful talks about the latest trends in cybersecurity and beyond. The topics ran the gamut, but it’s safe to say that the subjects that
0 Comments
May 30, 2024NewsroomLinux / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to a use-after-free bug in the netfilter component that permits
0 Comments
A malicious email campaign has been discovered leveraging piano-themed messages to perpetrate advance fee fraud (AFF) scams.  These campaigns, active since at least January 2024, primarily target students and faculty at North American colleges and universities.  However, industries such as healthcare and food and beverage services have also been affected. According to Proofpoint, who discovered
0 Comments
Cybersecurity firm Check Point has urged customers to review their VPN configurations to prevent potential exploitation by threat actors seeking initial access to enterprise networks. Writing in a security advisory on Monday, the company reported that VPNs from various cybersecurity vendors have been increasingly targeted.  In particular, Check Point has observed attempts to breach its