0 Comments
Europe’s cybersecurity agency has warned that geopolitics is fueling a current increase in denial-of-service (DoS) attacks. ENISA analyzed 310 publicly reported DoS attacks between January 2022 and August 2023, to compile its ENISA Threat Landscape for DoS Attacks report. It claimed that two-thirds (66%) were motivated by political reasons or activist agendas, with half (50%)
0 Comments
The UK’s privacy regulator has warned of falling public trust in AI and said any use of the technology which breaks data protection law would be met with strong enforcement action. Speaking at techUK’s Digital Ethics Summit 2023 on Wednesday, information commissioner, John Edwards, pointed to organizations using AI for “nefarious purposes” in order to
0 Comments
Magnetic stripe cards were all the rage 20 or so years ago, but their security was fragile, and the requirement for signatures often added to the hassle of transactions – not to mention, they lacked data encryption, making them vulnerable to skimming and cloning by criminals.  Chip-based cards emerged as a successor, offering enhanced security
0 Comments
Dec 09, 2023NewsroomMalware / Cyberattack Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. “While GuLoader’s core functionality hasn’t changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process,” Elastic
0 Comments
Dec 08, 2023The Hacker NewsCryptocurrency / Cyber Crime The Russian founder of the now-defunct Bitzlato cryptocurrency exchange has pleaded guilty, nearly 11 months after he was arrested in Miami earlier this year. Anatoly Legkodymov (aka Anatolii Legkodymov, Gandalf, and Tolik), according to the U.S. Justice Department, admitted to operating an unlicensed money-transmitting business that enabled
0 Comments
A substantial 78% of CISOs have expressed concerns about the current unmanageability of application security (AppSec) attack surfaces, emphasizing the need for improvement. The figure comes from Application Security Posture Management (ASPM) firm Cycode’s inaugural The State of ASPM 2024 report.  The research, drawn from a survey of 500 US CISOs, AppSec Directors and DevSecOps team members,
0 Comments
Brand impersonation in cyber-attacks has reached new levels of sophistication, a recent research article by Abnormal Security has highlighted.  Traditionally observed in financial institutions and social media sites, threat actors are now employing multi-stage attacks with a high degree of personalization. A study published by Abnormal CISO, Mike Britton, revealed a case where attackers impersonated the
0 Comments
Since the beginning of 2023, ESET researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds. Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all
0 Comments
Dec 06, 2023NewsroomVulnerability / Mobile Security Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under “limited, targeted exploitation” back in October 2023. The vulnerabilities are as follows – CVE-2023-33063 (CVSS score: 7.8) – Memory corruption in DSP Services during a remote call from HLOS to DSP. CVE-2023-33106 (CVSS
0 Comments
A recent cybersecurity report by Kaspersky has highlighted a 53% surge in daily cyber-threats targeting Microsoft Office during 2023.  The report also revealed an average detection of 411,000 malicious files per day this year, indicating an overall uptick of almost 3% compared to the previous year. Kaspersky’s research signals a shift in cybercriminals’ tactics, emphasizing
0 Comments
Dec 05, 2023NewsroomCyber Espionage / Threat Analysis A previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what’s suspected to be a cyber espionage mission. The BlackBerry Threat Research and Intelligence team is tracking the activity cluster as AeroBlade. Its origin is currently
0 Comments
Dec 04, 2023NewsroomTechnology / Firmware Security The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, “can be used by threat actors to deliver a malicious payload
0 Comments
Apple has been forced to patch yet another pair of zero-day vulnerabilities, bringing the total for the year to 20. The tech giant said that the two bugs in its WebKit browser engine were being actively exploited in the wild. The first vulnerability, CVE-2023-42916, is found in a range of Apple products: iPhone XS and
0 Comments
The UK’s security agency has urged the nation’s water sector to apply best practice security measures after a US operator was breached via its industrial control systems. The US Cybersecurity and Infrastructure Security Agency (CISA) revealed earlier this week that an unnamed facility had been taken offline and switched to manual operation after its Unitronics
0 Comments
North Korean hackers have reportedly stolen a total of $3bn in cryptocurrency since 2017, as revealed in a recent report by Recorded Future’s Insikt Group.  The revelation underscores the prolonged engagement of the regime in the cryptocurrency sector, transitioning from targeting financial institutions through the SWIFT network to a broader strategy during the 2017 cryptocurrency
0 Comments
Dec 01, 2023NewsroomFirewall / Network Security Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are listed below – CVE-2023-35138 (CVSS score: 9.8) – A command injection vulnerability that
0 Comments
Threat actors have been observed exploiting a critical vulnerability, CVE-2023-46604, in Apache systems.  Over the past few weeks, Fortiguard Labs identified multiple threat actors leveraging this vulnerability to unleash several malware strains. Among the discoveries is the emergence of a newly discovered Golang-based botnet named GoTitan. This sophisticated botnet has raised concerns due to its ability
0 Comments
Digital Security The technology is both widely available and well developed, hence it’s also poised to proliferate – especially in the hands of those wishing ill Cameron Camp 29 Nov 2023  •  , 2 min. read Who would be to blame if your plane got tricked into flying into a war zone? If GPS gets
0 Comments
Nov 30, 2023NewsroomHacking / Cryptocurrency The U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. “Sinbad has processed millions of dollars’ worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie