– [[{“value”:” A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, a new indictment charges. KrebsOnSecurity has learned that many of the man’s alleged targets were members of...
– [[{“value”:” Leading spyware company NSO Group said in a court filing that it agreed with Apple on its recent motion to drop its lawsuit against the Israel-based firm over the alleged targeting of its users, and asked a judge to consider reimbursing it for its legal expenses. The NSO Group filing, dated Friday, offers largely different reasons for why...
– NOYB, a European privacy group has filed a complaint with Austrian authorities, alleging that Mozilla breached GDPR by… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– Sophos continues to be the only vendor named a Leader in Endpoint, Firewall, MDR, XDR and EDR in the latest reports from G2 – Read More – Sophos News
– [[{“value”:” With ransomware gangs proving capable of quickly reconstituting after government takedown operations, an international alliance wants to ramp up those offensive measures even more. “What we’ve observed is that there is no one operation that’s going to disrupt ransomware permanently,” Anne Neuberger, deputy national security advisor for cyber and emerging technology, told reporters in a call Monday. “Instead,...
– [[{“value”:”Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could’ve opened the door to remote attacks. Google’s switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But it wasn’t all good news – Kaspersky’s forced exit from the...
– [[{“value”:”A London-based man is facing extradition to the United States after allegedly masterminding a scheme to hack public companies prior to their earnings announcements and use the secrets he uncovered to make millions of dollars on the stock market. Read more in my article on the Hot for Security blog.”}]] – Read More – Graham Cluley
– Darktrace AI detected and stopped a thread hijacking attack in real-time, preventing email account compromise and data theft.… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– ChiceDNA exposed 8,000 sensitive records, including biometric images, personal details, and facial DNA data in an unsecured WordPress… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft). Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn’t a new technique – so”}]] –...
– [[{“value”:”Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. “These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses,” Bitsight researcher”}]] – Read More – The Hacker News
– Imagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the...
– [[{“value”:” Since the launch of ChatGPT in November 2022, AI regulation has been hotly debated. Despite the looming cybersecurity risks that generative AI models and large language models (LLMs) pose, regulators have instead been locked in conversations on ethics and social responsibility, leaving potentially catastrophic vulnerabilities by the wayside. This is not for lack of risk comprehension; the industry...
– [[{“value”:”The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users’ passwords in plaintext in its systems. The investigation, launched by the DPC the next month, found that the social media giant violated four different...
– [[{“value”:”Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. “Fake”}]] – Read...
– [[{“value”:”U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy”}]] –...
– [[{“value”:” The Department of Justice unsealed charges against three Iranian nationals Friday for their alleged involvement in hacking Donald Trump’s presidential campaign. Masoud Jalili, Seyyed Ali Aghamiri and Yaser Balaghi are charged with conspiracy to obtain information from a protected computer, fraud, aggravated identity theft, wire fraud, providing material support to a terrorist organization, and aiding and abetting in...
– A critical vulnerability in Kia vehicles allowed hackers to control cars remotely using only license plates. The flaw… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– A malicious app disguised as a legitimate WalletConnect tool targeted mobile users on Google Play. The app stole… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers – CVE-2024-46905 (CVSS score:...
– [[{“value”:”The chair of the United States Foreign Relations Committee was targeted by a sophisticated deepfake operation which impersonated a top Ukrainian official, in what was an apparent attempt at election interference. Read more in my article on the Hot for Security blog.”}]] – Read More – Graham Cluley
– [[{“value”:” The Irish Data Protection Commission fined Meta €91 million — roughly $102 million — Friday stemming from an investigation launched in 2019 after the company notified regulators that it had inadvertently stored some passwords internally in plaintext. The DPC’s investigation found that Meta’s handling of passwords violated several obligations under Europe’s General Data Protection Regulation concerning the handling of...
– [[{“value”:”A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. “A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print”}]] ...
– Cary, North Carolina, 27th September 2024, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent”}]] – Read More – The Hacker News
– [[{“value”:”As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” techniques is especially alarming.”}]] ...
– [[{“value”:”Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departure from previously observed delivery vectors such as compromised or fake websites, or phishing emails...
– In today’s fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you’re a seasoned cyber professional or just starting your journey, signing up for the GIAC Newsletter ensures you’re always informed and equipped for – Read More – The Hacker...
– [[{“value”:”The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The virtual currency exchanges, Cryptex and PM2BTC, have been alleged to facilitate the laundering of cryptocurrencies possibly obtained through”}]] – Read More – The Hacker...
– [[{“value”:”A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in...
– [[{“value”:” A series of vulnerabilities impacting nearly all major Linux distributions that became the talk amongst cybersecurity professionals on Thursday appears to fall short of the “next Log4Shell” hype and can be fixed with a simple remediation. . The bugs impact OpenPrinting CUPS (Common Unix Printing System), the default printing system found in most popular versions of Linux, like...
– [[{“value”:” The Federal Communications Commission on Thursday finalized a $6 million fine against the Democratic operative behind the January robocall in New Hampshire that used AI to imitate President Joe Biden’s voice and urge voters to stay away from the polls. Steve Kramer, who used deepfake, AI-generated voice cloning technology and caller ID spoofing to facilitate the fake Biden...
– A researcher claims to have found a decade-old vulnerability rated 9.9 that affects all GNU/Linux systems, allowing attackers… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:” The U.S. government on Thursday announced sweeping actions against two Russian nationals for their alleged role in facilitating all manner of cybercrime through money laundering and operating multiple payment and exchanges services used by criminals. Sergey Ivanov, known online as “Taleon,” and Timur Shakhmametov, known as both “JokerStash” and “Vega,” facilitated money laundering tied to darknet drug trafficking...
– [[{“value”:” Nearly five months after his high-profile grilling of UnitedHealth Group’s chief executive following the devastating ransomware attack on Change Healthcare, Senate Finance Committee Chairman Ron Wyden introduced a bill Thursday aimed at preventing future cyber incidents capable of roiling the health care industry. The Health Infrastructure Security and Accountability Act from Wyden, an Oregon Democrat, and Senate Intelligence...
– [[{“value”:” As you may know, I recently presented my Exchange-related talk during OffensiveCon 2024. This series of 4 blog posts is meant to supplement the talk and provide additional technical details. In this final part, I ’am going to describe the PowerShell Remoting ConvertViaNoArgumentConstructor conversion mechanism, which I underestimated at the beginning of my research. It allowed me to...
– A major cyberattack targeting Wi-Fi networks at UK railway stations, including London Euston and Manchester Piccadilly, has caused… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. “These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription,” security”}]] – Read...
– [[{“value”:” The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon, whose cryptocurrency exchange Cryptex has evolved...
– [[{“value”:”If you believed some of the news headlines in the UK on Thursday, you would think that something much more serious had happened. People are understandably worried when they read headlines about terror attacks and railway stations – but the facts of the matter are rather less disastrous. Read more in my article on the Hot for Security blog.”}]] ...
– [[{“value”:”Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima. “These samples enhance Sparkling Pisces’ already extensive arsenal”}]] – Read...
– [[{“value”:”Imagine trying to find a needle in a haystack, but the haystack is on fire, and there are a million other needles you also need to find. That’s what dealing with security alerts can feel like. SIEM was supposed to make this easier, but somewhere along the way, it became part of the problem. Too many alerts, too much...
– [[{“value”:”The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers continue to be capable of compromising industrial control systems (ICS) and other operational technology (OT) using “unsophisticated methods” – suggesting that much more still needs to be done to secure them properly. Meanwhile, a pro-Israel hacking group claims to have changed chlorine levels at water facilities in...
– [[{“value”:”As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back...
– Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don’t have the time – or the budget –...
– League of Legends fans beware! A new malware campaign targeting the League of Legends World Championship is spreading… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– The IDC MarketScape evaluates the capabilities and business strategies of managed detection and response service providers serving the European market. – Read More – Sophos News
– [[{“value”:”Two men are accused of stealing almost a quarter of a billion dollars from one person’s cryptocurrency wallet, but why on earth would they be handing out handbags to strangers? And social media comes under the spotlight once more, as we ask if you are delving into misinformation in your most private moments… All this and more is discussed...
– [[{“value”:”An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant. “Between late 2022 to present, SloppyLemming”}]] – Read More – The...
– [[{“value”:”Nation-state threat actors backed by Beijing broke into a “handful” of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor. “Investigators”}]] –...
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
