– Microsoft’s September 2024 Patch Tuesday is here. Make sure you’ve applied the necessary patches! – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:” Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year. By...
– [[{“value”:” Vulnerabilities released in Microsoft’s Patch Tuesday report include several zero-days impacting versions of several Windows products, including Windows Installer and Windows Updater software. The tech giant’s Tuesday announcement includes 79 different vulnerabilities, with at least seven rated critical by Microsoft. Three of those vulnerabilities — CVE-2024-38014, CVE-2024-38217, CVE-2024-38226 — have been exploited in the wild. The vulnerabilities impacting...
– How to make the most of the new features in Sophos Firewall v21 – Read More – Sophos News
– [[{“value”:”The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub. “CosmicBeetle replaced its previously deployed ransomware, Scarab, with ScRansom, which is continually improved,” ESET researcher Jakub”}]] – Read More –...
– [[{“value”:” We’ve reached September and the pumpkin spice floats in the air. While they aren’t pumpkin-spiced, Microsoft and Adobe have released their latest spicy security patches – including some zesty 0-days. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap...
– Cary, North Carolina, 10th September 2024, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– If you use the Internet, online privacy should be a growing concern as individuals share more personal information… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”In episode 15 of “The AI Fix”, Graham learns there’s one W in Mississippi, ChatGPT finds Mark’s G-spot, nobody watches Megalopolis, Alexa is unmasked as a “commie operative”, and our hosts learn that AI will soon need dedicated nuclear reactors. Graham introduces Mark to a forlorn robot butler folding a shirt, and Mark explains why AI is like a...
– [[{“value”:” Four Delaware men accused of an international sextortion scheme targeting thousands of victims across three countries were arrested or self-surrendered in recent weeks to face charges, federal prosecutors said Monday. The men allegedly posed as young females online and engaged in communication with thousands of potential victims in the U.S., U.K. and Canada, including minors, prosecutors allege. The...
– [[{“value”:”A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as part of a renewed state-sponsored operation codenamed Crimson Palace, indicating an expansion in the scope of the espionage effort. Cybersecurity firm Sophos, which has been monitoring the cyber offensive, said it comprises three intrusion sets tracked as Cluster”}]] –...
– A North Carolina man has been arrested in the first criminal case involving AI-generated music streaming fraud. Accused… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the “audio gap” and exfiltrating sensitive information by taking advantage of the noise generated by the pixels on the screen. “Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 – 22 kHz,” Dr....
– [[{“value”:”Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers. Shadow apps may include instances of software that the company is already using. For example, a dev team...
– Singapore, SG, 10th September 2024, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads, according to new findings from Trend Micro. The cybersecurity firm, which is monitoring the activity cluster under the name Earth Preta, said it observed “the propagation of PUBLOAD via a variant...
– Chinese cyberespionage campaign renews efforts in multiple organization in Southeast Asia, blending tactics and expanding efforts – Read More – Sophos News
– Progress Software has released an emergency patch for a critical 10/10 severity vulnerability (CVE-2024-7591) in its LoadMaster products,… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”A novel side-channel attack has been found to leverage radio signals emanated by a device’s random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab in the Department of Software and Information Systems Engineering at the...
– The payment gateway platform SLIM CD suffered a massive data breach between August 2023 and June 2024, compromising… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:” A pair of alleged cybercriminals who prosecutors say were key administrators of a cybercrime marketplace and training service were indicted Friday and each face up to 20 years in federal prison. Alex Khodyrev, 35, and Pavel Kublitskii, 37, were charged Aug. 10 for their role in administering WWH Club, a Russian-language cybercrime forum that an FBI agent likened...
– [[{“value”:”The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia. “This threat actor used Visual Studio Code’s embedded reverse shell feature to gain a foothold in target networks,” Palo Alto Networks Unit 42 researcher Tom Fakterman said in a”}]] ...
– [[{“value”:”The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as Quasar RAT since June 2024. “Attacks have originated with phishing emails impersonating the Colombian tax authority,” Zscaler ThreatLabz researcher Gaetano Pellegrino said in a new...
– The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach not only fails to address the fundamental issue of the attack surface but also introduces dangerous – Read More –...
– [[{“value”:”GenAI has become a table stakes tool for employees, due to the productivity gains and innovative capabilities it offers. Developers use it to write code, finance teams use it to analyze reports, and sales teams create customer emails and assets. Yet, these capabilities are exactly the ones that introduce serious security risks. Register to our upcoming webinar to learn...
– A critical vulnerability (CVE-2024-40711) in Veeam Backup & Replication software allows attackers to gain full control without authentication.… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that could result in the execution of arbitrary operating system commands. Tracked as CVE-2024-7591 (CVSS score: 10.0), the vulnerability has been described as an improper input validation bug that results in OS command injection. “It is possible for unauthenticated, remote”}]] – Read More ...
– [[{“value”:”Designed to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management Just like waiting for a medical issue to become critical before seeing a doctor, organizations can’t afford to overlook the constantly”}]] – Read More ...
– [[{“value”:”Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat dubbed SpyAgent. The malware “targets mnemonic keys by scanning for images on your device that might contain them,” McAfee Labs researcher SangRyol Ryu said in an analysis, adding the targeting footprint has broadened in scope...
– [[{“value”:”A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers in Taiwan as part of a cyber attack campaign that commenced in 2024. Trend Micro is tracking the adversary under the moniker TIDRONE, stating the activity is espionage-driven given the focus on military-related industry chains. The exact initial access vector used”}]] –...
– [[{“value”:”The U.S. government and a coalition of international partners have officially attributed a Russian hacking group tracked as Cadet Blizzard to the General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155). “These cyber actors are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm”}]] – Read More –...
– A new Group-IB report highlights an ongoing campaign by the North Korean Lazarus Group, known as the “Eager… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information. Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian national, have been charged with conspiracy to commit access device fraud and conspiracy to commit...
– [[{“value”:”Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector. “After an initial chat conversation, the attacker sent a...
– A critical GeoServer vulnerability (CVE-2024-36401) is being actively exploited, allowing attackers to take control of systems for malware… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:” Intelligence community officials said Friday they expect Russia, Iran and China to increase the cadence of influence operations targeting U.S. voters over the final two months of the 2024 election cycle. The assessment comes after a whirlwind month where U.S. officials accused Iran of engaging in a hack-and-leak operation targeting the presidential campaign of Donald Trump and JD...
– A misconfigured server from a US-based AI healthcare firm Confidant Health exposed 5.3 TB of sensitive mental health… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. “An improper access control vulnerability has been identified in the SonicWall SonicOS...
– [[{“value”:” An Iranian IT vendor that works with many of the nation’s top banks and some of its government entities suffered a severe cyberattack and is in the process of paying a ransom in installments, according to emails and blockchain data reviewed by CyberScoop, contrary to claims from the Iranian government that a hack never occurred. The company, Tosan,...
– [[{“value”:”Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com). Adversaries targeting open-source repositories across”}]] – Read More – The Hacker News
– [[{“value”:”A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances. In”}]] ...
– Sophos X-Ops explores the distribution and capabilities of the Atomic macOS Stealer (AMOS) – Read More – Sophos News
– The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future. However, ...
– [[{“value”:”Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1. “The plugin suffers from an”}]] – Read More – The Hacker...
– [[{“value”:”Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. “If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself,” Durov said in a 600-word statement on his Telegram account. “Using laws from the pre-smartphone era...
– [[{“value”:”A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. “An attacker with no valid”}]] – Read More – The...
– RansomHub claims to have breached Intermountain Planned Parenthood, stealing 93GB of data. The healthcare provider is investigating the… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:” A notorious Russian military intelligence unit known for poisonings and other physical aspects of hybrid warfare has in recent years expanded to include cyber-enabled espionage, sabotage and disruptive actions, law enforcement and cyber officials in the U.S and U.K. said Thursday. The revelation came as the U.S. Department of Justice announced charges against six hackers working with Unit...
– [[{“value”:”Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below – CVE-2024-40711 (CVSS score: 9.8) – A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS score: 9.1″}]] – Read...
– [[{“value”:”Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. “Sighting this group’s [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them,” Kaspersky”}]] ...
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
