– [[{“value”:”This week was a total digital dumpster fire! Hackers were like, “Let’s cause some chaos!” and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️♀️) We’re talking password-stealing bots, sneaky extensions that spy on you, and even cloud-hacking ninjas! 🥷 It’s enough to make...
– [[{“value”:”German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks. “The platform made such DDoS attacks accessible to a wide range of users, even those without any in-depth technical skills of their own,” the Federal Criminal Police Office (aka”}]] –...
– [[{“value”:”Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the “first real-world vulnerability” uncovered using the artificial intelligence (AI) agent. “We believe this is the first public example of an AI agent finding”}]] –...
– [[{“value”:”As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain. Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide. Data from the Imperva Threat Research team’s”}]] – Read More – The Hacker...
– [[{“value”:”Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal information. “FakeCall is an extremely sophisticated Vishing attack that leverages malware to take almost complete control of the mobile device, including the interception of incoming”}]] – Read More –...
– Explore the features of the NAKIVO MSP backup solution. Choose the best MSP backup software to protect client… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– Online grooming crimes against children have reached a record high, with Snapchat being the most popular platform for… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:” The FBI is warning that a pair of videos circulating online that purport to be from the bureau are fake, including one making false claims about arresting groups linked to the Democratic party for ballot fraud. “The FBI is aware of two videos falsely claiming to be from the FBI relating to election security, one stating the FBI...
– [[“; depth:10; offset:2; content:”]] – Read More – LevelBlue Blogs
– Mindgard researchers uncovered critical vulnerabilities in Microsoft’s Azure AI Content Safety service, allowing attackers to bypass its safeguards… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:” A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited...
– Operation EMERALDWHALE compromises over 15,000 cloud credentials, exploiting exposed Git and Laravel files. Attackers use compromised S3 buckets… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel’s participation in the sporting event. The activity has been pinned on an entity that’s known as Emennet Pasargad, which the agencies said has been operating”}]] ...
– [[{“value”:” Georgia Secretary of State Brad Raffensperger said a video posted on X and other social media sites depicting a supposed Haitian immigrant using multiple Georgia state IDs to cast ballots is “false” and “likely foreign interference.” “This is false, and is an example of targeted disinformation we’ve seen this election,” Raffensperger said in a statement Thursday night. “It...
– [[{“value”:”With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams. Misconfigurations are silent killers, leading to major”}]] – Read More – The Hacker...
– [[{“value”:”Cybersecurity researchers have flagged a “massive” campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim. The bucket,”}]] – Read More –...
– [[{“value”:”A disgruntled former Disney employee is facing charges that he hacked into the company’s restaurant menu systems and wreaked havoc on its digital displays that could have potentially put lives at risk. Read more in my article on the Hot for Security blog.”}]] – Read More – Graham Cluley
– [[{“value”:”Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers. “Active since at least 2021, Storm-0940 obtains initial access”}]] –...
– [[{“value”:”Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it’s taking the time to improve the experience. The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release starting in October. “We are committed to delivering a secure and trusted experience with Recall,” the”}]] ...
– [[{“value”:”Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the offering used in attacks aimed at a variety of verticals, such...
– [[{“value”:”Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage. Cybersecurity and IT”}]] – Read More ...
– Stay ahead of cybercrime with proactive threat hunting. Learn how threat hunters identify hidden threats, protect critical systems,… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:” A coalition of influential infrastructure trade groups and associations want to change key definitions around an incoming cyber reporting mandate, citing long-standing “concerns” around the Cybersecurity and Infrastructure Security Agency’s engagement process and existing regulatory requirements. In a letter to CISA Director Jen Easterly this week, 21 organizations from the communications, energy, aviation, IT, and transportation sectors, among...
– Cybersecurity researchers uncovered the “Xiū gǒu” phishing kit targeting users in the UK, US, Spain, Australia, and Japan.… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:” The White House is close to finalizing a second executive order on cybersecurity that covers a wide range of subjects for federal agencies to address, including artificial intelligence, secure software, cloud security, identity credentialing and post-quantum cryptography, according to sources familiar with work on the document. The executive order, a follow-up to the sweeping cybersecurity executive order President...
– The issue of GitHub data protection is increasingly discussed among developers on platforms like Reddit, X, and HackerNews.… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”As the United States of Americas enter the final days of the race for the White House, the FBI has warned that fraudsters are using the presidential election campaign to scam citizens out of their savings and personal data. Read more in my article on the Tripwire State of Security blog.”}]] – Read More – Graham Cluley
– [[{“value”:”LottieFiles has revealed that its npm package “lottie-player” was compromised as part of a supply chain attack, prompting it to release an updated version of the library. “On October 30th ~6:20 PM UTC – LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player had unauthorized new versions pushed with malicious code,” the company...
– [[{“value”:”Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. “While the iOS implant delivery method closely mirrors that of the macOS version, the post-exploitation and privilege escalation stages differ”}]] – Read More – The...
– Sophos X-Ops unveils five-year investigation tracking China-based groups targeting perimeter devices – Read More – Sophos News
– Decades of obsolete and unpatched hardware and software endanger us all – Read More – Sophos News
– What our incident responders know from five years of fighting an octopus – Read More – Sophos News
– Thirty-five years after the first great cat-and-mouse infosecurity story, here we are again – Read More – Sophos News
– On beyond “Detect and Respond” and “Secure by Design” – Read More – Sophos News
– State-Sponsored Espionage Meets Ransomware! – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– Sophos X-Ops unveils five-year investigation tracking China-based groups targeting perimeter devices – Read More – Sophos News
– [[{“value”:” Sen. Ron Wyden is asking the Commerce Department to strengthen proposed rules meant to keep U.S. technologies out of the hands of repressive nations that spy on dissidents, journalists and American citizens, arguing that regulators should expand the list of applicable countries and close a loophole that could be used to avoid the restrictions. The proposed rules promulgated...
– In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as “the new perimeter”, the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data –...
– [[{“value”:”In this week’s episode your hosts practice standing on one leg, Carole gives Graham a deepfake quiz, and we investigate how Strava may be exposing the movements of world leaders. All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.”}]] – Read More –...
– [[{“value”:”A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. “The plugin suffers from an unauthenticated privilege escalation vulnerability”}]] – Read More –...
– A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:” Top federal security and IT officials recently met to discuss 2025 cyber policy priorities, setting an emphasis on sustaining zero trust, building up awareness of threats against agency systems, securing the cloud and getting ready for post-quantum cryptography, the interim Federal Chief Information Security Officer said Wednesday. At that joint federal Chief Information Officers Council and Federal CISO...
– [[{“value”:” The FBI is seeing progress in the fight against ransomware gangs after conducting more than 30 disruption operations this year in which officials targeted the infrastructure used by those groups, one of the bureau’s top cybersecurity officials said Wednesday. Cynthia Kaiser, deputy assistant director of the FBI’s cyber division, said during CyberScoop’s CyberTalks event that disruption operations against...
– [[{“value”:” As federal agencies race to hit a White House deadline to submit updated zero-trust implementation plans next week, a top Cybersecurity and Infrastructure Security Agency official said she’s seen promising data leading up to that “inflection point.” Speaking Wednesday at CyberScoop’s CyberTalks event in Washington, D.C., Shelly Hartsook, acting associate director of CISA’s Cybersecurity Division, said more details...
– [[{“value”:” A White House official warned federal agencies Wednesday not to wait until their new post-quantum encryption algorithms are deployed in production to test them. Agencies have been slowly working to integrate into federal IT systems new encryption algorithms that can defend against future hacks from quantum computers, but the White House wants to make sure the new protections...
– Russian state-sponsored hackers Cozy Bear are targeting over 100 organizations globally with a new phishing campaign. This sophisticated… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– A new, more sophisticated variant of the FakeCall malware is targeting Android devices. Learn about the advanced features… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy,”}]] ...
– [[{“value”:” Last month, Apple sought to drop its lawsuit against spyware industry leader NSO Group, citing a number of difficulties with advancing the case. This month, WhatsApp parent company Meta asked a judge to punish the same company for not complying with orders to hand over its source code. And for years, many victims have failed to get courts...
– Atlanta, Georgia, 30th October 2024, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
