Latest Cybersecurity News and Articles
26 July 2024
Google says it recently fixed an authentication weakness that allowed crooks to circumvent email verification needed to create a Google Workspace account, and leverage that to impersonate a domain holder to third-party services that allow logins through Google's "Sign in with Google" feature.
26 July 2024
Chainguard, a supply chain security startup, recently raised $140 million in a Series C funding round led by Redpoint Ventures, Lightspeed Venture Partners, and JVP. It aims to expand globally and strengthen its presence in the U.S. public sector.
26 July 2024
The Office of the National Cyber Director (ONCD) announced Wednesday that former Navy SEAL and National Defense University cyberspace professor Harry Wingo has been selected as its deputy director.
26 July 2024
GenAI users face significant security risks related to data, with regulated data making up a large share of sensitive information shared with GenAI applications, posing a threat of costly data breaches.
26 July 2024
MCG Health has agreed to a settlement of $8.8 million for a data breach lawsuit following a hacking incident in 2020. The lawsuit alleges that it took MCG Health two years to discover and report the data theft affecting around 1.1 million people.
26 July 2024
While purchasing cyber insurance won't completely prevent data breaches, it does improve the cyber posture as it requires strict underwriting processes. However, only a quarter of companies currently have standalone cyber insurance policies.
26 July 2024
GhostWriter, also known as UAC-0057, used PicassoLoader and Cobalt Strike Beacon to infect victims, including local government offices and groups associated with USAID’s Hoverla project.
26 July 2024
According to Cisco Talos, ransomware and BEC attacks made up 60% of all incidents in Q2 2024, with technology being the most targeted sector at 24%. Other highly targeted sectors included retail, healthcare, pharmaceuticals, and education.
26 July 2024
An unidentified threat actor is taking advantage of the recent Falcon Sensor update issues to distribute fake installers via a fraudulent website impersonating a German entity.
26 July 2024
Least privilege begins by addressing dormant user accounts and then scrutinizing access privileges, using Context-based access control (CBAC), Attribute-based access control (ABAC), and Role-based access control (RBAC) to determine user access.
26 July 2024
A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level.
Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a "sophisticated AI-powered phishing-as-a-service platform"
26 July 2024
Researchers at Wiz have identified an ongoing campaign targeting exposed Selenium Grid services for illicit cryptocurrency mining. The campaign, known as SeleniumGreed, is exploiting older versions of Selenium to run a modified XMRig miner.
26 July 2024
The US has indicted a North Korean state hacker for ransomware attacks on hospitals and healthcare companies. The hacker, Rim Jong Hyok, is a member of the Andariel Unit within North Korea's intelligence agency.
26 July 2024
The Internet Systems Consortium (ISC) has released patches to fix multiple security vulnerabilities in the BIND 9 DNS software suite that could lead to denial-of-service attacks.
26 July 2024
US Senator Richard Blumenthal revealed that Bank of America, JPMorgan Chase, and Wells Fargo only reimbursed 38% of customers for unauthorized payments, resulting in $100 million in fraud losses.
26 July 2024
Process Injection is a vital technique used by attackers to evade detection and escalate privileges. Thread Name-Calling has emerged as a new injection technique that abuses Windows APIs for thread descriptions to bypass endpoint protection products.
26 July 2024
A recent study by Parametrix has found that the global IT outage linked to CrowdStrike will result in at least $5.4 billion in direct financial losses for Fortune 500 companies, excluding Microsoft.
26 July 2024
ServiceNow RCE vulnerabilities are being actively exploited to steal credentials. Threat actors are using publicly available exploits to target government agencies and private firms for data theft.
26 July 2024
"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo.
In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, which read "I'm the Creeper: catch me if you can." was the output of a program named
26 July 2024
KnowBe4, a cybersecurity training company, was tricked into hiring a fake IT worker from North Korea, highlighting the threat of insider activities. Despite this, no data breach occurred.