Latest Cybersecurity News and Articles
18 March 2024
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information.
Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky.
"The malware payloads used in the DEEP#GOSU represent a
18 March 2024
An announcement published late last week on the firm's news portal discloses a major cybersecurity incident that has compromised systems and data, including sensitive information of customers.
18 March 2024
The NCSC released guidance for operational technology (OT) organizations on migrating their SCADA systems to the cloud. This guidance aims to help organizations assess the benefits and risks of cloud-hosted SCADA to make informed decisions.
18 March 2024
A new report highlights new and continuing threat trends that security leaders must prepare to face in the coming years.
18 March 2024
This campaign is noteworthy as it uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website.
18 March 2024
Charles Henderson was hired as EVP of Cyber Security at Coalfire with experience in threat intelligence, incident response and penetration testing.
18 March 2024
Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.
18 March 2024
The victims were lured into slavery with false job offers and were forced to adopt fake identities to extract money from their victims through promises of cryptocurrency wins, investments, and romance.
18 March 2024
The APT campaign targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa. It exploits public-facing servers and sends spear-phishing emails to deliver backdoors.
18 March 2024
Moldovan national Sandu Boris Diaconu was sentenced to 42 months in federal prison for operating the E-Root cybercrime marketplace, which facilitated the sale of compromised computer credentials.
18 March 2024
MediaWorks, a company based in New Zealand, says it is investigating an alleged security incident after a hacker claimed to have stolen the data of just over 2.4 million people and began targeting individuals for extortion payments.
18 March 2024
Historical domain registration records suggest that the founder of Onerep, Dimitri Shelest, has been involved in numerous people-search services, indicating potential conflicts of interest.
18 March 2024
Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers.
Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10.
"A directory traversal within the 'ftpservlet' of the FileCatalyst Workflow
18 March 2024
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft.
"It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs
18 March 2024
Concerns are especially high in the public sector, with 87% worrying about employee email and social media lapses damaging their institutions, according to a Mimecast report.
18 March 2024
Multiple GitHub repositories were hosting cracked software designed to deliver the RisePro info-stealer, indicating a widespread campaign to distribute the malware. The repositories were taken down by GitHub, and all used the same download link.
18 March 2024
The hub offers a centralized repository of essential resources and expertise, sourced from federal agencies, industry partners, academia, and the private sector, to enhance the cybersecurity posture of Emergency Communications Centers (ECCs).
18 March 2024
The leaked data includes customers' sensitive personal information such as names, addresses, mobile phone numbers, encrypted dates of birth, and encrypted Social Security numbers.
18 March 2024
In 2023, researchers identified new adversary techniques targeting macOS, Microsoft, and Linux users, including increased stealer activity in macOS environments, reflective code loading, and AppleScript abuse.
18 March 2024
About 63% of CISA-tracked known exploited vulnerabilities can be found on healthcare networks, with 23% of medical devices having at least one known exploited vulnerability, according to Claroty.