Latest Cybersecurity News and Articles
26 April 2024
Researchers discovered a sophisticated phishing campaign that is using compromised email accounts and Autodesk's file sharing platform to steal Microsoft login credentials from victims.
26 April 2024
The round was led by existing investor General Atlantic, with participation from other major investors StepStone Group and the D. E. Shaw group. The company intends to use the funds to drive product innovation and accelerate its global expansion.
26 April 2024
Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses.
26 April 2024
A critical severity flaw (CVE-2024-27956) in the WP-Automatic plugin for WordPress allows threat actors to gain unauthorized access to WordPress sites, create admin-level user accounts, and potentially take full control of the affected sites.
26 April 2024
Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers.
The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0.
"This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as
25 April 2024
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT.
The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server," Avast security researcher Luigino
25 April 2024
In episode 22 of the Cybersecurity & Geopolitical Discussion, our trio of hosts debate the geopolitical and security dimensions of the current global space industry.
25 April 2024
The FTC issues refunds after a settlement with Ring over charges the company allowed employees and contractors to access consumers’ private videos.
25 April 2024
Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy.
Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit
25 April 2024
The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds.
To that end, Keonne Rodriguez, 35, and William Lonergan Hill, 65, have been charged
25 April 2024
Threat actors utilize fraudulent websites hosted on popular legitimate platforms to spread malware and steal data. To evade detection, attackers employ obfuscation methods and checks on referral URLs.
25 April 2024
The FTC is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections.
25 April 2024
The research identified deficiencies in various PMP components that could be exploited to gain access to plaintext content keys guarded by PlayReady DRM in Windows 10/11 environments.
25 April 2024
The hackers, identified as UAT4356 by Cisco Talos and STORM-1849 by Microsoft, began infiltrating vulnerable edge devices in early November 2023 in a cyber-espionage campaign tracked as ArcaneDoor.
25 April 2024
Most businesses are concerned about AI-enabled cyber-threats, with 93% of security leaders expecting to face daily AI-driven attacks by the end of 2024, according to a new report by Netacea.
25 April 2024
The two founders of a cryptocurrency mixing service that allegedly obfuscated the origins of at least $100 million in criminal proceeds have been arrested, the Department of Justice announced Wednesday.
25 April 2024
Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative.
The tech giant said it's working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year.
As part of the
25 April 2024
Flowon developer Progress Software first alerted about the flaw on April 4, warning that it impacts versions of the product v12.x and v11.x. The company urged system admins to upgrade to the latest releases, v12.3.4 and 11.1.14.
25 April 2024
On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco product vulnerabilities — CVE-2024-20353 and CVE-2024-20359 — as well as one vulnerability affecting popular file transfer tool CrushFTP.
25 April 2024
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments.
Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft).
"