Latest Cybersecurity News and Articles

---

New Cyware Survey Reveals Critical Gaps in Cybersecurity Threat Intelligence Sharing and Collaboration

As per the Cyware survey, 91% of respondents recognize the significance of collaboration in cybersecurity, but many struggle to effectively combine insights across teams and platforms.

---

Critical Cisco Bug Lets Hackers Add Root Users on SEG Devices

Cisco has addressed a critical vulnerability that allows attackers to add new users with root privileges and crash Security Email Gateway (SEG) appliances by sending emails with malicious attachments.

---

Summary of "AI Leaders Spill Their Secrets" Webinar

Event Overview The "AI Leaders Spill Their Secrets" webinar, hosted by Sigma Computing, featured prominent AI experts sharing their experiences and strategies for success in the AI industry. The panel included Michael Ward from Sardine, Damon Bryan from Hyperfinity, and Stephen Hillian from Astronomer, moderated by Zalak Trivedi, Sigma Computing's Product Manager. Key Speakers and Their

---

SolarWinds Fixes Eight Critical Bugs in Access Rights Audit Software

The vulnerabilities (CVE-2024-23469, CVE-2024-23466, CVE-2024-23467, CVE-2024-28074, CVE-2024-23471, and CVE-2024-23470) were all rated with severity scores of 9.6/10 and posed risks of unauthorized actions and information disclosure.

---

Qilin Ransomware’s Sophisticated Tactics Unveiled By Experts

With over 150 organizations in 25 countries affected, Qilin's sophisticated tactics include exploiting vulnerabilities, using tools like Mimikatz for privilege escalation, and evading defenses by deleting logs and using PowerShell commands.

---

APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K.

Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. have become the target of a "sustained campaign" by the prolific China-based APT41 hacking group. "APT41 successfully infiltrated and maintained prolonged, unauthorized access to numerous victims' networks since

---

SolarWinds Patches 11 Critical Flaws in Access Rights Manager Software

SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 11 vulnerabilities, seven are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0. The remaining four weaknesses have been rated High in severity, with each of them having a CVSS

---

Hacked YouTube Channels Use Trump Assassination News to Push Crypto Scam

The scam involves deepfake videos of Elon Musk promising insights into the attack and encouraging viewers to participate in a cryptocurrency giveaway by scanning a QR code in the video.

---

WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach

Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. "A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million," the company said in a statement. "This wallet was operated utilizing the services of Liminal's digital asset custody and

---

Security leaders respond to the AT&T data breach

Security leaders share their insights on the recent AT&T data breach. 

---

Australians affected by MediSecure hack may never know their personal details have been compromised

Prime minister says ‘very significant cyber event’ still under investigation by federal police and he is ‘not aware’ if he is among the 12.9m victimsFollow our Australia news live blog for latest updatesGet our morning and afternoon news emails, free app or daily news podcastThe 12.9 million Australians caught up in the hack on electronic prescriptions provider MediSecure may never be told their personal information has been compromised, with the prime minister saying on Friday he wasn’t aware if he was one of the victims.On Thursday evening, the administrators for MediSecure – which went into administration after the hack – revealed 6.5TB of data had been compromised after a ransomware attack on a database server, which was discovered by the company in April.Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup Continue reading...

---

Firms Skip Security Reviews of Updates About Half the Time

A recent poll of tech managers from CrowdStrike's 2024 State of Application Security Report revealed that cybersecurity workers only review major updates to software applications 54% of the time.

---

UnitedHealth’s Cyberattack Response Costs to Surpass $2.3 Billion This Year

UnitedHealth is expected to spend over $2.3 billion this year to recover from a cyberattack on its subsidiary Change Healthcare, which is significantly higher than initial estimates.

---

Alert: HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver

Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous installer ("HotPage.exe"), according to new findings from ESET. The

---

95% percent of organizations had at least one high or critical risk

A recent report found that many applications contained vulnerabilities spanning various stages of the kill-chain, leaving them vulnerable to attack.

---

SubSnipe: Open-Source Tool for Finding Subdomains Vulnerable to Takeover

SubSnipe is an open-source tool designed to identify vulnerable subdomains at risk of takeover. Created by Florian Walter, the tool offers improved accuracy and efficiency compared to other similar tools by conducting additional verification steps.

---

North Korean Hackers Update BeaverTail Malware to Target MacOS Users

North Korean hackers have updated their BeaverTail malware to target MacOS users. The malware is disguised as a legitimate video call service named "MiroTalk.dmg" in an Apple macOS disk image file.

---

Ransomware Costs at Critical Infrastructure Organizations Soar

According to Sophos, ransomware attacks on critical national infrastructure (CNI) organizations have seen a significant increase in costs over the past year, with the median ransom payments reaching $2.54 million.

---

Mysterious Chinese Hacking Group ‘GhostEmperor’ Spotted for First Time in Two Years

Security firm Sygnia revealed that GhostEmperor recently compromised a network, using it as a launchpad to access another victim's systems. This marks the first public report on the group since it was identified by Kaspersky Lab in 2021.

---

AppSec Webinar: How to Turn Developers into Security Champions

Let's face it: AppSec and developers often feel like they're on opposing teams. You're battling endless vulnerabilities while they just want to ship code. Sound familiar? It's a common challenge, but there is a solution. Ever wish they proactively cared about security? The answer lies in a proven, but often overlooked, strategy: Security Champion Programs — a way to turn developers from