Latest Cybersecurity News and Articles
18 July 2024
Despite the limited scope of the bill, it aims to protect digital services and supply chains from cyberattacks. The legislation will also empower regulators to ensure critical infrastructure companies implement essential cyber safety measures.
18 July 2024
Russia-linked cybercriminal group FIN7 sells its security evasion tool, AvNeutralizer, to other criminal gangs on darknet forums. The tool helps hackers bypass threat detection systems on victims' devices.
18 July 2024
As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That’s according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry’s web traffic in 2023—a significant jump from 37.4% in 2022.
18 July 2024
Credential mismanagement was the leading cause of cloud-based attacks in the first half of 2024, according to a Google Cloud report. Weak credentials and misconfigurations were responsible for 75% of network intrusions during this period.
18 July 2024
Tracked as CVE-2024-20419, the flaw enables remote attackers to set new passwords without authentication. Admins are advised to upgrade to the fixed release to protect vulnerable servers, as there are no workarounds available.
18 July 2024
A report by Legit Security highlights concerns around the security posture of the GitHub Actions marketplace, with most custom Actions lacking verification and being maintained by one developer.
18 July 2024
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data.
The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz.
"The vulnerabilities we found could have allowed attackers
18 July 2024
The 9002 RAT malware, used in Operation Aurora in 2009, is a versatile trojan that can monitor network traffic, capture screenshots, and execute commands from a remote server. The malware is constantly updated with new variants to avoid detection.
18 July 2024
According to a new report by JumpCloud, About 49% of SME IT teams feel they lack resources to defend against cyber-threats, with layoffs affecting nearly half of them. 71% believe budget cuts would increase risk.
18 July 2024
Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations.
Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America,
18 July 2024
A recent report reveals that private sector stakeholders in the marine transportation system are hesitating to utilize critical cybersecurity services offered by the U.S. Coast Guard.
18 July 2024
Interpol's global operation, Jackal III, targeted West African cybercrime groups, including Black Axe. It resulted in 300 arrests across 21 countries, seizure of $3 million, identification of 400 suspects, and the blocking of over 720 bank accounts.
18 July 2024
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a directive to federal agencies to fix a critical vulnerability in GeoServer, a popular open-source server, that is actively being exploited.
18 July 2024
Scattered Spider, a notorious cybercrime group, has added ransomware strains RansomHub and Qilin to its arsenal, as revealed by Microsoft. They are known for sophisticated social engineering tactics to breach targets and steal data.
18 July 2024
Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy.
The development was first reported by news agency Reuters.
The company said it has decided to suspend the tools while it is in talks with Brazil's National Data Protection Authority (ANPD) to address the
18 July 2024
Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users.
The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0.
"This vulnerability is due to improper
17 July 2024
Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers.
The artifact in question is an Apple macOS disk image (DMG) file named "MiroTalk.dmg" that mimics the legitimate video call service of the same name,
17 July 2024
By exploiting this flaw, attackers could bypass critical authentication checks, manipulating JSON-encoded POST data to elevate their privileges and effectively log in as site administrators.
17 July 2024
The FTC and the LA DA’s office allege that NGL actively marketed their service to kids despite being aware of the harms from similar services.
17 July 2024
One-third of software development professionals lack awareness of secure practices, according to a report by the Linux Foundation and the Open Source Security Foundation.