Latest Cybersecurity News and Articles
15 July 2024
The malicious ad campaign employed advanced filtering techniques to evade detection and appeared as a top search result for Microsoft Teams. It redirected users through deceptive links despite displaying microsoft.com as its URL.
15 July 2024
The US Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team exercise at an unnamed federal agency in 2023, exposing serious security failings that left critical assets vulnerable.
15 July 2024
Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF) repositories.
JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub.
"This
15 July 2024
At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven't set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn't yet been registered, merely by supplying an email address tied to an existing domain.
15 July 2024
Vyacheslav Igorevich Penchukov, a criminal who used Zeus and IcedID malware to steal millions of dollars from victims, has been sentenced to almost a decade in prison and ordered to pay $73 million in restitution by a Nebraska federal court judge.
15 July 2024
Netgear released firmware patches to fix stored XSS and authentication bypass flaws in the XR1000 Nighthawk gaming router and CAX30 Nighthawk AX6 6-Stream cable modem routers, respectively.
15 July 2024
Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn’t it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that’s basically the state of things today. Welcome to the infostealer garden of low-hanging fruit.
Over the last few years, the problem has grown bigger and bigger, and only now are we
15 July 2024
Alphabet, Google's parent company, is in advanced talks to acquire cloud security provider Wiz for around $23 billion. Wiz recently raised $1 billion at a $12 billion valuation and has a total of $1.9 billion in funding.
15 July 2024
A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims.
Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a 10x surge, adding it includes "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple [open-source software]
15 July 2024
Palo Alto Networks has released security updates to address five vulnerabilities in its products, including a critical flaw in the Expedition tool that could enable admin account takeover.
15 July 2024
The new cyber-defense facility, dubbed NATO Integrated Cyber Defence Centre (NICC), will be located in Belgium at SHAPE and will consist of civilian and military experts from member states.
15 July 2024
Signal has now taken steps to address the issue by integrating Electron's SafeStorage API to secure the data store from offline attacks. The new implementation is currently being tested and will soon be available in a Beta version.
15 July 2024
The Office of Management and Budget has issued a memorandum outlining the administration's cybersecurity priorities for fiscal year 2026, aligning with the national cybersecurity strategy.
15 July 2024
The US government is pressuring software manufacturers to address operating system command injection vulnerabilities following high-profile threat actor campaigns exploiting these flaws in 2024.
15 July 2024
The U.S. Government Accountability Office's annual assessment of the Defense Department's IT spending revealed that several programs lack approved cybersecurity strategies, leaving them vulnerable to potential cyberattacks.
15 July 2024
Exein, a Rome-based startup, is addressing the critical issue of device security in the IoT space. The company recently secured €15 million (~$16.3 million) in a Series B funding round led by cybersecurity-focused VC 33N.
15 July 2024
Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks.
The decision was announced by the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) on July 9, 2024.
"Customers who have activated their digital
15 July 2024
McAfee Labs has uncovered a unique malware delivery method called the “Clickfix” infection chain, which starts with users being directed to compromised websites and instructed to paste a script into a PowerShell terminal.
15 July 2024
Federal research agencies will now require covered institutions to implement cybersecurity programs for research and development security due to threats from China. The goal is to increase awareness of security threats and enable apt responses.
15 July 2024
Crystalray's attack chain involves using various OSS tools for reconnaissance, scanning, and exploiting vulnerabilities. The group was first discovered in February using the "SSH-Snake" tool to exploit vulnerabilities in Atlassian Confluence.