Latest Cybersecurity News and Articles
12 July 2024
Cytactic, an Israel-based provider of a platform pioneering cyber crisis readiness and management, raised $16M in a seed funding round led by Evolution Equity Partners. It intends to use the funds to expand operations and development efforts.
12 July 2024
Compiled V8 JavaScript in Google's engine converts JavaScript into low-level bytecode, making analysis and detection difficult. Attacks using this bytecode ensure compatibility with the V8 engine for successful execution.
11 July 2024
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass.
Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover.
"Missing authentication
11 July 2024
Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection.
The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply
11 July 2024
The genesis of BunkerWeb came from the need to apply security practices manually every time a web application was put online. The solution meets global needs with a modular architecture allowing for extensions.
11 July 2024
Originally detected in 2020, the ViperSoftX malware now incorporates more sophisticated evasion tactics by using the Common Language Runtime (CLR) to run PowerShell commands within AutoIt scripts distributed through pirated eBook copies.
11 July 2024
A survey by data security company Kiteworks reveals that around 60% of organizations struggle to track their information once it leaves through communication channels like email.
11 July 2024
The vulnerability impacts all GitLab CE/EE versions from 15.8 to 16.11.6, 17.0 to 17.0.4, and 17.1 to 17.1.2. Under certain circumstances that GitLab has yet to disclose, attackers can exploit it to trigger a new pipeline as an arbitrary user.
11 July 2024
Researchers have identified the developer of a malicious remote access tool used in attacks on Russian organizations. Known as Mr. Burns, the developer has been active in darknet forums since 2010, creating harmful versions of popular tools.
11 July 2024
The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk.
The new variant of StealthVector – which is also referred to as DUSTPAN – has been codenamed DodgeBox by Zscaler ThreatLabz, which discovered the loader strain in
11 July 2024
Security researchers have found a critical vulnerability, CVE-2024-38021, impacting Microsoft Outlook. This zero-click remote code execution flaw, now fixed by Microsoft, allowed unauthorized access without authentication.
11 July 2024
This decision comes after a warning from the Singapore Police about phishing scams targeting bank customers. Scammers have managed to defraud individuals of over S$600,000 ($445,000) in just a few weeks.
11 July 2024
Huione Guarantee, an online marketplace, is reportedly being used for money laundering, particularly in "pig butchering" investment scams. Victims are tricked into investing in fake sites with high returns.
11 July 2024
Google announced that passkeys are now available for high-risk users enrolling in the Advanced Protection Program, ensuring top-notch account security. The program offers free protection for accounts of high-risk individuals.
11 July 2024
Poco RAT was first categorized on February 7, 2024, and has since targeted customers in multiple sectors, with Mining being the primary focus. One company was the most targeted, responsible for 67% of the total volume of campaigns.
11 July 2024
Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimated their attractiveness to hackers. However, this assumption is precarious, as cybercriminals frequently exploit
11 July 2024
A diverse workforce brings different perspectives, experiences, and problem-solving approaches to the table, enabling teams to identify vulnerabilities and develop more robust defense strategies.
11 July 2024
The most severe flaw is an improper authorization issue (CVE-2024-6235) with a CVSS score of 9.4, allowing attackers to access sensitive information through the NetScaler Console IP.
11 July 2024
Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024.
The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense.
"The majority of the custom code in the malware appears to be focused on anti-analysis,
11 July 2024
Cybersecurity analyst Eugene Lim discovered the risk posed by this vulnerability, which hackers can exploit by chaining messaging APIs in browsers and extensions, bypassing security measures like the Same Origin Policy.