Latest Cybersecurity News and Articles
09 July 2024
Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a "complex and persistent" supply chain attack.
"This attack stands out due to the high variability across packages," Phylum said in an analysis published last week.
"The attacker has cleverly hidden the malware in the seldom-used 'end' function of
08 July 2024
A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration.
Cybersecurity firm Kaspersky, which discovered the activity in May 2024, the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but pointed
08 July 2024
Patelco Credit Union announced that on June 29, 2024, the company faced a ransomware attack. Hackers gained access to its systems and blocked access.
08 July 2024
An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes.
"Approximately 3,300 unique users were found with accounts on known CSAM sources," Recorded Future said in a proof-of-concept (PoC) report published last week. "
08 July 2024
The emails falsely accuse recipients of sexual offences, using names and seals of authorities to appear authentic. Citizens are advised not to respond to such emails and report them to authorities.
08 July 2024
An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems.
Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said.
The cybersecurity firm, which infiltrated the ransomware group, noted that its
08 July 2024
Avast researchers have identified a cryptographic weakness in the DoNex ransomware and its previous versions, enabling them to create a decryptor for files encrypted by these variants.
08 July 2024
Ann & Robert H. Lurie Children’s Hospital of Chicago was impacted by a ransomware attack.
08 July 2024
A new variation of WordFence evasion malware has been discovered, concealing backdoors in infected WordPress environments. A suspicious plugin named "wp-engine-fast-action" was found tampering with the popular WordFence security plugin.
08 July 2024
The EU Commission is offering over €210m ($227.3m) in funding for cybersecurity and digital skills programs through the Digital Europe Programme (DEP). About $38m will go towards projects protecting critical infrastructures.
08 July 2024
Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore.
Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. And when the inevitable CISO/Board briefing rolls
08 July 2024
A new report finds that organizations are increasing their cyber budgets in order to keep pace with the shifting threat landscape.
08 July 2024
Europol is proposing solutions to address challenges posed by privacy-enhancing technologies in Home Routing that impede law enforcement's ability to intercept communications in criminal investigations.
08 July 2024
Cloud resources are increasingly targeted by cyberattacks, with SaaS applications, cloud storage, and cloud management infrastructure being the top categories of attack, according to Thales.
08 July 2024
Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz).
That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware.
Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal
08 July 2024
Exploiting these flaws could allow attackers to execute arbitrary commands, read source code, and gain unauthorized access. The vulnerabilities require authentication, with one flaw specifically requiring the built-in SSH server to be enabled.
08 July 2024
Vinted, a prominent online platform for second-hand sales, has been fined €2,385,276 ($2,582,730) for violating the EU’s General Data Protection Regulation (GDPR) by not properly handling personal data deletion requests.
08 July 2024
The expanding attack surface, with over 15 billion connected devices worldwide, raises concerns about privacy breaches for users. The average home now has 21 connected devices, facing more than 10 daily cyberattacks.
08 July 2024
Team ARXU gained recognition earlier this year for targeting Romania over its support for Israel. The hacker group has a history of cyberattacks against Israel and its allies.
08 July 2024
Information-stealing malware families have evolved to impersonate generative AI tools, with examples like GoldPickaxe stealing facial recognition data for deepfake videos.