Latest Cybersecurity News and Articles
28 June 2024
The campaign involves a Bollywood pirate movie download site leading to a Bunny content delivery platform, which then points to a ZIP file. Inside the ZIP file, there is another password-protected ZIP file with a text file containing the password.
28 June 2024
Gitleaks is an open-source tool that detects and prevents hardcoded secrets in Git repositories, like passwords or API keys. It stands out for its easy-to-use and configurable system for scanning secrets.
28 June 2024
A new campaign targeting Mac users through malicious Google ads for the Arc browser has been observed. This is the second time Arc has been used as a lure, indicating its popularity.
28 June 2024
A 24-year-old leader of an international robbery crew, Remy St Felix, has been convicted in the US for carrying out violent home invasions to steal cryptocurrency tokens.
28 June 2024
Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server.
"The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware code to run solely in memory and avoid disk-based detection mechanisms," Trend Micro researchers Ahmed
28 June 2024
Federal authorities are warning about social engineering and phishing scams that target IT help desk workers and allow attackers to steal login credentials in order to access healthcare sector entities' IT systems.
28 June 2024
A former employee of Nuance Communications, a unit of Microsoft, is the main suspect in a 2023 data breach that affected over 1 million patients of Geisinger, a healthcare system based in Pennsylvania.
28 June 2024
CISA urges manufacturers to reduce memory safety vulnerabilities by ditching memory-unsafe languages, implementing secure coding practices, and adopting routine security testing measures.
28 June 2024
The modern kill chain is eluding enterprises because they aren’t protecting the infrastructure of modern business: SaaS.
SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven’t revised their security programs or adopted security tooling built for SaaS.
Security teams keep jamming on-prem
28 June 2024
In Q1 2024, BlackBerry detected and stopped 3.1 million cyberattacks, averaging 37,000 per day. They also detected 630,000 malicious hashes, a 40% increase from the previous reporting period.
28 June 2024
The US Department of Justice has indicted a 22-year-old Russian, Amin Timovich Stigal, for his alleged involvement in cyber attacks on Ukrainian government computers and critical infrastructure systems known as the "WhisperGate" attack.
28 June 2024
The US cybersecurity agency CISA has issued a warning about cyber threat actors exploiting vulnerabilities in GeoServer (CVE-2022-24816), the Linux kernel (CVE-2022-2586), and Roundcube Webmail (CVE-2020-13965).
28 June 2024
A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity.
"SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week.
"This bottleneck influences the latency of network packets, allowing an attacker
28 June 2024
Approximately three-quarters of companies have made investments in cyber defense in order to qualify for cyber insurance, according to a report by Sophos and Vanson Bourne.
28 June 2024
The healthcare sector received a "B+" security rating for the first half of 2024, indicating a decent level of security. However, it faces a significant vulnerability in the form of supply chain cyber risk.
28 June 2024
XenoRAT is being used by North Korean hackers and other actors targeting the gaming community. It is being spread through .gg domains and a GitHub repository disguised as Roblox scripting tools.
28 June 2024
The California Privacy Protection Agency (CPPA) has signed a partnership agreement with France's Commission Nationale de l'Informatique et des Libertés (CNIL) to conduct joint research and share investigative findings on data privacy issues.
28 June 2024
Microsoft has discovered a new type of jailbreak attack called Skeleton Key. This technique uses a multi-turn strategy to make the model ignore its guardrails, allowing it to generate forbidden content or override its decision-making rules.
28 June 2024
Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands.
The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior.
According to operational technology (OT) security firm Claroty, the
28 June 2024
The Vanna AI library has been found to have a vulnerability (CVE-2024-5565) that could allow for remote code execution (RCE) due to a prompt injection issue related to the Plotly script.