Latest Cybersecurity News and Articles
10 June 2024
Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain unauthorized access to cloud resources.
"This case does highlight an inherent risk in using service tags as a single mechanism for vetting incoming network traffic," the Microsoft Security Response Center (
10 June 2024
Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People’s Republic of China (PRC).
"The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. foreign affairs," Google Threat Analysis Group (TAG) researcher Billy Leonard said in the company's quarterly bulletin
10 June 2024
Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus.
The phishing attacks were aimed at a pharmaceutical company, a Russian research institute dealing with microbiology and vaccine development, and the aviation sector, expanding beyond their initial focus of government
08 June 2024
Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances.
The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system.
According to DEVCORE security researcher, the shortcoming makes
08 June 2024
Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in.
Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an "explorable visual timeline" by capturing screenshots of what appears on users' screens every five seconds, which are subsequently analyzed and
07 June 2024
2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable.
But here's the shocking truth: many of these attacks could have been prevented with basic cyber hygiene.
Are you ready to transform your
07 June 2024
Cybersecurity researchers have disclosed that the LightSpy spyware allegedly targeting Apple iOS users is in fact a previously undocumented macOS variant of the implant.
The findings come from both Huntress Labs and ThreatFabric, which separately analyzed the artifacts associated with the cross-platform malware framework that likely possesses capabilities to infect Android, iOS, Windows, macOS,
07 June 2024
Although RansomHub is a relatively new Ransomware-as-a-Service (RaaS), it has quickly grown into one of the most prolific ransomware groups currently active.
07 June 2024
Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces?
Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark.
Software Composition Analysis (SCA) tools have become a basic instrument in the application security arsenal in the last 7 years. Although essential, many platforms
07 June 2024
Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner.
The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created through such tools.
To that end, apps that generate content using AI must ensure they don't create
07 June 2024
The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost.
"We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov," FBI Cyber Division
07 June 2024
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync.
The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020, which is also called Vermin and is assessed to be associated with security agencies of the Luhansk
07 June 2024
The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain.
"The attackers used the cmd.cat/chattr docker image container that retrieves the payload from their own command-and-control (C&C) infrastructure," Trend Micro researchers Sunil Bharti and Shubham
07 June 2024
A new report surveys financial service consumers with the purpose of understanding their priorities and concerns.
06 June 2024
A new report highlights trends in AI-powered attacks and cybersecurity strategies.
06 June 2024
The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale.
"Muhstik is a well-known threat targeting IoT devices and Linux-based servers, notorious for its ability to infect devices and utilize them for cryptocurrency mining and launching Distributed Denial
06 June 2024
The Seattle Public Library experienced a cyberattack that forced it to shut down its systems.
06 June 2024
Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.
In an increasingly interconnected world, supply chain attacks have emerged as a formidable threat, compromising
06 June 2024
Tom works for a reputable financial institution. He has a long, complex password that would be near-impossible to guess. He’s memorized it by heart, so he started using it for his social media accounts and on his personal devices too. Unbeknownst to Tom, one of these sites has had its password database compromised by hackers and put it up for sale on the dark web. Now threat actors are working
06 June 2024
Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers.
"The majority of the attributed malicious samples targeted financial institutions and government industries," Check Point security researcher Jiri Vinopal said in an analysis.
The volume of