Latest Cybersecurity News and Articles
15 May 2024
An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail.
ESET, which identified the activity, attributed it with medium confidence to the Russia-aligned cyberespionage group Turla (aka Iron Hunter, Pensive Ursa, Secret Blizzard, Snake, Uroburos, and Venomous
15 May 2024
Hackbat is built around a custom PCB and a Raspberry Pi Pico W microcontroller, providing features like Wi-Fi, NFC, RF, microSD storage, USB for keystroke injection, and a display with buttons.
15 May 2024
According to a cybersecurity and threat intelligence report, the U.S. was the 4th most targeted country in the world regarding phishing attacks.
15 May 2024
The malware modules spread via Ebury are used for various nefarious activities, such as proxying traffic, redirecting HTTP traffic, exfiltrating sensitive information, and intercepting HTTP requests.
15 May 2024
Here’s How to Enhance Your Cyber Resilience with CVSS
In late 2023, the Common Vulnerability Scoring System (CVSS) v4.0 was unveiled, succeeding the eight-year-old CVSS v3.0, with the aim to enhance vulnerability assessment for both industry and the public. This latest version introduces additional metrics like safety and automation to address criticism of lacking granularity
15 May 2024
Chris DeRusha is leaving his position as the federal CISO, a role he has held since January 2021.
He is also departing from his role as the deputy national cyber director at the Office of the National Cyber Director (ONCD).
15 May 2024
VMware addressed four vulnerabilities, including three zero-day flaws demonstrated at the Pwn2Own Vancouver 2024 hacking contest, in its Workstation and Fusion desktop hypervisors.
15 May 2024
The Singapore government has updated its Cybersecurity Act to give its primary cybersecurity agency more power to regulate critical infrastructure and third-party providers, and to require the reporting of cyber incidents.
15 May 2024
A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023.
The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware campaigns for financial gain.
"Ebury actors have been pursuing monetization activities [...],
15 May 2024
While cloud adoption has been top of mind for many IT professionals for nearly a decade, it’s only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure
15 May 2024
Microsoft has released a Patch Tuesday update that addresses three zero-day flaws, two of which are actively being exploited in the wild, including an elevation of privilege flaw that could provide system-level access and compromise systems.
15 May 2024
BLint is a Binary Linter designed to evaluate the security properties and capabilities of executable files. It utilizes LIEF (Library for Executable and Instrumentation Format) for its operations.
15 May 2024
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
15 May 2024
The threat actors then call the impacted users, posing as members of the organization's IT team, and attempt to socially engineer the users into providing remote access to their computers through the use of legitimate RMM solutions.
15 May 2024
Authorities have identified Dmitry Yuryevich Khoroshev, a Russian man, as the alleged leader of the infamous LockBit ransomware group, which has extorted over $500 million from hundreds of victim organizations over the past four years.
15 May 2024
New Personal Internet Protection service provides an extra layer of security on personal devices for high-risk individuals.
15 May 2024
NIST has only analyzed 2 of the nearly 2,000 new vulnerabilities received in May. The backlog is attributed to an increase in software and vulnerabilities, as well as a change in interagency support, according to NIST.
15 May 2024
A Dutch court on Tuesday sentenced one of the co-founders of the now-sanctioned Tornado Cash cryptocurrency mixer service to 5 years and 4 months in prison.
While the name of the defendant was redacted in the verdict, it's known that Alexey Pertsev, a 31-year-old Russian national, has been awaiting trial in the Netherlands on money laundering charges.
15 May 2024
The EMB3D model provides a common understanding of cyber threats to embedded devices and the security mechanisms needed to mitigate them. It is based on observations of threat actor activities, security research, and device vulnerability reports.
15 May 2024
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild.
Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity. This is in addition to 30 vulnerabilities&