Latest Cybersecurity News and Articles

---

Cybercriminals Steal One-Time Passcodes for SIM Swap Attacks and Raiding Bank Accounts

Cybercriminals are using an automated service called "Estate" to steal one-time passcodes and hijack user accounts, including bank accounts, crypto wallets, and other sensitive services, by tricking them into revealing the codes over the phone.

---

Researchers Identify New Campaigns from Scattered Spider

The Scattered Spider, a group of hackers, has been actively attacking the finance and insurance industries worldwide, using tactics like domain impersonation, SIM swapping, and partnering with the BlackCat ransomware group to breach high-value firms.

---

AI’s Rapid Growth Puts Pressure on CISOs to Adapt to New Security Risks

The increased use of AI further complicates CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity, according to a report by Trellix.

---

AFL players call for data protection overhaul as concerns include drug test results

AFLPA want to protect medical records and performance dataPort Adelaide players’ personal information was leaked last yearA fear of illicit drug test results and psychologist session notes being leaked onto the dark web is helping drive a call from AFL players to improve data collection and storage in the sport.The leaking of Port Adelaide players’ personal information following a data breach late last year has awoken the industry to the risk of hackers, and the AFL Players Association (AFLPA) issued an urgent plea on Tuesday for an improvement in collection and storage practices. Continue reading...

---

Red Teaming: The Key Ingredient for Responsible AI

Red teaming involves employing ethical hackers to rigorously test AI systems for security and safety issues. It is crucial for developing responsible AI that balances innovation and compliance with ethical standards and regulatory requirements.

---

Cyber insurance industry unites to bear down on ransom payments

Joint guidance from the NCSC with the Association of British Insurers (ABI), British Insurance Brokers’ Association (BIBA) and International Underwriting Association (IUA) aims to help organisations faced with ransomware demands minimise disruption and the cost of an incident.

---

In The Shadow Of Venus: Trinity Ransomware's Covert Ties

Researchers at Cyble discovered a new ransomware variant called Trinity that employs a double extortion technique and shares similarities with the Venus ransomware, suggesting a potential link or common actor behind these two variants.

---

Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices

Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used to stealthily keep tabs on them without their knowledge or consent. "This will help mitigate the misuse of devices designed to help keep track of belongings," the companies said in a joint statement, adding it aims to address "

---

US and China to Hold Discussions on AI Risks and Security

Biden administration officials lowered expectations about the discussions during a call with reporters, saying the talks were "not focused on promoting any technical cooperation" between the two world superpowers on AI or emerging technologies.

---

Cyberthreat Landscape Permanently Altered by Chinese Operations, US Officials Say

US officials say that a notorious Chinese hacking operation named Volt Typhoon has permanently altered the cyberthreat landscape by moving beyond traditional nation-state espionage goals and instead aiming to cause disruption and sow societal panic.

---

MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices

The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments. "The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to mitigate them," the non-profit said

---

‘Russian’ Hackers Deface Potentially Hundreds of Local British News Sites

The group published a breaking news story titled “PERVOKLASSNIY RUSSIAN HACKERS ATTACK” on the sites of titles owned by Newsquest Media Group. There is no evidence the story was reproduced in print.

---

How Secure is the “Password Protection” on Your Files and Drives?

Password protection alone is not enough to securely protect files and drives, as it can be easily circumvented, and hardware-based encryption is recommended for robust data security.

---

Black Basta Ransomware Group's Worldwide Victim Count Tops 500

The Black Basta ransomware group and its affiliates compromised hundreds of organizations worldwide between April 2022 and May 2024, according to a new report from several US government agencies.

---

Russian Hackers Hijack Ukrainian TV to Broadcast Victory Day Parade

Russia-aligned hackers hijacked several Ukrainian television channels on Thursday to broadcast a Victory Day parade in Moscow, commemorating the defeat of Nazi Germany in World War II.

---

UK's AI Safety Institute Unveils Platform to Accelerate Safe AI Develo

The platform, called Inspect, is set to pave the way for the safe innovation of AI models, according to the AI Safety Institute and Department for Science, Innovation and Technology (DIST).

---

GoTo Meeting Software Abused to Deploy Remcos RAT via Rust Shellcode Loader

A recent malware campaign was found exploiting the GoTo Meeting software to deploy the Remcos RAT by using DLL sideloading to execute a malicious DLL file named g2m.dll through a Rust-based shellcode loader.

---

Nmap 7.95 Released With New OS and Service Detection Signatures

Nmap 7.95 introduces a substantial update with 336 new signatures, expanding the total to 6,036. Notable additions include support for the latest iOS versions 15 & 16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2.

---

The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield

With the browser becoming the most prevalent workspace in the enterprise, it is also turning into a popular attack vector for cyber attackers. From account takeovers to malicious extensions to phishing attacks, the browser is a means for stealing sensitive data and accessing organizational systems. Security leaders who are planning their security architecture

---

Researchers Use MITM Attack to Bypass FIDO2 Phishing-Resistant Protection

The passwordless authentication standard FIDO2 has a critical flaw that allows attackers to launch Man-in-the-Middle (MitM) attacks and bypass authentication, gaining access to users' private areas and potentially removing their registered devices.