Latest Cybersecurity News and Articles
09 May 2024
Pktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET, while on other platforms, it employs generic PCAP live wire capture.
09 May 2024
Google recently released a series of security updates for Android to address 26 vulnerabilities, including a critical flaw in the System component (CVE-2024-23706) that could allow attackers to escalate privileges on vulnerable devices.
09 May 2024
A report by Mitek Systems reveals that banks are facing a significant challenge with fraud, including traditional issues like money laundering and account takeover, as well as newer threats such as AI-generated fraud and deepfakes.
09 May 2024
Ransomware infections have morphed into "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant.
09 May 2024
Despite the progress in improving cybersecurity posture, the United States still faces various threats, including ransomware attacks, cyberattacks on critical infrastructure, and the growing use of artificial intelligence in malicious activities.
09 May 2024
Only a third of organizations are adequately addressing security, privacy and ethical risks with AI, despite surging use of these technologies in the workplace, according to new ISACA research.
09 May 2024
The vulnerability exists due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server during communication between the management agent and its components.
09 May 2024
The two vulnerabilities, an SQL injection flaw (CVE-2024-26026) and an OData injection vulnerability (CVE-2024-21793), could allow attackers to gain admin control and create hidden rogue accounts on managed assets.
09 May 2024
Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence.
The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next
08 May 2024
The healthcare cybersecurity services company intends to use the funds to broaden its offerings, including capabilities such as healthcare threat intelligence and automated response.
08 May 2024
As reported by the BBC, Lloyds Bank estimates that fans have lost an estimated £1m ($1.25 m) in ticket scams ahead of the UK leg of Taylor Swift’s Eras tour. Roughly 90% of these scams were said to have started on Facebook.
08 May 2024
Noname, one of the top API security vendors in the market, will enhance Akamai’s existing API Security solution and accelerate its ability to meet growing customer demand and market requirements as the use of APIs continues to expand.
08 May 2024
Zeus Stealer is designed to steal sensitive information such as passwords and cryptocurrency wallets from infected systems. The attackers utilize the popularity of Minecraft to lure unsuspecting users into downloading and executing the payload.
08 May 2024
Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user’s base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of
08 May 2024
Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm.
The techniques have been collectively dubbed Pathfinder by a group of academics from the University of California San Diego, Purdue University, UNC Chapel
08 May 2024
There has been an increase in “selfie spoofing” scams, or scams in which a fraud actor takes a target’s selfie in order to authenticate a stolen identity and open fraudulent accounts.
08 May 2024
Following an investigation into BetterHelp's handling of customer data, the FTC revealed in March 2023 that the service collected data without consent from its app users or website visitors, even from people who had not signed up for counseling.
08 May 2024
A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar.
"These enhancements aim to increase the malware's stealthiness, thereby remaining undetected for longer periods of time," Zscaler ThreatLabz researcher Muhammed Irfan V A said in a technical report.
"Hijack
08 May 2024
״Defenders think in lists, attackers think in graphs,” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them.
The traditional approach for defenders is to list security gaps directly related to their assets in the network and eliminate as many as possible, starting with the most critical.
08 May 2024
In a new report, Cato observed that the Log4J exploit represented 30% of the outbound vulnerability exploitations and 18% of the inbound vulnerability exploitations detected in the first quarter of 2024.