Latest Cybersecurity News and Articles
03 May 2024
The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties.
The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State.
"The
03 May 2024
Hackers are using custom QR code templates that are personalized for each target organization, making the attacks appear more legitimate and increasing their chances of success.
03 May 2024
A new report from Netwrix has laid bare the significant financial and reputational costs stemming from serious cyber-attacks, including what are often unplanned expenses.
03 May 2024
Scammers often impersonate reputable companies like CNN and Amazon, leading users to malicious sites. Victims are urged to call fake tech support numbers, leading to costly scams.
03 May 2024
NASA has been cautioned by the Government Accountability Office (GAO) for not having mandatory security guidance in place for its spacecraft acquisition policies and standards.
03 May 2024
Mal.Metrica is a significant malware campaign targeting vulnerabilities in popular WordPress plugins. It injects external scripts using domain names resembling legitimate services to redirect users to malicious sites.
03 May 2024
Cloud services have introduced new challenges for vulnerability management, as organizations no longer control the underlying infrastructure and must focus on configuration management rather than just patching.
03 May 2024
In its latest ransomware report, Ransomware Groups Don’t Die, They Multiply, published on April 30, the cyber insurance firm Corvus found that ransomware activity increased by 21% in the first quarter of 2024 compared to the same period in 2023.
03 May 2024
Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times over the past two years.
"Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords," Heather Adkins, vice president of security engineering at Google, said.
03 May 2024
HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems.
Of the 10 security defects, four are rated critical in severity -
CVE-2024-26304 (CVSS score: 9.8) - Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Service Accessed via
02 May 2024
Sweden has faced a wave of distributed denial of service (DDoS) attacks since it started the process of joining NATO, according to network performance management provider Netscout.
02 May 2024
The district court of Länsi-Uusimaa, Finland, sentenced Aleksanteri Kivimäki, 26, on Tuesday for crimes against the Vastaamo center and those in its care, which included more than 20,000 extortion attempts.
02 May 2024
Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory.
"The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s
02 May 2024
This botnet exploits the CVE-2015-2051 flaw to download a dropper script, and then deploys the Goldoon malware for DDoS attacks. The botnet uses various autorun methods for persistence and connects to a C2 server for instructions.
02 May 2024
This flaw allows for an account takeover via Password Reset, enabling attackers to hijack accounts without any interaction. The affected versions range from 16.1 to 16.7, with GitLab releasing patches for versions 16.1.6 to 16.7.2.
02 May 2024
The initiative is designed to mitigate the threat of consumer-grade devices being targeted by commercial spyware, potentially enabling sophisticated threat actors to use these as a stepping stone into back-end corporate systems and data.
02 May 2024
A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims.
Yaroslav Vasinskyi (aka Rabotnik), 24, along with his co-conspirators part of the REvil ransomware group orchestrated more than 2,500 ransomware attacks and demanded ransom payments in
02 May 2024
HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.
02 May 2024
A new report shows that within the last 12 months, a majority of organizations reworked cybersecurity strategies.
02 May 2024
LockBit, Black Basta, and Play have been observed to be the most active ransomware groups in Q1 2024, with Black Basta experiencing a notable 41% increase in activity, according to a report by ReliaQuest.