Latest Cybersecurity News and Articles
25 April 2024
The FTC is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections.
25 April 2024
The research identified deficiencies in various PMP components that could be exploited to gain access to plaintext content keys guarded by PlayReady DRM in Windows 10/11 environments.
25 April 2024
The hackers, identified as UAT4356 by Cisco Talos and STORM-1849 by Microsoft, began infiltrating vulnerable edge devices in early November 2023 in a cyber-espionage campaign tracked as ArcaneDoor.
25 April 2024
Most businesses are concerned about AI-enabled cyber-threats, with 93% of security leaders expecting to face daily AI-driven attacks by the end of 2024, according to a new report by Netacea.
25 April 2024
The two founders of a cryptocurrency mixing service that allegedly obfuscated the origins of at least $100 million in criminal proceeds have been arrested, the Department of Justice announced Wednesday.
25 April 2024
Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative.
The tech giant said it's working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year.
As part of the
25 April 2024
Flowon developer Progress Software first alerted about the flaw on April 4, warning that it impacts versions of the product v12.x and v11.x. The company urged system admins to upgrade to the latest releases, v12.3.4 and 11.1.14.
25 April 2024
On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco product vulnerabilities — CVE-2024-20353 and CVE-2024-20359 — as well as one vulnerability affecting popular file transfer tool CrushFTP.
25 April 2024
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments.
Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft).
"
25 April 2024
Google announced it is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls.
25 April 2024
Chinese and Russian hackers have turned their focus to edge devices — like VPN appliances, firewalls, routers and Internet of Things (IoT) tools — amid a startling increase in espionage attacks, according to Google security firm Mandiant.
24 April 2024
A security researcher discovered vulnerabilities in the popular phone-tracking app iSharing, which has over 35 million users. The bugs allowed a user to access others' precise coordinates, even if the user wasn't actively sharing their location data.
24 April 2024
Many small and medium-sized enterprises lack the resources and abilities to properly handle the large volume security alerts received.
24 April 2024
Researchers observed a malicious ad campaign targeting Facebook users via Google search. The ad, which appears at the top of Google search results for the keyword "Facebook," redirects users to a scam page.
24 April 2024
The NCSC advises organisations to take immediate action to mitigate vulnerabilities affecting Cisco devices running Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software (CVE-2024-20353, CVE-2024-20358, CVE-2024-20359) and follow the latest vendor advice.
24 April 2024
"SSLoad is designed to stealthily infiltrate systems, gather sensitive information and transmit its findings back to its operators," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News.
24 April 2024
An Iranian state-sponsored hacking group successfully infiltrated hundreds of thousands of employee accounts at US companies and government agencies, including the US Treasury and State Department, as part of a five-year cyber espionage campaign.
24 April 2024
Joint advisory and malware analysis reports published to help mitigate malicious activity targeting certain Cisco devices.
24 April 2024
The vulnerabilities could be exploited to "completely reveal the contents of users' keystrokes in transit," researchers Jeffrey Knockel, Mona Wang, and Zoë Reichert said.
24 April 2024
According to a new report by Mandiant, which is based on Mandiant Consulting investigations during 2023, the global median dwell time for attackers fell to its lowest point since the company began tracking the metric in 2011.