Latest Cybersecurity News and Articles
15 April 2024
To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access. This approach to privileged identity management aims to mitigate the risks associated with prolonged high-level access by granting privileges temporarily and only when necessary, rather than providing users with
15 April 2024
This campaign’s strategic inclusion of a clipper module alongside FatalRAT hints at a targeted approach towards cryptocurrency users, amplifying data interception capabilities with the addition of a keylogger module.
15 April 2024
A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million.
15 April 2024
Cybersecurity researchers have discovered a "renewed" cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy.
"The latest iteration of LightSpy, dubbed 'F_Warehouse,' boasts a modular framework with extensive spying features," the BlackBerry Threat Research and Intelligence Team said in a report published last
15 April 2024
The campaign targets Web3 gamers, exploiting their potential lack of cyber hygiene in the pursuit of profits. It represents a significant cross-platform threat, utilizing a variety of malware to compromise users' systems.
15 April 2024
Financial services firms have been hit with $12bn in losses over the last two decades as a result of cyber attacks, according to a recently published report from the International Monetary Fund (IMF).
15 April 2024
Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild.
Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root
15 April 2024
The public draft – titled Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile, was published by NIST on April 3. The agency is seeking public comments on the draft through May 20.
15 April 2024
Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday.
15 April 2024
The first three months of 2024 saw 841 publicly reported “data compromises” – up 90% on the same period last year, according to the Identity Theft Resource Center (ITRC).
15 April 2024
liblzma-sys, which has been downloaded over 21,000 times, provides Rust developers with bindings to the liblzma implementation, an underlying library that is part of the XZ Utils data compression software. The impacted version in question is 0.3.2.
15 April 2024
Malware Next-Gen was originally designed to allow U.S. federal, state, local, tribal, and territorial government agencies to submit suspicious files and receive automated malware analysis through static and dynamic analysis tools.
15 April 2024
Russia is the most significant source of global cybercrime and serves as the top hub for digital threat actors worldwide, according to the newly released World Cybercrime Index.
15 April 2024
According to BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
15 April 2024
GSM Association’s Fraud and Security Group (FASG) has published the first version of a framework for describing, in a structured way, how adversaries attack and use mobile networks, based on the tactics, techniques, and procedures (TTPs) used.
15 April 2024
The COVID-19 Fraud Enforcement Task Force (CFETF) was set up in 2021 to tackle what is believed to be fraud on a vast scale, taking advantage of generous government loans and relief payments during the pandemic.
15 April 2024
The campaign is said to be highly targeted in nature, with the apps available on Google Play having a negligible number of installs ranging from zero to 45. The apps have since been taken down.
13 April 2024
A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million.
Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July.
"At the time of both attacks,
13 April 2024
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday announced sanctions against an official associated with Hamas for his involvement in cyber influence operations.
Hudhayfa Samir ‘Abdallah al-Kahlut, 39, also known as Abu Ubaida, has served as the public spokesperson of Izz al-Din al-Qassam Brigades, the military wing of Hamas, since at least 2007.
"He publicly
13 April 2024
CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group.