Latest Cybersecurity News and Articles
The run-up to my prostate examination | Brief letters
11 October 2024
At the doctor’s | Phone safety | Passwords | Heinz advertLucy Mangan, writing about her doctor joking about her kidneys (Digested week, 4 October), reminded me of having an examination for an enlarged prostate. As I lay on the couch waiting for the procedure, my doctor said: “In accordance with current NHS guidelines, I have to take a run-up.” It made me feel less discomfited.David NoonanEarley, Berkshire• En route for Colombia in 2018, I threaded a chain through the case of my new iPhone. I kept the chain looped round my wrist to reduce the chance of it being snatched when I was out in the streets or dropped when I was leaning over a precipice. And it made it easier to find the phone in the dark of a hostel room or in the gloom of the Salt Cathedral. I’ve never taken the chain off. The advantages are as pertinent to London as they are to Bogotá (‘They rob you visibly, with no repercussions’ – the unstoppable rise of phone theft, 9 October).Judith HarveyOxford Continue reading...
60% of organizations manually gather employee data
11 October 2024
According to a recent Envoy report, shifting workplace dynamics such as hybrid work policies have led to outdated data management processes.
More than one-third of tech professionals report AI skills shortage
11 October 2024
New research has found a skills gap in AI security skills.
How Hybrid Password Attacks Work and How to Defend Against Them
11 October 2024
Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process.
In this post, we’ll explore hybrid attacks — what they are
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance
11 October 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks.
It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
11 October 2024
GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches.
Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10.
"An issue was discovered in GitLab EE
Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation
11 October 2024
The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services.
The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said.
The marketplace
Russian foreign intelligence poses global threat with cyber campaign exploiting established vulnerabilities
10 October 2024
Organisations are encouraged to bolster their cyber defences and follow advice set out within advisory.
OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation
10 October 2024
OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year.
This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts on X.
"Threat
Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems
10 October 2024
Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands.
The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck.
"A vulnerability in the Nortek Linear eMerge E3 allows
Researchers discover 14 new DrayTek vulnerabilities
10 October 2024
14 additional network vulnerabilities in DrayTek routers were discovered in a recent Forescout Technologies report, putting user data at risk.
62% of observed finance domains involved in phishing attacks
10 October 2024
Among observed financial domains, 62% were determined to be connected to phishing attacks that target legitimate institutions through spoofing websites.
6 Simple Steps to Eliminate SOC Analyst Burnout
10 October 2024
The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents. As a result, SOC analysts often leave in search of better pay, the opportunity to move beyond
Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms
10 October 2024
Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer.
"At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented characters," Jscrambler researchers said in an analysis. "The heavy use of Unicode characters, many
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches
10 October 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb.
"A
Firefox Zero-Day Under Attack: Update Your Browser Immediately
10 October 2024
Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component.
"An attacker was able to achieve code execution in the content process by exploiting a use-after-free in
Lamborghini Carjackers Lured by $243M Cyberheist
09 October 2024
The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later, while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom.
Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale
09 October 2024
Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams.
The initiative, which has been codenamed the Global Signal Exchange (GSE), is designed to create real-time insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to create
Security experts discuss the American Water cyberattack
09 October 2024
On Thursday, October 3, 2024, American Water discovered unauthorized activity in its systems.