Latest Cybersecurity News and Articles


U.S. Proposes Ban on Connected Vehicles Using Chinese and Russian Tech

24 September 2024
The U.S. Department of Commerce (DoC) said it's proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People's Republic of China (PRC) and Russia. "The proposed rule focuses on hardware and software integrated into the Vehicle Connectivity System (VCS) and software integrated into the Automated

Discover Latest Ransomware Tactics and Zero Trust Strategies in This Expert Webinar

24 September 2024
Ransomware is no longer just a threat; it's an entire industry. Cybercriminals are growing more sophisticated, and their tactics are evolving rapidly. This persistent danger is a major concern for business leaders. But there's good news: you don't have to be defenseless. What if you could gain a strategic edge? Join our exclusive webinar, "Unpacking the 2024 Ransomware Landscape: Insights and

Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns

24 September 2024
Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective September 19, 2024, ahead of its formal exit at the end of the month. "Kaspersky antivirus customers received a software update facilitating the transition to UltraAV," the company said in a post announcing the move on September 21. "This update ensured that users

The SSPM Justification Kit

24 September 2024
SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations rely on half measures and hope their SaaS stack will remain secure. Unfortunately, this approach is lacking and will leave security teams blind to threat prevention and detection, as well as open to regulatory violations, data leaks, and significant breaches. If

New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities

24 September 2024
Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved capabilities to conduct device takeover (DTO) and perform fraudulent transactions. The new version has been codenamed Octo2 by the malware author, Dutch security firm ThreatFabric said in a report shared with The Hacker News, adding campaigns distributing the malware have

Telegram Agrees to Share User Data With Authorities for Criminal Investigations

24 September 2024
In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform. "We've made it clear that the IP addresses and phone numbers of those who violate our rules can be disclosed to relevant authorities in response to valid legal

FreeBSD Issues Critical Security Advisory for CVE-2024-41721 (CVSS 9.8)

23 September 2024
The flaw, CVE-2024-41721, in bhyve's USB emulation functionality could lead to malicious code execution, posing a serious threat to systems running vulnerable versions of FreeBSD.

Ransomware affected 44% of U.S. companies

23 September 2024
In 2024, ransomware attacks affected 44% of U.S. companies, with 43% of those paying a ransom according to a recent threat report.

Critical Dragonfly2 Flaw Due to Hardcoded Key Threatens Admin Access

23 September 2024
The flaw, tracked as CVE-2023-27584, stems from a hard-coded cryptographic key used in the authentication process, posing a serious risk of unauthorized access, including admin-level privileges.

Critical Grafana Plugin SDK Flaw Exposes Sensitive Information

23 September 2024
This flaw, tracked as CVE-2024-8986 with a CVSS score of 9.1, could lead to the unintentional exposure of sensitive information, such as repository credentials, due to the build metadata being included in compiled binaries.

Keycloak Vulnerability Puts SAML Authentication at Risk

23 September 2024
The vulnerability lies in Keycloak's XMLSignatureUtil class, which incorrectly verifies SAML signatures, disregarding the vital "Reference" element that specifies the signed portion of the document.

DOJ, FBI Need Better Metrics for Tracking Ransomware Disruption Efforts, Audit Finds

23 September 2024
An audit found that both the DOJ and FBI need to improve in three key areas to enhance their fight against ransomware. While the FBI reported an improvement in taking action within 72 hours in 47% of incidents, there is still room for progress.

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 16-22)

23 September 2024
Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let's dive into the details and see what lessons we can glean

More Than $44 Million in Cryptocurrency Stolen From Singaporean Platform Bingx

23 September 2024
Singaporean cryptocurrency platform BingX was hit by a cyberattack resulting in the theft of over $44 million. The attack was detected by two blockchain security firms, leading to a temporary suspension of withdrawals and emergency asset transfers.

Why 'Never Expire' Passwords Can Be a Risky Decision

23 September 2024
Password resets can be frustrating for end users. Nobody likes being interrupted by the ‘time to change your password’ notification – and they like it even less when the new passwords they create are rejected by their organization’s password policy. IT teams share the pain, with resetting passwords via service desk tickets and support calls being an everyday burden. Despite this, it’s commonly

US DoJ Charged Two Men With Stealing and Laundering $230 Million Worth of Cryptocurrency

23 September 2024
Two suspects, Malone Lam and Jeandiel Serrano, were arrested by the US Department of Justice for stealing and laundering over $230 million worth of cryptocurrency in Miami.

Picus Security Raises $45M in Funding

23 September 2024
Picus Security, a San Francisco, CA-based security validation company, raised $45M in funding. The round, which brought total funds raised to $80M, was led by Riverwood Capital, with participation from existing investor Earlybird Digital East Fund.

GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging

23 September 2024
The GSM Association is working on implementing end-to-end encryption for Rich Communications Services (RCS) messaging between Android and iOS. This important step aims to enhance user protection and secure messages across platforms.

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

23 September 2024
A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF's implementation of the tinydhcp server stemming from a lack of

AT&T Pays $13 Million FCC Settlement Over 2023 Data Breach

23 September 2024
The breach occurred when threat actors gained access to customer data of about 9 million AT&T wireless accounts stored by a vendor. This exposed sensitive customer information like account numbers, phone numbers, and email addresses.