Latest Cybersecurity News and Articles
17 September 2024
D-Link has addressed critical vulnerabilities in three popular WiFi 6 router models, fixing issues that could allow remote attackers to run arbitrary code or access devices with hardcoded credentials.
17 September 2024
On September 11, 2024, Saltz Mongeluzzi Bendesky announced it had reached a settlement with LVHN, now owned by Jefferson Health, for a compensation fee of $65m – a record for a hacking-related court case.
17 September 2024
Alternative relationships site says it has resolved concerns about data security that tech firm claims to have uncoveredBusiness live – latest updatesUsers of Feeld, a dating app aimed at alternative relationships, could have had sensitive data including messages, private photos and details of their sexuality accessed or even edited, it has emerged, after cybersecurity experts exposed a string of security “vulnerabilities”.Feeld, registered in the UK, reported soaring revenues and profits this month, thanks to millions of downloads from non-monogamous, queer and kinky users across the world. Continue reading...
17 September 2024
A 17-year-old male from Walsall was arrested in connection with a cyberattack on Transport for London (TfL) on September 1. The U.K. National Crime Agency (NCA) confirmed that the teenager was detained on suspicion of Computer Misuse Act offenses.
17 September 2024
The UK government has classified data centers as critical national infrastructure, recognizing their importance for society's functioning. The move aims to protect sensitive user data from cyberattacks.
17 September 2024
Researchers exploited an expired WHOIS domain, discovering that major organizations and Certificate Authorities unknowingly queried their WHOIS server, risking mis-issued TLS/SSL certificates and potential malicious exploitation.
17 September 2024
A critical security flaw, CVE-2024-38816, in the widely used Spring Framework poses a significant threat to millions of Java applications globally. This vulnerability allows hackers to access sensitive server files through path traversal.
17 September 2024
The ransomware, disguised within the game, relies on a DLL file that contains the encrypted code for the attack. By using a trusted certificate, Kransom can bypass traditional security measures, posing a serious threat to users.
17 September 2024
The campaign specifically targets Google's login page and prevents users from closing the window or using certain keyboard keys to escape. Once users enter and save their credentials to unlock the computer, the StealC malware steals the credentials.
17 September 2024
The attack involves a malicious ZIP archive pretending to be a PDF registration form, dropping an executable into the startup folder to establish persistence on the system.
17 September 2024
Scattered Spider uses social engineering techniques to target high-privileged accounts like IT service desk administrators, compromising cloud services and launching ransomware attacks.
17 September 2024
Apple Vision Pro suffered from a vulnerability known as GAZEploit that could allow attackers to infer data entered on the device's virtual keyboard by analyzing the eye movements of the virtual avatar.
17 September 2024
Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled “Improvements to data analysis in ChatGPT,” the post outlines how users can add files directly from Google Drive and Microsoft OneDrive. It’s worth mentioning
17 September 2024
A recent WooCommerce skimming attack used a creative method to steal credit card details by hiding malicious code within style tags and embedding a fake payment overlay in an image file disguised as a favicon.
17 September 2024
Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.
Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim's clipboard activity and steal sensitive data a user copies, including
17 September 2024
This year's event will bring together the UK’s cyber security community to examine and advance what it means to take a whole of society approach to cyber security.
17 September 2024
SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution.
The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data.
"SolarWinds Access Rights
16 September 2024
New research shows how the cyber threat landscape is evolving, requiring greater proactive security strategies from organizations.
16 September 2024
A recent report also reveals that the challenge of protecting sensitive data will only get more complex with the rise of artificial intelligence (AI).
16 September 2024
A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion.
The vulnerability has been codenamed CloudImposer by Tenable Research.
"The vulnerability could have allowed an attacker to hijack an internal software dependency