Latest Cybersecurity News and Articles


D-Link Fixes Critical RCE, Hardcoded Credential Flaws in WiFi 6 Routers

17 September 2024
D-Link has addressed critical vulnerabilities in three popular WiFi 6 router models, fixing issues that could allow remote attackers to run arbitrary code or access devices with hardcoded credentials.

Record $65m Settlement for Hacked Patient Photos

17 September 2024
On September 11, 2024, Saltz Mongeluzzi Bendesky announced it had reached a settlement with LVHN, now owned by Jefferson Health, for a compensation fee of $65m – a record for a hacking-related court case.

Users of ‘throuples’ dating app Feeld may have had intimate photos accessed

17 September 2024
Users of ‘throuples’ dating app Feeld may have had intimate photos accessed Alternative relationships site says it has resolved concerns about data security that tech firm claims to have uncoveredBusiness live – latest updatesUsers of Feeld, a dating app aimed at alternative relationships, could have had sensitive data including messages, private photos and details of their sexuality accessed or even edited, it has emerged, after cybersecurity experts exposed a string of security “vulnerabilities”.Feeld, registered in the UK, reported soaring revenues and profits this month, thanks to millions of downloads from non-monogamous, queer and kinky users across the world. Continue reading...

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

17 September 2024
A 17-year-old male from Walsall was arrested in connection with a cyberattack on Transport for London (TfL) on September 1. The U.K. National Crime Agency (NCA) confirmed that the teenager was detained on suspicion of Computer Misuse Act offenses.

UK Labels Data Centers as Critical National Infrastructure

17 September 2024
The UK government has classified data centers as critical national infrastructure, recognizing their importance for society's functioning. The move aims to protect sensitive user data from cyberattacks.

Researchers Seize Part of Internet Infrastructure by Exploiting an Expired WHOIS Domain

17 September 2024
Researchers exploited an expired WHOIS domain, discovering that major organizations and Certificate Authorities unknowingly queried their WHOIS server, risking mis-issued TLS/SSL certificates and potential malicious exploitation.

Spring Framework Path Traversal Vulnerability Threatens Millions

17 September 2024
A critical security flaw, CVE-2024-38816, in the widely used Spring Framework poses a significant threat to millions of Java applications globally. This vulnerability allows hackers to access sensitive server files through path traversal.

Kransom Ransomware Disguised as a Game Through DLL Side-Loading

17 September 2024
The ransomware, disguised within the game, relies on a DLL file that contains the encrypted code for the attack. By using a trusted certificate, Kransom can bypass traditional security measures, posing a serious threat to users.

Malware Campaign Locks Browser in Kiosk Mode to Steal Google Credentials

17 September 2024
The campaign specifically targets Google's login page and prevents users from closing the window or using certain keyboard keys to escape. Once users enter and save their credentials to unlock the computer, the StealC malware steals the credentials.

Stealthy Fileless Attack Targets Attendees Of Upcoming US-Taiwan Defense Industry Event

17 September 2024
The attack involves a malicious ZIP archive pretending to be a PDF registration form, dropping an executable into the startup folder to establish persistence on the system.

Scattered Spider Ensnares Cloud Admins Using Social Engineering Techniques

17 September 2024
Scattered Spider uses social engineering techniques to target high-privileged accounts like IT service desk administrators, compromising cloud services and launching ransomware attacks.

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

17 September 2024
Apple Vision Pro suffered from a vulnerability known as GAZEploit that could allow attackers to infer data entered on the device's virtual keyboard by analyzing the eye movements of the virtual avatar.

How to Investigate ChatGPT activity in Google Workspace

17 September 2024
Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled “Improvements to data analysis in ChatGPT,” the post outlines how users can add files directly from Google Drive and Microsoft OneDrive. It’s worth mentioning

Woo Skimmer Uses Style Tags and Image Extension to Steal Card Details

17 September 2024
A recent WooCommerce skimming attack used a creative method to steal credit card details by hiding malicious code within style tags and embedding a fake payment overlay in an image file disguised as a favicon.

Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

17 September 2024
Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud. Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim's clipboard activity and steal sensitive data a user copies, including

CYBERUK programme unveiled one month ahead of flagship conference

17 September 2024
This year's event will bring together the UK’s cyber security community to examine and advance what it means to take a whole of society approach to cyber security.

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

17 September 2024
SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data. "SolarWinds Access Rights

Cyberattacks against manufacturing sector increased 105% in H1 of 2024

16 September 2024
New research shows how the cyber threat landscape is evolving, requiring greater proactive security strategies from organizations.

86% of organizations allow data compliance exemptions in non-production

16 September 2024
A recent report also reveals that the challenge of protecting sensitive data will only get more complex with the rise of artificial intelligence (AI).

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

16 September 2024
A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable Research. "The vulnerability could have allowed an attacker to hijack an internal software dependency