Latest Cybersecurity News and Articles
16 September 2024
Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor.
The latest advisory comes from Jamf Threat Labs, which said it spotted an attack attempt in which a user was contacted on the professional social network by claiming to be a recruiter for a legitimate decentralized
16 September 2024
Research has identified malicious software packages associated with the North Korean hacking group, Lazarus Group.
16 September 2024
Imagine this... You arrive at work to a chaotic scene. Systems are down, panic is in the air. The culprit? Not a rogue virus, but a compromised identity. The attacker is inside your walls, masquerading as a trusted user. This isn't a horror movie, it's the new reality of cybercrime. The question is, are you prepared?
Traditional incident response plans are like old maps in a new world. They
16 September 2024
Although Indodax did not confirm the exact amount stolen, reports suggest $22 million. The company warned users about potential scammers taking advantage of the situation.
16 September 2024
The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection mechanism. With the deadline fast approaching
16 September 2024
Threat actors are infecting publicly exposed Selenium Grid servers to utilize victims' internet bandwidth for cryptomining, proxyjacking, and potentially more harmful activities.
16 September 2024
A recently patched Windows vulnerability, identified as CVE-2024-43461, was exploited by the Void Banshee APT hacking group in zero-day attacks to install information-stealing malware.
16 September 2024
Cybersecurity researchers have identified ongoing phishing campaigns that exploit refresh entries in HTTP headers to distribute fake email login pages to steal user credentials.
16 September 2024
Mandiant's report highlights the escalating cyber threats facing Mexico, with a rise in global espionage and local cybercrime targeting individuals and businesses. Since 2020, cyber espionage groups from over 10 countries have targeted Mexican firms.
16 September 2024
Teams are encouraged to sign up for the CyberFirst Girls Competition 2024/ 25.
16 September 2024
The FCC is seeking volunteers to serve as administrators for a new cybersecurity labeling program, allowing consumers to identify products less vulnerable to cyberattacks.
16 September 2024
Nonhuman identity and access management company Aembit Inc. has secured $25 million in funding to enhance its solutions. The Series A funding round was led by Acrew Capital.
16 September 2024
Ireland's data protection authorities are investigating Google's AI model to ensure compliance with GDPR. The Irish Data Protection Commission (DPC) is leading the inquiry into Google Ireland under Section 110 of the Data Protection Act 2018.
16 September 2024
A recent report by Xavier Mertens, a Senior ISC Handler and cybersecurity consultant, highlights a concerning trend where cybercriminals are increasingly using legitimate Python libraries for malicious activities.
16 September 2024
WordPress will require two-factor authentication for plugin developers starting October 1, 2024. This mandate will also apply to theme authors. The organization aims to enhance security by preventing hijacked accounts from spreading malicious code.
16 September 2024
In an effort to bolster the insights and intelligence used to secure today’s digital economy, Mastercard has agreed to acquire global threat intelligence company Recorded Future from Insight Partners for $2.65bn.
16 September 2024
ColorTokens has acquired identity security provider PureID to enhance its microsegmentation platform, Xshield. The acquisition will integrate identity-based segmentation for various environments, including cloud and IoT/OT.
16 September 2024
Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information.
The development was first reported by The Washington Post on Friday.
The iPhone maker said its efforts, coupled with those of others in the industry and national governments to tackle
16 September 2024
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials.
"Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content," Palo Alto
14 September 2024
GitLab released updates covering versions 17.1.7, 17.2.5, and 17.3.2 for GitLab Community Edition (CE) and Enterprise Edition (EE), addressing a total of 18 security issues.