Latest Cybersecurity News and Articles
11 September 2024
A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation.
The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China.
"
11 September 2024
DDoS attacks have doubled, with governments being the most targeted sector, according to StormWall's report. The number of DDoS incidents globally increased by 102% in the first half of 2024 compared to the same period in 2023.
11 September 2024
Quad7 botnet is expanding its reach by targeting additional SOHO devices with custom malware for Zyxel VPN appliances, Ruckus wireless routers, and Axentra media servers, in addition to previously reported TP-Link and ASUS routers.
11 September 2024
LLMs can be manipulated to generate harmful outputs through malicious prompts, posing risks to enterprises. To counter these attacks, companies must focus on the design, development, deployment, and operation of their AI systems.
11 September 2024
A report found that fraudsters are calling potential victims directly and luring them with messages containing a phone number for the target to call.
11 September 2024
A sophisticated trio of Chinese cyberespionage groups known as Cluster Alpha, Cluster Bravo, and Cluster Charlie are behind the Crimson Palace espionage campaign targeting government organizations in Southeast Asia.
11 September 2024
The DHS Cyber Safety Review Board, led by Homeland Security officials, is preparing to announce its next investigation soon, as hinted by DHS undersecretary Rob Silvers. Silvers mentioned criteria for incident review but did not reveal details.
11 September 2024
. The ImageMagick vulnerability (CVE-2016-3714) could allow remote code execution through crafted images. Linux Kernel flaw (CVE-2017-1000253) enables privilege escalation for unpatched systems.
11 September 2024
The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country.
The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations.
The six men, aged between 32 and 42, are suspected of
11 September 2024
CosmicBeetle has unleashed a new ransomware called ScRansom, targeting SMBs in Europe, Asia, Africa, and South America, possibly working with RansomHub. The threat actor swapped its Scarab ransomware for ScRansom, showing ongoing enhancements.
11 September 2024
A new survey highlights the relationship between connectivity and cybersecurity.
11 September 2024
OpenZiti is an open-source networking project that embeds zero-trust principles directly into applications, offering features like strong identity, mTLS, E2EE, private DNS, and smart routing.
11 September 2024
Siemens has issued a critical security advisory for its User Management Component (UMC), revealing a heap-based buffer overflow vulnerability (CVE-2024-33698) with a 9. 3 CVSS score.
11 September 2024
The HIUPAN worm allows Earth Preta to propagate malware into networks via removable drives, maintaining persistence by modifying registry values and creating autorun entries.
11 September 2024
According to an FBI report, cryptocurrency scams surged in 2023, leading to victims reporting $5. 6 billion in financial losses associated with crypto schemes, a 45% increase from the previous year.
11 September 2024
Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is."
If your organization is like many, you may be contemplating a move to passwordless authentication. But the reality is that a passwordless security approach comes with its own
11 September 2024
The flaw, rated 7. 8 on the CVSS scale, involves a heap-based buffer overflow in the Desktop Window Manager core library, allowing attackers to execute arbitrary code with SYSTEM privileges.
11 September 2024
The initial infection involves downloading a malicious package containing a legit CapCut app, JamPlus utility, and a malicious script. The script triggers the download and execution of the final payload from a remote server.
11 September 2024
Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments.
"The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews," ReversingLabs researcher Karlo Zanki said.
The activity has been assessed to be part of
11 September 2024
The agency is losing nearly a fifth of its cyber capacity annually due to a broken pay system, leading to increased costs with temporary labor and consultants making up over 10% of its budget.