Latest Cybersecurity News and Articles


DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

11 September 2024
A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China. "

DDoS Attacks Double With Governments Most Targeted

11 September 2024
DDoS attacks have doubled, with governments being the most targeted sector, according to StormWall's report. The number of DDoS incidents globally increased by 102% in the first half of 2024 compared to the same period in 2023.

Quad7 Botnet Targets More SOHO and VPN Routers, Media Servers

11 September 2024
Quad7 botnet is expanding its reach by targeting additional SOHO devices with custom malware for Zyxel VPN appliances, Ruckus wireless routers, and Axentra media servers, in addition to previously reported TP-Link and ASUS routers.

AI Cybersecurity Needs to be as Multi-Layered as the System it’s Protecting

11 September 2024
LLMs can be manipulated to generate harmful outputs through malicious prompts, posing risks to enterprises. To counter these attacks, companies must focus on the design, development, deployment, and operation of their AI systems.

72% of BEC attacks were from free webmail domains

11 September 2024
A report found that fraudsters are calling potential victims directly and luring them with messages containing a phone number for the target to call.

Chinese ‘Crimson Palace’ Espionage Campaign Keeps Hacking Southeast Asian Governments

11 September 2024
A sophisticated trio of Chinese cyberespionage groups known as Cluster Alpha, Cluster Bravo, and Cluster Charlie are behind the Crimson Palace espionage campaign targeting government organizations in Southeast Asia.

DHS Cyber Review Board Will Announce Next Investigation ‘Soon’

11 September 2024
The DHS Cyber Safety Review Board, led by Homeland Security officials, is preparing to announce its next investigation soon, as hinted by DHS undersecretary Rob Silvers. Silvers mentioned criteria for incident review but did not reveal details.

CISA adds SonicWall SonicOS, ImageMagick, and Linux Kernel Bugs to its Known Exploited Vulnerabilities catalog

11 September 2024
. The ImageMagick vulnerability (CVE-2016-3714) could allow remote code execution through crafted images. Linux Kernel flaw (CVE-2017-1000253) enables privilege escalation for unpatched systems.

Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

11 September 2024
The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations. The six men, aged between 32 and 42, are suspected of

CosmicBeetle Upgrades Arsenal with New ScRansom Ransomware to Target SMBs

11 September 2024
CosmicBeetle has unleashed a new ransomware called ScRansom, targeting SMBs in Europe, Asia, Africa, and South America, possibly working with RansomHub. The threat actor swapped its Scarab ransomware for ScRansom, showing ongoing enhancements.

Only 5% of business leaders report seamless connectivity

11 September 2024
A new survey highlights the relationship between connectivity and cybersecurity. 

OpenZiti: Secure, Open-Source Networking for Your Applications

11 September 2024
OpenZiti is an open-source networking project that embeds zero-trust principles directly into applications, offering features like strong identity, mTLS, E2EE, private DNS, and smart routing.

Siemens Issues Critical Security Advisory for User Management Component (UMC)

11 September 2024
Siemens has issued a critical security advisory for its User Management Component (UMC), revealing a heap-based buffer overflow vulnerability (CVE-2024-33698) with a 9. 3 CVSS score.

Earth Preta Upgrades Attack Strategy via Removable Drives

11 September 2024
The HIUPAN worm allows Earth Preta to propagate malware into networks via removable drives, maintaining persistence by modifying registry values and creating autorun entries.

FBI Report Says Cryptocurrency Scams Surged in 2023

11 September 2024
According to an FBI report, cryptocurrency scams surged in 2023, leading to victims reporting $5. 6 billion in financial losses associated with crypto schemes, a 45% increase from the previous year.

Why Is It So Challenging to Go Passwordless?

11 September 2024
Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is."  If your organization is like many, you may be contemplating a move to passwordless authentication. But the reality is that a passwordless security approach comes with its own

Windows Elevation of Privilege Flaw Exploited by QakBot Malware, PoC Published

11 September 2024
The flaw, rated 7. 8 on the CVSS scale, involves a heap-based buffer overflow in the Desktop Window Manager core library, allowing attackers to execute arbitrary code with SYSTEM privileges.

Reputation Hijacking With JamPlus: A Maneuver To Bypass Smart App Control (SAC)

11 September 2024
The initial infection involves downloading a malicious package containing a legit CapCut app, JamPlus utility, and a malicious script. The script triggers the download and execution of the final payload from a remote server.

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

11 September 2024
Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews," ReversingLabs researcher Karlo Zanki said. The activity has been assessed to be part of

UK: National Crime Agency, Responsible for Fighting Cybercrime, ‘On Its Knees,’ Warns Report

11 September 2024
The agency is losing nearly a fifth of its cyber capacity annually due to a broken pay system, leading to increased costs with temporary labor and consultants making up over 10% of its budget.