Latest Cybersecurity News and Articles
10 September 2024
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the "audio gap" and exfiltrating sensitive information by taking advantage of the noise generated by the pixels on the screen.
"Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 - 22 kHz," Dr. Mordechai Guri, the head of
10 September 2024
These campaigns aim to steal sensitive banking credentials using innovative tactics, expanding beyond traditional regions like Brazil and Argentina to industries such as manufacturing, retail, and financial services.
10 September 2024
The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads, according to new findings from Trend Micro.
The cybersecurity firm, which is monitoring the activity cluster under the name Earth Preta, said it observed "the propagation of PUBLOAD via a variant of the worm HIUPAN."
10 September 2024
Spyware vendors have developed a complex ecosystem that enables them to evade sanctions effectively by utilizing a network of interconnected entities across various jurisdictions.
10 September 2024
Moody's Ratings reported that competition in the cyber insurance market is increasing, leading to a decrease in prices, with new players entering the market despite concerns about systemic risk.
10 September 2024
The U.S. Department of Homeland Security (DHS) has issued a request for information to assess the security of technology at ports in order to develop a Maritime Port Resiliency and Security Research Testbed.
10 September 2024
A PoC exploit for an Elevation of Privilege vulnerability in Windows has been released by a security researcher. This exploit targets a flaw in the Windows Telephony service, allowing attackers to gain SYSTEM privileges on affected systems.
10 September 2024
North Carolina musician Michael Smith has been indicted for allegedly scamming over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music through a massive streaming fraud scheme.
10 September 2024
CAMO, short for Commercial Applications, Malicious Operations, showcases how cybercriminals are increasingly utilizing legitimate IT tools to evade security measures and conduct stealthy attacks.
10 September 2024
The Lazarus Group, known for financially motivated cyber campaigns, is targeting blockchain professionals through fake job offers and fraudulent video conferencing applications.
10 September 2024
Once installed, COVERTCATCH downloads a second-stage payload to compromise macOS systems. This tactic is part of various activity clusters, including Operation Dream Job and Contagious Interview.
10 September 2024
MindsDB has fixed a critical security vulnerability, CVE-2024-24759, which could enable attackers to bypass security measures using DNS rebinding. This technique manipulates domain name resolution to bypass SSRF protection.
09 September 2024
A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks.
The technique has been codenamed RAMBO by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab in the Department of Software and Information Systems Engineering at the Ben Gurion University of
09 September 2024
A cybersecurity researcher discovered an exposed Confidant Health database containing thousands of records.
09 September 2024
The attack involves malware manipulating the computer's RAM to emit controlled electromagnetic radiation that can transmit data to nearby recipients. The attack, created by Israeli researchers, leverages memory access patterns to modulate the RAM.
09 September 2024
According to Avis, an unauthorized third party gained access to one of its business applications in August 2024 and obtained customer information.
09 September 2024
A couple of critical vulnerabilities in Kibana, tracked as CVE-2024-37288 and CVE-2024-37285, can lead to arbitrary code execution. Elastic urges an immediate update to version 8.15.1.
09 September 2024
The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach not only fails to address the fundamental issue of the attack surface but also introduces dangerous
09 September 2024
A new sextortion scam variant is targeting spouses by claiming their partner is cheating on them and providing alleged proof in emails. These scams involve threatening to share compromising images or videos unless a payment is made.
09 September 2024
The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as Quasar RAT since June 2024.
"Attacks have originated with phishing emails impersonating the Colombian tax authority," Zscaler ThreatLabz researcher Gaetano Pellegrino said in a new analysis published