Latest Cybersecurity News and Articles
04 September 2024
Swan Bitcoin CEO Cory Klippsten has warned users about phishing emails targeting the platform's users. The scam involves fake "Data Breach Notice" emails, possibly linked to the Klaviyo and HubSpot data breaches in 2022.
04 September 2024
Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands.
Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command injection.
"The improper neutralization of special elements in the
04 September 2024
Hackers exploited a vulnerability in Verkada's customer support server, gaining access to the Command platform and extracting video footage and customer data. Another incident involved a hacker installing the Mirai botnet on Verkada's network server.
04 September 2024
The most common scams involve government impersonation, business impersonation, and tech support, where scammers persuade victims to withdraw cash from their bank accounts and deposit it into Bitcoin ATMs.
04 September 2024
Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, "Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them" argues that the
04 September 2024
Automated threats are increasingly difficult to keep up with, with 98% of organizations attacked by bots experiencing revenue loss, according to Kasada. Web scraping and account fraud are the primary threats causing revenue losses.
04 September 2024
The White House advised network operators to implement Resource Public Key Infrastructure (RPKI) to enhance security, which involves digital certificates managed by Regional Internet Registries.
04 September 2024
Debian has patched two critical vulnerabilities in the Dovecot mail server, identified as CVE-2024-23184 and CVE-2024-23185, which could lead to denial-of-service attacks.
04 September 2024
A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign.
04 September 2024
D-Link has announced that it will not be fixing four critical remote code execution (RCE) vulnerabilities in its DIR-846W routers due to the products no longer being supported.
04 September 2024
The flaw, known as CVE-2024-7261, has a CVSS v3 score of 9.8, enabling hackers to execute arbitrary commands on the host operating system by manipulating user-supplied data.
04 September 2024
The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) against facial recognition firm Clearview AI for violating the General Data Protection Regulation (GDPR) in the European Union (E.U.) by building an "illegal database with billions of photos of faces," including those of Dutch citizens.
"Facial recognition is a highly intrusive technology that you
04 September 2024
A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign.
The malvertising activity, observed in June 2024, is a departure from previously observed tactics wherein the malware has been propagated via traditional phishing emails, Unit 42 researchers
03 September 2024
New research highlights a sophisticated, ongoing phishing campaign that has targeted over 130 organizations.
03 September 2024
An old but persistent email scam known as "sextortion" has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target's home in a bid to make threats about publishing the videos more frightening and convincing.
03 September 2024
Young Consulting revealed that an unauthorized actor gained access to Blue Shield of California subscriber data in April 2024.
03 September 2024
A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus.
"Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools.
"For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which
03 September 2024
Security researchers have identified six vulnerabilities, including a race condition in the Bluetooth RFCOMM protocol driver that can crash the system, a race condition in the Bluetooth subsystem, and a double-free error in the net/mlx5e module.
03 September 2024
Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation.
"It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector," cybersecurity
03 September 2024
Recent investigations reveal that the BlackByte ransomware group is deploying techniques that vary from its typical methods.