Latest Cybersecurity News and Articles
04 September 2024
The industry remains largely unscathed by cyber threats, but recent events like the JBS ransomware attack highlight vulnerabilities. The sector's increased automation makes it a target for hackers, posing risks to the US food supply.
04 September 2024
Initial Access Brokers (IABs) are now targeting companies with revenues reaching $2 billion, particularly in the US and business services sector, according to new research from Cyberint.
04 September 2024
The ransomware crisis is escalating, with a surge in attacks and payouts. New ransomware groups like PLAY and Medusa have led a wave of attacks in the second quarter, following the takedown of LockBit and BlackCat.
04 September 2024
The attack involves compromising hotel managers' accounts to access customer reservation systems, ultimately tricking hotel guests via the Booking.com app. The scheme utilizes a fake domain to deceive users and harvest sensitive data.
04 September 2024
The highly obfuscated KTLVdoor malware has versions for both Microsoft Windows and Linux, allowing attackers to perform tasks like file manipulation, command execution, and remote port scanning.
04 September 2024
The Dutch Data Protection Authority (Dutch DPA) fined Clearview AI $34 million for the illegal creation of a facial image database. If Clearview AI does not comply, an additional fine of up to $5.5 million will be imposed.
04 September 2024
The Python-based infostealer collects user information, text files, PDF files, browser data, crypto wallets, game platforms, browser extensions, and cookies. The stolen data is sent via email to the attacker.
04 September 2024
A survey reveals IT and corporate leadership attitudes toward organizational security preparedness.
04 September 2024
North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview.
The new attack wave, spotted by Singaporean company Group-IB in mid-August 2024, is yet another indication that the activity is also leveraging native installers for
04 September 2024
According to telemetry data from Trend Micro, Ransomware attacks in Southeast Asia are on the rise in 2024, with major incidents in countries like Thailand, Japan, South Korea, Singapore, Taiwan, and Indonesia.
04 September 2024
VMware has patched a high-severity code execution flaw in its Fusion hypervisor. The vulnerability, tracked as CVE-2024-38811, is caused by an insecure environment variable.
04 September 2024
The latest version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS) has introduced key changes to address the evolving digital landscape. While some requirements are already in effect, others will come into play by April 2025.
04 September 2024
Ransomware groups are increasingly weaponizing stolen data to pressure victims into paying. They analyze data to maximize damage and create opportunities for extortion, targeting business leaders and employees for blame.
04 September 2024
Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component.
According to the description of the bug in the NIST National
04 September 2024
The Biden administration has dropped its appeal of a court decision that rejected new regulations restricting hospitals' use of web-tracking tools. A Texas judge ruled the administration's efforts illegal in June.
04 September 2024
A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations.
It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing PyPI packages and result in "hundreds of thousands" of malicious package
04 September 2024
DVUEFI was created to assist ethical hackers, security researchers, and firmware enthusiasts in beginning their journey into UEFI firmware security by providing examples to explore potential vulnerabilities.
04 September 2024
A new twist on the old sextortion scam involves sending personalized emails with webcam footage of individuals and a photo of their home, obtained from online mapping applications.
04 September 2024
The mastermind behind the operation, Callum Picari, along with his accomplices Vijayasidhurshan Vijayanathan and Aza Siddeeque, were arrested by National Crime Agency (NCA) officers in March 2021.
04 September 2024
CISA announced its Voluntary Cyber Incident Reporting portal is now live, and security leaders are sharing their insights.