Latest Cybersecurity News and Articles
27 August 2024
Cybercriminals are sending malicious SMS messages demanding payment for non-existent charges across Illinois, Florida, North Carolina, and Washington. These scams imitate state authorities and provide links to fake payment websites to steal data.
27 August 2024
A security researcher has published a proof-of-concept exploit for a critical zero-click vulnerability, CVE-2024-38063, in Windows TCP/IP. This flaw allows remote code execution on Windows systems with IPv6 enabled, affecting millions of devices.
27 August 2024
Halliburton, one of the most prominent oilfield service companies, was the subject of a recent cyberattack.
27 August 2024
Over 100 government officials recently completed a comprehensive cybersecurity training program, focusing on global cybersecurity trends, security standards, and data protection governance.
27 August 2024
The scammers targeted both McDonald’s Instagram and a senior marketing director's Twitter account, leveraging the association between Grimace, McDonald’s iconic purple mascot, and the brand to add credibility to their scam.
27 August 2024
Despite law enforcement actions disrupting major ransomware operations, the long-term impact remains uncertain as groups adapt and evolve. Ransomware-as-a-Service (RaaS) collectives are facing growing competition to attract affiliates.
27 August 2024
Inherent vulnerabilities stem from the underlying formats and processes of the technology, allowing attackers to exploit features like automatic code execution in ML models and certain dataset formats.
27 August 2024
The plugin, which was added to Pidgin’s third-party plugins list on July 6th, was flagged by a user, 0xFFFC0000, on August 16th, who reported suspicious behavior, including the unauthorized capture and sharing of screenshots.
27 August 2024
Researchers found a vulnerability in the Shimano Di2 system’s proprietary protocol, making it susceptible to a replay attack. They demonstrated that an attacker could intercept and replay commands using off-the-shelf software-defined radio.
27 August 2024
Two deceptive campaigns were identified recently using Google ads and Microsoft's infrastructure. The first scam involves a fake helpdesk page on Microsoft Learn whereas the second one hijacks Microsoft search queries through a Google ad.
27 August 2024
This vulnerability allows authorized users to inject and execute malicious code through the plugin's shortcode feature, potentially leading to data theft and website takeover.
27 August 2024
These vulnerabilities, known as CVE-2024-32501, CVE-2024-33852, CVE-2024-33853, CVE-2024-33854, CVE-2024-5725, and CVE-2024-39841, pose a significant risk to organizations relying on Centreon for IT infrastructure monitoring.
27 August 2024
Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling.
"ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface," security researcher Johann Rehberger said.
"This means that an attacker
27 August 2024
Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild.
Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine.
"Inappropriate implementation in V8 in Google Chrome prior to
26 August 2024
The FBI lacks proper policies and controls for tracking and disposing of storage media, leading to risks of loss or theft. The audit also identified physical security gaps in the media destruction process at FBI facilities.
26 August 2024
Vulnerability prioritization is crucial in managing security threats but is only the beginning. Knowing which vulnerabilities to address is not enough; the focus should be on quickly addressing and mitigating them.
26 August 2024
A new report from the CMO Council and KPMG shows that building strong relationships between marketing and data security teams is crucial, but one-third of partnerships struggle with collaboration.
26 August 2024
Hiya, a call-blocking service, identified nearly 20 billion spam calls in the first half of 2024, with over 107 million spam calls daily. Of the 42 countries analyzed, 25 had spam flag rates exceeding 20%, some even surpassing 50%.
26 August 2024
A 33-year-old Latvian man, Deniss Zolotarjovs, residing in Moscow, has been charged in the U.S. with money laundering, financial fraud, and extortion related to the Russian ransomware group Karakurt.
26 August 2024
A survey shows 63% of security practitioners experience burnout and reveals the key steps to retaining security talent.