Latest Cybersecurity News and Articles


Britain and France to Discuss Misuse of Commercial Cyber Intrusion Tools

13 August 2024
The UK and France will discuss the misuse of commercial cyber intrusion tools as part of the Pall Mall Process, aiming to address the irresponsible use of hacking tools like spyware.

Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share

13 August 2024
The flaws include denial-of-service issues, unauthorized file write bugs, directory traversal, and forced Wi-Fi connections. Google has released an update (v1.0.1724.0) to address these vulnerabilities and is tracking them under two CVE identifiers.

Threat Actors Hijacking Websites to Deliver .NET-Based Malware

13 August 2024
Cyber threat operation ClearFake distributes fake antivirus software to trick users into believing their systems are infected, leading to requests for payment or installation of more malware.

NIS2: A Catalyst for Cybersecurity Innovation or Just Another Box-Ticking Exercise?

13 August 2024
The Network and Information Security (NIS) 2 Directive is a major cybersecurity regulation in Europe, with EU Member States having until October 17, 2024, to comply with the increased security standards and reporting requirements.

FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany

13 August 2024
The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Dispossessor (aka Radar). The effort saw the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain. Dispossessor is said to be led by

Unmasking the Overlap Between Golddigger and Gigabud Android Malware

13 August 2024
Initially discovered in January 2023 impersonating government entities, Gigabud and Golddigger malware campaigns have overlapped, suggesting the same threat actors behind both.

FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

13 August 2024
FreeBSD has issued an urgent patch for a high-severity vulnerability in OpenSSH that could allow attackers to remotely execute arbitrary code with elevated privileges. The flaw, identified as CVE-2024-7589, has a CVSS score of 7.4 out of 10.

Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

13 August 2024
The malicious PyPI package, named "solana-py," had 1,122 downloads before being removed. It mimicked the legitimate "solana" package with version numbers 0.34.3, 0.34.4, and 0.34.5.

Ukraine Warns of New Phishing Campaign Targeting Government Computers

13 August 2024
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign that masquerades as the Security Service of Ukraine to distribute malware capable of remote desktop access. The agency is tracking the activity under the name UAC-0198. More than 100 computers are estimated to have been infected since July 2024, including those related to government bodies in the

McLaren Health Care experienced a criminal cyber attack

12 August 2024
McLaren Health Care experienced a criminal cyberattack and is working to recover functionality. 

Malware-as-a-Service and Ransomware-as-a-Service Lower Barriers for Cybercriminals

12 August 2024
Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) have made it easier for cybercriminals to carry out sophisticated attacks, according to Darktrace. These subscription-based tools have lowered the barrier for less experienced attackers.

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure

12 August 2024
The vulnerability, identified as CVE-2024-38200, affects various versions of Office, including Microsoft Office 2016, Microsoft Office LTSC 2021, Microsoft 365 Apps, and Microsoft Office 2019.

UN Cybercrime Treaty Passes in Unanimous Vote

12 August 2024
The United Nations has unanimously passed its first cybercrime treaty, initially proposed by Russia. This treaty establishes a global legal framework for addressing cybercrime and data access.

Critical 1Password Flaws May Allow Hackers to Snatch Users' Passwords

12 August 2024
The first vulnerability, CVE-2024-42219, allows bypassing inter-process communication protections and impersonation of trusted 1Password integrations. The second, CVE-2024-42218, lets attackers bypass security mechanisms using outdated app versions.

Shorter TLS Certificate Lifespans Expected to Complicate Management Efforts

12 August 2024
Shorter TLS certificate lifespans are expected to create challenges for management efforts, with 76% of security leaders acknowledging the need to transition to shorter lifespans for increased security, according to Venafi.

Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users

12 August 2024
The vulnerabilities affect devices before the Sonos S2 release 15.9 and Sonos S1 release 11.12. These flaws could be exploited to compromise devices over the air and capture audio covertly.

CrowdStrike Pursuing Deal to Buy Patch Management Specialist Action1

12 August 2024
CrowdStrike is looking to acquire patch management specialist Action1 in a deal worth nearly $1 billion. Action1's Co-Founder and CEO confirmed the discussions with CrowdStrike employees in a memo.

Microsoft Found OpenVPN Bugs That can be Chained to Achieve RCE and LPE

12 August 2024
The vulnerabilities affect all versions of OpenVPN prior to 2.6.10 and 2.5.10. Attackers could gain full control over targeted endpoints by exploiting these vulnerabilities.

How Phishing Attacks Adapt Quickly to Capitalize on Current Events

12 August 2024
In 2023, no fewer than 94 percent of businesses were impacted by phishing attacks, a 40 percent increase compared to the previous year, according to research from Egress. What's behind the surge in phishing? One popular answer is AI – particularly generative AI, which has made it trivially easier for threat actors to craft content that they can use in phishing campaigns, like malicious emails

SaaS Apps Present an Abbreviated Kill Chain for Attackers

12 August 2024
Researchers at AppOmni revealed that adversaries no longer need to complete all seven stages of a traditional kill chain to achieve their goals. This shift requires organizations to rethink their cybersecurity strategies.