Latest Cybersecurity News and Articles
13 August 2024
The UK and France will discuss the misuse of commercial cyber intrusion tools as part of the Pall Mall Process, aiming to address the irresponsible use of hacking tools like spyware.
13 August 2024
The flaws include denial-of-service issues, unauthorized file write bugs, directory traversal, and forced Wi-Fi connections. Google has released an update (v1.0.1724.0) to address these vulnerabilities and is tracking them under two CVE identifiers.
13 August 2024
Cyber threat operation ClearFake distributes fake antivirus software to trick users into believing their systems are infected, leading to requests for payment or installation of more malware.
13 August 2024
The Network and Information Security (NIS) 2 Directive is a major cybersecurity regulation in Europe, with EU Member States having until October 17, 2024, to comply with the increased security standards and reporting requirements.
13 August 2024
The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Dispossessor (aka Radar).
The effort saw the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain. Dispossessor is said to be led by
13 August 2024
Initially discovered in January 2023 impersonating government entities, Gigabud and Golddigger malware campaigns have overlapped, suggesting the same threat actors behind both.
13 August 2024
FreeBSD has issued an urgent patch for a high-severity vulnerability in OpenSSH that could allow attackers to remotely execute arbitrary code with elevated privileges. The flaw, identified as CVE-2024-7589, has a CVSS score of 7.4 out of 10.
13 August 2024
The malicious PyPI package, named "solana-py," had 1,122 downloads before being removed. It mimicked the legitimate "solana" package with version numbers 0.34.3, 0.34.4, and 0.34.5.
13 August 2024
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign that masquerades as the Security Service of Ukraine to distribute malware capable of remote desktop access.
The agency is tracking the activity under the name UAC-0198. More than 100 computers are estimated to have been infected since July 2024, including those related to government bodies in the
12 August 2024
McLaren Health Care experienced a criminal cyberattack and is working to recover functionality.
12 August 2024
Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) have made it easier for cybercriminals to carry out sophisticated attacks, according to Darktrace. These subscription-based tools have lowered the barrier for less experienced attackers.
12 August 2024
The vulnerability, identified as CVE-2024-38200, affects various versions of Office, including Microsoft Office 2016, Microsoft Office LTSC 2021, Microsoft 365 Apps, and Microsoft Office 2019.
12 August 2024
The United Nations has unanimously passed its first cybercrime treaty, initially proposed by Russia. This treaty establishes a global legal framework for addressing cybercrime and data access.
12 August 2024
The first vulnerability, CVE-2024-42219, allows bypassing inter-process communication protections and impersonation of trusted 1Password integrations. The second, CVE-2024-42218, lets attackers bypass security mechanisms using outdated app versions.
12 August 2024
Shorter TLS certificate lifespans are expected to create challenges for management efforts, with 76% of security leaders acknowledging the need to transition to shorter lifespans for increased security, according to Venafi.
12 August 2024
The vulnerabilities affect devices before the Sonos S2 release 15.9 and Sonos S1 release 11.12. These flaws could be exploited to compromise devices over the air and capture audio covertly.
12 August 2024
CrowdStrike is looking to acquire patch management specialist Action1 in a deal worth nearly $1 billion. Action1's Co-Founder and CEO confirmed the discussions with CrowdStrike employees in a memo.
12 August 2024
The vulnerabilities affect all versions of OpenVPN prior to 2.6.10 and 2.5.10. Attackers could gain full control over targeted endpoints by exploiting these vulnerabilities.
12 August 2024
In 2023, no fewer than 94 percent of businesses were impacted by phishing attacks, a 40 percent increase compared to the previous year, according to research from Egress.
What's behind the surge in phishing? One popular answer is AI – particularly generative AI, which has made it trivially easier for threat actors to craft content that they can use in phishing campaigns, like malicious emails
12 August 2024
Researchers at AppOmni revealed that adversaries no longer need to complete all seven stages of a traditional kill chain to achieve their goals. This shift requires organizations to rethink their cybersecurity strategies.