Latest Cybersecurity News and Articles
05 August 2024
Unlike other ransomware groups targeting businesses, Magniber focuses on individuals. Victims report their devices getting infected after running software cracks. Ransom demands start at $1,000 and escalate to $5,000 if not paid within three days.
05 August 2024
Federal officials have raised concerns about the software supply chain and memory safety vulnerabilities following a global IT outage caused by a faulty CrowdStrike software update.
05 August 2024
The group used DNS poisoning to redirect software update queries to attacker-controlled servers, infecting victims with malware. Volexity detected one attack in Hong Kong, which ceased when the ISP took action.
05 August 2024
Representatives from various countries and the European Union participated in the meeting, addressing cybersecurity and data risks in connected vehicles. The meeting highlighted the importance of connected cars as a critical part of infrastructure.
05 August 2024
A new Linux Kernel attack called SLUBStick has a 99% success rate in turning a limited heap vulnerability into a powerful memory read-and-write capability, allowing for privilege escalation and container escape.
05 August 2024
Mozilla has joined Google in no longer trusting Entrust as a root certificate authority due to compliance failures and inadequate responses. Google was the first to make this decision, citing concerning behaviors from Entrust.
05 August 2024
The U.S. and German law enforcement have seized the domain of the Cryptonator crypto wallet platform, indicting its operator, Roman Boss, for money laundering and running an unlicensed money service business.
05 August 2024
Cybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings.
Smart App Control (SAC) is a cloud-powered security feature introduced by Microsoft in Windows 11 to block malicious, untrusted, and potentially unwanted apps from being run
05 August 2024
Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT (aka Strigoi Master).
"The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijack restricted data," cybersecurity vendor BI.ZONE said in a new analysis.
The cyber attacks employ
05 August 2024
Protect AI, a Seattle-based AI and ML security company, raised $60M in Series B funding led by Evolution Equity Partners, with participation from 01 Advisors, StepStone Group, Samsung, and existing investors.
05 August 2024
Alex Stamos has been hired as Chief Information Security Officer (CISO) at Sentinel One.
05 August 2024
Australian companies will soon be required to report ransom payments, in line with the upcoming Cyber Security Act in the country. The legislation aims to enhance the response to cyber incidents, similar to CIRCIA in the US.
05 August 2024
BlankBot, which is still in development, has advanced features like screen recording, keylogging, and remote control, posing a significant threat due to its evasion techniques.
05 August 2024
The Loper Bright decision has yielded impactful results: the Supreme Court has overturned forty years of administrative law, leading to potential litigation over the interpretation of ambiguous laws previously decided by federal agencies. This article explores key questions for cybersecurity professionals and leaders as we enter a more contentious period of cybersecurity law.
Background
What is
05 August 2024
The United States, along with Germany and Slovenia, participated in a historic prisoner exchange with Russia, releasing hackers, spies, and an assassin. The swap took place at an airport in Ankara, Turkey.
05 August 2024
A vulnerability in Rockwell Automation's Logix controllers, CVE-2024-6242, poses a security risk to industrial automation systems worldwide by allowing unauthorized access to PLCs.
05 August 2024
Incident response is a structured approach to managing and addressing security breaches or cyber-attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated actions to enhance readiness. Improving these areas ensures a swift and effective response, minimizing damage and restoring normal operations quickly.
Challenges in incident
05 August 2024
A tech support fraud leader was sentenced to seven years in prison for scamming over 6,500 victims and making $6 million. The operation targeted elderly victims in the U.S. and Canada by showing fake malware infections on their computers.
05 August 2024
This attack method takes advantage of vulnerabilities at the registrar level and lax ownership verification at DNS providers. Research has shown that over a million domains could be vulnerable to this type of attack daily.
05 August 2024
Tel Aviv-based cybersecurity firm, Clutch Security, has secured $8.5m in seed funding led by Lightspeed Venture Partners, Merlin Ventures, Cyber Club London, and other investors like Nir Polak, Shlomo Kramer, and Armon Dadgar.