Latest Cybersecurity News and Articles
31 July 2024
Initially detected in May 2020 by Bitdefender, Mandrake went undetected for four years. In April 2024, Kaspersky identified a new variant hidden in five Google Play apps from 2022 to 2024.
31 July 2024
Initially relying on Qakbot botnet infections, UNC4393 now uses custom malware and diverse access techniques after the crackdown on Qakbot. They have quick reconnaissance and encryption objectives, with a median time of 42 hours to ransomware.
31 July 2024
Breaches impacted 17 industries across 16 countries and regions, with costs related to detecting breaches, notifying victims, post-breach response efforts, and lost business.
31 July 2024
Meta, the parent company of Facebook, Instagram, and WhatsApp, agreed to a record $1.4 billion settlement with the U.S. state of Texas over allegations that it illegally collected biometric data of millions of users without their permission, marking one of the largest penalties levied by regulators against the tech giant.
"This historic settlement demonstrates our commitment to standing up to
31 July 2024
A ransomware attack caused Superior Court of Los Angeles County to close all 36 courthouse locations.
30 July 2024
A bug hunter discovered a bypass in Meta's Prompt-Guard-86M model by inserting character-wise spaces between English alphabet characters, rendering the classifier ineffective in detecting harmful content.
30 July 2024
The U.S. State Department emphasized the importance of including human rights protections in the upcoming United Nations cybercrime treaty. The final round of negotiations for the treaty, which began on Monday and will conclude on August 9, 2024.
30 July 2024
The recent attacks by the SideWinder APT group use phishing lures related to emotional topics like sexual harassment and salary cuts to trick victims into opening booby-trapped Microsoft Word documents.
30 July 2024
A threat intelligence report offers insights into the evolving cyber landscape surrounding the Paris 2024 Olympics.
30 July 2024
Change Healthcare has started the process of notifying millions of Americans affected by a massive cyberattack and data theft that occurred more than five months ago. The company is sending individual breach notification letters on a rolling basis.
30 July 2024
The newly discovered backdoor has limited samples available on VirusTotal, making detection more difficult. It operates by collecting system information and sending it to a command and control server, awaiting further instructions.
30 July 2024
This investment will allow Cowbell to expand its operations, enter key global markets, enhance cyber resilience services, introduce innovative products, and strengthen partnerships.
30 July 2024
The European Central Bank has completed a cyber stress test for the banking sector, finding that while banks have strong response frameworks, there is still room for improvement in recovery capabilities.
30 July 2024
The attackers use social engineering tactics to get users to run a PowerShell script, compromising their systems. The scam starts with an email containing an HTML file that tricks the recipient into clicking on a button to fix a fake DNS issue.
30 July 2024
The campaign began in January 2024 and peaked at 14 million emails in June. The emails were designed to steal sensitive information and included authentic-looking signatures to bypass security measures.
30 July 2024
A new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for download from the Google Play Store and remained undetected for two years.
The applications attracted a total of more than 32,000 installations before being pulled from the app storefront, Kaspersky said in a Monday write-up. A majority of the downloads originated
30 July 2024
Ransomware operators like Black Basta and Akira have already used this vulnerability in attacks, with Storm-0506 deploying Black Basta ransomware on the ESXi hypervisors of a North American engineering firm.
30 July 2024
As more people work remotely, IT departments must manage devices distributed over different cities and countries relying on VPNs and remote monitoring and management (RMM) tools for system administration.
However, like any new technology, RMM tools can also be used maliciously. Threat actors can establish connections to a victim's device and run commands, exfiltrate data, and stay
30 July 2024
Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses (SMBs) in Poland during May 2024 that led to the deployment of several malware families like Agent Tesla, Formbook, and Remcos RAT.
Some of the other regions targeted by the campaigns include Italy and Romania, according to cybersecurity firm ESET.
"Attackers used previously
30 July 2024
Critical vulnerabilities within Hotjar and Business Insider have been uncovered by security researchers, posing risks for enterprises. These vulnerabilities highlight a broader issue with XSS flaws reintroduced by new technologies, increasing risks.