Latest Cybersecurity News and Articles
29 July 2024
WhatsApp currently blocks certain file types considered risky, but Python and PHP scripts are not included in the blocklist. Security researcher Saumyajeet Das identified this vulnerability while testing file attachments in WhatsApp conversations.
29 July 2024
The National Vulnerability Database (NVD), maintained by the National Institute of Standards and Technology (NIST), currently has a backlog of over 16,000 vulnerabilities, with an average daily influx of more than 100 new security flaws.
29 July 2024
The vulnerability (CVE-2023-45249) was patched nine months ago but is still being exploited in attacks. Admins are advised to update their systems immediately to prevent unauthorized remote code execution.
29 July 2024
Researchers at Truffle Security have found, or arguably rediscovered, that data from deleted GitHub repositories (public or private) and from deleted copies (forks) of repositories isn't necessarily deleted.
29 July 2024
The Gh0st RAT Trojan is being distributed to Chinese Windows users through a fake Chrome website. The malware has been around since 2008 and has evolved over the years, often used by cyberespionage groups in China.
29 July 2024
Companies are reevaluating their cybersecurity defenses in response to the rise of AI-generated deepfake attacks and identity fraud. According to GetApp, 73% of US organizations have already developed deepfake response plans.
29 July 2024
Searchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere.
Organizations know they must encrypt their most valuable, sensitive data to prevent data theft and breaches. They also understand that organizational data exists to be used. To be searched, viewed, and modified to keep businesses running. Unfortunately, our Network and
29 July 2024
The malware is designed to target only 64 specific machines, attempting to exfiltrate Google Cloud Platform credentials for potential follow-on attacks such as data theft and malware implantation.
29 July 2024
Most CISOs are feeling unprepared for new compliance regulations, such as the SEC’s cybersecurity disclosure rules in the USA and the Digital Operational Resilience Act (DORA) in the EU, presenting a significant challenge.
29 July 2024
GenAI-related domains are being registered daily with suspicious activity, including those linked to malware like ransomware and phishing. The trend in GenAI-related domain registrations mirrors industry milestones.
29 July 2024
The White House and CISA have named key cybersecurity officials as part of their national resilience strategy rollout. Harry Wingo will become the deputy national cyber director, while Bridget Bean is set to be the new executive director at CISA.
29 July 2024
Meta has taken down 63,000 Instagram accounts in Nigeria involved in sextortion scams, including a network of 2,500 accounts linked to 20 individuals targeting adult men in the US.
29 July 2024
The operation started in France on July 18, 2024, and is anticipated to extend to other countries like Malta, Portugal, Croatia, Slovakia, and Austria. Victims in France will be individually notified by the ANSSI about the clean-up process.
29 July 2024
Existing investors Greylock Partners, Cyberstarts, Insight Partners, and Index Ventures are collectively described as “leading” the round. Dazz, which launched in 2021, has now raised around $110 million in total.
29 July 2024
The flaw in the Jetson Linux component of the JetPack SDK impacts devices such as the Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series, and Jetson Nano.
29 July 2024
A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service (DaaS) that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year.
The network, which comprises over 3,000 accounts on the cloud-based code hosting platform, spans thousands of repositories that are used to
29 July 2024
The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users.
These infections stem from a fake website ("chrome-web[.]com") serving malicious installer packages masquerading as Google's Chrome browser, indicating that users searching for the software on the
27 July 2024
The malicious Chrome extension campaign in LATAM involves infecting victims through phishing websites and installing rogue extensions to steal sensitive information. The extensions mimic Google Drive, giving them access to a wide range of user data.
27 July 2024
French judicial authorities, in collaboration with Europol, have launched a so-called "disinfection operation" to rid compromised hosts of a known malware called PlugX.
The Paris Prosecutor's Office, Parquet de Paris, said the initiative was launched on July 18 and that it's expected to continue for "several months."
It further said around a hundred victims located in France, Malta, Portugal,
27 July 2024
FortiGuard Labs Threat Research team has identified a fraud campaign targeting India Post users on social media, specifically iPhone users through smishing attacks. The Smishing Triad, a Chinese threat actor, is believed to be behind this campaign.