Latest Cybersecurity News and Articles
25 July 2024
Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser.
"We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said.
To that
25 July 2024
Sensitive data, including personal and health information, was exposed in a cyber incident against MediSecure.
24 July 2024
Researchers identified two vulnerabilities in LangChain, an open-source generative AI framework with over 81,000 stars on GitHub: CVE-2023-46229 and CVE-2023-44467 (LangChain Experimental).
24 July 2024
Protexxa, a Toronto-based B2B SaaS cybersecurity company founded by Claudette McGowan, has secured $10 million in Series A funding from various investors including Bell Ventures and private investors like Sonia Baxendale and Annette Verschuren.
24 July 2024
Threat actors are targeting Hamster Kombat's 250 million players with fake Android and Windows software that install spyware and malware. The clicker mobile game allows players to earn fictional currency by completing simple tasks.
24 July 2024
The Philippines has decided to shut down its online gambling industry to tackle illegal activities such as financial scams and human trafficking. President Ferdinand Marcos Jr instructed PAGCOR to cease operations of POGOs by the end of the year.
24 July 2024
dYdX's decentralized finance (DeFi) exchange v3 website was hacked in a DNS hijack attack, compromising the platform. Users were warned not to visit or interact with the hacked website and to avoid withdrawing assets until the platform was safe.
24 July 2024
Multiple Russian cyber units are targeting frontline Ukrainian military computers and mobile devices in preparation for a summer offensive. This change reflects Russia's adaptation to the demands of a prolonged war in Ukraine.
24 July 2024
Security leaders have shared their thoughts about the Microsoft-Crowdstrike outage and advice for other organizations to protect themselves.
24 July 2024
The SEC has established the Interagency Securities Council (ISC) to support collaboration between federal, state and local agencies.
24 July 2024
A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos.
The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11.
"
24 July 2024
The Daolpu malware collects account credentials, browser history, and cookies from Chrome, Edge, Firefox, and other browsers. It is spread through malicious document attachments in phishing emails that contain malicious macros.
24 July 2024
Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams.
They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products — it’s the
24 July 2024
The Department of Health and Human Services is facing cloud security issues, with weaknesses in security controls and inventories of cloud systems. Over 30% of their systems are in the cloud, putting them at risk of compromise.
24 July 2024
The new Macma macOS backdoor is capable of data exfiltration through functionalities like device fingerprinting, keylogging, audio capture, and file uploading and downloading.
24 July 2024
Alphabet's planned $23 billion acquisition of cybersecurity firm Wiz has fallen through, leading Wiz to pursue its own path toward an IPO and aiming for $1 billion in annual recurring revenue (ARR).
24 July 2024
There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it’s incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process.
But this trend has also increased the attack surface—and with
24 July 2024
A security flaw in Microsoft Defender SmartScreen was exploited to deliver ACR, Lumma, and Meduza stealers in a recent campaign. The campaign targeted Spain, Thailand, and the U.S. by using booby-trapped files exploiting CVE-2024-21412.
24 July 2024
RMM tools have become essential in managing remote devices, but they also pose risks if exploited by threat actors. Attackers can gain remote access to devices, exfiltrate data, and remain undetected.
24 July 2024
The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell.
The development marks the first time the adversary has been observed using the red teaming software, the Knownsec 404 Team said in an analysis published last week.
The activity cluster, also