Category: CySecurity News – Latest Information Security and Hacking Incidents

  A new Linux variant of FASTCash malware has surfaced, targeting the payment switch systems of financial institutions. North Korean hackers, linked to the Hidden Cobra group, have expanded their cyber arsenal to now include Ubuntu 22.04 LTS distributions. Previously,…

Read more →

  Microsoft employs deceptive tactics against phishing actors, creating realistic-looking honeypot tenants with Azure access and luring attackers in to gather intelligence on them.  Tech giant can use the acquired data to map malicious infrastructure, gain a better understanding of…

Read more →

  In recent years, state-sponsored hacker groups have increased their attacks on critical infrastructure, causing great concern across the globe. It has become increasingly evident that these coordinated and sophisticated cyber threats and attacks are posing serious risks to the…

Read more →

  Brazil’s Polícia Federal arrested USDoD, an infamous hacker linked to the National Public Data and InfraGard breaches, as part of “Operation Data Breach”. USDoD, dubbed EquationCorp, has a long history of high-profile data breaches in which he stole data…

Read more →

  Windows Security, the antivirus program built into Microsoft’s operating system, is generally sufficient for most users. It provides a decent level of protection against various threats, but a few important features, like Memory Integrity, remain turned off by default.…

Read more →

  Cybersecurity leaders are facing unprecedented stress as they battle evolving threats, AI-driven cyberattacks, and ransomware. A recent BlackFog study reveals that 93% of CISOs considering leaving their roles cite overwhelming job demands and mental health challenges. Burnout is driven…

Read more →

  It reveals the story of a woman who is emotionally disturbed and seeks the help of artificial intelligence as she tries to erase her past in director Vikramaditya Motwane’s new Hindi film, CTRL. There is no doubt that the…

Read more →

  Several years ago, smart TVs started to become popular choices in households. They are widely available now and provide a wide range of features and applications that make them an excellent choice. To stay competitive, users will be inclined…

Read more →

  Cybersecurity experts say that there is a new threat against Middle East organisations, and more specifically within the United Arab Emirates, and other Gulf countries. There is an Iranian gang cybercrime known as OilRig that aims to hunt login…

Read more →

  Cisco has acknowledged that it is investigating reports of a data breach after a hacker began offering allegedly stolen firm data for sale on a hacking platform. As per a report in a local media outlet, the investigation was…

Read more →

  Large language models (LLMs) are transforming enterprise automation and efficiency but come with significant security risks. These AI models, which lack critical thinking, can be manipulated to disclose sensitive data or even trigger actions within integrated business systems. Jailbreaking…

Read more →

  A perilous new variant of the Android banking malware TrickMo has been discovered, capable of mimicking the Android lock screen and stealing users’ PINs. This comes according to the data compiled by the security firm Zimperium, who made a…

Read more →

  A surprising situation unfolded this summer when buying a car in the U.S. became nearly impossible. In June, a ransomware attack targeted CDK Global, a Chicago-based software company with a market value of about $6.4 billion, halting operations at…

Read more →

  The Iranian state-sponsored hacking outfit APT34, dubbed OilRig, has recently escalated its activity by launching new campaigns against government and vital infrastructure entities in the United Arab Emirates and the Gulf area.  OilRig employed a new backdoor to target…

Read more →

Malware Analyst at Zimperium, Aazim Yaswant, has released an in-depth report on the most recent TrickMo samples, highlighting worrisome new functionalities of this banking trojan. Initially reported by Cleafy in September, this new version of TrickMo employs various techniques to…

Read more →

  Telegram is often perceived as a secure messaging app, but this perception is flawed. Unlike WhatsApp, Telegram doesn’t have end-to-end encryption by default. While Secret Chats offer encryption, users must manually activate this feature, and it doesn’t apply to…

Read more →

  Within a year and a half, ChatGPT has grown from an AI prototype to a broad productivity assistant, even sporting its text and code editor called Canvas. Soon, OpenAI will add direct web search capability to ChatGPT, putting the…

Read more →

  Indonesia has urged Alphabet’s Google and Apple to remove Temu, a Chinese fast fashion e-commerce startup, from their app stores in the nation, a minister said earlier this week.  The decision was intended to safeguard the nation’s small and…

Read more →

  A recent report highlights the alarming rise of China-linked human trafficking and scamming networks, now using AI tools to enhance their operations. Initially concentrated in Southeast Asia, these operations trafficked over 200,000 people into compounds in Myanmar, Cambodia, and…

Read more →

  Currently, there is a cyberattack powered by artificial intelligence that targets Gmail’s huge network of 2.5 billion users, which is currently making waves. As a way of tricking people into sharing sensitive information, hackers use advanced techniques, including realistic…

Read more →

  Watching television seems to be a benign pastime, but as all TVs become “smart” and link to the internet via your network, they will be able to track you as well. When you turn on a smart TV from…

Read more →

  A new cybersecurity report from Sevco has uncovered a critical vulnerability in macOS 15.0 Sequoia and iOS 18, which exposes personal data through iPhone apps when devices are mirrored onto work computers. The issue arose when Sevco researchers detected…

Read more →

  As cybercrime continues to cost the world economy billions annually, a robust new coalition launched by Google, the DNS Research Federation, and the Global Anti-Scam Alliance (GASA) is working to disrupt online scammers at a global level. By all…

Read more →

  A new ransomware strain, known as Trinity, has reportedly compromised at least one healthcare organization in the U.S., according to a recent report from federal authorities. The U.S. Department of Health and Human Services (HHS) issued a warning on…

Read more →

  According to Chinese scientists at Shanghai University, a quantum computer from the Canadian company D-Wave has been demonstrated to be capable of breaking a popular encryption scheme that has been used for many years. A new study shows that…

Read more →

  Fidelity Investments recently disclosed a data breach that impacted 77,099 customers, with details made public in an October 9 filing with the Maine Attorney General’s Office. The breach occurred on August 17, 2024, and was discovered two days later…

Read more →

  ProKYC is a recently revealed artificial intelligence (AI)-powered deep fake tool that nefarious actors can use to circumvent high-level Know Your Customer (KYC) protocols on cryptocurrency exchanges, presenting as a very sophisticated method to circumvent high-level KYC protocols. A…

Read more →

  If the latest reports are correct, Apple consumers have just over a fortnight to wait until the launch of iOS 18.1 and the belated arrival of Apple Intelligence, the flagship feature in the latest iOS release. Until then the…

Read more →

  US Government’s Cybersecurity and Infrastructure Security Agency released a warning regarding cyberattackers use of unencrypted cookies managed by the F5 BIG-IP Local Traffic Manager, by which they gather information about private networks. In this manner, these attackers identify the…

Read more →

  Over the past year, OpenAI has successfully disrupted over 20 operations by foreign actors attempting to misuse its AI technologies, such as ChatGPT, to influence global political sentiments and interfere with elections, including in the U.S. These actors utilized…

Read more →

  Cyberterrorism, biometric data poisoning, and metaverse crimes are the most serious digital threats that humans are expected to face in the future, a senior Dubai official said.  Major Tarek Belhoul, head of Dubai Police’s virtual assets crime branch, stated,…

Read more →

  In HR, blockchain technology is still in its infancy when it comes to gaining acceptance among the people. Despite this, it stands to be a great boon for the future of work as well. The APQC report indicates that…

Read more →

  G DATA Security Lab has discovered a sophisticated malware operation that used Bitbucket, a popular code hosting platform, to propagate AsyncRAT, a well-known remote access trojan.  According to the study, the attackers employed a multi-stage assault strategy, exploiting Bitbucket…

Read more →

  Awaken Likho, also referred to as Core Werewolf or PseudoGamaredon, is a cyber threat group targeting Russian government agencies and industrial entities. Since June 2024, a new campaign has been observed, where attackers have shifted from using UltraVNC to…

Read more →

  Overview of the Exploit Hackers recently leveraged a serious security weakness, said to be a “zero-day,” that exists within the Qualcomm chipsets used in many popular Android devices. Qualcomm confirmed that at the time they were first exploited by…

Read more →

  It is a type of messaging that is protected from everyone, including the messaging service itself, because of end-to-end encryption (E2EE). Using E2EE, a message cannot be decrypted until the sender and the recipient can see it in the…

Read more →

  Japanese tech giant Casio recently experienced a cyberattack on October 5, when an unauthorized individual accessed its internal networks, leading to disruptions in some of its services. The breach was confirmed by Casio Computer, the parent company behind the…

Read more →

  A new information-stealing malware has been discovered that is capable of exfiltrating a large amount of sensitive information while also disabling antivirus products to create persistence on target endpoints. CYFIRMA cybersecurity researchers have published a detailed investigation of the…

Read more →

  Having your Gmail account hacked can feel like a nightmare, especially when recovery details like phone numbers and email addresses have been changed by a hacker. Fortunately, recovering a compromised account is still possible, even if most security and…

Read more →

  Comcast Cable Communications LLC reports that it is a victim of a data breach compromising personal information of more than 237,000 individuals, including 22 residents of Maine. According to an investigation, the breach is traced back to Financial Business…

Read more →

  The rapid advancement of AI technology in the past few years has brought about several benefits for society, but these advances have also led to sophisticated cyber threats. India is experiencing explosive growth in digital adoption, making it one…

Read more →

American Water Works, the country’s largest provider of water services to 14 states, recently reported that it was cyber attacked on its information technology system. The current report has indicated that operational technology systems that control delivery of water within…

Read more →

  In today’s world, technology is integral to the operations of every organization, making the adoption of innovative tools essential for growth and staying competitive. However, with this reliance on technology comes a significant threat—Shadow IT.   Shadow IT refers to…

Read more →

  According to a report issued by the United Nations Office for Drugs and Crime, dated October 7, criminal networks across Southeast Asia are increasingly turning to the messaging platform Telegram for conducting comprehensive illegal activities. It says Telegram, due…

Read more →

In 2023, cybercrime syndicates in Southeast Asia managed to steal up to $37 billion, according to a report by the United Nations Office on Drugs and Crime (UNODC). Inside the World of Cybercrime Syndicates in Southeast Asia This staggering figure…

Read more →

  A new phishing scam is emerging, where hackers send threatening emails to people with personal details like images of their homes and addresses. This scam tricks recipients into believing their privacy is compromised, urging them to pay money or…

Read more →

  A Wall Street Journal report claims that Chinese hackers gained access to systems used for court-authorized wiretaps by breaking into the networks of major US telecommunications companies.  The breach, which targeted companies such as Verizon Communications, AT&T, and Lumen…

Read more →

  The media have reported that the US government has filed yet another lawsuit to recover nearly $2.69 million worth of stolen digital assets from North Korea’s notorious Lazarus hacking group. It was filed on October 4, 2024, and concerns…

Read more →

  Qantas recently experienced a security breach involving employees of India SATS, its ground handler in India. These employees exploited their access to alter customer bookings and divert frequent flyer points into their own accounts. The fraud, which occurred in…

Read more →

Technological advancements have brought about an unparalleled transformation in our lives. However, the flip side to this progress is the escalating threat posed by AI-driven cyberattacks.  Rising AI Threats Artificial intelligence, once considered a tool for enhancing security measures, has…

Read more →

  Microsoft Windows users are facing increasing security risks as the end of support for older versions of Windows approaches. Recently, Microsoft warned 50 million users of outdated operating systems such as Windows XP, Vista, 7, and 8.1 that they…

Read more →

  With the changing nature of threats in cyberspace becoming sharper by the day, business houses are seen as shy about entrusting their precious data to the cybersecurity firm of choice. Shallow, flashy, and blanket marketing tactics that worked a…

Read more →

  Recently, Apple fixed a serious flaw in its VoiceOver feature that caused privacy concerns for users of iPhones and iPads. The bug, known as CVE-2024-44204, allowed the VoiceOver accessibility tool to read saved passwords aloud, a serious concern for…

Read more →

  The creation and use of passwords is one of the areas where websites and mobile apps lay down rules for making them as safe as possible. However, a federal agency thinks some of the requirements do more harm than…

Read more →

  Google has started testing a new feature in its search results that adds a blue checkmark next to certain websites, aiming to enhance user security while browsing. As of now, this experiment is limited to a small number of…

Read more →

  During World War II, the U.S. Army Air Forces launched two attacks on ball bearing factories in Schweinfurt, aiming to disrupt Germany’s ability to produce machinery for war. The belief was that halting production would significantly affect Germany’s capacity…

Read more →

  Aqua Security researchers have raised concerns about a newly identified malware family that targets Linux-based machines in order to get persistent access and control resources for crypto mining. The malware, known as perfctl, purports to exploit over 20,000 different…

Read more →

Insider threats have emerged as a particularly insidious and costly problem. Organizations are experiencing a significant surge in cyberattacks originating from insider threats, with remediation costs soaring up to $2 million per incident. Gurucul’s research, which involved a survey of…

Read more →

  Comcast has confirmed that sensitive data on 237,703 of its customers was stolen in a cyberattack on Financial Business and Consumer Solutions (FBCS), a debt collection agency it previously worked with. The breach, which occurred in February 2024, involved…

Read more →

  A report in The Wall Street Journal on Saturday reported that Chinese hackers broke into the network of a major U.S. broadband service provider and obtained information about the wiretapping system being used by the federal government, according to…

Read more →

  Cyberattacks in healthcare are growing more common and can disrupt an organization’s operations. Healthcare organisations handle a lot of sensitive data, including financial information, patient health records, and identifying data, making them prime targets for cybercriminals.  This vulnerability is…

Read more →

  Google is introducing new high-level theft protection features for Android 10 and above devices across Google Play services. The new technologies were announced at the I/O 2024 event, with the main idea being to protect users’ data and make…

Read more →

  There has been an increase in fraudulent telephone calls disguised as local numbers in recent years which has alarmed Indian citizens. Messages sent by cybercriminals operating internationally originate from Calling Line Identity (CLI) systems that allow them to mask…

Read more →

Recently, there’s been some buzz around New York City Mayor Eric Adams and his cellphone. Federal investigators seized his phone almost a year ago during a corruption investigation, but they can’t unlock it. Adams says he forgot his phone password,…

Read more →

  The Indian government has disconnected over 1.77 crore mobile connections registered with fake or forged documents using AI-powered tools, according to a recent announcement by the Department of Telecommunications (DoT). The AI-based system has identified and blocked 45 lakh…

Read more →

  In a new wave of cyberattacks, hackers are using Microsoft’s Visual Studio Code (VSCode) as a remote access tool to gain unauthorized entry into computers, according to Cyble Research and Intelligence Labs. Visual Studio, a popular integrated development environment…

Read more →

  A recent investigation by Group-IB revealed a large-scale fraud operation involving fake trading apps on the Apple App Store and Google Play Store, as well as phishing sites to deceive victims. The scheme is part of a wider investment…

Read more →

  Cybernews reported on September 23 that background check company MC2 Data suffered a major data breach, exposing 2.2 terabytes of sensitive information. This breach potentially affects about 100 million Americans, raising serious concerns among cybersecurity experts about the risks…

Read more →

A new and highly sophisticated malware strain has emerged, posing a significant threat to millions of Linux servers worldwide. Dubbed “perfctl,” this fileless malware employs advanced evasion techniques and exploits a staggering 20,000 misconfigurations in Linux servers.  Its primary targets…

Read more →

A new wave of cyberattacks is targeting users in France, exploiting fake browser and software update prompts to spread an updated version of the WarmCookie backdoor. The campaign, dubbed “FakeUpdate,” has been linked to the SocGolish threat group, known for…

Read more →

  MoneyGram, a payment provider, claims there is no proof that ransomware was behind a recent incident that caused a five-day outage in September.  MoneyGram is an American payment and money transfer platform that allows customers to send and receive…

Read more →

A recent demonstration by Harvard student AnhPhu Nguyen using Meta Ray-Ban 2 smart glasses has revealed the alarming potential for privacy invasion through advanced AI-powered facial recognition technology. Nguyen’s experiment involved using these $379 smart glasses, equipped with a livestreaming…

Read more →

  In the summer of 2013, cybercriminals gained access to 5% of all Adobe Commerce and Magento stores worldwide. Large international brands have fallen victim to this attack and are among the victims. The CosmicSting attack is being conducted by…

Read more →

  In a shocking incident, SP Oswal, chairman of the Vardhman Group, India, fell victim to a scam that cost him over INR 7 crore. The 82-year-old businessman was tricked into believing he was under investigation for money laundering, with…

Read more →

  Ransomware is a significant threat that can lock users out of their own files until a ransom is paid to recover the data. CBS News recently highlighted the devastating impact of ransomware, focusing on the Scattered Spider group, which…

Read more →

  In response to the recent publication of the Counter Ransomware Initiative (CRI), members of the initiative have provided new guidance to organizations so they can consider other possibilities before paying cyber criminals a ransom. The new guidelines aim to…

Read more →

  Ransomware continues to pose significant issues for businesses and organisations around the world, and with attacks on the rise, the UK and 38 other nations have joined forces with international cyber insurance authorities to create new guidelines aimed at…

Read more →

  As multi-factor authentication (MFA) becomes more common, attackers are increasingly resorting to session hijacking. Evidence from 2023 shows this trend: Microsoft detected 147,000 token replay attacks, marking a 111% increase year-over-year. Google reports that attacks on session cookies now…

Read more →

  A new variant of the Rhadamanthys information stealer malware has been identified, which now poses a further threat to cryptocurrency users by adding AI to seed phrase recognition. The bad guys behind the malware were not enough in themselves,…

Read more →

The Andariel hacking group, a notorious entity linked to North Korea, has recently shifted its focus towards financially motivated attacks on U.S. organizations. This pivot, observed in August 2024, marks a significant change in the group’s operational strategy, raising concerns…

Read more →

  A recent study presented at the 2024 Web Conference has identified a rising cybersecurity risk known as “phantom domains.” These phantom domains result from unregistered or placeholder dot-com links that hackers can hijack, turning them into dangerous attack vectors. …

Read more →

  Using a variety of character types in your passwords and changing them on a regular basis are no longer considered best practices for password management. This is according to new standards published by the United States National Institute of…

Read more →

  DrayTek recently patched 14 vulnerabilities in 24 router models, including a critical buffer overflow flaw that could allow remote code execution (RCE) or denial of service (DoS). The vulnerabilities, identified by Forescout Research’s Vedere Labs and described in their…

Read more →

  During an investigation conducted recently, it was discovered that several malicious packages masquerading as services for recovering cryptocurrency wallets were found in the Python Package Index repository, revealing that they were spying on sensitive personal information and helping to…

Read more →

  A fake crypto wallet draining app on Google Play has stolen USD 70,000 from users, making it the first case where mobile users were specifically targeted by such a scam. The app stayed active for several months before being…

Read more →

  Microsoft has released an update regarding the Recall feature in Windows 11, which has been on hold for some time owing to security and privacy concerns. The document also details when Microsoft intends to move forward with the feature…

Read more →

Necro Trojan, which has recently made headlines for its innovative use of steganography has compromised over 11 million Android devices. This blog delves into the intricacies of this malware, how it works, and its impact on cybersecurity. Understanding the Necro…

Read more →

  One-third of all the Americans’ information has been leaked by a background check company in the United States due to a disturbing data breach report. MC2 Data, which is one of the largest providers of background checks in the…

Read more →

  Over the past few years, AI assistants have made coding easier for developers in that one is able to quickly develop and push code over to GitHub, among others. But with so much automation going on, the risk of…

Read more →

  It is no secret that cloud computing is efficient and scalable, however, they do come with a price tag. Many top executives are concerned about specific security threats faced by cloud environments, and these are also the ones they…

Read more →

  Travelers have long been warned about the dangers of public Wi-Fi, especially in places like airports, where lax security makes them a hacker’s playground. A recent arrest in Australia has drawn attention to the resurgence of “evil twin” attacks,…

Read more →

  The Evil Corp cybercrime group has been hit with fresh sanctions by the United States, United Kingdom, and Australia. Additionally, the U.S. has indicted a member for their involvement in BitPaymer ransomware attacks. Back in 2019, the U.S. had…

Read more →

Email, the backbone of communications in today’s age, also serves as a common vector for cyberattacks, particularly phishing scams. Phishing emails are designed to trick recipients into revealing sensitive information or downloading malicious software. To protect yourself, it’s crucial to…

Read more →

  Japan’s Computer Emergency Response Center (JPCERT/CC) recently revealed strategies to detect ransomware attacks by analyzing Windows Event Logs, offering vital early detection before the attack spreads. JPCERT’s insights focus on identifying digital traces left behind by ransomware within four…

Read more →

Hong Kong has experienced a rise in cybersecurity threats, scammers are targeting individuals and businesses. A recent survey highlighted by the South China Morning Post (SCMP) reveals that nearly two-thirds of victims have suffered financial losses or wasted valuable time…

Read more →

  Today, Virtual Private Networks (VPNs) have become omnipresent. Millions around the world use VPNs, and they are often promoted by influencers as essential tools for privacy. Their rise in popularity stems from the idea that they offer online privacy…

Read more →

  There is a renewed effort underway in the fight against spam and unsolicited commercial communication as the Department of Telecom (DoT), the telecom regulator Trai, and private telecommunication companies are launching new programs to combat cyber fraud and phishing…

Read more →

  The Community Clinic of Maui, also known as Mālama, recently notified over 123,000 individuals that their personal data had been compromised during a cyberattack in May. Hackers gained access to sensitive information between May 4 and May 7, including…

Read more →

  Microsoft has uncovered a multi-stage cyberattack by the financially motivated group Storm-0501, targeting sectors in the U.S., including government, manufacturing, transportation, and law enforcement.  The attackers compromised hybrid cloud environments, stealing credentials, tampering with data, and deploying ransomware. Storm-0501,…

Read more →

  The UK’s National Cyber Security Centre (NCSC) collaborated with government agencies across the Atlantic to issue a new alert regarding Iranian cyber-threats last week.  The security advice, issued in collaboration with the FBI, US Cyber Command – Cyber National…

Read more →