Category: CySecurity News – Latest Information Security and Hacking Incidents

Google is implementing a new data policy for Android apps that also includes a setting for account deletion to provide customers with more transparency and control over the data.  The measure would compel app developers to provide users with in-app…

Read more →

  Ichitaro is a widely recognized word processing software in Japan created by JustSystems. Cisco Talos recently discovered four bugs in it that might result in arbitrary code execution. Ichitaro employs the.jtd file extension and the ATOK input method (IME).…

Read more →

Cryptocurrency companies were among the targets of the recent 3CX supply chain attack, according to security researchers. The attack began with the compromise of 3CX, a VoIP provider used by businesses for communication services. Cyber attackers then installed a backdoor…

Read more →

Chatbots have become increasingly popular in recent years, thanks to advancements in artificial intelligence (AI) and natural language processing (NLP). These bots can mimic human conversation and are used in a variety of applications, such as customer service and mental…

Read more →

  It has been confirmed that Greg Wells, Service NSW’s chief executive, said that the personal information of 3,700 customers was left exposed. This incident occurred on March 20 between 1:20 pm and 2:54 pm.  Earlier this week, 3700 affected…

Read more →

US Immigration and Customs Enforcement (ICE) have come under scrutiny for its questionable tactics in data collection that may have violated the privacy of individuals and organizations. Recently, ICE’s use of custom summons to gather data from schools, clinics, and…

Read more →

  Security researchers are concerned about a new ransomware strain that they characterise as a hybrid of the most potent ransomwares currently in use.  Researchers from the Israeli cybersecurity company Check Point named the new ransomware “Rorschach” and claimed their…

Read more →

STYX, a new dark web marketplace is turning into a booming hub for purchasing and selling illicit services or stolen data. STYX is a new dark web marketplace that was launched earlier this year, and it seems to be on…

Read more →

  An ALPHV/BlackCat ransomware affiliate was spotted gaining early access to the target network by abusing three flaws in the Veritas Backup product. The ALPHV ransomware operation first appeared in December 2021, and it is thought to be controlled by…

Read more →

Exploring the World of Cybercrime: Insights from “Inside the Halls of a Cybercrime Business” The world of cybercrime is shrouded in mystery, with many of us left wondering how these criminals operate and how they remain undetected. However, a recent…

Read more →

The Bank of England has taken steps to prepare financial institutions for the possibility of a major cyber attack by instructing them to enhance their defenses. The Bank is concerned that Russian-linked hackers may attempt to destabilize the financial system,…

Read more →

  After Italy became the first Western country to block advanced chatbot ChatGPT on Friday due to a lack of transparency in its data use, Europe is wondering who will follow. Several neighboring countries have already expressed interest in the…

Read more →

  On the threat landscape in recent years, alarming numbers of ransomware groups sprung up. This is just as mushrooms grow from the ground after a shower.  In recent months, an emerging ransomware group called ‘Money Message’ has appeared. This…

Read more →

Pinduoduo, a popular Chinese e-commerce app, has come under scrutiny from cybersecurity experts after multiple reports of malware surfaced. According to CNN, a recent analysis found that the app contained a ‘sophisticated and complex’ malware strain that allowed attackers to…

Read more →

Clearview’s CEO has recently acknowledged the notorious facial recognition database, used by the law enforcement agencies across the nation, that was apparently built in part using 30 billion photos that were illicitly scraped by the company from Facebook and other…

Read more →

  Today, almost every industry is plagued by the fear of catastrophic flaws and dangers supported by nation-states. Cyber threats are understandable in their scope and sophistication. The lucrative nature of ransomware, automation, intellectual property theft, and business email breach…

Read more →

The internet has come a long way since its inception, and it has undergone several changes. The initial version of the internet, known as Web 1.0, was mostly static and one-way, with users only able to consume content. With the…

Read more →

In 2018, a group of men in Maharashtra state of India was tricked into being unwitting participants in a major bank heist. The men, who believed they were being offered small roles in a Bollywood film, were in fact being…

Read more →

A multiple class action class lawsuit has been filed against Dish Network, following a ransomware incident that caused the company’s multi-day “network outage.”  The lawsuit, filed across several states, asserts that DISH “overstated” its operating efficiency while operating with inferior…

Read more →

  Some of the victims of the 3CX supply chain attack had their systems backdoored with Gopuram malware, with threat actors targeting cryptocurrency companies, particularly with this additional malicious payload.  In a large-scale supply chain attack, North Korean threat actors…

Read more →

Penetration testing is a critical component of any cybersecurity program. It involves simulating a real-world attack on an organization’s systems and infrastructure to identify vulnerabilities that can be exploited by hackers. However, traditional penetration testing methods can be time-consuming, labor-intensive,…

Read more →

  In a report, German authorities have seized Internet servers used by FlyHosting, a dark web company that offers DDoS-for-hire services. On November 20, 2022, FlyHosting posted an advertisement on a cybercrime forum to attract customers. The company stated that…

Read more →

  The dark web has developed into a centre for criminal activity in recent years, including human trafficking, cybercrime, and drug trafficking. And now, sources claim that Delhi is quickly becoming a hub for dark web syndicates.  Multiple criminal organisations…

Read more →

Blockchain technology is a digital ledger that is revolutionizing the way we conduct transactions, store data, and manage digital assets. It is a distributed, decentralized system that provides transparency, security, and immutability, making it a perfect fit for various industries. …

Read more →

  Recently, Latitude Financial, a company listed on the Australian Securities Exchange (ASX), reported that it had suffered a cyber attack. The company stated that the attack was believed to have originated from a major vendor used by the company…

Read more →

  LastPass, a password management company, made headlines last month when it revealed that one of their DevOps engineers had his personal home computer hacked and infected with keylogging malware, resulting in the exfiltration of corporate data from the vendor’s…

Read more →

Adaptive Access Technologies: A Dynamic Approach to Security and Agility Adaptive access technologies are gaining traction in the realm of cybersecurity due to their dynamic and intelligent approach to security that can adapt to the ever-changing threat landscape and provide…

Read more →

A recently discovered supply chain attack has targeted the 3CX desktop app, compromising the security of thousands of users. According to reports, the attackers exploited a 10-year-old Windows bug that had an opt-in fix to gain access to the 3CX…

Read more →

The Ukrainian police have detained 10 suspects, arresting two for allegedly being involved in a cybercrime group that conducted phishing campaigns and was a part of fraudulent online marketplaces, stealing more than $4.3 million from over 1,000 users across Europe. …

Read more →

  Microsoft Azure Active Directory (Azure AD) appears vulnerable to a new vulnerability discovered by security researchers. It was discovered that a vulnerability in Bing search results allowed users to alter the results and view users’ private information. This included…

Read more →

  Sundar Pichai, CEO of Alphabet and Google, has announced that the company will soon offer more competent AI models in response to criticism of his ChatGPT rival, Bard.  According to Pichai, Bard is now competing with “more powerful automobiles”…

Read more →

  To perform espionage, an advanced hacking group known as ‘Winter Vivern’ targets European government organizations and telecommunications service providers. Since this group’s activities align with the interests of the Russian and Belarusian governments, it is presumed to be a…

Read more →

NTC Vulkan is a cybersecurity consultancy firm based in Moscow, which appears to offer ordinary cybersecurity services on the surface. However, a recent leak of confidential documents has revealed that the company’s engineers are also involved in the development of…

Read more →

The SafeMoon token liquidity pool lost $8.9 million, after a threat actor took advantage of a recently developed “burn” smart contract function that artificially inflate the token price, enabling the actors to sell SafeMoon at a much higher price.  SafeMoon…

Read more →

On March 31, 2023, several companies reported that their 3CX phone systems had suddenly stopped working. Upon investigation, they found that their systems had been compromised by a malicious software update delivered by 3CX’s automatic update system. In this blog,…

Read more →

Cybersecurity threats are increasing every year, and 2023 is no exception. In February 2023, there was a surge in ransomware attacks, with NCC Group reporting a 67% increase in such attacks compared to January. The attacks targeted businesses of all…

Read more →

  Since February 2023, a Russian hacking group known as TA473, also identified as “Winter Vivern,” has been actively stealing the emails of NATO leaders, governments, soldiers, and diplomats by taking advantage of flaws in unpatched Zimbra endpoints. Sentinel Labs…

Read more →

  It has become increasingly apparent in the past few years that technology has played a significant role to assist hospitals and patients in managing their interactions. This is at a time when healthcare systems are stretched to their limits.…

Read more →

  Proofpoint, a cybersecurity research firm, recently discovered two new variants of the IcedID malware namely “Lite” and “Forked.” The original IcedID malware has been around since 2017 and is commonly used by cybercriminals, but these new versions were only…

Read more →

Although it seems simple in theory, the reality is more nuanced when it comes to privacy. Our experience online has been significantly changed by ongoing technological advancements. Today, we use the internet for more than simply work and study; we…

Read more →

  Researchers at the University of Rochester examined what ChatGPT would write after being asked questions sprinkled with conspiracy theories to determine how the artificial intelligence chatbot would respond.  In recent years, researchers have advised companies to avoid chatbots not…

Read more →

Chatbots are curbing a crucial line of defense against bogus phishing emails by rectifying grammatical and spelling errors, a key attribute to trace fraudulent mails, according to experts.  The warning comes as international advisory published from the law enforcement agency…

Read more →

  Cybersecurity experts are warning about a new threat in the form of trojanized Tor browser installers. The Tor browser is a popular tool used by individuals to browse the internet anonymously. However, cybercriminals have been able to create fake…

Read more →

IBM’s widely used Aspera Faspex has been found to have a critical vulnerability with a 9.8 CVSS rating, which could have serious consequences for organizations using the software. This blog will discuss the vulnerability in detail and the importance of…

Read more →

  The company ByteDance, which owns TikTok’s parent company ByteDance, released Lemon8, a social network app. Lemon8 boasts being one of this week’s top 10 most downloaded apps on the US App Store.  Lemon8 was released in Japan in 2020,…

Read more →

  Threat actors can use a new modular toolkit called ‘AlienFox’ to scan for misconfigured servers and steal authentication secrets and credentials for cloud-based email services. The toolkit is sold to cybercriminals through a private Telegram channel, which has become…

Read more →

  New social media sites are launched on a regular basis. Many of these social platforms gain popularity and then fade away. This begs the question, are there any disadvantages to joining a new social media site? The most straightforward…

Read more →

  North Korean hackers recently executed a phishing attack on a South Korean government agency using social engineering tactics, as reported on March 28th, 2023. The perpetrators belonged to a group known as APT Kimsuky, linked to North Korea’s intelligence…

Read more →

  Elon Musk, Steve Wozniak, and Tristan Harris of the Center for Humane Technology are among the more than 1,100 signatories to an open letter that was published online Tuesday evening and requests that “all AI labs immediately pause for…

Read more →

Microsoft has been integrating Copilot AI assistants across its product line as part of its $10 billion investment in OpenAI. The latest one is Microsoft Security Copilot, that aids security teams in their investigation and response to security issues.  According…

Read more →

Clearview, a facial recognition company has apparently conducted nearly a million searches, helping US police. Haon Ton, CEO of Clearview has revealed to BBC that the firm now has looked into as much as 30 billion images from various platforms…

Read more →

  Uptycs, a cybersecurity company that discovered the information-stealing malware while searching for threats on the dark web, is warning that Mac computers have been the latest targets of updated info-stealing malware.  The iCloud Keychain can easily access cryptocurrency wallets…

Read more →

  A firm providing virtual mental health services for children is the latest victim of Fortra’s widespread ransomware onslaught, which has spread its effects even further.  The American healthcare behemoth Blue Shield of California confirmed that data from one of…

Read more →

A new cybersecurity threat has recently emerged in the form of the NullMixer campaign, which is causing concern among experts. The campaign has been found to distribute new polymorphic loaders, a type of malware that poses a significant threat to…

Read more →

  In accordance with a new report, Pinduoduo, a popular Chinese shopping app, exploited a zero-day vulnerability in the Android operating system to uplift its own privileges, rob personal data from infected endpoints, and install malicious apps.   Numerous sources validated…

Read more →

  Cybercrime is a problem that is only escalating and is bad for business, as one might anticipate. Regardless of how you feel about it, it forces your business to take action in order to secure its infrastructure. Current threat…

Read more →

InterPlanetary File System (IPFS) is a peer-to-peer distributed file system, that allows users around the world to exchange files. Instead of using file paths for addressing like centralized systems do, IPFS uses unique content identifiers (CID). The file itself stays…

Read more →

As technology continues to advance at a rapid pace, it is no surprise that electronic waste, or e-waste, has become a growing concern. With many companies constantly upgrading their IT equipment, the amount of electronic waste being produced is on…

Read more →

  The UPI (Unified Payment Interface) payment system has significantly changed how online payments are made in India. The UPI system allows banking customers to transfer money instantly across bank accounts for all kinds of transactions, including online shopping and…

Read more →

  You’re not alone if you’ve felt paranoid after your phone displayed an advertisement for a random item you just discussed. If you’ve recently been discussing it with a friend, seeing an advertisement for the same product can leave you…

Read more →

Recently, Microsoft has acted quickly in patching up the ‘acropalypse’ bug that was discovered earlier this week. The bug could apparently enable information cropped out of images via the Windows screenshot tools to be recovered.  According to BleepingComputer, Microsoft has…

Read more →

  Dallas County officials are striving to determine the scope of a potentially massive data breach after discovering that personal data remained on thousands of computers sold at auction. The sheriff’s department used some of the computers, which comprised data…

Read more →

  As the US Congress considers a ban on the Chinese social media app TikTok over security concerns, millions of Americans continue to download Chinese-designed apps that pose even greater privacy risks. Despite this, there has been no outcry from…

Read more →

  It is now reported that the Clop ransomware group – known for its Linux variant recently – has used the zero-day vulnerability of the GoAnywhere MFT file transfer tool that they claim to have hacked into hundreds of organizations…

Read more →

Online security has become a major concern for individuals and businesses alike, as cyber-attacks become more sophisticated and prevalent. Passwords play a critical role in protecting online security, but the traditional method of using passwords has become inadequate due to…

Read more →

In nearly every congress hearing on big tech, be it on privacy, monopoly, or in the case of last week’s TikTok hearing on national security, at least one lawmaker is seen to be concerned about something along with the lines…

Read more →

  Among the largest asset managers in the United Kingdom, the U.K. Pension Protection Fund, which manages £39 billion in assets, confirmed that the hack against GoAnywhere, the popular file-transferring service, had impacted it.  There have been many reports in…

Read more →

Malvertising has been a more popular tool employed by cybercriminals in recent years to exploit unsuspecting internet users. When people click on an infected ad, malware is transferred to their computers and mobile devices, which is known as malvertising. Sadly,…

Read more →

  Cybercriminals most frequently use phishing as a method of attack. This communication is a hoax designed to trick the recipient into disclosing private information, sending money, or clicking on a dangerous link. Usually, it is transmitted by email, social…

Read more →

  Microsoft has released a detailed guide to assist customers in detecting signs of compromise by exploiting a recently patched Outlook zero-day vulnerability. This privilege escalation security flaw in the Outlook client for Windows, tracked as CVE-2023-23397, enables attackers to…

Read more →

UK’s National Crime Agency (NCA) has recently conducted a sting operation as a part of Operation Power Off, a collaboration of international law enforcement agencies to shut down DDoS (distributed denial of service) infrastructure.  In order to sabotage the online…

Read more →

  After taking ChatGPT offline on Monday, OpenAI has revealed additional information, including the possibility that some users’ financial information may have been compromised.  A redis-py bug, which led to a caching problem, caused certain active users to potentially see…

Read more →

OpenAI’s ChatGPT, an artificial intelligence (AI) language model that can produce text that resembles human speech, has a security flaw. The flaw enabled the model to unintentionally expose private user information, endangering the privacy of several users. This event serves…

Read more →

  Many documents purported to have been stolen from Minneapolis Public Schools, and have now been posted online. In the days following the announcement of the breach, a cyber gang claimed that the district did not meet its deadline to…

Read more →

MLflow, an open-source framework used by many organizations to manage and record machine-learning tests, has been patched for a critical vulnerability that could enable attackers to extract sensitive information from servers such as SSH keys and AWS credentials. Since MLflow…

Read more →

  The open-source developer platform GitHub, which is owned by Microsoft, has revealed the debut of Copilot X, the company’s perception of the future of AI-powered software development. GitHub has adopted OpenAI’s new GPT-4 model and added chat and voice…

Read more →

  The sense of wondering if you’ve just infected your phone or computer with a virus is familiar if you’ve ever clicked on a link someone sent you, say in an email or a direct message, only to be sent…

Read more →

  In a joint warning issued by the German and South Korean intelligence agencies, it has been noted that a North Korean hacker group named Kimsuky has been increasing cyber-attack tactics against the South Korean network. With sophisticated phishing campaigns…

Read more →

As technology advances, the risk of cybersecurity threats continues to grow. In recent weeks, several high-profile incidents have highlighted the importance of staying vigilant when it comes to online security. In this article, we will take a closer look at…

Read more →

Post-exploitation attack technique has been discovered that enables adversaries to read cleartext user passwords for Okta, the identity access, and management (IAM) provider, acquiring extensive access to the corporate environment.  Mitiga researchers found that if users unintentionally type their passwords…

Read more →

Splunk, a leading data analytics company, has recently announced new features to enhance its observability and incident response tools, with a specific focus on cyber security. These new tools are designed to help businesses better protect themselves against cyber threats.…

Read more →

  The business advisor Bill Gates, who co-founded Microsoft and has been a business advisor for decades, has claimed that artificial intelligence (AI) is the greatest technological advancement since the development of the internet. He made such a claim in…

Read more →

  This week, the US Cybersecurity and Infrastructure Security Agency (CISA) released recommendations for a total of 49 vulnerabilities in eight industrial control systems (ICS) utilised by businesses in various critical infrastructure sectors. Several of these vulnerabilities are still unpatched. …

Read more →

A new case of a massive data breach that would have had consequences over the national security has recently been exposed by Cyberabad Police. The investigation further led to the arrest of seven individuals hailing from a gang, allegedly involved…

Read more →

Security Observability  Security Observability is an ability to gain recognition into an organization’s security posture, including its capacity to recognize and address security risks and flaws. It entails gathering, analyzing, and visualizing security data in order to spot potential risks…

Read more →

  A serious privacy vulnerability known as ‘acropalypse’ has also been discovered in the Windows Snipping Tool, enabling people to partially restore content that was photoshopped out of an image.  Security researchers David Buchanan and Simon Aarons discovered last week…

Read more →

  As of recently, several potential vulnerabilities have been identified in Aveva’s HMI & SCADA products, which could be of significant concern to organizations using these technologies. The InTouch Access Anywhere HMI and Plant SCADA Access Anywhere products of Aveva…

Read more →

  Following a ransomware attack on LockBit’s network last month that caused information from its network to be leaked, the city of Oakland in the state of California has been uploaded to the dark web victim blog. In order to avoid…

Read more →

  Artificial intelligence (AI) has become an increasingly popular tool in the business world, offering a range of benefits such as automation, efficiency, and improved decision-making. However, its implementation also comes with a set of challenges that organizations must address…

Read more →

  An FBI officer has arrested a former administrator and owner of an infamous hacker forum that exposed data on companies such as HDB Financial Services, Rail Yatri, Acer, WhatsApp, Truecaller India, Hyundai India, Skoda India, etc.  According to the…

Read more →

Microsoft started limiting macros in Office files by default in February 2022, making it more difficult for attackers to execute malicious code. According to data gathered by the HP Threat Research team, attackers have been changing their methods since Q2…

Read more →

  The BianLian gang has abandoned its strategy of encrypting files and demanding a ransom in favour of outright extortion.  Avast, a cybersecurity company, released a free decryptor for BianLian victims in January, which appears to have persuaded the criminals…

Read more →

  If you receive an unusual phone call from a family member in trouble, be cautious: the other person on the line could be a scammer impersonating a family member using AI voice technologies. The Federal Trade Commission has issued…

Read more →

  Amazon’s Ring, a popular brand of home security cameras, is facing a major cybersecurity threat. The company has been targeted by a ransomware gang, which has threatened to release sensitive data about Ring’s customers if the company does not…

Read more →

The recent Ring home security ransomware incident and Eufy’s insecure network has left numerous researchers and users wondering about the cyber safety these home security and surveillance firms possess.  Product reviewers and tech journalists are even left with a sense…

Read more →

  The Wall Street Journal reported last month on a recent trend in phone theft: Thieves in major cities want more than just expensive smartphones; they also want the users’ PINs. What’s the reason? A stolen phone may fetch a…

Read more →

  We all use far too many passwords, and they’re probably not all that secure. Passkeys are the next development in password technology and are intended to replace passwords with a more secure approach.  Password troubles  For a very long…

Read more →

During the investigation into the hacking of the DEA portal in 2022, one of the young American men was accused of breaking in and stealing data from the site. The portal breach provided criminals with access to sensitive information because…

Read more →

  The health industry has recently come under increasing pressure to protect sensitive data from cyberattacks as these attacks become more frequent and sophisticated. Healthcare providers have been targeted by cybercriminals seeking to obtain sensitive patient data such as medical…

Read more →

  Last year, cybercriminals began using a novel method to steal subscriber data from social media companies: they would hack into police email accounts using stolen passwords purchased on the dark web, then utilise their access to file an emergency…

Read more →