Category: CySecurity News – Latest Information Security and Hacking Incidents

  The threat group, known as LockBit, is one of the most notorious ransomware groups operating currently. As a result, they have become very active on dark web forums. In addition, they are exploiting the negative publicity created by other…

Read more →

Recently, a new Golang-based information stealer malware, named ‘Titan Stealer’ is being promoted by threat actors in their Telegram channel. Initial details regarding the malware were discovered by cybersecurity researcher Will Thomas in November 2022 by using the IoT search…

Read more →

  The risk of being victimised by ransomware has grown over time. The frequency and sophistication of these attacks, which affects every industry, have both steadily increased. Additionally, when these attacks become more well-known among businesses, they search for fresh…

Read more →

Qwant and DuckDuckGo are two privately-focused search engines that guarantee not to track your activities. Their ability to assist you in avoiding the privacy-invading methods that are all too prevalent among big search engines is one of the key components…

Read more →

  Despite being one of the most popular password managers on the market, LastPass has suffered another major breach, putting the passwords of customers risk as well as their personal information.   It was established just over a year ago that…

Read more →

A new ransomware variant known as Mimic was found by security researchers, and it uses the Windows ‘Everything’ file search tool’s APIs to scan for files that should be encrypted. The virus has been “deleting shadow copies, terminating several apps…

Read more →

  In a statement last week, the US Department of Justice claimed to have made progress against the significant ransomware organisation known as Hive.  Since last July, the FBI has been infiltrating Hive’s computer networks, and its disruption of the…

Read more →

  The Internet Systems Consortium (ISC) has issued updates to address multiple security flaws in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite, which could result in a denial-of-service (DoS) condition.  According to its website,…

Read more →

  As a business owner, you should be aware that cyberattacks are inevitable and that breaches may occur at any time. It’s a motivating factor for companies to plan so that cyber resilience and business recovery become an integral part…

Read more →

  The reason why most cyberattacks succeed is that the attackers surprise their targets. Before you can even say, “Kevin Mitnick,” the world’s most famous hacker, you’re dealing with the fallout from an assault.  Knowing what hackers are aiming for,…

Read more →

Mandiant Managed Defense has reliably resolved GOOTLOADER infections since January 2021. When spreading GOOTLOADER, malicious actors cast a wide net, affecting a variety of industrial verticals and geographical areas. Gootkit Malware The Gootkit Trojan is Javascript-based malware that carries out…

Read more →

Trend Micro has recently revealed details of the new type of ransomware, apparently targeting the APIs ‘Everything’ search tool to attack English and Russian-speaking Windows users.  The malware was discovered by the security firm researchers in June 2022 and was…

Read more →

  Apple iPhones are known for their strength and security features. The Cupertino-based tech behemoth releases security updates for its devices on a regular basis. Although Apple recommends that people install the most recent builds of iOS on their iPhones…

Read more →

Riot Games reported last week that a social engineering attempt had infiltrated the systems in their software platform. Motherboard got the ransom note that was sent to Riot Games and reported that hackers demanded $10 million in exchange for keeping…

Read more →

The U.S. Department of Justice (DOJ) recently confirmed that the FBI has infiltrated the activities of a popular cyber-crime gang, covertly disrupting their hacking attacks for more than six months.  According to DOJ, FBI gained deep access to the Hive…

Read more →

  One of the most recent discoveries was the Aurora Stealer malware, which imitated popular applications in order to infect as many users as possible. Cyble researchers discovered that threat actors are actively changing and customizing their phishing websites in…

Read more →

  Last summer, several Federal Civilian Executive Branch (FCEB) agencies were breached across several states of the US through a clever hacking operation that employed two off-the-shelf remote monitoring and management systems (RMMs).  A joint advisory was released on Jan.…

Read more →

  Proof-of-concept (Poc) code has been made available for a high-severity security vulnerability in the Windows CryptoAPI that Microsoft was notified of by the U.S. National Security Agency (NSA) and the U.K. National Cyber Security Centre (NCSC) last year.  The…

Read more →

  Earlier this month, the Apache Software Foundation announced that its log4j Java-based logging utility (CVE-2021-44228) had been vulnerable to a remote code execution vulnerability (CVE-2021-4428). It was rated a critical severity vulnerability by MITRE and given a CVSS score…

Read more →

The Threat Response Unit (TRU) of eSentire has been monitoring one of the most effective and covert malware families, Golden Chickens, for the past 16 months. The malware of choice for FIN6 and Cobalt, two of the most established and…

Read more →

  A new Python-based malware has been discovered in the wild, with remote access trojan (RAT) capabilities that permit its operators to regulate the compromised systems. The new RAT, dubbed PY#RATION by researchers at threat analytics firm Securonix, communicates with…

Read more →

The World Economic Forum (WEF) in Devos, Switzerland has come up with its set of uplifting predictions for 2023. The latest report warns of a global catastrophic cyber event in the near future.  The WEF Annual Meeting includes government leaders,…

Read more →

  In an effort to commit cryptocurrency heists, North Korean hackers are exhibiting a “startup mentality,” according to a report released on Wednesday by cybersecurity company Proofpoint.  The Sunnyvale, California-based company claimed that in December, a group they call TA444,…

Read more →

The US Department of Justice (DOJ), along with eight other US states have filed a lawsuit against tech-giant Google. DOJ, on Tuesday, accused Google of abusing its dominance in the digital ad market.  It has threatened to dismantle a significant…

Read more →

GoTo, the parent company of LastPass, has disclosed that hackers recently broke into its systems and seized encrypted backups belonging to users. It claimed that in addition to LastPass user data, hackers managed to obtain data from its other enterprise…

Read more →

  There is only one way to find out if you can trust someone, and that is by trusting them, according to Ernest Hemingway, considering that most organizations follow zero trust policies, which were developed nearly two decades ago by…

Read more →

  Over the past ten years or so, the environment for cyber threats has undergone a significant transformation, which has accelerated in recent years. The term “cyberwar” didn’t even exist until 30 years ago, and it’s still somewhat debatable today. …

Read more →

Recent years have seen an alarming increase in the number of cyberattacks against critical infrastructure, many of which involved ransomware. Particularly in terms of cyber resilience, the industrial industry appears to be falling behind.  Statistics  Research by SecurityScorecard shows that…

Read more →

  A $100 million cryptocurrency heist was committed by the Lazarus Group last June, which has been blamed by the FBI for the crime. Known for stealing cryptocurrency to help support the military and weapons programs of the North Korean…

Read more →

  The number of incidents in the government and mass media segments will increase this year, according to Kaspersky research experts’ predictions for challenges in Security Operation Centers (SOCs) in 2023. SOCs in these and other industries, as well as…

Read more →

  Today’s AI is highly developed. Artificial intelligence combines disciplines that make an effort to essentially duplicate the capacity of the human brain to learn from experience and generate judgments based on that experience. Researchers utilize a variety of tactics…

Read more →

  As reported by the Identity Theft Resource Center, the first half of 2022 saw fewer compromises reported, owing in part to Russian-based cybercriminals being distracted by the war in Ukraine and volatility in cryptocurrency markets.  However, data compromises rose…

Read more →

  Your home Wi-Fi network may not be as secure as you believe. Internet crime costed Americans more than $6.9 billion in 2021. Personal data breaches were also significant, in addition to phishing and scams. Many personal data breaches could…

Read more →

  The Indian government has mandated the use of a standard USB Type C charging port for all mobile phones beginning in 2025, following the lead of a European Union regulation.  It’s not the first time that India has followed…

Read more →

Personal information of civilians who were on an outdated version of the US Government’s No Fly List and Terrorist Screening Database was found on an open server by a 23-year-old Swiss hacker. On January 12, Maia Arson Crimew, an influential…

Read more →

While more and more devices are adopting Linux as their operating system, the popularity of the software has nonetheless attracted cyber-criminals. According to recent reports, the number of malware aimed at the software increased dramatically in 2022.  As per the…

Read more →

  It seems that scammers never cease trying to con people. Keeping customers’ information private and secure is of the utmost importance to companies, so they use many ways to protect against a breach in their network.  Despite these digital…

Read more →

According to Los Angeles Unified School District (LAUSD), the second-largest school district in the U. S., the Vice Society ransomware group has stolen files containing private information, including Social Security Numbers, from contractors (SSNs). Additionally, LAUSD disclosed that the threat…

Read more →

  A security breach has been detected at FanDuel’s sportsbook and betting site, which exposed customers’ names, email addresses, and payment information. This occurred in January 2023, when MailChimp’s security was breached. A security advisory urges users to be wary…

Read more →

Since Apple came up with its ATT privacy framework in order to garner users’ control over their data, tech businesses are facing challenges over making tradeoffs to adapt to the new data restrictions, while still maintaining their growth objectives.  While…

Read more →

  A forensic extraction report outlined the contents of a suspect’s phone, specific tactical plans for upcoming police raids, and private police reports with descriptions of alleged crimes and suspects. These documents are part of a sizable data cache that…

Read more →

  Mousetrapping works in the identical way that a traditional mousetrap does: you unknowingly walk into a trap designed to keep you trapped for as long as possible. Operators who utilize mousetraps actively market their products or services. They may…

Read more →

Data security has become a priority for tax returns, credit cards, and other conventional targets of cyber criminals. Online thieves have recently been targeting employer retirement plans and the accounts in the plans.  Data security at retirement plans varies, and…

Read more →

  As per data from blockchain analysis firm Chainalysis, ransomware revenue for 2022 has dropped from $765.6 million to at least $456.8 million, representing a -40.3% year-over-year drop. The number of attacks is as high as it has ever been,…

Read more →

  Researchers from Avanan have seen the worldwide spread of a new threat known as ‘Blank Image,’ where hackers attach blank images to HTML messages. The user is instantly sent to a malicious URL once they open the attachment. Blank Image…

Read more →

  With its multi-talented AI chatbot, ChatGPT, the company now has another skill to add to its LinkedIn profile: it is capable of creating sophisticated “polymorphic” malware.  The chatbot from OpenAI has been reported as both skilled and resourceful when…

Read more →

  A number of businesses are utilising conversational AI technology to improve their product capabilities, including for security, despite some concerns about how generative AI chatbots like ChatGPT can be used maliciously — to create phishing campaigns or write malware. …

Read more →

  T-Mobile, a wireless provider in the United States, reported earlier this week that an unidentified malicious intruder broke into its network in late November and stole information on 37 million customers, including addresses, phone numbers, and dates of birth. …

Read more →

Researchers who recently disclosed and patched the zero-day vulnerability in Fortinet’s FortiOS SSL-VPN technology have identified a new backdoor, specifically created in order to run on Fortinet’s FortiGate firewalls.  Initial evidence collected by Google-owned security firm Mandiant suggests that the…

Read more →

  In December last year, hackers accessed the PayPal accounts of more than 1.6 million users of the online payment service. As a result, PayPal is now sending out data breach notifications to affected users.  A large number of customer…

Read more →

Malicious actors linked to the Roaming Mantis attack group were seen distributing an updated variation of their patented mobile malware called Wroba to compromise Wi-Fi routers and perform Domain Name System (DNS) theft. Kaspersky found that the threat actor behind…

Read more →

  Following high-profile blockchain hacks in the last year, many people have been left wondering: is the blockchain hackable? The short answer is that any system can be attacked. However, because blockchain is decentralized, hackers may find it more difficult…

Read more →

State-sponsored Activities  In the year 2022, we witnessed a number of state-sponsored cyber activities originating from different countries wherein the tactics employed by the threat actors varied. Apparently, this will continue into 2023, since government uses its cyber capabilities as…

Read more →

DoControl offers an integrated, automated, and risk-aware SaaS Security Platform that protects apps and data which are essential to corporate operations promotes operational efficiency and boosts productivity. Protecting data and business-critical SaaS apps through automated remediation is DoControl’s key strength.…

Read more →

  In a case that sounds like a script, US criminals stole more than $1 million by using hundreds of credit cards that were advertised for sale on the dark web. A portion of the details surrounding this complex criminal…

Read more →

  As per experts, a new phishing campaign has been discovered that impersonates logistics giant DHL in order to steal Microsoft 365 credentials from victims in the education industry. Cybersecurity researchers from Armorblox recently found a significant phishing campaign, with…

Read more →

  Several online pharmacies are selling abortion pills online and sharing their customers’ personal information, such as their search history and geolocation, with Google and other third parties. ProPublica has learned that by using this information, one can identify the…

Read more →

  A new report has revealed that the cost of data backup is rising due to the growing threat from cybercrime. This includes the requirement to guarantee the consistency and dependability of hybrid cloud data protection in order to counteract…

Read more →

HP Wolf Security’s cybersecurity researchers have issued a warning about various ongoing activities that aim to use typosquatting domains and malicious advertising to spread different types of malware to unwitting victims. Additionally, the scammers paid various ad networks to broadcast…

Read more →

  There has been a security threat affecting CircleCI, an American software development service, and the service has urged its users to rotate their secrets to avoid this kind of catastrophe.  Security Issue Alerts for CircleCI Users It has recently…

Read more →

North Korean state-owned threat actors Lazarus Group has stolen around 41,000 ETH or more than $60 million of Ethereum to the crypto exchanges Binance, Huobi and OKX. While Binance and Huobi both froze the funds, Binance declared that an asset…

Read more →

  The industry identified that basic fingerprinting could not maintain up with the rate of these developments, and the requirement to be everywhere, at all times, pushed the acceptance of AI technology to deal with the scale and complexity of…

Read more →

  Three months have passed since Elon Musk stormed into Twitter’s San Francisco headquarters, and the company has barely escaped the spotlight. We’ve talked a lot about his thoughts on the social network and some of his more controversial business…

Read more →

Threat actors are establishing fraudulent websites for popular free and open-source software in order to promote malicious downloads via advertisements present in the Google search result.  The info-stealing malware Rhadamanthys uses Google advertisements as a means of luring people into…

Read more →

Frankenstein ID, the use of fake identities by scammers, has become prevalent over the last 12 to 18 months, with US financial institutions (FIs) reporting losses of $20 billion in 2021 as compared to $6 billion in 2016. Synthetic Identity…

Read more →

  About 50 of the total orders that Sean Fothersgill, the proprietor of the model car retailer Pendle Slot Racing, receives each day come from outside the UK.  Those international orders have been sitting in a warehouse corner collecting dust…

Read more →

  A Norton LifeLock spokesperson has confirmed that malicious third parties are likely to have gained access to some customers’ accounts, possibly even gaining access to their password vaults.  The document describing affected customers’ rights as a result of a…

Read more →

In the tangible future, humans will be interfacing their flesh with chips. Therefore, perhaps we should not have been shocked when Microsoft’s researchers appeared to have hastened a desperate future.  It was interestingly innocent and so very scientific. The headline…

Read more →

  The software development process is becoming increasingly rapid. Devops teams are under additional pressure to get to market quickly, thanks in part to open-source software (OSS) packages. OSS has become so common that it is estimated to account for…

Read more →

Small businesses and organizations of various sizes worldwide rushed to upload patches and assess what had been compromised. Hacks expose the vulnerability of the 32 million small businesses, which are largely unable to afford to work with cybersecurity firms and…

Read more →

  It is no longer necessary for a person to commute to a physical location to find information about anything they are interested in.  Currently, Google can be trusted to provide the most relevant information about anything and everything. Google…

Read more →

  When our information falls into the wrong hands, it could cause a lot of harm, especially since con artists frequently prey on helpless victims. More evidence that widespread fraud and scams are on the rise comes from the recent…

Read more →

  When was the last time you used WiFi in a public setting? Nowadays, almost every coffee shop, library, airport, and hotel provides a way for you to use your phone or other mobile devices to access the internet. That…

Read more →

As the alarms start to go off globally about the spread of the covid virus in China, official authorities in Washington are now concerned about the threat the virus may pose in America. In regards to this, they have turned…

Read more →

  We all use password protection, which is an effective access control method. It is likely to continue to be a crucial component of cybersecurity for years to come. On the contrary hand, cybercriminals use a variety of techniques to…

Read more →

  As part of a lawsuit filed against the digital surveillance firm Voyager Labs, Meta claims that the company created 38,000 fake, unauthorized accounts to collect 600,000 Facebook users’ personal information.  A federal lawsuit filed by Microsoft has asked a…

Read more →

According to an Adastra survey, more than 77% of IT decision-makers in the U.S. and Canada estimate their organizations will likely experience a data breach over the next three years. Employees should be aware of data security practices since the…

Read more →

  A software company CircleCi has acknowledged that a data breach that occurred last month resulted in the theft of customers’ personal information.  After an engineer contracted data-stealing malware that made use of CircleCi’s 2FA-backed SSO session cookies to get…

Read more →

In the beginning of year 2023, CircleCI, a development-pipeline service provider cautioned online users of a security breach, advising companies to take immediate action on the issue by changing the passwords, SSH keys, and other secrets stored on or managed…

Read more →

  An old vulnerability in Intel drivers is being exploited by cybercriminals in an attempt to gain access to networks. This is in the form of a security flaw that enables them to get around cybersecurity measures and bypass security…

Read more →

  Customers of Norton LifeLock have been the victims of a credential-stuffing attack. In accordance with the company, cyberattackers utilised a third-party list of stolen username and password combinations to attempt to hack into Norton accounts and possibly password managers. …

Read more →

  Criminal organisations are now employing a new strategy to ensure ransomware payouts: they skip the step of encrypting target companies’ systems and instead go straight to demanding the ransom payment for the company’s valuable data. Malicious hackers are constantly…

Read more →

  A software company CircleCi has acknowledged that a data breach that occurred last month resulted in the theft of such customers’ personal information.  After an engineer contracted data-stealing malware that took use of CircleCi’s 2FA-backed SSO session cookies to…

Read more →

Several end-of-life (EoL) VPN routers are affected by a critical authentication bypass flaw that Cisco alerted customers. The issue has publicly available attack code. Hou Liuyang of Qihoo 360 Netlab discovered the security hole (CVE-2023-20025) in the internet management interface…

Read more →

  In a report from Hornetsecurity, the leading cybersecurity provider, it has been found that 33% of businesses do not provide cybersecurity awareness training to employees working remotely.  According to the study, nearly three-quarters (74%) of remote staff have access…

Read more →

  Mobile connectivity has come a long way since 1979 when NTT initiated the first generation of cellular networks in Tokyo. 2G and 3G quickly followed 1G. These were voice and text communication networks. The more recent 4G and 5G…

Read more →

  Critical national infrastructure (CNI) is under greater physical threat than ever. It is still unknown who was responsible for the attack that destroyed at least 50 metres of the Nord Stream 1 and 2 underground pipelines that once carried…

Read more →

Twitter has denied the claim of getting hacked and the stolen data being sold online.  According to a LinkedIn post last week by Alon Gal, co-founder of the Israeli cybersecurity monitoring company Hudson Rock, stolen data has been discovered, that…

Read more →

  The unlawful use of cryptocurrencies reached a new high of $20.1 billion last year, as transactions involving companies sanctioned by the United States skyrocketed, as per data from blockchain analytics firm Chainalysis released on Thursday. In 2022, the cryptocurrency…

Read more →

  We all have way too many passwords, and they probably are not nearly as secure as we believe. Passkeys are the next step in the evolution of passwords and aim to make passwords obsolete in favour of a more…

Read more →

Artificial intelligence and machine learning (AI/ML) systems have proven to be effective in improving the sophistication of phishing lures, creating fake profiles, and developing basic malware. Security experts have demonstrated that a complete attack chain may be established, and malicious…

Read more →

A new wave of advanced persistent threat (APT) attacks has been discovered, that is apparently launched by a threat group named Dark Pink.  The attack was launched between June and December 2022 and has been targeting countries in the Asia-Pacific,…

Read more →

  Several proposals are being considered by the government, including the introduction of a “digital pound,” according to the Treasury’s economic secretary.  According to Andrew Griffith, the UK intends to become a world leader in the cryptocurrency industry.  There was…

Read more →

  The Python package repository PyPI was discovered to be hosting malware and AWS keys. Tom Forbes, a software developer, created a Rust-based application that searched all new PyPI packages for AWS API keys. The tool returned 57 successful results,…

Read more →

  Despite WannaCry infecting thousands of PCs worldwide in 2017, ransomware has always remained one of the biggest threats to corporations worldwide. There is, however, new research that indicates that this persistent threat may be on the decline.   Privileged access…

Read more →

The Uptycs Threat research team has revealed a new malware campaign, targeting Italy with phishing attacks in order to deploy information-stealing malware on victims’ compromised Windows systems.  According to Uptycs security researcher Karthickkumar Kathiresan, the malware campaign is designed to…

Read more →

  Malicious hackers have uploaded a vast collection of private documents from the police department of a San Francisco Bay Area transit system to the internet, including specific claims of child abuse.  The Bay Area Rapid Transit (BART) Police Department…

Read more →

  As per experts, the website of consumer credit reporting giant Experian comprised a major privacy vulnerability that allowed hackers to obtain customer credit reports with just a little identity data and a small change to the address displayed in…

Read more →

Prototype Pollution Prototype pollution is a severe vulnerability class associated with prototype-based languages, the most popular among them being JavaScript.  However, a researcher has discovered Python-specific variants of prototype pollution, and other class-based programming languages may also be exposed to…

Read more →

  The software supply chain security company Phylum has discovered a malicious assault using the PoweRAT backdoor and an information thief that targets users of the Python Package Index (PyPI). The campaign was initially discovered on December 22, 2022, when…

Read more →