Category: Cyware News – Latest Cyber News

The vulnerability allows unauthenticated users to execute screen rendering code under certain conditions in versions up to 18.12.14, with version 18.12.15 addressing the issue. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…

Read more →

A new MaaS malware known as Mint Stealer has emerged, threatening confidential data. This malware, identified by experts from Cyfirma, is designed to steal a wide range of information by employing advanced encryption and obfuscation techniques. This article has been…

Read more →

The Senate has confirmed Michael Sulmeyer as the first cyber policy chief at the Defense Department, where he will serve as the assistant secretary of Defense for cyber policy. This article has been indexed from Cyware News – Latest Cyber…

Read more →

The sensitive nature of legal data makes law firms lucrative targets for hackers, who aim to access valuable information for specific purposes. Despite the costly demands, firms face the dilemma of paying the ransom or risking backlash from clients. This…

Read more →

WeRedEvils announced their intention to target Iranian systems on Telegram, claiming their attack was successful in infiltrating Iran’s computer systems, stealing data, and causing the outage. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

According to Picus Security, organizations are failing to detect 44% of cyberattacks, revealing major exposure gaps. 40% of environments tested allowed for attack paths leading to domain admin access. This article has been indexed from Cyware News – Latest Cyber…

Read more →

The lawsuit alleges that TikTok collected personal information from children under 13 without parental consent, failed to delete children-created accounts, and misled parents about data collection. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

Unlike other ransomware groups targeting businesses, Magniber focuses on individuals. Victims report their devices getting infected after running software cracks. Ransom demands start at $1,000 and escalate to $5,000 if not paid within three days. This article has been indexed…

Read more →

Federal officials have raised concerns about the software supply chain and memory safety vulnerabilities following a global IT outage caused by a faulty CrowdStrike software update. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

Representatives from various countries and the European Union participated in the meeting, addressing cybersecurity and data risks in connected vehicles. The meeting highlighted the importance of connected cars as a critical part of infrastructure. This article has been indexed from…

Read more →

A new Linux Kernel attack called SLUBStick has a 99% success rate in turning a limited heap vulnerability into a powerful memory read-and-write capability, allowing for privilege escalation and container escape. This article has been indexed from Cyware News –…

Read more →

Mozilla has joined Google in no longer trusting Entrust as a root certificate authority due to compliance failures and inadequate responses. Google was the first to make this decision, citing concerning behaviors from Entrust. This article has been indexed from…

Read more →

The U.S. and German law enforcement have seized the domain of the Cryptonator crypto wallet platform, indicting its operator, Roman Boss, for money laundering and running an unlicensed money service business. This article has been indexed from Cyware News –…

Read more →

Protect AI, a Seattle-based AI and ML security company, raised $60M in Series B funding led by Evolution Equity Partners, with participation from 01 Advisors, StepStone Group, Samsung, and existing investors. This article has been indexed from Cyware News –…

Read more →

BlankBot, which is still in development, has advanced features like screen recording, keylogging, and remote control, posing a significant threat due to its evasion techniques. This article has been indexed from Cyware News – Latest Cyber News Read the original…

Read more →

Australian companies will soon be required to report ransom payments, in line with the upcoming Cyber Security Act in the country. The legislation aims to enhance the response to cyber incidents, similar to CIRCIA in the US. This article has…

Read more →

The United States, along with Germany and Slovenia, participated in a historic prisoner exchange with Russia, releasing hackers, spies, and an assassin. The swap took place at an airport in Ankara, Turkey. This article has been indexed from Cyware News…

Read more →

A new Windows backdoor named BITSLOTH has been discovered by cybersecurity researchers. This malware exploits the Background Intelligent Transfer Service (BITS) for stealthy communication, making it difficult to detect. This article has been indexed from Cyware News – Latest Cyber…

Read more →

These fraudsters contact victims through phone calls or messages, posing as representatives of legitimate crypto exchanges, and create a sense of urgency by claiming security issues or hack attempts on the victims’ accounts. This article has been indexed from Cyware…

Read more →

Airlines are facing challenges with third-party risks in their supply chain. Recent revelations regarding risks in Boeing’s supply chain have emphasized the importance of measuring and mitigating these risks, according to SecurityScorecard. This article has been indexed from Cyware News…

Read more →

A tech support fraud leader was sentenced to seven years in prison for scamming over 6,500 victims and making $6 million. The operation targeted elderly victims in the U.S. and Canada by showing fake malware infections on their computers. This…

Read more →

A vulnerability in Rockwell Automation’s Logix controllers, CVE-2024-6242, poses a security risk to industrial automation systems worldwide by allowing unauthorized access to PLCs. This article has been indexed from Cyware News – Latest Cyber News Read the original article: Security…

Read more →

Hackers are targeting misconfigured Jupyter Notebooks using a repurposed Minecraft DDoS tool known as mineping. The attack, dubbed Panamorfi, involves utilizing a Java tool to launch a TCP flood DDoS attack against vulnerable Jupyter Notebooks. This article has been indexed…

Read more →

The Streamlining Federal Cybersecurity Regulations Act, led by senators Gary Peters and James Lankford, would create an interagency group to synchronize U.S. cyber regulatory regimes and establish a pilot program for testing new frameworks. This article has been indexed from…

Read more →

Germany has summoned the Chinese ambassador over a cyberattack by a Beijing-backed threat actor on a cartography agency. The attack, aimed at espionage, was carried out at the end of 2021. This article has been indexed from Cyware News –…

Read more →

This type of attack, known as Bytecode Jiu-Jitsu, takes advantage of the fact that interpreters do not require execution privilege for bytecode, making it difficult for security tools to detect. This article has been indexed from Cyware News – Latest…

Read more →

Threat actors used StackExchange to promote malicious PyPi packages, including ‘spl-types,’ ‘raydium,’ ‘sol-structs,’ ‘sol-instruct,’ and ‘raydium-sdk,’ which steal data from browsers, messaging apps, and cryptocurrency wallets. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

The Plymouth County Retirement Association claims the company misrepresented the effectiveness of its software platform and quality control procedures. The lawsuit alleges that CrowdStrike did not adequately test its software. This article has been indexed from Cyware News – Latest…

Read more →

A security audit sponsored by the Open Tech Fund in August 2023 revealed 25 vulnerabilities in Homebrew. The audit found issues that could have allowed attackers to execute code, modify builds, control CI/CD workflows, and access sensitive data. This article…

Read more →

The caller ID spoofing service, which was established in 2021, is believed to have caused financial losses in the tens of millions and had around 170,000 victims in Britain. This article has been indexed from Cyware News – Latest Cyber…

Read more →

Google Chrome has implemented app-bound encryption to enhance cookie protection on Windows and defend against infostealer malware. This new feature encrypts data tied to app identity, similar to macOS’s Keychain, to prevent unauthorized access. This article has been indexed from…

Read more →

Access to timely and accurate threat intelligence is essential for organizations, but it can be overwhelming to navigate the vast amount of available data and feeds. Balancing comprehensive information with relevance is crucial. This article has been indexed from Cyware…

Read more →

Credo AI, a startup specializing in artificial intelligence governance software, recently closed a $21 million Series B funding round led by CrimsoNox Capital, Mozilla Ventures, and FPV Ventures. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

A government-affiliated research organization in Taiwan was attacked by APT41 hackers, a notorious Chinese hacking group known for targeting sensitive technologies. The breach, starting in July 2023, was identified by Cisco Talos researchers. This article has been indexed from Cyware…

Read more →

The FortiGuard Labs team has discovered a malicious PyPI package that poses a significant risk to individuals and institutions by potentially leaking credentials and sensitive information. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

A cyberespionage group known as XDSpy targeted Russia and Moldova with new malware. The group sent phishing emails to Russian targets, including a tech company and an organization in Transnistria. This article has been indexed from Cyware News – Latest…

Read more →

The Senate Armed Services Committee has approved Michael Sulmeyer, the Army’s top digital adviser, as the inaugural assistant secretary of defense for cyber policy, paving the way for his nomination to the Senate floor for a vote. This article has…

Read more →

Birgit Hofer and Thomas Hirsch from TU Graz have developed a new approach to speed up software bug fixes. By identifying bottlenecks in fault localization, they created a scalable solution using NLP and metrics to analyze code for faults. This…

Read more →

DigiCert discovered a bug in how domain ownership was verified, leading to the mass revocation of SSL/TLS certificates. Approximately 0.4% of domain validations conducted between August 2019 and June 2024 are affected. This article has been indexed from Cyware News…

Read more →

The Kids Online Safety and Privacy Act (KOPSA) combines two bills to enhance protections for children under 17, prohibiting targeted advertising, requiring consent for data collection, and limiting exposure to harmful content. This article has been indexed from Cyware News…

Read more →

Healthcare organizations are jeopardizing patient privacy due to insecure file-sharing practices, according to a report by Metomic. The study found that 25% of publicly shared files in healthcare contain Personally Identifiable Information (PII). This article has been indexed from Cyware…

Read more →

The attack targeted C-Edge Technologies, a provider of banking systems for these banks. As a precaution, the National Payment Corporation of India (NPCI) has isolated these banks from the broader payment network to contain the attack. This article has been…

Read more →

Some companies are paying ransomware attackers multiple times, with more than a third not receiving the decryption keys or getting corrupted keys after paying, according to a survey by Semperis. This article has been indexed from Cyware News – Latest…

Read more →

The malware was found monitoring OTP messages from over 600 global brands, with victims detected in 113 countries, including India, Russia, Brazil, Mexico, the U.S., Ukraine, Spain, and Turkey. This article has been indexed from Cyware News – Latest Cyber…

Read more →

Secretive is an open-source app that securely stores and manages SSH keys in the Secure Enclave for Macs. Storing keys in the Secure Enclave prevents copying or exporting by malicious users or malware, ensuring a higher level of security. This…

Read more →

Microsoft confirmed that an eight-hour outage on Tuesday affecting its Azure portal, Microsoft 365, and Microsoft Purview services was caused by a DDoS attack. The company mentioned that its response to the outage may have worsened the impact. This article…

Read more →

The UK’s Electoral Commission was criticized by the Information Commissioner’s Office (ICO) for failing to protect the personal data of 40 million people from Chinese hackers in a cyberattack three years ago. This article has been indexed from Cyware News…

Read more →

Apple has released a critical zero-day patch for older Macs running macOS Monterey 12.7.6, addressing an actively exploited vulnerability (CVE-2024-23296). The flaw in Apple’s RTKit real-time OS could allow unauthorized access to kernel memory. This article has been indexed from…

Read more →

EvilProxy, known as the “LockBit of phishing,” is a popular phishing kit used in over a million attacks each month. It allows cybercriminals to launch ransomware infections, steal data, and compromise business emails. This article has been indexed from Cyware…

Read more →

Lineaje has raised $20 million in a Series A funding round, led by Prosperity7 Ventures, Neotribe, and Hitachi Ventures, with Tenable Ventures also participating. This investment highlights the increasing demand for software supply chain security. This article has been indexed…

Read more →

Attackers disguise malicious tools as legitimate GenAI apps through phishing sites, web browser extensions, fake apps on mobile stores, and malicious ads on social media. This article has been indexed from Cyware News – Latest Cyber News Read the original…

Read more →

A threat actor recently impersonated Google through a fake ad for the Google Authenticator, a popular multi-factor authentication program. This resulted in innocent users unknowingly downloading malware or falling victim to phishing scams. This article has been indexed from Cyware…

Read more →

The attack begins with emails from an Amazon SES client containing empty PDF attachments and a message from Docusign. Despite some checks failing, the emails can still appear legitimate due to the compromised source. This article has been indexed from…

Read more →

The notorious Trik botnet, aka Phorpiex, is being sold in antivirus circles, offering advanced capabilities to evade detection. This C++ botnet includes modules such as a crypto clipper, a USB emitter, and a PE infector targeting crypto wallets. This article…

Read more →

Multiple SMTP servers are vulnerable to spoofing attacks that allow hackers to bypass authentication. Two vulnerabilities, CVE-2024-7208 and CVE-2024-7209, exploit weaknesses in authentication and verification mechanisms provided by SPF and DKIM. This article has been indexed from Cyware News –…

Read more →

Cybercriminals targeted Polish businesses with Agent Tesla and Formbook malware through widespread phishing campaigns in May 2024. Small and medium-sized businesses (SMBs) in Poland, Italy, and Romania have been affected. This article has been indexed from Cyware News – Latest…

Read more →

TrustedSec released a post-exploitation framework called “Specula”, which exploits CVE-2017-11774 to create a custom Outlook Home Page using WebView and execute arbitrary commands on compromised Windows systems. This article has been indexed from Cyware News – Latest Cyber News Read…

Read more →

The Blue Report 2024 highlights alarming findings, with 40% of environments vulnerable to total takeover, emphasizing the importance of cybersecurity. Prevention effectiveness has improved to 69%, but detection effectiveness has dropped to 12%. This article has been indexed from Cyware…

Read more →

Breaches impacted 17 industries across 16 countries and regions, with costs related to detecting breaches, notifying victims, post-breach response efforts, and lost business. This article has been indexed from Cyware News – Latest Cyber News Read the original article: IBM:…

Read more →

A bug hunter discovered a bypass in Meta’s Prompt-Guard-86M model by inserting character-wise spaces between English alphabet characters, rendering the classifier ineffective in detecting harmful content. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

The U.S. State Department emphasized the importance of including human rights protections in the upcoming United Nations cybercrime treaty. The final round of negotiations for the treaty, which began on Monday and will conclude on August 9, 2024. This article…

Read more →

The recent attacks by the SideWinder APT group use phishing lures related to emotional topics like sexual harassment and salary cuts to trick victims into opening booby-trapped Microsoft Word documents. This article has been indexed from Cyware News – Latest…

Read more →

The newly discovered backdoor has limited samples available on VirusTotal, making detection more difficult. It operates by collecting system information and sending it to a command and control server, awaiting further instructions. This article has been indexed from Cyware News…

Read more →

Change Healthcare has started the process of notifying millions of Americans affected by a massive cyberattack and data theft that occurred more than five months ago. The company is sending individual breach notification letters on a rolling basis. This article…

Read more →

The European Central Bank has completed a cyber stress test for the banking sector, finding that while banks have strong response frameworks, there is still room for improvement in recovery capabilities. This article has been indexed from Cyware News –…

Read more →

This investment will allow Cowbell to expand its operations, enter key global markets, enhance cyber resilience services, introduce innovative products, and strengthen partnerships. This article has been indexed from Cyware News – Latest Cyber News Read the original article: Cowbell…

Read more →

The campaign began in January 2024 and peaked at 14 million emails in June. The emails were designed to steal sensitive information and included authentic-looking signatures to bypass security measures. This article has been indexed from Cyware News – Latest…

Read more →

The attackers use social engineering tactics to get users to run a PowerShell script, compromising their systems. The scam starts with an email containing an HTML file that tricks the recipient into clicking on a button to fix a fake…

Read more →

Ransomware operators like Black Basta and Akira have already used this vulnerability in attacks, with Storm-0506 deploying Black Basta ransomware on the ESXi hypervisors of a North American engineering firm. This article has been indexed from Cyware News – Latest…

Read more →

The issue, which began in late June, affected a few thousand Workspace accounts that were created without domain verification. Google has since fixed the problem and added more security measures to prevent similar bypasses in the future. This article has…

Read more →

The phishing campaigns involve sending fake emails that appear to be from Microsoft, leading recipients to malicious Microsoft Forms impersonating Microsoft 365 or Adobe login pages. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

A malicious campaign targeting users searching for W2 forms began on June 21, 2024, with a JavaScript file dropping a Brute Ratel Badger DLL into the user’s AppData. This initiated the installation of a Latrodectus backdoor. This article has been…

Read more →

According to an analysis by TRM Labs, Russian-speaking threat actors were responsible for over 69% of all ransomware-related cryptocurrency earnings in the past year, amounting to more than $500 million. This article has been indexed from Cyware News – Latest…

Read more →

Despite bans, organizations are widespread in using AI code tools, causing security concerns, as reported by Checkmarx. While 15% prohibit AI tools for code generation, a staggering 99% still use them. This article has been indexed from Cyware News –…

Read more →

WhatsApp currently blocks certain file types considered risky, but Python and PHP scripts are not included in the blocklist. Security researcher Saumyajeet Das identified this vulnerability while testing file attachments in WhatsApp conversations. This article has been indexed from Cyware…

Read more →

U.S. senators have raised concerns about how car companies handle consumer data, revealing that major automakers share and sell drivers’ information without proper consent. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…

Read more →

The National Vulnerability Database (NVD), maintained by the National Institute of Standards and Technology (NIST), currently has a backlog of over 16,000 vulnerabilities, with an average daily influx of more than 100 new security flaws. This article has been indexed…

Read more →

The vulnerability (CVE-2023-45249) was patched nine months ago but is still being exploited in attacks. Admins are advised to update their systems immediately to prevent unauthorized remote code execution. This article has been indexed from Cyware News – Latest Cyber…

Read more →

The Gh0st RAT Trojan is being distributed to Chinese Windows users through a fake Chrome website. The malware has been around since 2008 and has evolved over the years, often used by cyberespionage groups in China. This article has been…

Read more →

Researchers at Truffle Security have found, or arguably rediscovered, that data from deleted GitHub repositories (public or private) and from deleted copies (forks) of repositories isn’t necessarily deleted. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

Companies are reevaluating their cybersecurity defenses in response to the rise of AI-generated deepfake attacks and identity fraud. According to GetApp, 73% of US organizations have already developed deepfake response plans. This article has been indexed from Cyware News –…

Read more →

The malware is designed to target only 64 specific machines, attempting to exfiltrate Google Cloud Platform credentials for potential follow-on attacks such as data theft and malware implantation. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

Most CISOs are feeling unprepared for new compliance regulations, such as the SEC’s cybersecurity disclosure rules in the USA and the Digital Operational Resilience Act (DORA) in the EU, presenting a significant challenge. This article has been indexed from Cyware…

Read more →

The White House and CISA have named key cybersecurity officials as part of their national resilience strategy rollout. Harry Wingo will become the deputy national cyber director, while Bridget Bean is set to be the new executive director at CISA.…

Read more →

Meta has taken down 63,000 Instagram accounts in Nigeria involved in sextortion scams, including a network of 2,500 accounts linked to 20 individuals targeting adult men in the US. This article has been indexed from Cyware News – Latest Cyber…

Read more →

Existing investors Greylock Partners, Cyberstarts, Insight Partners, and Index Ventures are collectively described as “leading” the round. Dazz, which launched in 2021, has now raised around $110 million in total. This article has been indexed from Cyware News – Latest…

Read more →

The operation started in France on July 18, 2024, and is anticipated to extend to other countries like Malta, Portugal, Croatia, Slovakia, and Austria. Victims in France will be individually notified by the ANSSI about the clean-up process. This article…

Read more →

The flaw in the Jetson Linux component of the JetPack SDK impacts devices such as the Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series, and Jetson Nano. This article has been indexed from Cyware News –…

Read more →

OSC&R report reveals that 95% organizations face high software supply chain risks. Despite advancements in application security programs, more work is needed to manage risks effectively. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

The malicious Chrome extension campaign in LATAM involves infecting victims through phishing websites and installing rogue extensions to steal sensitive information. The extensions mimic Google Drive, giving them access to a wide range of user data. This article has been…

Read more →

Chainguard, a supply chain security startup, recently raised $140 million in a Series C funding round led by Redpoint Ventures, Lightspeed Venture Partners, and JVP. It aims to expand globally and strengthen its presence in the U.S. public sector. This…

Read more →

The Office of the National Cyber Director (ONCD) announced Wednesday that former Navy SEAL and National Defense University cyberspace professor Harry Wingo has been selected as its deputy director. This article has been indexed from Cyware News – Latest Cyber…

Read more →

GenAI users face significant security risks related to data, with regulated data making up a large share of sensitive information shared with GenAI applications, posing a threat of costly data breaches. This article has been indexed from Cyware News –…

Read more →

MCG Health has agreed to a settlement of $8.8 million for a data breach lawsuit following a hacking incident in 2020. The lawsuit alleges that it took MCG Health two years to discover and report the data theft affecting around…

Read more →

While purchasing cyber insurance won’t completely prevent data breaches, it does improve the cyber posture as it requires strict underwriting processes. However, only a quarter of companies currently have standalone cyber insurance policies. This article has been indexed from Cyware…

Read more →

GhostWriter, also known as UAC-0057, used PicassoLoader and Cobalt Strike Beacon to infect victims, including local government offices and groups associated with USAID’s Hoverla project. This article has been indexed from Cyware News – Latest Cyber News Read the original…

Read more →

Least privilege begins by addressing dormant user accounts and then scrutinizing access privileges, using Context-based access control (CBAC), Attribute-based access control (ABAC), and Role-based access control (RBAC) to determine user access. This article has been indexed from Cyware News –…

Read more →

An unidentified threat actor is taking advantage of the recent Falcon Sensor update issues to distribute fake installers via a fraudulent website impersonating a German entity. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

Researchers at Wiz have identified an ongoing campaign targeting exposed Selenium Grid services for illicit cryptocurrency mining. The campaign, known as SeleniumGreed, is exploiting older versions of Selenium to run a modified XMRig miner. This article has been indexed from…

Read more →

The US has indicted a North Korean state hacker for ransomware attacks on hospitals and healthcare companies. The hacker, Rim Jong Hyok, is a member of the Andariel Unit within North Korea’s intelligence agency. This article has been indexed from…

Read more →