Australian government staff mixed medical info for folk who share names and birthdays Australia’s privacy commissioner has found that government agencies down under didn’t make enough of an effort to protect data describing “digital doppelgangers” – people who share a…
Category: EN
How Swift Encryption Will Define the Future of Data Security
As the digital world continues to evolve, so does the threat landscape, with cyberattacks growing more sophisticated and frequent. In this era of increasing data breaches, securing sensitive information has never been more critical. Among the various technological advancements poised…
Google alerts its users about AI phishing and FBI cracks down on hacking gangs
Google Warns Users About AI-Driven Phishing Scam Google has issued an urgent warning to its 2.5 billion active users about a sophisticated phishing campaign that, despite appearing legitimate, is entirely fraudulent. This campaign began gaining attention in December 2024 across…
Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS…
BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised
BeyondTrust, a leading provider of identity and access management solutions, disclosed a zero-day breach impacting 17 Remote Support SaaS customers. The incident, detected on December 5, 2024, has been linked to the compromise of an infrastructure API key used to…
Criminals Increase Attack Speed by 22%
The average time it takes for an attacker to move laterally after gaining initial access – known as breakout time – has plummeted to just 48 minutes, new research from ReliaQuest has revealed. These results represent a 2% increase in…
Forrester Report: The Complexities of Human-Element Breaches
Security leaders often have a narrow view of human-element breaches, thinking of them as either social engineering or human error, but there’s more to it than that. Breaches that start with a person can be divided into broader categories, including…
Privacy Concerns with Digital Driver’s Licenses, The Rise of DeepSeek AI
In this episode, we explore the rollout of digital driver’s licenses in states like Illinois and the potential privacy issues that come with them. Can digital IDs truly enhance convenience without compromising your privacy? We also discuss the new Chinese…
The hidden dangers of a toxic cybersecurity workplace
In this Help Net Security interview, Rob Lee, Chief of Research and Head of Faculty at SANS Institute, discusses what a toxic environment looks like and how professionals can recognize red flags such as high turnover, burnout, and a pervasive…
Microsoft Advertisers Account Hacked Using Malicious Google Ads
Cybersecurity experts have uncovered a sophisticated phishing campaign targeting Microsoft advertising accounts. The attack, orchestrated through malicious Google Ads, aims to steal login credentials of users accessing Microsoft’s advertising platform. This incident highlights the growing risk of malvertising, where cybercriminals…
“Vámonos!” Declares DORA, but 43% of UK Financial Services Say “No”
On January 17TH, 2025, the EU’s Digital Operational Resilience Act (DORA) came into effect. However, a recent survey of 200 UK CISOs from Censuswide found that 43% of the UK financial services industry will miss this compliance deadline despite facing…
DoJ, Dutch Authorities Seize 39 Domains Selling Malicious Tools
The US Department of Justice (DoJ) and the Dutch National Police have seized 39 domains linked to a Pakistan-based cybercrime network operated by a group known as Saim Raza, or HeartSender. The sites sold malicious tools to transnational organized crime…
DragonNest – 511,290 breached accounts
In August 2013, the massively multiplayer online role-playing game (MMORGP) DragonNest suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 500k unique email addresses along with usernames, IP addresses…
New Windows 11 (x64) Modern Kernel Race Conditions Uncovered – PoC Released
A sophisticated race condition vulnerability affecting Windows 11 (x64) kernel operations, highlighting ongoing concerns about kernel-level security in modern operating systems. These race conditions, which stem from the operating system’s inability to synchronize shared resources during concurrent operations properly, could…
BadDNS: Open-source tool checks for subdomain takeovers
BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types. BadDNS modules cname – Check for dangling CNAME records and interrogate them for subdomain takeover opportunities ns – Check for dangling NS…
How to use iCloud Private Relay for enhanced privacy
iCloud Private Relay, included with an iCloud+ subscription, enhances your privacy while browsing the web in Safari. When this feature is enabled, the traffic leaving your iPhone is encrypted and routed through two separate internet relays. This ensures that websites…
Only 3% of organizations have a dedicated budget for SaaS security
Mid-market organizations are grappling with managing the large volume of SaaS applications, both sanctioned and unsanctioned, with actual numbers often exceeding expectations, according to Cloud Security Alliance. Security teams are struggling with a growing attack surface Disconcertingly, 44% of organizations…
New Process Hollowing Attack Vectors Uncovered in Windows 11 (24H2)
The recent release of Windows 11 version 24H2 has introduced a range of new features and updates, but it has also raised significant cybersecurity concerns. A longstanding malware technique known as Process Hollowing or RunPE has encountered compatibility issues on…
DEF CON 32 – Navigating the Turbulent Skies of Aviation Cyber Regulation
Authors/Presenters: M. Weigand, S. Wagner Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.…
Medical monitoring machines spotted stealing patient data, users warned to pull the plug ASAP
PLUS: MGM settles breach suits; AWS doesn’t trust you with security defaults; A new .NET backdoor; and more Infosec in brief The United States Food and Drug Administration has told medical facilities and caregivers that monitor patients using Contec equipment…