CISA adds Apache Flink improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a NextGen Healthcare Mirth Connect vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2020-17519,…
Category: EN
On the Zero-Day Market
New paper: “Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market“: Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their…
APT41 Deploys KeyPlug Backdoor Against Italian Industries
The KeyPlug backdoor has been developed to target both Windows and Linux operative systems and use different protocols to communicate which depend on the configuration of the malware sample itself. This article has been indexed from Cyware News – Latest…
Chinese State-Backed Hackers Turn to Massive ORB Proxy Networks to Evade Detection
One of them called ORB3/SPACEHOP is described as “a very active network leveraged by multiple China-nexus threat actors, including APT5 and APT15” for reconnaissance and vulnerability exploitationl This article has been indexed from Cyware News – Latest Cyber News Read…
What are the Hallmarks of Strong Software Security?
Reading Time: 4 min Worried about app security breaches? Discover the key features of strong Appsec (authentication, authorization, encryption, logging) to secure your software and user data. The post What are the Hallmarks of Strong Software Security? appeared first on…
CISO Cite Human Error as Top IT Security Risk
It’s the wetware. It’s always the wetware. But that’s not the only takeaway from this year’s Voice of the CISO report. The post CISO Cite Human Error as Top IT Security Risk appeared first on Security Boulevard. This article has…
Google Detects 4th Chrome Zero-Day in May Actively Under Attack – Update ASAP
Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and…
DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?
Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers (CISOs): holding their ground while maintaining control over…
Mike Lynch Defends Himself At HP, Autonomy Trial In US
British founder of Autonomy defends himself in San Francisco federal courthouse against criminal fraud charges This article has been indexed from Silicon UK Read the original article: Mike Lynch Defends Himself At HP, Autonomy Trial In US
11 Cloud Security Best Practices & Tips in 2024 + Free Checklist
Learn the best practices for cloud security in 2024. Discover the latest strategies to secure your cloud environment. The post 11 Cloud Security Best Practices & Tips in 2024 + Free Checklist appeared first on eSecurity Planet. This article has…
Bolster Raises $14M Led by Microsoft’s M12
Bolster, an AI startup, has raised $14 million in funding led by Microsoft’s M12 to combat malicious phishing emails. Their flagship product, CheckPhish, offers brand and URL verification services to businesses. This article has been indexed from Cyware News –…
LockBit Ransomware Gang Claims Responsibility for London Drugs Cyberattack
In a recent turn of events, the LockBit ransomware gang has claimed responsibility for the cyberattack on Canadian pharmacy chain London Drugs, which occurred in April. The cybercriminals are now threatening to release sensitive data online after reportedly unsuccessful negotiations…
US retailers under attack by gift card-thieving cyber gang
Earlier this month, the FBI published a private industry notification about Storm-0539 (aka Atlas Lion), a Morocco-based cyber criminal group that specializes in compromising retailers and creating fraudulent gift cards. Microsoft then went more in-dept on the group’s tactics, techniques,…
Microsoft: Gift Card Fraud Rising, Costing Businesses up to $100,000 a Day
Microsoft has warned of surging gift card fraud and sophisticated approaches from the group Storm-0539 This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft: Gift Card Fraud Rising, Costing Businesses up to $100,000 a Day
Cyberattacks are Good for Security Vendors, and Business is Booming
The cybersecurity business is booming, and cyberattacks are fueling its growth. Global spending on security and risk management is on pace to reach $215 billion this year, up 30% from almost $165 billion in 2022, according to Gartner. This article…
Japanese Experts Warn of BLOODALCHEMY Malware Targeting Government Agencies
Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. “The origin of BLOODALCHEMY and…
Courtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain Attack
Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that’s associated with a known backdoor called RustDoor. The software supply chain attack, tracked as CVE-2024-4978, impacts JAVS Viewer v8.3.7,…
Cybersecurity News: Chinese hack military, search engine outage, Mattis speaks out
In today’s cybersecurity news… Chinese hackers hide on military and government networks for 6 years This threat actor, previously unknown and now dubbed “Unfading Sea Haze” has been targeting military […] The post Cybersecurity News: Chinese hack military, search engine…
Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors
The use of Dynamic DNS (DDNS) services embedded in appliances can potentially expose data and devices to attacks. The use of Dynamic DNS (DDNS) services embedded in appliances, such as those provided by vendors like Fortinet or QNAP, carries cybersecurity…
US Man Gets 10 Years for Laundering Cash From Online Fraud
Georgia resident Malachi Mullings received a decade-long sentence for laundering money scored in scams against healthcare providers, private companies, and individuals to the tune of $4.5 million. This article has been indexed from Cyware News – Latest Cyber News Read…