Category: Information Security Buzz

Cisco has warned of multiple critical vulnerabilities in its Smart Licensing Utility, potentially enabling unauthenticated, remote attackers to collect sensitive information or gain administrative control over the software.  The vulnerabilities, identified as CVE-2024-20439 and CVE-2024-20440, can be found in several…

Read more →

As malicious actors increasingly create cybercriminal business models, small and medium-sized businesses (SMBs) face a changing cyber threat landscape. Today, being a cybercriminal no longer requires advanced technical skills, expanding the number of attackers and their attack capabilities. Unlike larger…

Read more →

The healthcare industry is a magnet for cybercriminals, and it’s easy to see why. First, the treasure trove of personal health information (PHI) is incredibly valuable—from detailed medical histories to sensitive financial data, this information isn’t just gold—it’s like striking…

Read more →

Any company that employs APIs can tell you that they’re the glue that holds all things together, the hub that simplifies and scales digital growth. However, not all can tell you how to protect them. And that’s a problem. Thankfully,…

Read more →

A sophisticated cyber campaign, dubbed SLOW#TEMPEST, has been uncovered by the Securonix Threat Research team, targeting Chinese-speaking users. The attack, characterized by the deployment of Cobalt Strike payloads, managed to evade detection for over two weeks, demonstrating the malicious actors’…

Read more →

Self-driving cars come closer to being a reality every day. Many vehicles already have autonomous features, but several challenges remain. Cybersecurity shortcomings are among the most concerning, and a recent experiment dubbed “MadRadar” heightens these worries. How Does the MadRadar…

Read more →

A North Korean threat actor has been found exploiting a zero-day vulnerability in Chromium, now designated as CVE-2024-7971. The exploit, which enables remote code execution (RCE), is being attributed with high confidence to a North Korean group known as Citrine…

Read more →

Cybersecurity researchers discovered a vulnerability in the Known Crewmember (KCM) system, a TSA program that allows airline pilots and flight attendants to bypass security screening. The flaw, which could potentially compromise the safety of millions of air travelers, was found…

Read more →

Users in the Middle East are being targeted by sophisticated threat actors deploying malware disguised as the Palo Alto GlobalProtect tool, Trend Micro has revealed. The malware employs a two-stage infection process, leveraging advanced command-and-control (C&C) infrastructure to evade detection…

Read more →

RansomHub, previously known as Cyclops and Knight, has quickly gained traction, targeting over 210 victims across US critical infrastructure sectors. This ransomware-as-a-service (RaaS) model has been active since February 2024. These include water and wastewater, information technology, government services and…

Read more →

Safeguarding your small or medium-sized business against escalating cyber threats is essential, yet the steep costs of sophisticated security measures can be daunting. This guide delves into smart, budget-friendly cybersecurity tactics designed to fortify your business without draining your finances.…

Read more →

In the event of a cyberattack, companies – especially small to mid-sized businesses – often face losses so great they risk pulling their business under. With the number of ransomware attacks, phishing schemes, and data breaches on the rise, it…

Read more →

In June 2024, cybersecurity researchers from Kaspersky identified a new macOS version of the HZ Rat backdoor, marking the first time this malware has been observed targeting macOS users. The backdoor was found attacking users of the enterprise messaging platform…

Read more →

The FBI needs to improve its handling of electronic media designated for destruction at its facilities, according to a scathing audit from the Justice Department’s Inspector General, released publicly last week. . The memo, issued by DOJ Inspector General Michael…

Read more →

The number of successful cyber attacks on UK law firms has soared by 77% over the past year, rising from 538 incidents to 954, according to a recent study. The increase is attributed to the lucrative nature of law firms…

Read more →

Decades ago, office printers had one job: to present documents or images in a paper format. However, with technology evolving rapidly, the role of the office printer has changed drastically. Now, printers are multifunctional, allowing workers to copy, scan, send, or…

Read more →

The need for real-time compliance has never been more critical. As regulatory landscapes evolve and become more complex, organizations face mounting pressure to ensure they remain compliant at all times. This shift from traditional, periodic audits to continuous, real-time compliance…

Read more →

Nearly 32 million documents, including invoices, contracts, and agreements, were exposed online by ServiceBridge, a global field service management provider. Cybersecurity researcher Jeremiah Fowler made the discovery, reporting the unprotected database to WebsitePlanet. The database contained 31.5 million records, including…

Read more →

Seattle-Tacoma International Airport (SEA-TAC) appears to have been targeted by a cyberattack, with critical systems experiencing widespread internet outages for the third consecutive day, according to officials from the Port of Seattle. The disruptions, which began early on Saturday, have…

Read more →

Stroz Friedberg, a risk management firm under Aon, has identified a sophisticated malware strain targeting Linux systems. Dubbed “sedexp,” the malware exploits udev rules to maintain persistence and evade detection. According to researchers Zachary Reichert, Daniel Stein, and Joshua Pivirotto,…

Read more →