Category: Information Security Buzz

There is a new “class” of Russian hackers, the UK cyber-agency warns. Due to an increased danger of attacks by state-aligned Russian hackers, the National Cyber Security Centre (NCSC) of the UK is encouraging all businesses to put the recommended…

Read more →

Yet another zero-day attack on widely used software from a major technology provider. To address a security flaw that has already been publicly exploited, Google released a significant upgrade to Chrome Desktop on Friday, joining the list of vendors grappling…

Read more →

Yet another zero-day attack on widely used software from a major technology provider. To address a security flaw that has already been publicly exploited, Google released a significant upgrade to Chrome Desktop on Friday, joining the list of vendors grappling…

Read more →

The Rust programming language has been gaining popularity over the years due to its many advantages, including its high level of control, memory safety, and flexibility. However, while these features make it a powerful tool for developers, they also make…

Read more →

Goldoson malware, a new Android malware outbreak, has been found in over 60 genuine Google Play Store apps with over 100 million downloads. ONE shop, a popular South Korean third-party app marketplace, has logged eight million more installations. The rogue…

Read more →

In the latest ThreatLabz Phishing Report from zero trust security firm Zscaler, the number of phishing campaigns worldwide increased by about 50% in 2022 compared to 2021, partly because of new AI tools that threaten actors could access and phishing…

Read more →

According to MalwareHunterTeam, the LockBit ransomware group is purportedly working on a new variant of malware that may encrypt data on Apple macOS. Although LockBit has traditionally concentrated on Linux and Windows systems, this would be the first instance of…

Read more →

Ransomware struck American payments company NCR datacenter, focusing on one of its data facilities in Aloha, Hawaii. A few days after beginning to look into a “problem” with its Aloha restaurant point-of-sale (PoS) product, the company disclosed the hack on…

Read more →

The data theft assaults against a Taiwanese media outlet and an Italian job search firm were carried out by the Chinese state-sponsored hacking organization APT41, which was discovered abusing the GC2 (Google Command and Control) red teaming tool. Chinese state-sponsored…

Read more →

The Chinese app for e-commerce Pinduoduo is suspected of having used a high-severity Android vulnerability as a zero-day to spy on its users, in line with the U.S. Cybersecurity and Infrastructure Security Agency (CISA). For unpatched Android devices, this security…

Read more →

Have you ever heard of computer worms? These malicious programs can cause havoc on your computer system and compromise your data. In the world of cybersecurity, computer worms are a serious threat. They are malware that spreads through networks, infecting…

Read more →

Here is catching up on news and events that happened this week in the world of cybersecurity. Estonian National Charged in U.S. for Acquiring Hacking-Tools An Estonian was prosecuted for buying U.S. military and government equipment for Russia. On March…

Read more →

On Thursday, the cybersecurity firm Darktrace released a statement after being mentioned on the LockBit ransomware group’s breach website. We learned of tweets from the cybercriminal LockBit earlier this morning, which claimed to have infiltrated Darktrace’s internal security systems and…

Read more →

After hackers stole the Kodi Foundation’s MyBB forum database, which contained user information and private messages, and made an attempt to sell it online, the organization disclosed the Kodi data breach. Open-source, cross-platform Kodi is a media player, organizer, and…

Read more →

European cloud costs are soaring, with analysts predicting an increase of almost a quarter this year alone. As a result, enterprises are adjusting cloud strategies to ensure greater efficiency and control. That includes more effective use of network monitoring –…

Read more →

Many new security features for WhatsApp have been unveiled today, one of which is called “Device Verification” and is intended to offer improved defense against account takeover (ATO) assaults. Device Verification stops malware from impersonating accounts and using stolen authentication…

Read more →

Over the Easter weekend, a well-known manufacturer of high-end yachts for the super-wealthy was the victim of a ransomware assault; however, it is unclear if private client data was taken. German Superyacht-Maker Lürssen, established in 1875, is thought to generate…

Read more →

Hyundai Notifies Vehicle Owners in France and Italy of Data Breach. Hyundai, a South Korean multinational automaker that sells over 500,000 automobiles a year throughout Europe, has announced a data breach that has affected car owners in France and Italy.…

Read more →

DeathNote’s Lazarus Hacker Squad Evolves Its Strategies, Tools, and Targets as part of a long-running operation known as DeathNote. The Lazarus hacker Group, a North Korean threat actor, has been observed swiftly developing its tools and methods and shifting its…

Read more →

As technology evolves, artificial intelligence is becoming more prevalent in various industries. While AI technology is designed to make our lives easier, it’s also transforming job industries and taking over human responsibilities. Here we look at automation processes that AI…

Read more →

As part of its bug bounty program, introduced on April 11, 2023, OpenAI is paying white hat hackers up to $20,000 to discover security holes and ChatGPT Vulnerabilities. The ChatGPT developer introduced the effort as part of their dedication to…

Read more →

With the increase in online transactions and digital communication, the threat of phishing scams has become more prevalent than ever hence the need for phishing tools. Phishing scams have become increasingly common in recent years and can significantly threaten your…

Read more →

Ransomware is a growing epidemic. 2022 saw a slew of high-profile attacks leading to massive paydays for cybercriminals. While the headlines sound the alarm for businesses concerned about their data safety, they create allure amongst would-be thieves looking for their…

Read more →

Depending on the type of malicious behaviour that online criminals demand, malware producers have established a booming market. This is where they offer to add dangerous Android malware apps to Google Play for anywhere between $2,000 and $20,000. On hacker…

Read more →

A notice of security breach to warn the public has been filled by a Yum! Brands, Inc., the parent company of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grills. Based on a cybersecurity incident that happened in mid-January…

Read more →

Top US officials are investigating a military intel leak. This extraordinary level of detail in the files revealed how the United States spies on both allies and enemies. This has left U.S. officials and their foreign allies stunned and occasionally…

Read more →

An Estonian national has been accused in the US of buying electronics and computer hacking tools developed in the US on behalf of the Russian military and government. Andrei Shevlyakov was detained on March 28 in Estonia. In the US,…

Read more →

Online security is now a top worry for all internet users in the digital era. Using secure and distinctive passwords for each of your online accounts is one of the primary steps to protecting your online identity and sensitive data.…

Read more →

Here is the rundown of news and events that happened this week in the world of cybersecurity. TMX Financial Reveals 4.8 Million Persons Affected By Data Breach TMX Finance, an American consumer loan company, announced a major data breach three…

Read more →

MSI (short for Micro-Star International), a Taiwanese PC vendor, revealed today that its network had been compromised in a cyberattack in response to claims of a ransomware attack. The Money Message ransomware group allegedly breached some of MSI’s systems earlier…

Read more →

To combat the widespread exploitation of Cobalt Strike abuse, a legitimate testing tool that attackers have used to devastate the healthcare sector, Microsoft and two partner organizations have been given a court order. In a project unveiled on Thursday, the…

Read more →

Regulators announced Thursday that the company behind ChatGPT would submit ways to address the data protection issues that prompted a temporary Italian ban on the artificial intelligence chatbot. This means that OpenAI to profer solutions to Italy’s ChatGPT ban. Last…

Read more →

Google strives to increase the security of Play Store apps and make users more aware of how Android apps use their data. Google is adopting a new policy for Android apps developer to give users and developers more control and…

Read more →

In the modern world, technology has enabled people to connect and communicate virtually anywhere. With the internet being a critical part of our lives, we transmit and receive a vast amount of sensitive data daily, from banking information to personal…

Read more →

The authentic no-reply@youtube.com email address is being used in a new phishing scam that YouTube is investigating and alerting users to. The scam attempts to trick users into divulging their login information. One of the biggest video-sharing websites in the…

Read more →

More than 600,000 records from a well-known online store have leaked due to a database bug. Concerns have been made about the security and privacy of users’ personal information in the wake of the incident brought on by a system…

Read more →

In a new revelation, North Korean military-linked hackers posed as journalists to target North Korean policy experts. The research from Google’s Threat Analysis Group (TAG) follows Mandiant’s analysis from last week. APT43, a group of alleged North Korean government hackers,…

Read more →

The police in Spain have taken José Luis Huertas, 19, into custody. He goes by the aliases “Alcaseca,” “Mango,” and “Chimichurri.” The creation of the Udyat (the eye of Horus) search engine, which is dedicated to selling massive quantities of…

Read more →

One of the most important online criminal sites, Genesis Market, was taken down on Tuesday in an FBI-led investigation involving more than a dozen international partners. Genesis has been connected to millions of financially driven cyber incidents worldwide, from fraud…

Read more →

Since September 2022, Palestinian entities have been targeted by Arid Viper, a threat actor observed using updated versions of its malware toolkit. According to Symantec, which monitors the group under the name Mantis, the adversary is taking significant measures to…

Read more →

TikTok was fined £12.7 million (~$15.7M) for violating UK’s children data protection law, particularly child protection requirements. The Information Commissioner’s Office (ICO) said today that the video-sharing site “did not do what is expected” to examine who was using their…

Read more →

After allegations that the note-taking service is being increasingly misused for malware transmission, Microsoft has revealed steps to automatically remove embedded files with “dangerous extensions” in OneNote security. Users were previously presented with a window warning them that opening specific…

Read more →

Capita has acknowledged that a cyberattack occurred last Friday. Many clients across the UK, including government organizations, experienced disruption due to the incident, which disrupted access to internal Microsoft Office 365 apps at the IT services and consultancy firm. In…

Read more →

Western Digital reported today that a compromise in its network allowed an unauthorized person access to several corporate systems. The network security vulnerability was discovered last Sunday, March 26, according to a press release from the California-based manufacturer of computer…

Read more →

On March 30, 2023, TMX Finance Corporate Services, Inc. (hereafter referred to as “TMX Finance” or “TMX”) notified the Attorney General of Maine of a data breach. This is after realizing that a third party had gained access to and…

Read more →

Here is the rundown of news and events that happened this week in the world of cybersecurity. 14 Million Customer Details Breached In Latitude Financial Firm A significant security breach took the personal data of 14 million Australians and New…

Read more →

Privacy and anonymity are increasingly becoming rare commodities in today’s digitally-driven world. With governments and corporations tracking our online activities, protecting our identity and online data has become imperative. One such action is using the Tor Browser without disclosing your…

Read more →

Beginning on October 1, the Food and Drug Administration(FDA) will “refuse to accept” medical devices and associated systems due to cybersecurity concerns, according to a March 29 announcement from the agency. Beginning March 29, all new device submissions must have…

Read more →

The significance of keeping data integrity has never been more important in a world where data breaches appear to occur every day. It is because cybersecurity threats are expanding at an alarming rate. Businesses must take proactive steps to ensure…

Read more →

The Ukraine cyberpolice has detained members of a fraud ring that defrauded over a thousand people in the EU out of over $4,300,000. The criminal organization set up over 100 fictitious “phishing” websites to lure customers with discounted goods from…

Read more →

The 3CX desktop app is being utilized with a digitally signed and trojanized version by an ongoing supply chain attack to target the customers of the business. 3CX is a software development company that specializes in VoIP IPBX, and its…

Read more →

The US provides $25 million to Costa Rica for the eradication of Conti ransomware. To aid the nation in recovering from a devastating ransomware attack that rendered numerous crucial agencies inoperable last year, the US government is handing the government…

Read more →

When it comes to choosing a mobile operating system, the two giants that come to mind are iOS vs. Android. Both offer unique features and functionalities, but security is one of the most critical factors users consider when choosing a…

Read more →

38% of organisations hit with ransomware in 2022 were repeat victims Highlights: Barracuda Networks, Inc., a trusted partner and leading provider of cloud-first security solutions, today published its 2023 Ransomware Insights report, which shows that 73% of the organisations surveyed report…

Read more →

The North Korean APT43 cybercrime group, the threat intelligence firm Mandiant thinks is using cybercrime to finance espionage operations, was the subject of a report released by Mandiant.  The group, also known as Hidden Cobra, has a history of participating…

Read more →

Russians and people in Eastern Europe are the targets of an increase in fake Tor Browser installations that hijack clipboards to steal cryptocurrency transactions. Although this assault is not particularly innovative or novel, Kaspersky scientists caution that it is nevertheless…

Read more →

The next nation to take action to block TikTok and Other ‘Fun Apps’ on government-controlled devices is France. The announcement of the change and its justification was made in a statement by Stanislas Guerini, the Minister of Public Transformation and…

Read more →

On Monday, President Joe Biden of the United States issued an executive order restricting federal agencies’ use of commercial spyware. According to the order, the spyware ecosystem “poses serious security or counterintelligence threats to the United States Government or significant…

Read more →

The banking Trojan program IcedID, which has recently been used to spread ransomware, has two new variations that security experts have observed being utilized in attack campaigns. The two new variations are lighter than the original since certain functionality has…

Read more →

Following the conclusion of Pwn2Own Vancouver 2023, competitors received $1,035,000 and a Tesla Model 3 for exploiting 27 zero-day vulnerabilities between March 22 and March 24. Security researchers targeted devices in the enterprise applications and communications, the local elevation of…

Read more →

A glitch in the open-source software of the widely-used language model, OpenAI’s ChatGPT payment, has led to a significant data leak. As per OpenAI’s confirmation, the bug resulted in ChatGPT payment inadvertently exposing its paid users’ payment details along with…

Read more →

The personal information of 14 million Australians and New Zealanders was stolen as a result of a serious security breach. Systems at consumer lending company Latitude Group revealed on Monday that the information had been stolen from them after a…

Read more →

Here is the rundown of news and events that happened this week in the world of cybersecurity. FBI Detains Owner Of Notorious Cybercrime Forum, BreachForums BreachForums founder Conor Brian Fitzpatrick, 26, of New York, was arrested by the FBI. This…

Read more →

After unintentionally publishing its private SSH key, GitHub.com rotated it. The software development and version control provider took action out of “an excess of caution” after the private RSA key was briefly exposed. GitHub acknowledged this week that a public…

Read more →

Developers of the popular WooCommerce payments plugin recently identified a critical security flaw that could have affected over 500,000 WordPress sites. The plugin, developed by Automattic, offers a fully integrated payment solution for WooCommerce, making it a highly attractive target for cybercriminals…

Read more →

The City of Toronto has acknowledged today that a third-party vendor did provide unlawful access to Municipal data in the City of Toronto. Access is only permitted for files that cannot be transferred securely to a third party. A city…

Read more →

The Senate Homeland Security Committee cleared legislation on March 30, 2022, aimed at enhancing the cyber readiness of the U.S. healthcare sector. The proposed “Healthcare Cybersecurity Act,” or S. 3904, calls for collaboration between the U.S.The agency responsible for cybersecurity…

Read more →

German and South Korean intelligence agencies have issued a joint warning against the increasing cyber-attack tactics of a North Korean hacker group called Kimsuky. The group, believed to be backed by the North Korean government, has been targeting organizations in…

Read more →

Around 9,000 people have downloaded a trojanized version of the genuine ChatGPT plugin for Chrome from the Chrome Web Store, hijacking Facebook accounts in the process. The extension is a clone of the genuine “ChatGPT for Google” Chrome add-on, which…

Read more →

The Windows Snipping Tool has also been discovered to be vulnerable to a serious privacy problem known as “acropalypse,” which enables users to partially recover content that has been cut out of an image. David Buchanan and Simon Aarons, two…

Read more →

In response to worries about the security of user data, Google has revealed that it has removed the Chinese social e-commerce app Pinduoduo from its Play Store. This action coincides with US tech firms’ growing worries about the security of…

Read more →

An important update came up where BreachForums has been officially taken down. Still, Baphomet, the current BreachForums administrator, stressed that “it’s not the end” in an abrupt change of events on March 21, 2023. Baphomet stated in a post on…

Read more →

A notice has been issued by the National Basketball Association (NBA) to inform its fans about a data breach incident that resulted in the theft of certain personal information. An email titled “Notice of Cybersecurity Incident” to an unspecified number…

Read more →

Ferrari, a luxury automaker, admitted a data leak after hackers demanded a ransom. The event occurred last month, and the company is cooperating with law police to investigate. The Italian automaker said in a statement that the breach only involved…

Read more →

This report shares key findings from the Mandiant zero-day exploitation investigation of 2022. A zero-day vulnerability, according to Mandiant, is one that was used in the real world before a fix was made available. Focusing on zero-day exploits used by…

Read more →

The Play ransomware group’s campaign, the most recent in a succession of strikes on the shipping sector, was proven to have affected the Dutch marine transport company Royal Dirkzwager. The company’s CEO, Joan Blaas, who acquired it in October after…

Read more →

Conor Brian Fitzpatrick, a 26-year-old native of New York, has been detained by the Federal Bureau of Investigation (FBI) for running BreachForums. Hackers sell their stolen data and confidential information on this notorious cybercrime forum. Charges of computer crime, identity…

Read more →

We rely primarily on technology to protect our sensitive data, including financial information, personal information, and corporate secrets, in the extremely digital world we live in today. Our personal and sensitive information is vulnerable to being obtained by evil people…

Read more →

A data breach at Independent Living Systems (ILS), a Miami-based supplier of healthcare administration and managed care solutions, exposed 4,226,508 people’s data. This year’s largest revealed healthcare data breach, according to the number of affected individuals. ILS owns and manages…

Read more →

In response to international cybersecurity concerns, New Zealand has banned the video-sharing app Tiktok on any before the end of this month, gadgets with access to its parliament until. This makes New Zealand the most recent government to place limitations…

Read more →

The European and U.S. authorities recently revealed that ChipMixer, a darknet cryptocurrency “mixing” service, had been taken down in a coordinated international operation. Between 2017 and till date, ChipMixer has been implicated in laundering more than $3 billion in cryptocurrencies for…

Read more →

On Tuesday, Microsoft released a sizable number of software security updates and published advisories for two zero-day vulnerabilities that still threaten Windows OS users. The software giant from Redmond, Washington, released patches for at least 80 Windows problems and specifically…

Read more →

The potential total financial damages as a result of cybercrime in 2022 increased from $6.9 billion in 2021 to roughly $10.2 billion, with a little reduction in the number of complaints made to the FBI. This information is only one…

Read more →

Cybercriminals are constantly improving their phishing attacks by implementing new strategies and techniques. In an effort to deceive victims, get around security controls, and stay undetected. Phishing is a form of social engineering assault that is frequently employed to obtain…

Read more →

In today’s digital world, businesses face various cybersecurity threats, including malware, hacking, and phishing scams. Insider threats, unfortunately, are widely ignored. These threats could emerge from former or present staff members, professionals, or affiliates with access to sensitive company data.…

Read more →

Prosecutors accused two young American men of breaking into a DEA portal in 2022 yesterday. Given that the portal was connected to the databases of 16 federal law enforcement organizations, the breach offered the criminals access to sensitive data. The…

Read more →

The secure file transfer platform Fortra GoAnywhere has a zero-day vulnerability that was used to steal data, according to cybersecurity company Rubrik. The company stated that it had been the target of a widespread attack employing a zero-day vulnerability targeting…

Read more →

The UK security minister Tom Tugendhat, the National Cyber Security Centre in the UK, is examining whether or not the Chinese-owned video app TikTok ought to be prohibited from being used on official cell phones. Because of concerns that user…

Read more →

Since June 2022, a new threat actor named “YoroTrooper” has been conducting cyberespionage operations against governments and energy companies in CIS nations. According to Cisco Talos, the World Intellectual Property Organization (WIPO), several European embassies, and a crucial European Union…

Read more →

In the most recent flash loan attack to strike the sector, hackers reportedly stole $197 million in cryptocurrencies from the decentralized finance (DeFi) platform Euler Finance. Euler finance Labs did not answer requests for comment, but the attack was acknowledged…

Read more →

Zoll Medical, a medical technology developer, recently announced that it had suffered a data breach. The company said that the breach was detected at the end of January when it found some unusual activity on its internal network. After investigation,…

Read more →

AI in cybersecurity positively affects the rapid evolution of technology, and the threat landscape for cyber-attacks has increased. Cybercriminals are developing increasingly complex attacks, making it increasingly difficult for businesses to keep up with their security measures. This is where…

Read more →

In the AT&T data breach, nine million user accounts were compromised after a third-party marketing partner was breached. As a result of the breach, customer data, including first names, account numbers, phone numbers, and email addresses, were exposed. Nonetheless, the…

Read more →

Exotic Lily is known as PROJECTOR LIBRA and TA580, which is an initial access broker (IAB). Since its start, the threat actor has been well-known in the dark web due to its connections to Diavol and Conti, two ransomware outfits.…

Read more →

Do you need help keeping up with governance, risk, and compliance (GRC) requirements? With the increasing regulatory demands, managing and mitigating risks and ensuring compliance can be difficult for any organization. But GRC is super important for keeping things ethical,…

Read more →

To settle their charges, Blackbaud has agreed to pay $3 million. The Securities and Exchange Commission (SEC) accused Blackbaud of failing to fully disclose the effects of a 2020 ransomware assault that affected more than 13,000 customers.  Many organizations, including those…

Read more →

A new automatic transfer system (ATS) framework and the capacity to steal login information for 400 banks are two of the main capabilities added to the Xenomorph Android virus in this new iteration. ThreatFabric found the initial iteration in February…

Read more →

Sharp Panda’s new “SoulSearcher” malware framework is targeting high-profile government agencies in Vietnam, Thailand, and Indonesia. Chinese APTs used the virus to spy on vital Southeast Asian organizations. Check Point found a spear-phishing-based malware campaign that started in late 2022…

Read more →

After seizing the website and bringing down the infrastructure used by criminals connected to the NetWire remote access malware, international law enforcement authorities have declared another triumph over cybercriminals (RAT). A guy who allegedly ran the worldwiredlabs website, which has…

Read more →

Since the release of ChatGPT, the cybersecurity company Darktrace has issued a warning, claiming that a rise in criminals utilizing artificial intelligence to craft more intricate schemes to defraud employees and hack into organizations has been observed. The Cambridge-based corporation…

Read more →