Tag: CySecurity News – Latest Information Security and Hacking Incidents

  Securing an account with only a username and password is insufficient because these can be easily stolen, guessed, or cracked. Therefore, two-factor authentication (2FA) is recommended for securing important accounts and has been a mandatory requirement for online banking…

Read more →

  Security experts recommend all Veeam Backup & Replication software customers to upgrade their software immediately to address a critical, remotely exploitable vulnerability. Veeam first revealed the flaw, dubbed CVE-2024-40711, on Thursday, when it issued fixes to address 18 vulnerabilities…

Read more →

  Several predictions have pointed out that 2024 will not only be an election year but also a year of civil rights. Security has identified an increasing trend of malicious cyber activity aimed at imperilling sovereign elections around the world…

Read more →

  In the latest ransomware attack, operators have started using a critical bug in SonicWall SonicOS firewall devices as an entry point for compromising business networks. The vulnerability, identified as CVE-2024-40766, is from the management access interface of the firewall…

Read more →

  When Microsoft launched Windows 11 in 2021, the new operating system came with a stringent hardware requirement: the presence of a Trusted Platform Module (TPM), specifically one that meets the TPM 2.0 standard. A TPM is a secure cryptoprocessor…

Read more →

What is Hacktivism? Hacktivism, a blend of hacking and activism, has become a major threat in the digital landscape. Hacktivists are driven by political, religious, and social aims, they use different strategies to achieve their goals, and their primary targets…

Read more →

  Security experts discovered a flaw in a critical air transport security system, allowing unauthorised personnel to possibly bypass airport security screenings and get access to aircraft cockpits. Researchers Ian Carroll and Sam Curry uncovered the security vulnerability in FlyCASS,…

Read more →

As ongoing developments in the realms of artificial intelligence and machine learning take place at a dynamic rate, yet another new form of attack is emerging, one which can topple all those systems we use today without much ado: data…

Read more →

  Over 400,000 customers of Avis, a prominent car rental company known for its presence at U.S. airports, have had their personal data compromised in a recent cybersecurity breach. The company revealed the incident to the public on Monday, stating…

Read more →

  There is an ominous growth in Bitcoin ATMs across the United States, and some experts have claimed they are also one of the biggest cybercrime threats to the country. As with other ATMs, Bitcoin ATMs share a few characteristics with…

Read more →

  Payment processor Slim CD has reported a data breach that exposed the credit card and personal information of nearly 1.7 million people. According to a notification sent to those affected, the company revealed that unauthorized access to its network…

Read more →

Malware Using OCR to Steal Crypto Keys Cybersecurity experts have found a new malware threat that lures users into downloading a malicious app to grow. An advanced malware strain campaign has surfaced from North Korea, it attacks cryptocurrency wallets by…

Read more →

  The Pegasus scandal broke into the public eye three years ago and has been widely reported in the media ever since. Yet, the surveillance industry has not been fixed. On the contrary, the spyware problem seems to worsen as…

Read more →

  In July, Disney experienced a significant data breach that exposed far more than initially reported, compromising a wide array of sensitive information. While early reports focused on stolen Slack messages, it has since been revealed that the breach extended…

Read more →

  A previously unknown threat actor with possible ties to Chinese-speaking groups has primarily targeted drone makers in Taiwan as part of a cyber attack operation that started in 2024. Trend Micro is tracking the adversary under the codename TIDRONE,…

Read more →

  One of Russia’s leading pro-democracy groups, the Free Russia Foundation, announced on Friday that it is investigating a potential cyberattack following the online leak of thousands of emails and documents related to its operations. On Thursday, the Telegram channel…

Read more →

In recent times, Artificial Intelligence (AI) has offered various perks across industries. But, as with any powerful tool, threat actors are trying to use it for malicious reasons. Researchers suggest that the underground market for illicit large language models is…

Read more →

  A malware framework named DarkCracks has been identified by cybersecurity experts from QiAnXin. This newly discovered threat takes advantage of weaknesses in GLPI, an IT asset management system, and WordPress websites. DarkCracks has raised alarm due to its ability…

Read more →

  Malvertising, the practice of using online ads for malicious purposes, is on the rise, with incidents in the U.S. spiking by 42 per cent in fall 2023, according to cybersecurity firm Malwarebytes. Hackers are leveraging increasingly sophisticated techniques to…

Read more →

  In early August 2024, cybercriminals launched a ransomware attack on a mid-sized financial firm using compromised VPN credentials, deploying the “Fog” ransomware variant on both Windows and Linux endpoints. However, Adlumin’s cutting-edge technology successfully stopped the attack by employing…

Read more →

  Continuous Threat Exposure Management (CTEM) represents a significant shift in cybersecurity strategy, moving beyond the limitations of traditional vulnerability management. In an era where data breaches and ransomware attacks remain prevalent despite substantial cybersecurity investments, CTEM offers a comprehensive…

Read more →

  The Indian hacker outfit CyberVolk, which is a relatively new player in the cybercrime arena, has made headlines with its sophisticated ransomware. CyberVolk Ransomware, discovered in July 2024, has quickly gained attention for its sophisticated features and quick progress. …

Read more →

Credit card security has always been a challenge for users, as hackers try innovative ways to lure the victims. In a massive data breach, payment gateway provider Slim CD (it offers payment processing services for both online and offline merchants)…

Read more →

  A report published recently by the Cybersecurity and Infrastructure Security Agency (CISA) warned about two new ICS vulnerabilities found in products widely used in healthcare, critical manufacturing, and other sectors susceptible to cybercrime activity. Among the affected products are…

Read more →

The UK Competition and Markets Authority (CMA) has provisionally found that Google has been abusing its dominant position in the online advertising technology market. This finding could have far-reaching implications for the digital advertising ecosystem, affecting thousands of publishers and…

Read more →

The Council of Europe has launched the first legally binding international treaty on artificial intelligence (AI) to align AI usage with the principles of human rights, democracy, and the rule of law. Known as the Framework Convention on Artificial Intelligence,…

Read more →

  Transport for London (TfL) recently confirmed that disabled passengers are the first group to feel the effects of a cyberattack that has hit their systems. This incident has severely impacted the Dial-a-Ride service, a specialised transport service designed for…

Read more →

  A novel mobile malware operation dubbed SpyAgent has surfaced targeting Android device users in South Korea. According to an investigation by McAfee Labs researcher SangRyol Ryu, the malware “targets mnemonic keys by scanning for images on your device that…

Read more →

  In August 2024, a mid-sized financial firm was targeted by a ransomware attack using compromised VPN credentials to deploy a variant called “Fog” on both Windows and Linux systems. Fortunately, the attack was detected and neutralized by Adlumin’s innovative…

Read more →

  In a recent release, the Apache OFBiz project developers have been working on a patch to fix a new critical flaw of software that can be exploited by unauthenticated attackers to execute arbitrary code on the server. Considering that…

Read more →

  Ransomware continues to be a critical threat to businesses worldwide, with a staggering 83% of organisations reporting they experienced at least one ransomware attack in the last year. Alarmingly, almost half of those affected (46%) faced four or more…

Read more →

An investigation by the Cyble Research and Intelligence Lab (CRIL) has uncovered a sophisticated cyberattack aimed at Malaysian political figures and government officials. Initiated in July 2024, the attack utilizes fake ISO files to deploy Babylon RAT, a dangerous malware…

Read more →

  Security experts have an in-depth knowledge of the technical tactics, techniques, and procedures (TTPs) that attackers employ to launch cyberattacks. They are also knowledgeable about critical defensive methods, such as prioritising patching based on risk and creating a zero-trust…

Read more →

Australia has proposed a set of 10 mandatory guardrails aimed at ensuring the safe and responsible use of AI, particularly in high-risk settings. This initiative is a significant step towards balancing innovation with ethical considerations and public safety. The Need…

Read more →

  It has been discovered that hackers can distribute malicious payloads easily and efficiently through the package repository on the PyPI website by using a simple and troublesome exploit. A JFrog security researcher has discovered a new supply chain attack…

Read more →

  At the TED Conference in Vancouver this year, the Radical Innovators foundation brought together over 60 of the world’s leading CHROs, CIOs, and founders to discuss how emerging technologies like AI and quantum computing can enhance our lives. Despite…

Read more →

  New research from Searchlight Cyber reveals a significant rise in ransomware groups, with 73 active groups identified in the first half of 2024, compared to 46 during the same period in 2023.  These findings suggest that while law enforcement…

Read more →

  Nowadays, keeping your internet behaviour private can seem impossible, especially if you torrent. This type of file sharing is strongly discouraged by both ISPs, which may throttle your internet connections if you are detected, and government organisations, which are…

Read more →

The healthcare sector has become an increasingly attractive target for cybercriminals. The latest victim in this alarming trend is Planned Parenthood of Montana, which recently fell prey to a ransomware attack by a group known as RansomHub. This incident not…

Read more →

  OpenStack’s Ironic project, which is used for provisioning bare metal machines, has been identified with a critical security flaw (CVE-2024-44082) that allows authenticated users to exploit unvalidated image data. This vulnerability impacts multiple versions of Ironic and the Ironic-Python-Agent…

Read more →

  A major security vulnerability has been uncovered in the LiteSpeed Cache plugin, used on over 5 million WordPress websites worldwide. The flaw, identified as CVE-2024-44000, was discovered by Rafie Muhammad, a security researcher at Patchstack. Rated with a CVSS…

Read more →

  There are now more than $10 trillion in annual cybercrime costs in the world, which speaks volumes about how quickly data breaches, ransomware attacks, and malicious disruption of business and government operations are growing in scale and scope. Cyber…

Read more →

  The Irish Data Protection Commission (DPC) recently took a decisive step against the tech giant X, resulting in the immediate suspension of its use of personal data from European Union (EU) and European Economic Area (EEA) users to train…

Read more →

  Halliburton, one of the world’s largest energy companies, has confirmed that it was the victim of a cyberattack. Hackers infiltrated the company’s systems and stole sensitive information. The attack occurred last week, and Halliburton is still determining the extent…

Read more →

  A new joint cybersecurity advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) has revealed updated details about the Iran-based cyber threat group known as…

Read more →

  Microchip Technology has acknowledged that employee information was stolen from vulnerable systems in an August incident. The Play ransomware group later claimed responsibility.  The chipmaker, headquartered in Chandler, Arizona, serves over 123,000 clients across a variety of industries, including…

Read more →

  The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has initiated a comprehensive campaign to secure the 2024 elections. This effort involves deploying specialized advisory teams across the nation and coordinating security exercises with federal, state, and…

Read more →

A new vulnerability has emerged that poses a significant threat to FIDO devices, particularly those using the Infineon SLE78 security microcontroller. Thomas Roche of Ninja Labs discovered the flaw. This vulnerability, dubbed “EUCLEAK,” has raised concerns among security experts and…

Read more →

  As a result of an attack by an unknown entity, some of the $234 million allegedly stolen from the WazirX exchange in one of India’s worst crypto hacks has already been laundered. This action occurred on the same day…

Read more →

  Cybersecurity firm Sophos X-Ops has exposed a significant ransomware breach by the Qilin group, which has introduced a new and highly concerning technique of stealing credentials stored in Google Chrome browsers on compromised systems. Qilin, active since at least…

Read more →

  Transport for London (TfL), which oversees much of the public transport network in England’s capital, is dealing with an ongoing “cyber security incident.”  The organization confirmed the situation yesterday, stating: “We are currently dealing with an ongoing cyber security…

Read more →

  A recent case has highlighted that ransomware threats can sometimes come from within an organisation. Daniel Rhyne, a 57-year-old IT administrator from Kansas City, Missouri, has been accused of holding his own company hostage by locking down their systems…

Read more →

Over the past decade, the role of Chief Information Security Officers (CISOs) has expanded significantly, reflecting cybersecurity’s growing importance in corporate governance and risk management. Once primarily responsible for managing firewalls and protecting data, CISOs now play a critical role…

Read more →

  Artificial intelligence is present everywhere. If it isn’t powering your online search results, it’s just a click away with your AI-enabled mouse. If it’s not helping you enhance your LinkedIn profile, it’s benefiting you at work. As AIs become…

Read more →

  It is believed that North Korean hackers have been able to use unpatched zero-day in Google Chrome (CVE-2024-7971) to install a rootkit called FudModule after gaining admin privileges by exploiting a kernel vulnerability in Microsoft Windows. An investigation by…

Read more →

  A wave of ransomware attacks across Southeast Asia during the first half of this year marks just the beginning of a larger trend. Companies and government agencies, particularly in countries like Thailand, Japan, South Korea, Singapore, Taiwan, and Indonesia,…

Read more →

  The arrest of Telegram creator and CEO Pavel Durov in France is beginning to have an influence on the app’s popularity and position. The founder was arrested last month for allegedly allowing illicit practices to thrive on the social…

Read more →

  In today’s rapidly advancing technological landscape, connectivity goes beyond being just a buzzword—it has become a strategic necessity for both businesses and national defense. As security threats grow more sophisticated, an integrated approach that combines technology, strategic planning, and…

Read more →

Telegram, a popular messaging app launched in 2013, has earned a reputation for its robust security features. This Dubai-based platform offers end-to-end encryption for video and voice calls and in its optional feature, Secret Chats. This encryption ensures that only…

Read more →

The flow of data across borders is often hampered by varying national regulations. One such challenge is China’s restrictive data export laws, which have left many international businesses grappling with compliance. The European Union (EU) is now stepping up efforts…

Read more →

  Artificial intelligence (AI) is proving to be a game-changer in healthcare by helping general practitioners (GPs) identify patients who are most at risk of developing conditions that could lead to severe heart problems. Researchers at the University of Leeds…

Read more →

  As an open-source, modular tool, Autre enables the automatic burn-in of deception hosts based on Windows system types. By using generative capabilities, this framework intends to reduce the complexity involved in orchestrating deception hosts on a large scale while…

Read more →

  The ransomware group Brain Cipher has claimed responsibility for a cyberattack on several French National Museums that took place during the Olympic Games earlier this month. The attack, which targeted institutions managed by the Réunion des Musées Nationaux –…

Read more →

  In June 2024, the Toronto District School Board (TDSB), Canada’s largest school board, suffered a ransomware attack that compromised the personal information of its students. The incident was first disclosed to the public on June 12, when the TDSB…

Read more →

  Warfare is no longer restricted to traditional battlefields; in the digital age, cyberspace has emerged as a new arena of conflict. Nations now engage in cyber battles using lines of code and advanced malware instead of conventional weapons. A…

Read more →

  Malware disguising itself as the authentic Palo Alto GlobalProtect Tool is employed by malicious actors to target Middle Eastern firms. This malware can steal data and run remote PowerShell commands to further penetrate company networks. A reliable security solution…

Read more →

  Due to the sophistication of cyber threats, cybercriminals target judicial systems more often, exposing significant vulnerabilities. Numerous attacks disrupt court operations and have broader implications, as they hurt employers who use public records to check their criminal records. Gaining…

Read more →

  Ransomware attacks pose a significant threat to hospitals across the United States, but rural hospitals and their patients are particularly vulnerable, according to a new study. The research, led by Hannah Neprash, an associate professor at the University of…

Read more →

  The Play ransomware group has claimed responsibility for last week’s cyberattack on the American semiconductor company Microchip Technology. On Tuesday, the group added Microchip Technology to its data leak site, as noted by multiple cybersecurity researchers. Play is notorious…

Read more →

  Fota Wildlife Park in East Cork has issued an urgent warning following a major cyberattack on its website, potentially compromising thousands of customers’ personal and financial details. The park advises those who made transactions on its website between May…

Read more →

  Proton, a company known for its commitment to privacy, has announced a paradigm altering update to its AI-powered email assistant, Proton Scribe. The tool, which helps users draft and proofread emails, is now available in eight additional languages: French,…

Read more →

  Cybercriminals appear to have an infinite repertoire of strategies at their disposal when it comes to forcefully extracting financial information from victims. They prefer specific methods over others, and extortion is one of them.  Keep in mind that blackmailers…

Read more →

  A ransomware attack on Abecha, the company managing Singapore’s Esso Corporate Fleet Discount Programme, may have compromised sensitive credit card information of its customers. Abecha discovered the breach on August 13 and notified affected customers on August 28. According…

Read more →

  The number of hacks that occur on Google, Gmail, and Amazon accounts keeps on rising, causing users to become anxious. By using phishing tactics, hackers are targeting users’ passwords for Gmail, Facebook, and Amazon through phishing campaigns that pose…

Read more →

Researchers at Fortinet’s FortiGuard Labs have uncovered a newly evolved variant of the Snake Keylogger, a type of malicious software notorious for capturing and recording everything a user types. Keyloggers are often used by cybercriminals to steal personal information, such…

Read more →

  Virtual Private Network (VPN) is a security tool that encrypts your internet connection and disguises your IP address. This is achieved by rerouting your data through an encrypted tunnel to one of the VPN’s servers. While the technical details…

Read more →

A recent report by Akami experts highlights a troubling trend: the exploitation of a five-year-old zero-day vulnerability in end-of-life IP cameras by the Corona Mirai-based malware botnet. This blog delves into the details of this issue, its implications, and the…

Read more →

  Some AT&T customers experienced a disruption in their wireless service earlier this week, which made it difficult for them to call 911 in an emergency.  It was rectified in a few hours, with the company blaming a software fault,…

Read more →

  A recent data breach involving the ServiceBridge platform, used for field service management, has exposed sensitive data belonging to millions of customers and businesses. Security researcher Jeremiah Fowler discovered that nearly 32 million files were left unprotected and accessible…

Read more →

  Alejandro Caceres, known online as P4x, recently revealed himself as the hacker who managed to take down North Korea’s internet for over a week. This feat, conducted entirely from his home in Florida, has drawn significant attention, and Caceres…

Read more →

  As a result of Proofpoint researchers’ research, in August 2024, they discovered an unusual campaign in which custom malware was being delivered by a novel attack chain. Cybercriminals are believed to have named the malware “Voldemort” based on the…

Read more →

  Simply accumulating more data in a family office does not directly translate into better decision-making. Without the necessary tools and mechanisms in place to process this information, it might have the opposite effect. It’s no secret that many family…

Read more →

Apple has launched an ad campaign urging over a billion iPhone users to stop using Google Chrome, citing privacy concerns. This campaign has sparked a heated debate between two tech giants, Apple and Google, over the best way to protect…

Read more →

Project Strawberry, initially known as Q*, has quickly become a focal point of excitement and discussion within the AI community. The project aims to revolutionize artificial intelligence by enhancing its self-learning and reasoning capabilities, crucial steps toward achieving Artificial General…

Read more →

  A Chinese cyber-espionage group, known as Volt Typhoon, has been exploiting a newly discovered security flaw in Versa Networks’ SD-WAN Director servers. This zero-day vulnerability, identified as CVE-2024-39717, has already been used to infiltrate several organizations. Given the seriousness…

Read more →

  It was observed during an incident response engagement handled by Unit 42, that the threat actor group Bling Libra (which was responsible for distributing ShinyHunters ransomware) had shifted from extortion to extortion of victims rather than its traditional tactic…

Read more →

  Telegram, a messaging app co-founded by Pavel Durov in 2013, has become one of the world’s largest communication platforms, with over 900 million users. The app’s dual nature has recently put it in the spotlight after Durov was arrested…

Read more →

  On April 10, 2024, a BlackSuit ransomware assault disclosed 954,177 personally identifiable information, forcing Young Consulting to send out data breach notifications.  Young Consulting (formerly Connexure) is an Atlanta-based software solutions provider that specialises in the employer stop-loss marketplace.…

Read more →

The European Union has taken a significant step forward with the introduction of the NIS2 Directive. This directive, which builds upon the original Network and Information Systems (NIS) Directive, aims to bolster cybersecurity across the EU by imposing stricter requirements…

Read more →

  Travel scams can turn a well-deserved vacation into a stressful ordeal, with numerous ways for scammers to exploit unsuspecting tourists. These scams have been around for years, but advancements in technology have made them more prevalent and sophisticated. According…

Read more →

  India is experiencing a rise in cyberattacks, particularly targeting its key sectors such as finance, government, manufacturing, and healthcare. This increase has prompted the Reserve Bank of India (RBI) to urge banks and financial institutions to strengthen their cybersecurity…

Read more →

  Researchers from Cisco have discovered that the BlackByte ransomware group is only disclosing a small portion of its successful attacks on its leak site this year. Talos, the company’s cybersecurity department, believes the gang is creating extortion posts for…

Read more →

  Snowflake Inc. recently faced a challenging earnings period marked by slowing growth and concerns following multiple cyberattacks. Despite being an AI data company with innovative technology, these events have impacted investor confidence, causing the stock price to retest recent…

Read more →

  In Oak Ridge, Tennessee, dozens of workers of the United States Air Force worked with hazardous waste, asbestos, and pipes while being tasked with the task of decontaminating and preparing the defunct nuclear facility for demolition during a hot…

Read more →

In today’s digital expanse, in some countries governments and corporations wield immense power, two remarkable projects—Bitcoin and Nostr—have emerged as champions of decentralization. Their stories are quite similiar, revealing their struggle for financial autonomy, censorship resistance, and individual empowerment. Bitcoin:…

Read more →

  The way technology keeps shifting its paradigm, the line between genuine interactions and digital deception is becoming increasingly difficult to distinguish. Today’s cybercriminals are leveraging the power of generative artificial intelligence (AI) to create more closely intricate and harder-to-detect…

Read more →

  In 2023, ransomware attacks saw a significant increase, jumping by 55% compared to the previous year. The number of reported victims climbed to 5,070. However, this statistic only scratches the surface of the issue. According to Statista, nearly 73%…

Read more →

  Researchers at the Georgia Institute of Technology, who have received over $1 billion in Defense Department contracts, are facing scrutiny for allegedly failing to secure their computers and servers, citing that doing so was too “burdensome.” Since 2013, the…

Read more →

  Ukrainian military intelligence agents operated a mass cyberattack on Russian Internet providers on August 24 that disrupted the online platforms of dozens of industrial facilities in Russia, according to a source with the Kyiv Independent, who was authorized to…

Read more →

  Sophisticated phone scams are becoming more common and more relentless. The numbers are mind-boggling. According to the FTC, impostor fraudsters cost US consumers $2.7 billion in 2023, and the figure is rising year after year.  These are merely the…

Read more →