Tag: CySecurity News – Latest Information Security and Hacking Incidents

  < p style=”text-align: justify;”>The CrowdStrike outage in July 2024 exposed significant weaknesses in global IT supply chains, raising concerns about their resilience and dependence on major providers. The disruption caused widespread impact across critical sectors, including healthcare, transportation, banking,…

Read more →

The latest research has found a sharp rise in suspicious email activities and a change in attack tactics. If you are someone who communicates via email regularly, keep a lookout for malicious or unusual activities, it might be a scam.…

Read more →

  AT&T has confirmed being targeted in the Salt Typhoon hacking attack, a cyber operation suspected to involve China. Despite the attack, the telecommunications giant assured customers that its networks remain secure. In a statement, AT&T revealed that hackers aimed…

Read more →

  The Reserve Bank of India (RBI) has revealed a significant rise in bank fraud cases during the first half of the current fiscal year. According to the Report on Trend and Progress of Banking in India 2023-24, fraud cases…

Read more →

  In a proposal posted on Friday in the Federal Register, the Office for Civil Rights of the US Department of Health and Human Services (HHS) outlined several new requirements that could improve the cybersecurity practices of healthcare organizations. The…

Read more →

  Palo Alto Networks has issued a warning about the active exploitation of the CVE-2024-3393 denial of service (DoS) vulnerability, which attackers are using to compromise firewall defenses by triggering device reboots. Repeated exploitation of this vulnerability forces the firewall…

Read more →

  Ransomware is a type of malicious software designed to block access to files until a ransom is paid. Over the past 35 years, it has evolved from simple attacks into a global billion-dollar industry. In 2023 alone, ransomware victims…

Read more →

  < p style=”text-align: justify;”>In October 2024, General Dynamics (GD), a prominent name in aerospace and defense, confirmed a data breach impacting employee benefits accounts. The breach, detected on October 10, affected 37 individuals, including two residents of Maine. Attackers…

Read more →

  < p style=”text-align: justify;”>For tech enthusiasts and environmentalists in the European Union (EU), December 28, 2024, marked a major turning point as USB-C officially became the required standard for electronic gadgets. The new policy mandates that phones, tablets, cameras,…

Read more →

Hackers compromised Cyberhaven’s Chrome extension in a suspected supply-chain attack, publishing a malicious update capable of stealing customer passwords and session tokens. The attack raised serious concerns about the security of widely-used browser extensions. Cyberhaven, a data-loss prevention startup, confirmed…

Read more →

  < p style=”text-align: justify;”>In September 2024, American Addiction Centers (AAC) experienced a significant cyberattack that exposed the personal and health-related information of 422,424 individuals. The breach involved sensitive data such as Social Security numbers and health insurance details, prompting…

Read more →

  Hackers associated with North Korea have taken cyber theft to a record-breaking level in 2024, stealing $1.8 billion in cryptocurrency. According to a detailed report by blockchain analytics firm Chainalysis, this highlights the growing sophistication of these attackers and…

Read more →

  < p style=”text-align: justify;”>According to VulnCheck, a critical vulnerability identified as CVE-2024-12856 has been discovered in Four-Faith industrial routers, specifically affecting the F3x24 and F3x36 models, as well as users’ machines. Evidence suggests active exploitation of this vulnerability in…

Read more →

< p style=”text-align: justify;”>Cybersecurity researchers are raising alarms over the misuse of large language models (LLMs) by cybercriminals to create new variants of malicious JavaScript at scale. A report from Palo Alto Networks Unit 42 highlights how LLMs, while not…

Read more →

  A novel two-step phishing strategy is targeting Microsoft Visio files (.vsdx) and SharePoint, signaling a new trend in cyber deception, according to experts. Researchers at Perception Point have noted a significant rise in attacks leveraging these previously uncommon .vsdx…

Read more →

  Cybercriminals on the dark web have developed new ways to exploit identity verification systems. Rather than hacking or stealing personal information, they are purchasing it directly from individuals, as revealed by security researchers at iProov. This approach allows them…

Read more →

  South Korea has announced sanctions against 15 North Korean nationals and the Chosun Geumjeong Economic Information Technology Exchange Corporation for orchestrating schemes that finance North Korea’s nuclear weapons and missile programs. These measures target a global network involved in…

Read more →

  The North Korean hackers behind the ongoing Contagious Interview campaign have been observed launching a new JavaScript malware named OtterCookie.  The campaign includes social engineering techniques, with the hacker team frequently posing as recruiters to trick job seekers into…

Read more →

  A malware attack on the European Space Agency’s official web shop revealed that the application was hacked by loading a JavaScript script that generated a fake Stripe payment page at checkout. With an annual budget of more than 10…

Read more →

  Zelle has become a popular choice for online money transfers due to its simplicity, zero fees, and support from over 1,700 banks. However, since its launch in June 2017, the peer-to-peer payment service has been plagued by fraud. On…

Read more →

  The Q3 2024 Threat Report from Gen unveils a concerning rise in the sophistication of cyber threats, shedding light on how artificial intelligence (AI) is both a tool for attackers and defenders.  As cybercriminals evolve their tactics, the line…

Read more →

  A distributed denial-of-service (DDoS) attack targets a VoIP server by overwhelming it with phony user requests. This excessive traffic can exceed the network’s capacity, causing service disruptions and making genuine user requests unprocessable. Online criminals exploit these attacks to…

Read more →

  In October 2024, Interlock claimed to have attacked several organizations, including Wayne County, Michigan, which is known for its cyberattacks. Ransomware is characterized by the fact that the encrypted data is encrypted by an encryptor specifically designed for the…

Read more →

  A huge data security breach has come to light, with the data platform Builder.ai. It’s a service that lets organizations build their own proprietary, custom software applications, which don’t need heavy programming. According to a blog post by a…

Read more →

  A joint alert from the FBI, the Department of Defense (D.O.D.) Cyber Crime Center and the National Police Agency of Japan reveal that a North Korean threat group carried out a significant cryptocurrency theft from Japan’s crypto firm DMM…

Read more →

  The Cybersecurity and Infrastructure Security Agency (CISA) issued updated recommendations in December 2024 aimed at enhancing mobile phone cybersecurity. Following a significant hack involving major U.S. telecom companies like AT&T, Verizon, and Lumen Technologies, these guidelines focus on adopting…

Read more →

  As technology advances at an unprecedented rate, the recent unveiling of Willow, Google’s quantum computing device, ushers in a new age for startups. Willow’s unprecedented computing capabilities—105 qubits, roughly double those of its predecessor, Sycamore—allow it to accomplish jobs…

Read more →

  The ethos of the tech industry for a long time has always been that there is no shortage of data, and that is a good thing. Recent patents from IBM and Intel demonstrate that the concept of data minimization…

Read more →

Healthcare industry giant Ascension has broken the silence and revealed more sensitive information concerning the recent hack in June. Through a worker opening a suspicious file without even knowing the malware was actually very harmful to download, it gave room…

Read more →

  Approximately 75% of ransomware attacks on the healthcare sector over the past year occurred during weekends or holidays, highlighting the urgency for organizations to strengthen their staffing and security measures during these high-risk periods. Jeff Wichman, director of incident…

Read more →

  In the age of rapidly evolving artificial intelligence (AI), a new breed of frauds has emerged, posing enormous risks to companies and their clients. AI-powered impersonations, capable of generating highly realistic voice and visual content, have become a major…

Read more →

  < p style=”text-align: justify;”> In today’s complex digital landscape, the role of human expertise in cybersecurity remains indispensable. Two pivotal approaches — human-led security testing and human-centric cybersecurity (HCC) — have gained prominence, each contributing distinct strengths. However, these…

Read more →

Three severe SQL injection vulnerabilities have been identified in specific Amazon Redshift drivers, posing a significant risk of privilege escalation and data compromise. The vulnerabilities, labeled as CVE-2024-12744, CVE-2024-12745, and CVE-2024-12746, each hold a CVSS severity score of 8.0, emphasizing…

Read more →

  Botnet attacks exploit a command-and-control model, enabling hackers to control infected devices, often referred to as “zombie bots,” remotely. The strength of such an attack depends on the number of devices compromised by the hacker’s malware, making botnets a…

Read more →

  In today’s tech-driven world, scams have become increasingly sophisticated, fueled by advancements in artificial intelligence (AI) and deepfake technology. Falling victim to these scams can result in severe financial, social, and emotional consequences. Over the past year alone, cybercrime…

Read more →

  A new research published earlier this week by Fortinet Inc.’s FortiGuard Labs warns of two newly found malicious Python packages that indicate a major threat of credential theft, data exfiltration, and unauthorised system access. The first flaw, Zebo-0.1.0, was…

Read more →

  While phishing scams are on the rise over the holiday period, the FBI has reminded Gmail, Outlook, Apple Mail, and other services users to be more alert. More phishing schemes are becoming common as criminals use the festive season…

Read more →

  AI models are like babies: continuous growth spurts make them more fussy and needy. As the AI race heats up, frontrunners such as OpenAI, Google, and Microsoft are throwing billions at massive foundational AI models comprising hundreds of billions…

Read more →

  A Cybernews research team discovered a huge exposed data server on June 25th. The server contained 3GB of personal information and telemetry from iPhones equipped with an app known as “Home V.” According to the log samples, the data…

Read more →

  A Bengaluru software engineer recently fell victim to a complex cyber scam, losing ₹11.8 crore in just 18 days. The incident highlights the growing sophistication of cybercrimes in India, particularly in tech hubs like Bengaluru. The victim, whose identity…

Read more →

  The Clop ransomware gang has intensified its extortion tactics following a data theft attack targeting Cleo software. On its dark web portal, the group revealed that 66 companies have been given 48 hours to meet their ransom demands. According…

Read more →

  The infamous LockBit ransomware group has announced its return with the upcoming release of LockBit 4.0, set for February 2025. This marks a big moment for the group, which has had major setbacks over the last year. A global…

Read more →

  The ransomware epidemic may have been stopped by recent law enforcement operations that disrupted attack infrastructure, led to the arrest of cybercriminals, and broke up some threat groups, but this would be wrong as well. A recent study on…

Read more →

  Chainalysis, a blockchain analytics company that provides data analysis on the blockchain ecosystem, has reported that the volume of compromised crypto funds and the number of hacking incidents are set to rise in 2024. The report states that the…

Read more →

  Big Mama VPN, a free virtual private network app, is drawing scrutiny for its involvement in both legitimate and questionable online activities. The app, popular among Android users with over a million downloads, provides a free VPN service while…

Read more →

  When Microsoft launched Windows 11 in 2021, it introduced a strict hardware compatibility requirement, including the necessity for a Trusted Platform Module (TPM) that adheres to the TPM 2.0 standard. A TPM is a secure cryptoprocessor designed to manage…

Read more →

  ‘BMI CalculationVsn’ is a malicious Android spyware app that was identified on the Amazon Appstore. It poses as a simple health tool while covertly harvesting data from compromised devices.  Cybersecurity researchers from McAfee Labs discovered the app and notified…

Read more →

  < p style=”text-align: justify;”>For those who are concerned about privacy, Proton has announced an end-to-end encrypted document editor intended to be a viable alternative to Microsoft Word and Google Docs. This application, released on Wednesday by the Swiss software…

Read more →

  < p style=”text-align: justify;”>Mobile phishing attacks have continued to advance, targeting corporate executives. A report from mobile security firm Zimperium describes these attacks as highly sophisticated means of exploiting mobile devices. Thus, there is an emerging need for awareness…

Read more →

  A sophisticated phishing email campaign has emerged, targeting cryptocurrency users by impersonating Ledger, a prominent hardware wallet provider. These fraudulent emails claim that the recipient’s Ledger wallet seed phrase — also known as a recovery or mnemonic seed —…

Read more →

Artificial intelligence (AI) is rapidly transforming the world, and by 2025, its growth is set to reach new heights. While the advancements in AI promise to reshape industries and improve daily lives, they also bring a series of challenges that…

Read more →

  Juniper Networks has issued a warning about a vulnerability in its Session Smart Routers, emphasizing the risk of Mirai malware infection if factory-set passwords are not changed. Starting December 11, the company began receiving reports from customers about “suspicious…

Read more →

  < p style=”text-align: justify;”> Ledger users are once again in the crosshairs of phishing attacks as hackers employ increasingly advanced tactics to steal crypto assets. The latest campaigns involve fake emails crafted to deceive users into revealing their secret…

Read more →

  Privacy concerns have grown as more of our private data is being gathered online. We share intimate details with just a few clicks. The majority of people, however, are ignorant of how extensively their data is shared.  Behind the…

Read more →

< p style=”text-align: justify;”> A significant credit card breach has been uncovered, threatening to disrupt holiday shopping for millions of Americans. The breach stems from an Amazon Web Services (AWS) S3 bucket left unsecured online, which contained sensitive customer data,…

Read more →

  The journey of building a business is an exhilarating experience, whether it’s a startup taking its first steps, a small-to-medium business (SMB) scaling new heights, or an enterprise striving for sustained growth. However, regardless of the size or stage,…

Read more →

  < p style=”text-align: justify;”> As the holiday shopping season peaks, cybercriminals are taking advantage of the increased online activity through fake delivery text scams. Disguised as urgent notifications from couriers like USPS and FedEx, these scams aim to steal…

Read more →

  < p style=”text-align: justify;”> Thousands of SonicWall network security devices are currently exposed to severe vulnerabilities, with over 20,000 running outdated firmware that no longer receives vendor support. This puts countless organizations at risk of unauthorized access and potential…

Read more →

  Cybercriminals are using a complex phishing scam to target the owners of YouTube channels and their teams, thus exposing the accounts and personal information to severe threats. According to cybersecurity experts, a report was released on how the attackers…

Read more →

  There has been an announcement of a new technique for bypassing key security protections used in AMD chips to gain access to the clients of those services. Researchers believe that hackers will be able to spy on clients through…

Read more →

  Amnesty International researchers discovered an Android zero-day bug that was exploited to silently disseminate custom surveillance spyware targeting Serbian journalists. The probe has traced the technology to Cellebrite, an Israeli forensics vendor. In a technical report published earlier this…

Read more →

  For the past year, a cyberattack campaign has been targeting security professionals, including red teamers, penetration testers, and researchers, infecting their systems with malware. The malicious software has been used to steal WordPress credentials and sensitive data while also…

Read more →

  < p style=”text-align: justify;”> The Chinese state-sponsored hacking group Salt Typhoon has been implicated in one of the most severe breaches in U.S. telecommunications history. Sensitive information, including call logs, timestamps, phone numbers, and location data, was compromised across…

Read more →

  < p style=”text-align: justify;”>The FBI has issued a warning to Apple and Android device users regarding potential vulnerabilities in Rich Communication Services (RCS). While RCS was designed to replace traditional SMS with enhanced features, a critical security flaw has…

Read more →

  In the past few months, researchers at a Chinese cybersecurity firm have been responsible for the discovery of an advanced PHP backdoor that supports Winnti, a group linked to Chinese cybercrime that is launching increasingly sophisticated attacks. Research has…

Read more →

  The US Cybersecurity and Infrastructure Security Agency (CISA) released a comprehensive guide on Wednesday to help individuals in highly targeted positions protect their mobile communications from malicious actors. This move follows a series of sophisticated telecom hacks that impacted…

Read more →

  Colorado is on track to suffer even greater financial losses from scams by the end of 2024 compared to the nearly $100 million stolen in 2023. According to the Colorado Attorney General’s Office, the rapid integration of artificial intelligence…

Read more →

  Chamath Palihapitiya, CEO of Social Capital, has raised alarms over Bitcoin’s future security, cautioning that its SHA-256 encryption may become vulnerable within the next two to five years. Speaking on the All-In Podcast, he highlighted rapid advancements in quantum…

Read more →

  Ransomware attacks are becoming increasingly sophisticated and widespread, posing significant risks to organizations worldwide. A recent report by Object First highlights critical vulnerabilities in current backup practices and underscores the urgency of adopting modern solutions to safeguard essential data.…

Read more →

  < p style=”text-align: justify;”>Earlier this week, Germany’s cybersecurity office issued a warning about at least 30,000 internet-connected devices across the nation being compromised by pre-installed malware known as BadBox. The Federal Office for Information Security (BSI) announced that it…

Read more →

  Blue Yonder, a leading provider of supply chain solutions, is making steady progress in recovering from a ransomware attack that disrupted services for several of its clients. On November 21, the company was targeted by a ransomware attack that…

Read more →

  < p style=”text-align: justify;”>Cybercriminals have recently targeted the Dubai Police in an elaborate impersonation scam aimed at defrauding unsuspecting individuals in the UAE. Thousands of phishing text messages, pretending to be from law enforcement, were sent to trick recipients…

Read more →

  A team of researchers has demonstrated that it is possible to steal an artificial intelligence (AI) model without actually gaining access to the device that is running the model. The uniqueness of the technique lies in the fact that…

Read more →

  Rhode Island officials have issued an urgent advisory for residents to take immediate precautions following a significant cyberattack on the state government. Authorities are warning that private data, including Social Security and bank account details, may soon be exposed…

Read more →

  < p style=”text-align: justify;”>The evolving threat landscape continues to present new challenges, with NCC Group’s latest Threat Pulse report uncovering the emergence of Ymir ransomware. This new ransomware strain showcases the growing collaboration among cybercriminals to execute highly sophisticated…

Read more →

  A concerning cybersecurity issue has surfaced in Germany, where investigators uncovered that nearly 30,000 Android devices were sold with preinstalled malware. The malware, dubbed “BadBox,” resides in the device firmware and affects various internet-enabled devices, including digital picture frames…

Read more →

  It has recently been reported by a leading media outlet that more than 11 million Android devices have been infected with malicious software known as the Necro Trojan, which has crept into phones and tablets through unofficially modified applications,…

Read more →

  < p style=”text-align: justify;”> The cryptocurrency market reached a historic milestone this week as Bitcoin closed above $100,000 for the first time in history. This marks a defining moment, reflecting both market optimism and growing investor confidence. Despite reaching…

Read more →

  < p style=”text-align: justify;”>The U.S. Justice Department announced on Thursday the successful seizure and dismantling of Rydox, a notorious online marketplace for trafficking stolen personal information and cybercrime tools. In a coordinated operation with international law enforcement agencies, three…

Read more →

  Bengaluru has witnessed a significant drop in traditional cybercrimes like One-Time Password (OTP) scams and phishing, but more advanced and sophisticated scams, such as digital arrest fraud and stock investment schemes, have been on the rise. Data obtained by…

Read more →

  < p style=”text-align: justify;”>As the Christmas season approaches, millions of U.S. citizens could face a potential holiday nightmare after a major data breach exposed 5 million unique credit and debit card details online. The leak threatens to compromise countless…

Read more →

  According to the researchers from the Elastic Security Lab, a new rootkit called PUMAKIT can perform various advanced evasion mechanisms. When Elastic Security researchers discovered PUMAKIT while routinely hunting for threats on VirusTotal, they described it as PUMAKIT. Many…

Read more →

  A newly identified malware, IOCONTROL, is causing widespread alarm as it targets critical infrastructure in Israel and the United States. Developed by Iranian hackers, IOCONTROL is specifically designed to attack Internet of Things (IoT) devices and operational technology (OT)…

Read more →

  < p style=”text-align: justify;”>Citrix, a business unit of Cloud Software Group, has acquired DeviceTrust and Strong Network to enhance the functionality of its platform. These acquisitions enable Citrix to offer more comprehensive access management and security solutions, expanding its…

Read more →

  Hackers are actively exploiting a serious security vulnerability in the “Hunk Companion” plugin to install and activate other plugins that contain known vulnerabilities from the WordPress.org repository. This targeted attack allows the installation of plugins with a variety of…

Read more →

  < p style=”text-align: justify;”>A critical security vulnerability has been discovered in Cleo’s popular file-sharing tools, including Cleo Integration Cloud, Cleo Harmony, and Cleo VLTrader. This flaw puts businesses and users at significant risk of cyberattacks, prompting cybersecurity experts to…

Read more →

  < p style=”text-align: justify;”>MITRE Corporation has published its findings from the latest round of ATT&CK evaluations, offering important insights into the effectiveness of enterprise cybersecurity solutions. This sixth evaluation assessed 19 vendors against two major ransomware strains, Cl0p and…

Read more →

  A serious flaw has been found in three widely used file-sharing tools, putting several organizations at risk of security breaches. The three tools affected, LexiCom, VLTransfer, and Harmony, are all developed by Cleo, a company focused on managed file…

Read more →

  A recent report by Group-IB has exposed a highly advanced phishing campaign targeting employees from 30 companies across 15 jurisdictions. Using trusted domains and cutting-edge personalization techniques, attackers have bypassed Secure Email Gateways (SEGs) and exploited victims in critical…

Read more →

  < p style=”text-align: justify;”>Cleo Communications’ file transfer software is under active attack, with security researchers from Huntress revealing that a recently issued patch fails to address the critical flaws being exploited. This ongoing vulnerability poses a significant threat to…

Read more →

  Earlier this month, Google CEO Sundar Pichai announced the creation of their new quantum computing chips called “Willow“, which caused a few ripples in the Bitcoin investment community, but also caused some skepticism among Bitcoin skeptics due to the…

Read more →

  < p style=”text-align: justify;”>While cybercriminals often target adults for their valuable financial and personal information, children are not exempt from these risks. This was made evident by a recent data breach involving health IT company Datavant, which exposed sensitive…

Read more →

  < p style=”text-align: justify;”> Fortinet, a global leader in cybersecurity with a market valuation of approximately $75 billion, has acquired Israeli company Perception Point to bolster its email and collaboration security capabilities. While the financial terms of the deal…

Read more →

  < p style=”text-align: justify;”>Blue Yonder, a prominent supply chain software provider used by major U.S. grocery chains like Safeway and Fred Meyer, is investigating a significant cyberattack. The ransomware group Termite has claimed responsibility, threatening to publish 680 gigabytes…

Read more →

  Misconfigured cloud instances have once again enabled cybercriminals to steal sensitive data, including credentials, API keys, and proprietary source code. This time, numerous Amazon Web Services (AWS) users fell victim, highlighting a lack of understanding regarding the shared responsibility…

Read more →

  < p style=”text-align: justify;”>The evolving relationship between travel and data privacy is sparking significant debate among travellers and experts. A recent Spanish regulation requiring hotels and Airbnb hosts to collect personal guest data has particularly drawn criticism, with some…

Read more →

  Google has made a significant stride in quantum computing with the announcement of its latest chip, named “Willow.” According to Google, this advanced chip can solve problems in just five minutes that would take the most powerful supercomputers on…

Read more →

  The Romanian National Cybersecurity Directorate (DNSC) has confirmed that the Lynx ransomware gang successfully breached Electrica Group, a leading electricity supplier in Romania. About Electrica Group Electrica Group, initially part of the National Electricity Company (CONEL) in 1998, became…

Read more →

  Mandiant researchers have discovered an innovative method to circumvent browser isolation technology by leveraging QR codes to establish command-and-control (C2) operations. This finding highlights potential vulnerabilities in existing web browser security measures. Understanding Browser Isolation Browser isolation is a…

Read more →

  In today’s tech-driven world, charging cables are indispensable. However, recent findings about compromised USB-C cables have highlighted significant risks associated with third-party accessories. Security experts warn that hackers can embed tiny computers within ordinary-looking cables, transforming them into tools…

Read more →