Tag: CySecurity News – Latest Information Security and Hacking Incidents

  < p style=”text-align: justify;”>MITRE Corporation has published its findings from the latest round of ATT&CK evaluations, offering important insights into the effectiveness of enterprise cybersecurity solutions. This sixth evaluation assessed 19 vendors against two major ransomware strains, Cl0p and…

Read more →

  A serious flaw has been found in three widely used file-sharing tools, putting several organizations at risk of security breaches. The three tools affected, LexiCom, VLTransfer, and Harmony, are all developed by Cleo, a company focused on managed file…

Read more →

  A recent report by Group-IB has exposed a highly advanced phishing campaign targeting employees from 30 companies across 15 jurisdictions. Using trusted domains and cutting-edge personalization techniques, attackers have bypassed Secure Email Gateways (SEGs) and exploited victims in critical…

Read more →

  < p style=”text-align: justify;”>Cleo Communications’ file transfer software is under active attack, with security researchers from Huntress revealing that a recently issued patch fails to address the critical flaws being exploited. This ongoing vulnerability poses a significant threat to…

Read more →

  Earlier this month, Google CEO Sundar Pichai announced the creation of their new quantum computing chips called “Willow“, which caused a few ripples in the Bitcoin investment community, but also caused some skepticism among Bitcoin skeptics due to the…

Read more →

  < p style=”text-align: justify;”>While cybercriminals often target adults for their valuable financial and personal information, children are not exempt from these risks. This was made evident by a recent data breach involving health IT company Datavant, which exposed sensitive…

Read more →

  < p style=”text-align: justify;”> Fortinet, a global leader in cybersecurity with a market valuation of approximately $75 billion, has acquired Israeli company Perception Point to bolster its email and collaboration security capabilities. While the financial terms of the deal…

Read more →

  < p style=”text-align: justify;”>Blue Yonder, a prominent supply chain software provider used by major U.S. grocery chains like Safeway and Fred Meyer, is investigating a significant cyberattack. The ransomware group Termite has claimed responsibility, threatening to publish 680 gigabytes…

Read more →

  Misconfigured cloud instances have once again enabled cybercriminals to steal sensitive data, including credentials, API keys, and proprietary source code. This time, numerous Amazon Web Services (AWS) users fell victim, highlighting a lack of understanding regarding the shared responsibility…

Read more →

  < p style=”text-align: justify;”>The evolving relationship between travel and data privacy is sparking significant debate among travellers and experts. A recent Spanish regulation requiring hotels and Airbnb hosts to collect personal guest data has particularly drawn criticism, with some…

Read more →

  Google has made a significant stride in quantum computing with the announcement of its latest chip, named “Willow.” According to Google, this advanced chip can solve problems in just five minutes that would take the most powerful supercomputers on…

Read more →

  The Romanian National Cybersecurity Directorate (DNSC) has confirmed that the Lynx ransomware gang successfully breached Electrica Group, a leading electricity supplier in Romania. About Electrica Group Electrica Group, initially part of the National Electricity Company (CONEL) in 1998, became…

Read more →

  Mandiant researchers have discovered an innovative method to circumvent browser isolation technology by leveraging QR codes to establish command-and-control (C2) operations. This finding highlights potential vulnerabilities in existing web browser security measures. Understanding Browser Isolation Browser isolation is a…

Read more →

  In today’s tech-driven world, charging cables are indispensable. However, recent findings about compromised USB-C cables have highlighted significant risks associated with third-party accessories. Security experts warn that hackers can embed tiny computers within ordinary-looking cables, transforming them into tools…

Read more →

  < p style=”text-align: justify;”>Leading cardiac surgery medical device company Artivion has reported a ransomware attack that occurred on November 21, resulting in the encryption of certain systems and unauthorized data access. The incident forced the Atlanta-based company to take…

Read more →

  Deep Packet Inspection (DPI) is an advanced technology for analyzing internet traffic that goes beyond traditional techniques. Unlike standard firewalls that examine only the headers of data packets, DPI scrutinizes both headers and payloads, providing a comprehensive view of…

Read more →

  In a recent cyber-espionage campaign targeted at the United States, North Korean state-linked hacker ScarCruft recently exploited a zero-day vulnerability in Internet Explorer to distribute RokRAT malware to targets nationwide. APT37, or RedEyes as it is sometimes called, is…

Read more →

  < p style=”text-align: justify;”>In a recent video hearing for the case Acevedo v. eXp, related to a sexual assault claim, a judge deliberated on whether to grant a protective order that would prevent a forensic examination of eXp founder…

Read more →

  Jamf Threat Labs has identified a critical flaw in Apple’s Transparency, Consent, and Control (TCC) framework, labeled CVE-2024-44131. This vulnerability allows malicious applications to bypass user consent protocols and access sensitive data without user awareness. The issue impacts both…

Read more →

  The rapid growth of AI has introduced a significant challenge for data-management organizations: the inconsistent nature of data privacy laws across borders. Businesses face complexities when deploying AI internationally, prompting them to explore innovative solutions. Among these, the concept…

Read more →

  A VPN enhances online privacy by encrypting internet traffic and masking IP addresses. However, how often should you switch servers? The answer depends on your goals and usage patterns, as server hopping offers benefits but is not always necessary.…

Read more →

  < p style=”text-align: justify;”>23andMe, a DNA analysis company, has been in turmoil lately. This September, the entire board of directors left due to differences with the CEO, and data was compromised in a 2023 hack. Anne Wojcicki, the CEO,…

Read more →

  An international cybercrime network responsible for stealing millions of euros has been dismantled in a joint operation conducted in Belgium and the Netherlands. The Europol-coordinated effort led to eight arrests and 17 coordinated raids across the two countries on…

Read more →

Healthcare organizations have experienced a significant transformation, transitioning from paper-based records to digital systems. This change enables medical records to be accessed and updated anytime, improving coordination among hospitals, clinics, and specialists. Despite the advantages, digital storage poses significant challenges,…

Read more →

  Google Messages has suddenly gone haywire. After years of campaigning, the “seamless messaging” dream was finally realised, but it vanished as quickly as it arrived. Currently, the question is whether it has any prospect of ever returning.  Like a…

Read more →

  It has been recently reported that a Chinese group of Advanced Persistent Threats (APTs) has carried out a sophisticated cyberespionage operation dubbed “Operation Digital Eye” against the United States.  Between the end of June and the middle of July…

Read more →

  Brain Cipher, a ransomware group that emerged in June 2024, has claimed responsibility for breaching Deloitte UK, alleging the exfiltration of over 1 terabyte of sensitive data from the global professional services firm. This claim has raised significant concerns…

Read more →

British telecommunications giant BT Group has confirmed it was targeted by the notorious ransomware group Black Basta in a cyberattack on its Conferencing division. The breach forced BT to isolate and shut down parts of its infrastructure to limit the…

Read more →

Lumma Stealer and Amaday Bot Resurface In a recent multi-stage cyberattack, Cyble Research and Intelligence (CRIL) found an attack campaign hitting the manufacturing industry. The campaign depends upon process injection techniques aimed at delivering malicious payloads like Amaday Bot and…

Read more →

      Microsoft has unveiled a groundbreaking cybersecurity challenge aimed at advancing the security of artificial intelligence (AI) systems. Named the “LLMail-Inject: Adaptive Prompt Injection Challenge,” the initiative invites hackers and security researchers to test their skills against a…

Read more →

  Romania’s Constitutional Court (CCR) has annulled the first round of its recent presidential elections after intelligence reports revealed extensive foreign interference. Cyberattacks and influence campaigns have raised serious concerns, prompting authorities to reschedule elections while addressing security vulnerabilities.    …

Read more →

  The Black Basta ransomware group, an offshoot of the now-defunct Conti group, has adapted its attack strategies by integrating sophisticated social engineering techniques. Recent trends include email bombing, malicious QR codes, and credential theft, showcasing the group’s commitment to…

Read more →

  iVerify’s mobile device security tool, launched in May, has identified seven cases of Pegasus spyware in its first 2,500 scans. This milestone brings spyware detection closer to everyday users, underscoring the escalating threat of commercial spyware.  How the Tool…

Read more →

  China’s expansive surveillance network monitors over 1.4 billion citizens, blending advanced technology with minimal legal checks on state control. However, cracks are emerging in this highly complex system. Overview of Surveillance    China’s surveillance infrastructure leverages technologies such as:…

Read more →

  Romanian energy provider Electrica Group has confirmed a cyber attack on its systems. Despite the breach, the company assured customers that its critical infrastructure remains secure.  Incident Overview    Electrica revealed that emergency response protocols were activated in line…

Read more →

  A recent survey involving over 14,000 employees across various industries has unveiled troubling trends in employee behavior that pose significant risks to organizational data security. The findings highlight common yet dangerous practices related to sensitive data management.    Key…

Read more →

 A notorious threat actor known as Gamaredon has been observed employing Cloudflare Tunnels to hide its malware staging infrastructure, facilitating the deployment of GammaDrop malware. This technique is part of a spear-phishing campaign actively targeting Ukrainian organizations since early 2024. …

Read more →

  U.S. Officials Urge Encryption Adoption Amid “Salt Typhoon” Cyberattack In an unprecedented response to the “Salt Typhoon” cyber intrusion, top cybersecurity and law enforcement officials in the U.S. are urging citizens to adopt encrypted messaging platforms. The attack, attributed…

Read more →

  Stoli Group’s U.S. Subsidiaries File for Bankruptcy Amid Ransomware Attack and Russian Asset Seizure The U.S. subsidiaries of Stoli Group have declared bankruptcy following an August ransomware attack and the confiscation of the company’s last distilleries in Russia by…

Read more →

  US Federal Government Urges Telecom Firms to Bolster Security Amid Chinese Hacking Allegations The U.S. Federal Government has called on telecommunication companies to strengthen their network security in response to a significant hacking campaign allegedly orchestrated by Chinese state-sponsored…

Read more →

  Sophisticated Malware Campaign Targets Web3 Professionals Through Fake Meeting Software Cybercriminals have launched an advanced campaign targeting Web3 professionals by distributing fake video conferencing software. The malware, known as Meeten, infects both Windows and macOS systems, stealing sensitive data,…

Read more →

Data Brokers Accused of Illegal User Tracking The US Federal Trade Commission (FTC) has filed actions against two US-based data brokers for allegedly engaging in illegal tracking of users’ location data. The data was reportedly used to trace individuals in…

Read more →

SL Data Services, a U.S.-based data broker, experienced a massive data breach, exposing 644,869 personal PDF files on the web. The leaked records included sensitive information such as personal details, vehicle records, property ownership documents, background checks, and court records.…

Read more →

  Browser isolation is a widely used cybersecurity tool designed to protect users from online threats. However, a recent report by Mandiant reveals that attackers have discovered a novel method to bypass this measure by utilizing QR codes for command-and-control…

Read more →

The Consumer Financial Protection Bureau (CFPB) has proposed a groundbreaking rule to restrict data brokers from selling Americans’ personal and financial information, marking a significant step toward strengthening privacy protections in the digital age. The rule, introduced under the Fair…

Read more →

  AI chatbots like ChatGPT have captured widespread attention for their remarkable conversational abilities, allowing users to engage on diverse topics with ease. However, while these tools offer convenience and creativity, they also pose significant privacy risks. The very technology…

Read more →

  A zero-day arbitrary file read vulnerability found in Mitel MiCollab has raised significant concerns about data security. Attackers can exploit this flaw and chain it with a critical bug (CVE-2024-35286) to access sensitive data stored on vulnerable instances of…

Read more →

  Ransomware hackers have disrupted emergency services, compromised several hospitals, and exposed private patient data in an ongoing cyberattack targeting National Health Service (NHS) trusts across the United Kingdom. The attacks, which have raised serious concerns about cybersecurity in critical…

Read more →

In a fresh revelation by the Cybereason Security Services Team, a new wave of attacks linked to the notorious Andromeda malware has been uncovered, focusing on manufacturing and logistics sectors in the Asia-Pacific (APAC) region. This decades-old malware, first detected…

Read more →

Romania’s intelligence service in its declassified report disclosed the country’s election systems were hit by over 85,000 cyberattacks. Attackers have also stolen login credentials for election-related sites and posted the information on a Russian hacker forum just before the first…

Read more →

  Artificial Intelligence (AI) has emerged as a transformative force, reshaping industries and delivering unprecedented value to businesses worldwide. From automating mundane tasks to offering predictive insights, AI has catalyzed innovation on a massive scale. However, its rapid adoption raises…

Read more →

Shin Bet, an Israeli Cybersecurity Service said recently it discovered over 200 Iranian phishing attempts targeting top Israeli diplomats to get personal information. Shin Bet believes the attacks were launched by Iranian actors through Telegram, WhatsApp, and email.  The threat…

Read more →

  According to the FBI, criminals are increasingly using generative artificial intelligence (AI) to make their fraudulent schemes more convincing. This technology enables fraudsters to produce large amounts of realistic content with minimal time and effort, increasing the scale and…

Read more →

  The EU Agency for Cybersecurity (ENISA) has released its inaugural biennial report under the NIS 2 Directive, offering an analysis of cybersecurity maturity and capabilities across the EU. Developed in collaboration with all 27 EU Member States and the…

Read more →

  There are numerous ways in which critical data on your phone can be compromised. These range from subscription-based apps that covertly transmit private user data to social media platforms like Facebook, to fraudulent accounts that trick your friends into…

Read more →

  Italy’s data protection regulator, Garante per la Protezione dei Dati Personali, has cautioned GEDI, a leading Italian media group, to comply with EU data protection laws in its collaboration with OpenAI. Reuters reports that the regulator highlighted the risk…

Read more →

  According to the management at PlayStation, though artificial intelligence (AI) may potentially change the world of gaming, it can never supplant the human creativity behind game development. Hermen Hulst, co-CEO of PlayStation, stated that AI will complement but not…

Read more →

  Russian state-sponsored hacking group APT28 (Fancy Bear/Forest Blizzard/Sofacy) has employed a novel “nearest neighbor attack” to breach enterprise WiFi networks from thousands of miles away. The attack, first detected on February 4, 2022, targeted a U.S. company in Washington,…

Read more →

The UK is facing an increasing number of cyberattacks from Russia and China, with serious cases tripling in the past year, according to a new report by the National Cyber Security Centre (NCSC). On Tuesday, Richard Horne, the new NCSC…

Read more →

  Black Friday and Cyber Monday may have passed, but the dangers of online scams and cyberattacks persist year-round. Cybercriminals continue to exploit digital shoppers, leveraging sophisticated tools such as phishing kits, fake websites, and cookie grabbers that bypass two-factor…

Read more →

An Irish national utility service provider, Electric Ireland, is investigating a significant data breach involving customer information. This breach, first reported last year, has led to arrests and an ongoing investigation by the Garda National Cyber Crime Bureau (GNCCB) and…

Read more →

The tech industry has been hit by a wave of layoffs, with over 150,000 workers losing their jobs at major companies like Microsoft, Tesla, Cisco, and Intel. As the market adapts to new economic realities, tech firms are restructuring to…

Read more →

  South Korea’s Expanding Role in Global Cybersecurity South Korea is emerging as a pivotal player in the global cybersecurity landscape, particularly against the backdrop of escalating tensions between the United States and China in cyberspace. By participating in high-profile…

Read more →

Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has discovered and added three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, impacting North Grid Proself, ProjectSend, and Zyxel firewalls, are being actively exploited, posing serious risks…

Read more →

    The rise of artificial intelligence (AI) has amplified the demand for privacy-focused computing technologies, ushering in a transformative era for confidential computing. At the forefront of this movement is the integration of these technologies within the AI and…

Read more →

  The four leading mobile network carriers (MNOs) in France have teamed up to combat identity theft and online fraud. To help online companies fight fraud and digital identity theft, Bouygues Telecom, Free, Orange, and SFR announced on December 3…

Read more →

  A supply chain attack refers to any cyberattack targeting a third-party vendor within an organization’s supply chain. Historically, these attacks have exploited trust relationships, aiming to breach larger organizations by compromising smaller, less secure suppliers. The Growing Threat of…

Read more →

  Fixing printer problems is a pain, from paper jams to software bugs. When searching for quick answers, most users rely on search engines or AI solutions to assist them. Unfortunately, this opens the door to scammers targeting unsuspecting people…

Read more →

Google has made a major change in its user tracking, a big leap in privacy concerns for users. Google will stop the nosy cloud storage of data it gets from tracking user location in real time.  The privacy change Called…

Read more →

  In recent years, artificial intelligence (AI) has made significant strides, with a groundbreaking development emerging from Google DeepMind. A team of researchers, sociologists, and computer scientists has introduced a system capable of generating real-time personality simulations, raising important questions…

Read more →

The integration of emerging technologies is reshaping industries worldwide, and the space sector is no exception. Artificial intelligence (AI), now a core component in many industries, has significantly transformed space missions. However, this progress also introduces new cybersecurity risks.  In…

Read more →

  Mimic is a ransomware family first discovered in 2022. Like other ransomware, it encrypts files on a victim’s system and demands a cryptocurrency payment for the decryption key. What makes Mimic particularly concerning is its dual approach: it not…

Read more →

  An artificial intelligence (AI) system developed by a team of researchers can safeguard users from malicious actors’ unauthorized facial scanning. The AI model, dubbed Chameleon, employs a unique masking approach to create a mask that conceals faces in images…

Read more →

  Amazon has confirmed that some employee data was accessed last year, presumably as part of the huge MOVEit hacking campaign. A hacker recently revealed on the BreachForums cybercrime forum that they had stolen Amazon employee information, such as names,…

Read more →

  It has been espoused in the generative AI phenomenon that the technology’s key uses would include providing personalized shopping experiences for customers and creating content. Nonetheless, generative AI can also be seen to be having a very real impact…

Read more →

  Cybersecurity experts have issued a new warning about a large-scale phishing attack targeting Gmail users worldwide. Researchers at Check Point have uncovered the threat, which uses fake Gmail accounts to send emails impersonating well-known companies. These fraudulent messages claim…

Read more →

  The latest phishing attacks involve users being victimised in private information scams through the use of Microsoft Visio files. According to a security firm called Perception Point, the trick mainly involves using the .vsdx file extension, used for business…

Read more →

  Have I Been Pwned warns that an alleged data breach compromised the private data of 56,904,909 Hot Topic, Box Lunch, and Torrid users. Hot Topic is an American retail franchise that specialises in counterculture-themed clothes, accessories, and licensed music…

Read more →

  An essential element of effective crisis management is preparing for both visible and hidden risks. A recent report by Riskonnect, a risk management software provider, warns that companies often overlook the potential threats associated with AI. Although AI offers…

Read more →

  There has recently been a rise in the botnet activity created by the Chinese threat group Volt Typhoon, which leverages similar techniques and infrastructure as those previously created by the group. SecurityScorecard reports that the botnet has recently made…

Read more →

The Transportation Security Administration recently unveiled a proposed rule that would permanently codify cybersecurity reporting requirements in certain segments of U.S. transportation, including pipelines and railroads. This change is set to be permanent after the agency introduced temporary reporting requirements…

Read more →

  Users have always found browser extensions to be a useful tool for increasing productivity and streamlining tasks. They have, however, become a prime target for malicious actors attempting to exploit flaws, impacting both individual users and companies.  Despite efforts…

Read more →

  About two months before the Newpark Resources attack, oilfield services giant Halliburton had been afflicted with a cyberattack that it then disclosed in a regulatory filing, which occurred about two months earlier.  Last week, Halliburton, the world’s largest energy…

Read more →

  On November 8, the World Health Organization (WHO) joined over 50 countries in issuing an urgent warning at the United Nations about the increase in ransomware attacks on healthcare systems worldwide. WHO Director-General Tedros Adhanom Ghebreyesus addressed the UN…

Read more →

  A recent security vulnerability identified as CVE-2024-47295 poses a serious risk for several SEIKO EPSON devices, potentially granting attackers administrative control. This vulnerability stems from a weak initial password setup within SEIKO EPSON’s Web Config software, which manages network…

Read more →

  BlueNoroff, a North Korean threat actor, has been attacking crypto firms with a new multistage malware for macOS systems.  According to the researchers, the campaign is known as Hidden Risk, and it lures victims with emails that include fake…

Read more →

  Hundreds of organizations worldwide have recently fallen victim to a sophisticated spear-phishing campaign, where emails falsely claiming copyright infringement are used to deliver an advanced infostealer malware. Since July, Check Point Research has tracked the distribution of these emails…

Read more →

  The U.S. Supreme Court is deliberating on a high-stakes shareholder lawsuit involving Meta (formerly Facebook), where investors claim the tech giant misled them by omitting crucial data breach information from its risk disclosures. The case, Facebook v. Amalgamated Bank,…

Read more →

  Cyber scammers give new warnings as they do not stop scamming unsuspecting web shoppers through a new phishing campaign posing to be online stores. Many of these fake stores Google has removed from its search results, but links remain…

Read more →

  Recently, a critical VBR (Veeam Backup & Replication) security flaw was exploited by cyber thieves to distribute Frag ransomware along with the Akira and Fog ransomware attacks. Florian Hauser, a security researcher with Code White, has discovered that the…

Read more →

Microsoft emphasized in its 2024 annual Digital Defense report that the cyber threat landscape remains both “dangerous and complex,” posing significant risks to organizations, users, and devices worldwide. The Expanding Threat Landscape Every day, Microsoft’s customers endure more than 600…

Read more →

  The Finnish telecoms equipment firm Nokia is looking into the suspected release of source code material on a criminal hacking site. See also: Gartner Market Guide for DFIR Retainer Services. An attacker going by the handle “IntelBroker,” who is…

Read more →

  The number of hospitals that have been affected by ransomware, business email compromise, and other cyber threats is increasing across all sectors, from small community hospitals such as Memorial Hospital and Manor in Bainbridge, Georgia, to those with a…

Read more →

  In today’s world, the threat of cyberattacks is an ever-present concern for businesses of all sizes. The scenario of receiving a call at 4 a.m. informing you that your company has been hit by a ransomware attack is no…

Read more →

  Advanced hacking toolkit Winos4.0 spreads across the globe, security experts warn. Originally reported by Trend Micro, this new toolkit-just like known kits Cobalt Strike and Sliver-was connected to a string of recent cyber attacks in China, having initially spread…

Read more →

  Several experts have warned that hackers are using malware to attack Windows systems with the intention of mining cryptocurrency and stealing sensitive information from their devices. The latest Kaspersky Security Report claims to have spotted tens of thousands of…

Read more →

 For retro gaming fans, playing classic video games from decades past is a dream, but it’s tough to do legally. This is where game emulation comes in — a way to recreate old consoles in software, letting people play vintage…

Read more →

  Zero-knowledge proof (ZKP) has emerged as a critical security component in Web3 and blockchain because it ensures data integrity and increases privacy. It accomplishes this by allowing verification without exposing data. ZKP is employed on cryptocurrency exchanges to validate…

Read more →

Advertising is a key driver of revenue for many online platforms. However, it has also become a lucrative target for cybercriminals who exploit ad networks to distribute malicious software, a practice known as malvertising. The National Cyber Security Centre (NCSC)…

Read more →

Microsoft has unveiled a sweeping cyber threat posed by a sophisticated Chinese botnet, Quad7, targeting organizations worldwide through advanced password spray attacks. Operated by a group identified as Storm-0940, this campaign primarily aims at high-value entities, including think tanks, government…

Read more →