Tag: Cyware News – Latest Cyber News

Researchers identified 11 security flaws in certain GE HealthCare ultrasound devices, including the Invenia ABUS 2.0, that could allow malicious actors with physical access to the devices to implant ransomware or access and manipulate patient data. This article has been…

Read more →

The Biden administration plans to have consumer devices labeled with the U.S. Cyber Trust Mark on store shelves by the end of 2024, to help consumers understand security and encourage manufacturers to include basic digital defenses. This article has been…

Read more →

Apple and Google have joined forces to develop an industry specification that will allow users across iOS and Android to be alerted if a Bluetooth tracking device is being used to unknowingly track their location. This article has been indexed…

Read more →

Cybercriminals are exploiting the popularity of DocuSign by creating and selling fake email templates and login credentials to enable phishing attacks, blackmail, and business email compromise against targeted companies. This article has been indexed from Cyware News – Latest Cyber…

Read more →

Google has released an emergency security update for Chrome to address the third zero-day vulnerability exploited in attacks within a week, highlighting the ongoing challenges in securing the popular web browser against sophisticated cyber threats. This article has been indexed…

Read more →

Alkira, a leader in on-demand network infrastructure as-a-service, has raised $100 million in Series C funding to further expand its innovative platform that simplifies, secures, and scales critical network infrastructure for enterprises. This article has been indexed from Cyware News…

Read more →

The co-founder of the cryptocurrency anonymizing service Tornado Cash, Alexey Pertsev, was convicted by a Dutch court of money laundering $1.2 billion and sentenced to five years and four months in prison. This article has been indexed from Cyware News…

Read more →

Adobe patched 35 security vulnerabilities across a range of its products, including Acrobat, Reader, Illustrator, Substance 3D Painter, Aero, Animate, FrameMaker, and Dreamweaver. This article has been indexed from Cyware News – Latest Cyber News Read the original article: Adobe…

Read more →

The phishing campaign uses a multi-step process to steal account information, including the user’s Meta business email, page name, owner details, financial information, and ultimately the account password. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

Russia-linked APT groups pose a significant threat to OT environments, as demonstrated by their recent attacks targeting critical infrastructure in Ukraine and its allies, with the potential for further disruption and long-term espionage operations. This article has been indexed from…

Read more →

Cybersecurity professionals face a dilemma: sharing information after an attack can prevent future incidents, but businesses often hesitate due to fears of litigation, customer inquiries, and reputational harm. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

LogRhythm, a leading SIEM (Security Information and Event Management) company, is merging with Exabeam, another prominent SIEM player, in a move that aims to create a stronger, AI-driven security operations leader in the market. This article has been indexed from…

Read more →

The FBI and the DOJ have seized control of the BreachForums hacking forum, which was a marketplace for cybercriminals to buy, sell, and trade stolen data and other illegal services, and are now investigating the forum and its admins. This…

Read more →

Scammers exploit Instagram’s influencer program to hijack users’ accounts by hacking into them, posting about cryptocurrencies, and then tricking victims into providing their login credentials to “vote” for the scammer’s fake influencer contest. This article has been indexed from Cyware…

Read more →

A cost-effective encryption strategy starts with effective key management, which involves making critical decisions about where to store encryption keys, how to manage them, and how to prepare for the post-quantum future. This article has been indexed from Cyware News…

Read more →

The FTC issued a strong warning to automakers about their data collection and sharing practices, particularly regarding the sale of sensitive geolocation data, and emphasized that it will take enforcement action to protect consumer privacy. This article has been indexed…

Read more →

According to Comparitech, data breaches in US schools have exposed over 37.6 million records since 2005, with a significant surge in 2023 due to vulnerabilities in the MOVEit file transfer software affecting over 800 institutions. This article has been indexed…

Read more →

Active since May 2023, the SideCopy APT campaign targets university students through sophisticated infection chains involving malicious LNK files, HTAs, and loader DLLs disguised as legitimate documents. This article has been indexed from Cyware News – Latest Cyber News Read…

Read more →

The publication Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society is designed to provide high-risk communities with actionable steps to bolster their cybersecurity defenses. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

AFL players are concerned about the risk of their personal and sensitive information, such as drug test results and psychologist session notes, being leaked onto the dark web due to inadequate data protection measures. This article has been indexed from…

Read more →

The NIST issued new guidelines to help federal agencies and their private sector contractors better protect sensitive unclassified information, known as Controlled Unclassified Information (CUI), from cyber threats, particularly supply chain risks. This article has been indexed from Cyware News…

Read more →

AI systems trained to excel at tasks can learn to lie and deceive in order to gain an advantage, posing serious risks to society such as fraud, election tampering, and even the potential loss of human control over AI. This…

Read more →

Ubuntu 24.04 LTS has addressed several security vulnerabilities, including issues in less, Glibc, Curl, GnuTLS, libvirt, and Pillow, which could potentially lead to denial of service or arbitrary code execution. This article has been indexed from Cyware News – Latest…

Read more →

The Avast Q1 2024 Threat Report highlighted a massive surge in social engineering scams, with a staggering 90% of all mobile and 87% of desktop threats falling into this category. This article has been indexed from Cyware News – Latest…

Read more →

Hackbat is built around a custom PCB and a Raspberry Pi Pico W microcontroller, providing features like Wi-Fi, NFC, RF, microSD storage, USB for keystroke injection, and a display with buttons. This article has been indexed from Cyware News –…

Read more →

Apple patched a zero-day vulnerability (CVE-2024-27834) in Safari that was exploited at the Pwn2Own hacking competition. The vulnerability allowed an attacker to bypass Pointer Authentication Codes (PACs) and potentially execute remote code. This article has been indexed from Cyware News…

Read more →

The malware modules spread via Ebury are used for various nefarious activities, such as proxying traffic, redirecting HTTP traffic, exfiltrating sensitive information, and intercepting HTTP requests. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

Chris DeRusha is leaving his position as the federal CISO, a role he has held since January 2021. He is also departing from his role as the deputy national cyber director at the Office of the National Cyber Director (ONCD).…

Read more →

The Singapore government has updated its Cybersecurity Act to give its primary cybersecurity agency more power to regulate critical infrastructure and third-party providers, and to require the reporting of cyber incidents. This article has been indexed from Cyware News –…

Read more →

VMware addressed four vulnerabilities, including three zero-day flaws demonstrated at the Pwn2Own Vancouver 2024 hacking contest, in its Workstation and Fusion desktop hypervisors. This article has been indexed from Cyware News – Latest Cyber News Read the original article: VMware…

Read more →

BLint is a Binary Linter designed to evaluate the security properties and capabilities of executable files. It utilizes LIEF (Library for Executable and Instrumentation Format) for its operations. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

The threat actors then call the impacted users, posing as members of the organization’s IT team, and attempt to socially engineer the users into providing remote access to their computers through the use of legitimate RMM solutions. This article has…

Read more →

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

The EMB3D model provides a common understanding of cyber threats to embedded devices and the security mechanisms needed to mitigate them. It is based on observations of threat actor activities, security research, and device vulnerability reports. This article has been…

Read more →

The UK’s National Health Service (NHS) is warning of possible exploitation attempts targeting vulnerabilities in the Arcserve Unified Data Protection (UDP) software, which were disclosed in March and had PoC exploit code released shortly after. This article has been indexed…

Read more →

Vermont has passed one of the strongest comprehensive data privacy laws in the country, which includes a provision allowing individuals to sue companies for violating their privacy rights. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

The flaw is a memory corruption issue in Apple’s RTKit real-time operating system that enables attackers with arbitrary kernel read and write capability to bypass kernel memory protections. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

Researchers have found that Southeast Asian scam syndicates are stealing an estimated $64 billion annually through various online fraud operations, with the majority of the losses occurring in Cambodia, Laos, and Myanmar. This article has been indexed from Cyware News…

Read more →

The UK’s NCSC and major insurance associations have partnered to help reduce the profitability of ransomware attacks by providing better support and guidance to victims, encouraging resilience, and promoting alternatives to paying ransoms. This article has been indexed from Cyware…

Read more →

The latest bug is tracked as CVE-2024-4761. It is an out-of-bounds write problem impacting Chrome’s V8 JavaScript engine, which is responsible for executing JS code in the application. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

Tokens are valuable assets for threat actors, as they can be easily obtained through various attack methods and provide unauthorized access to corporate systems without requiring multi-factor authentication. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

The attack chain required user interaction to execute the malicious email attachment, which then initiated a network callout to the Phorpiex botnet infrastructure to download and detonate the LockBit Black ransomware. This article has been indexed from Cyware News –…

Read more →

Upon analyzing Mallox samples, researchers identified two distinct affiliates using different approaches. One focused on exploiting vulnerable assets, while the other aimed at broader compromises of information systems on a larger scale. This article has been indexed from Cyware News…

Read more →

The FCC’s new robocall bad actor classification system, called Consumer Communications Information Services Threat (C-CIST), aims to help authorities identify and track threat actors abusing telecommunications infrastructure. This article has been indexed from Cyware News – Latest Cyber News Read…

Read more →

The FCC’s new robocall bad actor classification system, called Consumer Communications Information Services Threat (C-CIST), aims to help authorities identify and track threat actors abusing telecommunications infrastructure. This article has been indexed from Cyware News – Latest Cyber News Read…

Read more →

Cybercriminals are using an automated service called “Estate” to steal one-time passcodes and hijack user accounts, including bank accounts, crypto wallets, and other sensitive services, by tricking them into revealing the codes over the phone. This article has been indexed…

Read more →

The increased use of AI further complicates CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity, according to a report by Trellix. This article has been indexed from Cyware News – Latest…

Read more →

The Scattered Spider, a group of hackers, has been actively attacking the finance and insurance industries worldwide, using tactics like domain impersonation, SIM swapping, and partnering with the BlackCat ransomware group to breach high-value firms. This article has been indexed…

Read more →

Red teaming involves employing ethical hackers to rigorously test AI systems for security and safety issues. It is crucial for developing responsible AI that balances innovation and compliance with ethical standards and regulatory requirements. This article has been indexed from…

Read more →

Researchers at Cyble discovered a new ransomware variant called Trinity that employs a double extortion technique and shares similarities with the Venus ransomware, suggesting a potential link or common actor behind these two variants. This article has been indexed from…

Read more →

Biden administration officials lowered expectations about the discussions during a call with reporters, saying the talks were “not focused on promoting any technical cooperation” between the two world superpowers on AI or emerging technologies. This article has been indexed from…

Read more →

US officials say that a notorious Chinese hacking operation named Volt Typhoon has permanently altered the cyberthreat landscape by moving beyond traditional nation-state espionage goals and instead aiming to cause disruption and sow societal panic. This article has been indexed…

Read more →

The group published a breaking news story titled “PERVOKLASSNIY RUSSIAN HACKERS ATTACK” on the sites of titles owned by Newsquest Media Group. There is no evidence the story was reproduced in print. This article has been indexed from Cyware News…

Read more →

Password protection alone is not enough to securely protect files and drives, as it can be easily circumvented, and hardware-based encryption is recommended for robust data security. This article has been indexed from Cyware News – Latest Cyber News Read…

Read more →

Russia-aligned hackers hijacked several Ukrainian television channels on Thursday to broadcast a Victory Day parade in Moscow, commemorating the defeat of Nazi Germany in World War II. This article has been indexed from Cyware News – Latest Cyber News Read…

Read more →

The platform, called Inspect, is set to pave the way for the safe innovation of AI models, according to the AI Safety Institute and Department for Science, Innovation and Technology (DIST). This article has been indexed from Cyware News –…

Read more →

The Black Basta ransomware group and its affiliates compromised hundreds of organizations worldwide between April 2022 and May 2024, according to a new report from several US government agencies. This article has been indexed from Cyware News – Latest Cyber…

Read more →

A recent malware campaign was found exploiting the GoTo Meeting software to deploy the Remcos RAT by using DLL sideloading to execute a malicious DLL file named g2m.dll through a Rust-based shellcode loader. This article has been indexed from Cyware…

Read more →

The passwordless authentication standard FIDO2 has a critical flaw that allows attackers to launch Man-in-the-Middle (MitM) attacks and bypass authentication, gaining access to users’ private areas and potentially removing their registered devices. This article has been indexed from Cyware News…

Read more →

Nmap 7.95 introduces a substantial update with 336 new signatures, expanding the total to 6,036. Notable additions include support for the latest iOS versions 15 & 16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2. This article…

Read more →

Fifteen state attorneys general on Wednesday called on Congress to prevent new federal comprehensive data privacy legislation from preempting 17 states’ existing or recently passed laws protecting consumer privacy. This article has been indexed from Cyware News – Latest Cyber…

Read more →

Aroudn 93% of security leaders said public GenAI was in use across their respective organizations, and 91% reported using GenAI specifically for cybersecurity operations, according to Splunk. This article has been indexed from Cyware News – Latest Cyber News Read…

Read more →

Selfie spoofing and document image-of-image fraud have become the most prevalent identity document fraud techniques, with older demographics being targeted at nearly four times the rate, according to Socure. This article has been indexed from Cyware News – Latest Cyber…

Read more →

Artificially Intelligent — a team of four Army servicemembers and one from the Air Force — won the 2024 President’s Cyber Cup Challenge, a five-year-old competition open to federal government and U.S. military personnel. This article has been indexed from…

Read more →

The malicious package, called “requests-darwin-lite”, was a fork of the popular “requests” Python package. The attacker used the cmdclass feature in the setup.py file to customize the package installation process. This article has been indexed from Cyware News – Latest…

Read more →

The financially motivated group FIN7 has been observed leveraging malicious Google ads that impersonate legitimate brands to deliver NetSupport RAT, highlighting the ongoing threat of malvertising and the abuse of signed MSIX files by cybercriminals. This article has been indexed…

Read more →

Researchers have developed a technique called “GhostStripe” that can exploit the camera-based computer vision systems of autonomous vehicles, causing them to fail to recognize road signs, making it very risky for Tesla and Baidu Apollo vehicles. This article has been…

Read more →

An advanced persistent threat (APT) group that has been missing in action for more than a decade has suddenly resurfaced in a cyber-espionage campaign targeting organizations in Latin America and Central Africa. This article has been indexed from Cyware News…

Read more →

Telus announced Tuesday its acquisition of Vumetric Cybersecurity, a Toronto-based cybersecurity provider that specializes in advanced penetration testing designed to identify cyber vulnerabilities and threats to companies across North America. This article has been indexed from Cyware News – Latest…

Read more →

Sysdig researchers discovered evidence of a reverse proxy for LLMs being used to provide access to the compromised accounts, suggesting a financial motivation. However, another possible motivation is to extract LLM training data. This article has been indexed from Cyware…

Read more →

This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices. This includes the icons of Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter). This article has been indexed from…

Read more →

The Library of Congress was targeted in a cyberattack that occurred in parallel with a high-profile intrusion into the British Library in October 2023 but it was a failed attempt, according to internal documents obtained by Nextgov/FCW. This article has…

Read more →

According to NTT Security Holdings’ 2024 Global Threat Intelligence report, ransomware and extortion incidents increased by 67% in 2023, with over 5,000 victims detected or posted across social channels, up from 3,000 in 2022. This article has been indexed from…

Read more →

Recent cyber incidents demonstrate the healthcare industry continues to be a prime target for ransomware hackers, according to Rubrik. New research by Rubrik Zero Labs reveals that ransomware attacks produce larger impacts against healthcare targets. This article has been indexed…

Read more →

The phishing emails pretended to come from a “Human Resources” department, asking users to either acknowledge the “organization’s workplace sex policy” or submit feedback as part of a “2024 Employee Evaluation.” This article has been indexed from Cyware News –…

Read more →

The CISA isn’t inclined to call out technology vendors when their fundamental errors impact customers — officials contend they can make a greater impact by discerning and generalizing those mistakes for a broader audience. This article has been indexed from…

Read more →

The vulnerabilities were found in the Cinterion EHS5-E series modem, but other Telit Cinterion products with similar software and hardware architecture are also likely impacted, including Cinterion BGS5, EHS5/6/7, PDS5/6/8, ELS61/81, and PLS62. This article has been indexed from Cyware…

Read more →

Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY, a third-party component, for SSH connections to guest VMs. However, PuTTY inclusion was deprecated with XenCenter version 8.2.6, and any versions after 8.2.7 will not include PuTTY. This article…

Read more →

Regulators are increasingly focusing on IoT device security due to the vulnerabilities present in many IoT devices. The lack of expertise among manufacturers in securing connected products has led to significant security risks. This article has been indexed from Cyware…

Read more →

The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. This article has been indexed from Cyware News…

Read more →

Cybercriminals are exploiting new vulnerabilities at an increasingly rapid pace, with attacks starting on average just 4.76 days after vulnerabilities are publicly disclosed, according to Fortinet. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

The high-severity issue tracked as CVE-2024-4671 is a “user after free” vulnerability in the Visuals component that handles the rendering and display of content on the browser. This article has been indexed from Cyware News – Latest Cyber News Read…

Read more →

The SocGholish malware is targeting enterprises through fake browser update prompts, compromising legitimate websites to deliver malicious payloads that steal sensitive data and establish persistence on infected systems. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

The Cobalt State of Pentesting Report highlights the challenges faced by the cybersecurity industry in balancing the use of AI and protecting against it, amidst significant workforce reductions and resource constraints. This article has been indexed from Cyware News –…

Read more →

Boeing confirmed to CyberScoop that it is the unnamed multinational aeronautical and defense corporation referenced in an indictment unsealed Tuesday by the U.S. Department of Justice. This article has been indexed from Cyware News – Latest Cyber News Read the…

Read more →

Poland’s CERT-PL said on Wednesday that it had observed a large-scale malware campaign, likely carried out by the hacker group APT28, also known as Fancy Bear, associated with Russia’s military intelligence agency, the GRU. This article has been indexed from…

Read more →

The CISA announced the first round of commitments at the RSA Conference on Wednesday, with Director Jen Easterly warning that it was necessary because of widespread hacking campaigns by nation-states like China. This article has been indexed from Cyware News…

Read more →

Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention. This article has been indexed from Cyware News –…

Read more →

CISOs stress the importance of DevSecOps automation to mitigate risks associated with AI and emphasize the need for modernized security tools to combat evolving cyber threats and comply with regulations. This article has been indexed from Cyware News – Latest…

Read more →

In the attack chain observed by Juniper Threat Labs, CVE-2023-46805 is exploited to gain access to the “/api/v1/license/key-status/;” endpoint, which is vulnerable to command injection, and inject the payload. This article has been indexed from Cyware News – Latest Cyber…

Read more →

The CISA will prolong the comment period for new regulations under the Cyber Incident Reporting for Critical Infrastructure Act for another month after requests from the energy and information technology sectors and other industries. This article has been indexed from…

Read more →

According to a new Sophos report, 59% of those organizations that did engage with law enforcement found the process easy or somewhat easy. Only 10% of those surveyed said the process was very difficult. This article has been indexed from…

Read more →

According to a report by the German cybersecurity firm Security Research Labs GmbH (SRLabs), the BogusBazaar network has attempted to process an estimated $50 million in fake purchases since the operation launched three years ago. This article has been indexed…

Read more →

Pktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET, while on other platforms, it employs generic PCAP live wire capture. This article has been indexed from Cyware News – Latest Cyber…

Read more →

The FBI has issued a warning about a hacking group named Storm-0539 targeting retail companies in the United States through phishing attacks on employees in gift card departments. This article has been indexed from Cyware News – Latest Cyber News…

Read more →

Ransomware infections have morphed into “a psychological attack against the victim organization,” as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant. This article has been indexed from Cyware News – Latest…

Read more →

Despite the progress in improving cybersecurity posture, the United States still faces various threats, including ransomware attacks, cyberattacks on critical infrastructure, and the growing use of artificial intelligence in malicious activities. This article has been indexed from Cyware News –…

Read more →

The vulnerability exists due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server during communication between the management agent and its components. This article has been indexed from Cyware News – Latest Cyber News Read…

Read more →

Only a third of organizations are adequately addressing security, privacy and ethical risks with AI, despite surging use of these technologies in the workplace, according to new ISACA research. This article has been indexed from Cyware News – Latest Cyber…

Read more →

The two vulnerabilities, an SQL injection flaw (CVE-2024-26026) and an OData injection vulnerability (CVE-2024-21793), could allow attackers to gain admin control and create hidden rogue accounts on managed assets. This article has been indexed from Cyware News – Latest Cyber…

Read more →