In March 2024, millions of rows of data from the New Zealand media company MediaWorks was publicly posted to a popular hacking forum. The incident exposed 163k unique email addresses provided by visitors who filled out online competitions and included…
Tag: EN
Evasive Panda Cyber Attacks: Threat Actor Targets Tibetans
Cybersecurity experts at ESET have come across a malicious campaign that targets Tibetans in many countries by leveraging the website of a religious gathering. Evasive Panda cyber attacks are associated with a China-linked Advanced Persistent Threat (APT) actor. The development…
Ex-Secret Service agent and convicted hacker share stage at GISEC Global
A former United States Secret Service Agent and a Vietnamese former-hacker-turned-cybersecurity-specialist are set to reunite for the first time at GISEC Global 2024 to discuss their unique cat-and-mouse-style chase, which ultimately resulted in an arrest and conviction. Matt O’Neil is…
Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded ‘AcidPour’ Malware
The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show. The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with…
U.S. Justice Department Sues Apple Over Monopoly and Messaging Security
The U.S. Department of Justice (DoJ), along with 16 other state and district attorneys general, on Thursday accused Apple of illegally maintaining a monopoly over smartphones, thereby undermining, among others, security and privacy of users when messaging non-iPhone users. “Apple wraps itself…
Thoughts on AI and Cybersecurity
Being an CSSLP gives me access to various emails from (ISC)2. One of these announced me that there is a recording of a webinar about AI and Cybersecurity held by Steve Piper from CyberEdge. Very nice presentation of 1h, and…
Balancing functionality and privacy concerns in AI-based Endpoint Security solutions
The integration of Artificial Intelligence (AI) in endpoint security has revolutionized the way organizations protect their devices and data. Ok, let’s take a break here: have you read the article about Artificial Intelligence vs. Machine Learning ? By leveraging…
Apple Chip Flaw Lets Hackers Steal Encryption Keys
A group of researchers has found a serious security vulnerability in Apple’s M-series of chips that would allow attackers to steal secret keys from Mac and iPad devices. The problem affects Apple M1, M2 and M3 chips — which have…
Researchers Propose An Invisible Backdoor Attack Dubbed DEBA
As deep neural networks (DNNs) become more prevalent, concerns over their security against backdoor attacks that implant hidden malicious functionalities have grown. Cybersecurity researchers (Wenmin Chen and Xiaowei Xu) recently proposed DEBA, an invisible backdoor attack leveraging singular value decomposition…
DOJ calls Apple’s privacy justifications an ‘elastic shield’ for financial gains
The U.S. Department of Justice sued Apple Thursday over monopolistic practices. The complaint accuses Apple of moulding its privacy and security practices in ways that benefits the company financially. One quote particularly jumps out where the DOJ calls Apple’s privacy…
Attackers are targeting financial departments with SmokeLoader malware
Financially motivated hackers have been leveraging SmokeLoader malware in a series of phishing campaigns predominantly targeting Ukrainian government and administration organizations. The phishing campaign The Ukrainian SSSCIP State Cyber Protection Center (SCPC), together with the Palo Alto Networks Unit 42…
Russia bans Microsoft followed by Amazon and Google
Russia implemented a sweeping ban on Microsoft Cloud services on March 20th, with plans to extend the prohibition to Google and Amazon web services in the coming weeks. While security analysts cite national security concerns as the primary motive, trade…
Unraveling the Cyber Threats Lurking Behind QR Codes
QR codes, once a simple tool for scanning and accessing information swiftly, have become a ubiquitous feature in our digital landscape. From restaurant menus to promotional materials, these square barcodes offer convenient access to websites, apps, and multimedia content with…
Shadow AI is the latest cybersecurity threat you need to prepare for
Shadow IT – the use of software, hardware, systems and services that haven’t been approved by an organization’s IT/IT Sec departments – has been a problem for the last couple of decades, and a difficult area for IT leaders to…
Organizations under pressure to modernize their IT infrastructures
The use of hybrid multicloud models is forecasted to double over the next one to three years as IT decision makers are facing new pressures to modernize IT infrastructures because of drivers like AI, security, and sustainability, according to Nutanix.…
Inside the book – See Yourself in Cyber: Security Careers Beyond Hacking
In this Help Net Security video, Ed Adams, president and CEO of Security Innovation, discusses his new book See Yourself in Cyber: Security Careers Beyond Hacking. The book, published by Wiley, explores the breadth and depth of cybersecurity careers. It…
New infosec products of the week: March 22, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Drata, GlobalSign, Ordr, Portnox, Sonatype, Tufin, and Zoom. GlobalSign PKIaaS Connector enhances ServiceNow certificate lifecycle management With the upgrades in GlobalSign’s PKIaaS Connector, ServiceNow…
95% of companies face API security problems
Despite the critical role of APIs, the vast majority of commercial decision-makers are ignoring the burgeoning security risk for businesses, according to Fastly. Application Programming Interfaces (APIs) have long been recognised as a bedrock of the digital economy and recent…
Russian Hackers Target Ukrainian Telecoms with Upgraded ‘AcidPour’ Malware
The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show. The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with…
A Practical Guide to the SEC Cybersecurity Rules
Imagine making a significant stock investment in the latest hot tech startup—only to find out, much later, that the firm had been the victim of an undisclosed data breach that seriously damaged its customers, reputation, and infrastructure. Would you have…