Infosecurity News
REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison
A US court has sentenced a Ukrainian national to 13 years and seven months in prison for his role in over 2500 ransomware attacks using the REvil strain
Infosecurity News
A US court has sentenced a Ukrainian national to 13 years and seven months in prison for his role in over 2500 ransomware attacks using the REvil strain
Security Affairs
CISA adds GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities catalog.
Cyber Security News
A new variant of the notorious Adload malware has been discovered to bypass the latest updates to Apple's built-in antivirus, XProtect.
The Hacker News
Are you confident your vulnerability scanner isn't leaving blind spots in your attack surface? Uncover the limitations of relying on a single scanner
The Hacker News
Dropbox Sign Breached! Unidentified hackers accessed user emails, usernames, and account settings for all Dropbox Sign users.
The Hacker News
A new botnet called Goldoon is targeting D-Link routers with a critical vulnerability from 2015 (CVE-2015-2051).
DarkReading
Weaponizing Microsoft's own services for command-and-control is simple and costless, and helps attackers better avoid detection.
Infosecurity News
The US and its allies claim Russian hacktivists are disruptive operations in water, energy, food and agriculture sectors
The Cyber Express
CEO Andrew Witty testified before Congress on Wednesday, disclosing a significant cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group.
The Cyber Express
The CL0P ransomware group has listed 3 additional victims on its leak site. The mentioned victims include: McKinley Packing, Pilot
SecurityWeek
Dropbox says hackers breached its Sign production environment and accessed customer email addresses and hashed passwords.
Cyber Security News
Today marks the annual celebration of World Password Day, emphasizing the critical role that strong passwords play in safeguarding our digital
Security Affairs
Panda Restaurant Group disclosed a data breach that occurred in March, resulting in the theft of associates' personal information.
Cyber Security News
Cybersecurity communities are on high alert as threat actors have begun selling RDP access on various underground hacker forums.
Cyber Security News
Critical vulnerabilities in MailCleaner versions before 2023.03.14 allow attackers to take control of appliances through malicious emails
The Hacker News
A critical flaw (CVE-2023-7028) is being actively exploited, allowing account takeover by sending password reset emails to unverified addresses.
The Cyber Express
Anonymous Arabia, a notorious group of hacktivists, has allegedly launched a cyberattack on Columbia University in response to the recent
The Hacker News
Attention SOHO router users! A new malware called Cuttlefish is on the prowl, stealthily monitoring your traffic and stealing authentication data.
DarkReading
A recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. Cyber defenders must keep pace.
CSO
The names and email addresses of those customers were also exposed who had never created an account with Dropbox Sign but had “received or signed a document through Dropbox Sign.”
CSO
Despite paying a $22 million ransom in Bitcoin to regain access to encrypted files, the company cannot confirm whether copies of the data were made or published online.
Cyber Security News
Dropbox disclosed a significant security breach affecting its electronic signature service, Dropbox Sign (formerly known as HelloSign).
SecurityWeek
The Change Healthcare cyberattack started when hackers entered a server that lacked a basic form of security: multi-factor authentication.
SecurityWeek
Police say a principal from a Maryland high school was framed as racist by a fake recording of his voice using AI-based deepfake technology.
Ars Technica
How and why nation-state hackers and cybercriminals coexist in the same router botnet.
Trend Micro
Cheap and easy access to AI makes it harder to detect state-sponsored and homegrown campaigns during this election year
DarkReading
The breach used stolen Citrix credentials for an account with no MFA. Attackers went undetected for days, and Change's backup strategy failed.
CSO
Companion publications to NIST’s AI Risk Management Framework explore a long worry list in more detail and are likely to become essential reading for security professionals.
Bleeping Computer
HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.
Bleeping Computer
Cloud storage firm DropBox says hackers breached production systems for its DropBox Sign eSignature platform and gained access to authentication tokens, MFA keys, hashed passwords, and customer information.
Ars Technica
Anthropic finally comes to mobile, launches plan for teams that includes 200K context window.
DarkReading
Unmanaged and unknown Web services endpoints are just some of the challenges organizations must address to improve API security.
DarkReading
Some customers found that they had the ability to cancel a stranger's flight to another country after opening the app, which was showing other individuals' flight details.
Bleeping Computer
The US government is warning that pro-Russian hacktivists are seeking out and hacking into unsecured operational technology (OT) systems used to disrupt critical infrastructure operations.
CSO
Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out.
SecurityWeek
New York startup Oasis Security banks $35 million in a Series A extension round led by Accel, Cyberstarts, and Sequoia Capital.
Security Affairs
A former U.S. NSA employee has been sentenced to nearly 22 years in prison for attempting to sell classified documents to Russia.
SecurityWeek
Traceable AI has raised $110 million since launching in 2018 with ambitious plans in the competitive API security and observability space.
Bleeping Computer
Cybersecurity is increasingly everybody's concern, and getting certified helps you skill up and get up to speed. These eight cybersecurity exam prep courses get you ready for $29.97, $154 off the $184 MSRP only for a limited time.
Security Affairs
Cuttlefish malware targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data.
Bleeping Computer
Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March and stole the personal information of an undisclosed number of individuals.
DarkReading
The newly discovered malware, which has so far mainly targeted Turkish telcos and has links to HiatusRat, infects routers and performs DNS and HTTP hijacking attacks on connections to private IP addresses
HACKRead
Uncover the "Muddling Meerkat," a China-linked threat actor manipulating the DNS. Infoblox research reveals a sophisticated group with deep DNS expertise and potential ties to the Great Firewall. Learn their tactics and how to stay protected.
Infosecurity News
The data from ReliaQuest also suggests LockBit faced a significant setback due to law enforcement action
CyberScoop
Other sectors that the hacktivists — who sometimes pose physical threats — are targeting in North America and Europe include energy and agriculture, according to a Wednesday advisory.
Bleeping Computer
The Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom.
Bleeping Computer
CISA warned today that attackers are actively exploiting a maximum-severity GitLab vulnerability that allows them to take over accounts via password resets.
Ars Technica
Easy-to-use language that drove Apple, TRS-80, IBM, and Commodore PCs debuted in 1964.
Infosecurity News
Andrew Witty made the claims in a written testimony submitted before a House subcommittee hearing
Security Affairs
A flaw in the R programming language enables the execution of arbitrary code when parsing specially crafted RDS and RDX files.
Bleeping Computer
Microsoft has confirmed customer reports of NTLM authentication failures and high load after installing last month's Windows Server security updates.
SecurityWeek
Researchers can earn as much as $450,000 for a single vulnerability report as Google boosts its mobile vulnerability rewards program.
SecurityWeek
Adobe is providing incentives for bug bounty hackers to report security flaws in its implementation of Content Credentials and Adobe Firefly.
SecurityWeek
Malware platform roaming around enterprise SOHO routers capable of covertly harvesting public cloud authentication data from internet traffic.
Cyber Security News
The explosion of cloud-based applications, or SaaS (Software-as-a-Service), has transformed the way businesses operate.
The Hacker News
How does blockchain pseudonymity enable financial crime detection? By combining it with knowledge of licit and illicit crypto services, machine learni
Bleeping Computer
Microsoft says the April 2024 Windows security updates break VPN connections on Windows 11, Windows 10, and Windows Server systems.
Infosecurity News
Comparitech found that 18% of ransomware incidents in the US led to a lawsuit in 2023, with 59% of completed lawsuits since 2018 proving successful
SecurityWeek
Venafi’s 90-Day TLS Readiness solution enhances its existing technology to provide full, demonstrable, and visible compliance with the coming 90-day mandate.
SecurityWeek
DeepKeep, which provides an AI-Native Trust, Risk, and Security Management (TRiSM) platform, has raised $10 million in seed funding.
The Hacker News
Researchers have uncovered a new Android malware called Wpeeper that uses compromised WordPress sites to hide its true command-and-control servers.
Bleeping Computer
Qantas Airways confirms that some of its customers were impacted by a misconfiguration in its app that exposed sensitive information and boarding passes to random users.
Infosecurity News
New report from Netwrix reveals unplanned expenses impact half of breached firms, including a surge in lawsuits
Bleeping Computer
A new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information.
The Cyber Express
The cybersecurity community is on edge after an unidentified threat actor operating under the username 'UAE', claimed responsibility for a
Security Magazine
New data analyzing ransomware group activities has found that activity from the ransomware gang RAGroup has risen by 300% since December.
SecurityWeek
SecurityWeek discusses cybersecurity leadership with Geoff Belknap, CISO at LinkedIn, and Guy Rosen, CISO at Facebook parent company Meta.
Infosecurity News
The growth of software supply chain attacks pushed vulnerability exploits to the third most used initial access method, Verizon found
SecurityWeek
Chinese cybersecurity firm QAX XLab uncovered an Android trojan that hides its command-and-control server behind compromised WordPress sites.
Bleeping Computer
A VPN lets you connect anywhere with confidence that snoops and thieves won't be able to tap into your data. This two-year subscription to SurfShark VPN gives you unlimited bandwidth and device connection for $56.99, $233 off the $290 MSRP.
The Hacker News
Master the art of choosing a security awareness training (SAT) solution that can drive meaningful changes for you and your organization.
Infosecurity News
Join Claire Williams at Infosecurity Europe to learn how F1 leadership strategies can inspire cybersecurity leaders
The Cyber Express
National Supply Chain Day, which was recently observed on April 29, serves as a dedicated day to recognize the critical
The Hacker News
ZLoader modular malware trojan has resurfaced with anti-analysis feature that prevents execution on machines different from the original infection.
Infosecurity News
The UK’s National Cyber Security Centre claims its AMS model will protect firms from state-backed mobile threats
Security Affairs
The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019..
Latest Hacking News
A security researcher discovered a security vulnerability in the Judge0 system, which received a patch that could further be bypassed, leading to further vulnerabilities. While the developer eventually patched the issue after repeated exploits, the
Cyber Security News
The cyberattack, which unfolded on the morning of February 21, 2024, was the culmination of a 9-day silent infiltration by the hackers within the UnitedHealth network.
Cyber Security News
a previously undetected malware threat for macOS that exhibits characteristics of both an infostealer and spyware.
The Hacker News
Former NSA employee sentenced to nearly 22 years in prison for attempting to sell classified documents to Russia.
The Cyber Express
A threat actor has claimed to have leaked the database of the Department of Social Welfare Ladakh, Government of India.
Cyber Security News
Live secrets from 183 different SaaS and cloud providers, including giants like AWS, GCP, OpenAI, GitHub, and Postman itself, were found leaking on the platform.
DarkReading
MOVEit drove a big chunk of the increase, but social engineering and failure to patch led to a doubling of data breaches since 2023, said Verizon Business.
Security Magazine
In this edition of Security’s Top 5 from Security magazine, we showcase the top stories and new developments from across the security industry throughout March.
Cyber Security News
Repositories on Docker Hub, a popular platform for developers to store and share containerized applications, have been exploited to spread malicious software and phishing scams.
SecurityWeek
UnitedHealth Group’s CEO Andrew Witty shares details on the damaging cyberattack in testimony before a US Congress committee on May 1.
The Record
CEO Andrew Witty blamed Change Healthcare's legacy technologies and lack of multifactor authentication for the cyberattack, which disrupted the medical industry nationwide.
SC Magazine
Andrew Witty stuck with the familiar corporate line of providing consumers with two years of credit monitoring.
The Record
The Cybersecurity and Infrastructure Security Agency (CISA) and international partners are warning about weak security practices in operational technology (OT) that could be targeted by pro-Russia hackers.
The Record
The company told federal regulators that it discovered unauthorized access to the production environment of its Dropbox Sign product.
The Record
While progress is being made to replace the systems impacted by the attack, it could be another six months before things return to normality.
The Record
Sens. Mark Warner and Thom Tillis want to see changes in the federal NVD to reflect how different AI systems can be from traditional software and hardware.
The Record
Ukraine's president issued a decree confirming the discharge of Illia Vitiuk, who had been suspended from his post at the SBU in April.
SC Magazine
Vulnerability exploits, pure extortion and internal risks are on the rise, while AI threats fall short.
Trend Micro
This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024.
The Record
To trick their victims, the scammers posed as a family member — typically a son — in some distressing situation requiring urgent financial help, Spanish police said.
SC Magazine
CISA Director Jen Easterly told lawmakers that Chinese cyberespionage threats warrants budget boost.
Bleeping Computer
Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious.
Ars Technica
145,152-core supercomputer was 20th most powerful in the world in 2016.
Security Affairs
Finnish hacker was sentenced to more than six years in prison for hacking into an online psychotherapy clinic and attempted extortion.
Loading more articles....