CSO
US AI experts targeted in cyberespionage campaign using SugarGh0st RAT
Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
Ars Technica
Arizona woman accused of helping North Koreans get remote IT jobs at 300 companies
Alleged $6.8M conspiracy involved "laptop farm," identity theft, and résumé coaching.
HACKRead
HP Reports Low-Effort, High-Impact Cat-Phishing Targeting Users
New HP report reveals cybercriminals are increasingly leveraging "cat-phishing" techniques, exploiting open redirects in legitimate websites to deceive users and deliver malware.
The Cyber Express
US Charged North Korean Job Fraud Nexus Amassing Funds for Nuclear Program
The U.S. federal prosecutors on Thursday revealed charges against a North Korean job fraud nexus that ran its fraudulent scheme
DarkReading
US AI Experts Targeted in SugarGh0st RAT Campaign
Researchers believe the attacker is likely China-affiliated, since a previous version of the malware was used by a China nation-state attack group.
Bleeping Computer
Norway recommends replacing SSL VPN to prevent breaches
The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.
DarkReading
GE Ultrasound Gear Riddled With Bugs, Open to Ransomware & Data Theft
Thankfully, GE ultrasounds aren't Internet-facing. Exploiting most of the bugs to cause serious damage to patients would require physical device access.
HACKRead
MIT Graduate Brothers Arrested for $25 Million Ethereum Heist
Two MIT graduates were arrested for allegedly stealing $25 million in Ethereum through a sophisticated blockchain manipulation scheme.
Bleeping Computer
Save $95 on a 65+ course cybersecurity training library
Constant training is key to staying current on the changing world of cybersecurity. This instant cybersecurity training library lets you fit in the training you need for $24.97, $95 off the $120 MSRP now through the end of May 22th.
Ars Technica
Archie, the Internet’s first search engine, is rescued and running
A journey through busted tapes, the Internet Old Farts Club, and SPARCstations.
Bleeping Computer
Microsoft shares temp fix for Outlook encrypted email reply issues
Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from replying to encrypted emails using the Outlook Desktop client.
Infosecurity News
Windows Quick Assist Exploited in Ransomware Attacks
Microsoft warned Storm-1811 started vishing attacks in April to gain access to target devices
Bleeping Computer
MediSecure e-script firm hit by ‘large-scale’ ransomware data breach
Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor.
HACKRead
Shadow IT: Personal GitHub Repos Expose Employee Cloud Secrets
Shadow IT involves employees using IT systems without proper security controls, often installing unauthorized software on company computers.
Infosecurity News
SugarGh0st RAT Variant Used in Targeted AI Industry Attacks
Proofpoint said the attackers modified registry key names for persistence
The Hacker News
New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks
New Wi-Fi vulnerability discovered! CVE-2023-52424, dubbed "SSID Confusion attack," affects all operating systems and Wi-Fi clients.
Security Magazine
59% of organizations faced a software supply chain attack
59% of organizations experienced a software supply chain attack, with 54% of these respondents having experienced one in the past year.
Bleeping Computer
Russian hackers use new Lunar malware to breach a European govt's agencies
Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad.
The Cyber Express
Gone in 12 Seconds: Siblings Siphon $25M from Ethereum Blockchain
Gone in 60 seconds is a thing of the past. With the world moving towards digital assets and cryptocurrency, “Gone
Infosecurity News
53,000 Employees' Social Security Numbers Exposed in Nissan Breach
Car manufacturer Nissan revealed that over 53,000 of its North America employees had their social security numbers accessed by a ransomware attacker
DarkReading
FCC Reveals 'Royal Tiger' Robocall Campaign
In a first-ever move, the commission's enforcement bureau has high hopes that official classification will allow law enforcement partners to better combat these kinds of threats.
Bleeping Computer
Microsoft: Windows Server 2019 updates fail with 0x800f0982 errors
Microsoft has acknowledged a new known issue causing this month's KB5037765 security update for Windows Server 2019 to fail to install with 0x800f0982 errors.
Bleeping Computer
How to manage the security risks of generative AI tools
Growth in AI use is widespread, evolving, and showing no signs of slowing, and with it comes risks ranging from competitive and legal concerns to a slew of security implications. Here's how Nudge Security can help you discover and manage AI security risks.
Infosecurity News
CISO Confidence in AI Security Grows as GenAI Adoption Rises
Nearly six out of ten surveyed ClubCISO members are confident AI is used securely in their organizations
The Hacker News
North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign
Kimsuky hackers launch new social engineering attack using fake Facebook accounts. Learn how they target activists via Messenger and deliver malware.
SecurityWeek
Legacy of Wisdom: Security Lessons Inspired by My Father
Honoring my father's memory by translating his timeless life lessons into practical wisdom for the cybersecurity profession.
Cyber Security News
Top 10 Best Managed Service Providers (MSP) for CISO, CTO & IT Managers - 2024
Best MSP for CISO, CTO & IT Managers - 1. Perimeter 812. Secureworks 3. IBM 4. Trustwave 5. Wipro 6. Verizon 7. Sophos 8. Symantec.
DarkReading
Windows Quick Assist Anchors Black Basta Ransomware Gambit
When abused by threat actors with sophisticated social-engineering chops, remote-access tools demand that enterprises remain sharp in both defense strategy and employee-awareness training.
SecurityWeek
Nissan Data Breach Impacts 53,000 Employees
Nissan North America determined recently that a ransomware attack launched last year resulted in employee personal information compromise.
CSO
Cycode rolls out ASPM connector marketplace, analysts see it as bare minimum
Application Security Posture Management tools need to integrate with other security tools to do their job.
The Cyber Express
Beyond Borders: CISA Addresses the Global Influence on US Election Cybersecurity
During a recent Senate committee hearing, Director of National Intelligence Avril Haines emphasized state hackers' continued prominence as a threat,
Security Affairs
Google fixes seventh actively exploited Chrome zero-day this year
Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week.
The Cyber Express
Russian Hackers Used Two New Backdoors to Spy on European Foreign Ministry
Researchers recently uncovered two new backdoors implanted within the infrastructure of a European Ministry of Foreign Affairs (MFA) and its
HACKRead
IoT Cameras Exposed by Chainable Exploits, Millions Affected
The Internet of Things (IoT) promises a world of interconnected devices, but with this connectivity comes a dark side such as security vulnerabilities.
%20(1)%20(1).webp)
Cyber Security News
PoC Exploit Released for Ivanti EPMM MobileIron Core
A newly disclosed vulnerability, identified as CVE-2024-22026, has been found in Ivanti EPMM, formerly known as MobileIron Core.
CSO
BreachForums seized by law enforcement, admin Baphomet arrested
Official telegram channels operated by BreachForums members confirm law enforcement seizures and arrest.
Bleeping Computer
Create up-to-date visualizations with $230 off Microsoft Visio 2021
Turning your data into floor plans, diagrams, flow charts, and other visualizations should be an efficient process. This Microsoft Visio 2021 Professional instant download for Windows gives you all the tools you need for $19.97, $230 off the $250 MSRP now through the end of May 22nd.
The Cyber Express
Josh Krueger of Project Hosts, Inc. Appointed to Federal Secure Cloud Advisory Committee
Josh Krueger, the Chief Information Security Officer at Project Hosts, Inc. has been appointed to the Federal Secure Cloud Advisory
SecurityWeek
Android 15 Brings Improved Fraud and Malware Protections
Google is boosting fraud and malware protections in Android 15 with live threat detection and expanded restricted settings.
Cyber Security News
Hackers Exploiting Microsoft's Quick Assist Tool To Deliver Ransomware
Remote assist tools are often targeted by hackers as they create a direct channel that can be used to get into desired systems while using
SecurityWeek
Personal Information Stolen in City of Wichita Ransomware Attack
The City of Wichita says files containing personal information were exfiltrated in a recent ransomware attack.
The Cyber Express
A New WiFi Vulnerability in IEEE 802.11 Standard Protocol Leads to SSID Confusion Attack
A new WiFi vulnerability is reportedly leading users to a SSID confusion attack. The vulnerability has been identified in the
The Hacker News
Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines
Nearly a dozen security flaws have been discovered in the GE HealthCare Vivid Ultrasound product family.
%20(1).webp)
Cyber Security News
Earth Hundun Hacker Group Employs Advanced Tactics to Evade Detection
Earth Hundun, a notable Asia-Pacific malware organization, uses Waterbear and Deuterbear, first encountered Deuterbear.
Infosecurity News
BreachForums Hacking Marketplace Taken Down Again
The FBI claims to have seized the domain and servers of hacking forum BreachForums
Latest Hacking News
Vulnerabilities In Cinterion Cellular Modems Threatened IoT And Industrial Devices
Researchers caught numerous security vulnerabilities riddling Cinterion cellular modems, exploiting which would threaten millions of devices. Since no active patches currently exist for the flaws, the researchers recommend applying the suggested mitigations to prevent potential
Cyber Security News
Palo Alto Networks Buys IBM’s QRadar
In a major move to bolster its cloud security offerings, Palo Alto Networks announced today that it has agreed to purchase the QRadar .
The Cyber Express
GhostSec Announces Shift in Operations from Ransomware to Hacktivism
GhostSec, a threat actor group previously involved in financially motivated cybercrimes, announced a significant shift in their focus to depart
The Cyber Express
MediSecure Data Breach Confirms Impact on Personal and Health Information of Individuals
A ransomware attack has compromised MediSecure, a leading Australian script provider facilitating electronic prescribing and dispensing of prescriptions. The MediSecure
SecurityWeek
Third Chrome Zero-Day Patched by Google Within One Week
Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.
Cyber Security News
Apple Safari Zero-Day Flaw Exploited At Pwn2Own : Patch Now
To address a zero-day vulnerability in its Safari web browser that was exploited during this year's Pwn2Own Vancouver hacking competition,
%20(2)%20(1).webp)
Cyber Security News
Authorities Seized Notorious Data Leak Site BreachForums
The notorious data leak site BreachForums has been taken over by the police. Cybercrime and data leaks are still being fought.
DarkReading
Nigeria Halts Cybersecurity Tax After Public Outrage
In an economy choking on swelling inflation, the Nigerian government paused plans for a levy on domestic transactions, aimed at enhancing cybersecurity.
Cyber Security News
LogRhythm and Exabeam to Merge to Boost SIEM & SOAR
LogRhythm and Exabeam, two leading cybersecurity companies to create a powerful force in the security operations and analytics market.
Cyber Security News
Critical SAP NetWeaver & CX Commerce Flaw Leads To Complete Takeover
Three vulnerabilities have been discovered in SAP Customer Experience (CX) commerce cloud and SAP Netweaver Application which were
SecurityWeek
BreachForums Shut Down in Apparent Law Enforcement Operation
The hacking forum BreachForums is displaying a notice claiming that the website is under the control of the FBI.
The Cyber Express
Nissan Cybersecurity Incident Update: 53,000 Employees Affected
Following the massive Nissan data breach from November last year that exposed the Social Security numbers of thousands of former
Cyber Security News
Wireshark 4.2.5 Released: What's New!
The Wireshark team has announced the release of Wireshark 4.2.5, a maintenance update to the popular network protocol analyzer.
The Cyber Express
UK NCSC to Defend ‘High-Risk’ Political Candidates from Cyberattacks
In response to heightened cyber threats targeting political candidates, election officials and civil society groups, the National Cyber Security Centre
Cyber Security News
Google Chrome Zero-day Vulnerability (CVE-2024-4947) Actively Exploited in The Wild
Google has released update for its Chrome to patch a high-severity vulnerability that is being actively exploited by attackers in the wild.
The Hacker News
Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks
Beware of Storm-1811! This financially motivated group is abusing Microsoft's Quick Assist tool in social engineering attacks.
SC Magazine
Google patches 3rd Chrome browser zero-day inside of a week
Security pros say the uptick in Chrome zero-days this week demonstrates an increased focus by threat actors on attacking browsers.
Trend Micro
Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024.
The Record
UK insurance industry begins to acknowledge role in tackling ransomware
The National Cyber Security Centre worked with the U.K.'s insurance industry on new guidelines for organizations facing ransomware attacks.
The Record
New UK system will see ISPs benefit from same protections as government networks
The Share and Defend system will provide a list of malicious domains to a range of U.K. communications providers so the domains can be added to blocklists.
SC Magazine
AI-generated code top cloud security concern amid 100% use rate in survey
GenAI, API and identity risks are key concerns, as well as conflicts between DevOps and SecOps.
The Record
FCC might require telecoms to report on securing internet's BGP technology
The BGP behaves like an internet traffic controller, routing data as efficiently as possible — but it can be "hijacked" for malicious purposes.
The Record
SEC to require financial firms to have data breach incident plans
“The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify,” SEC Chair Gary Gensler said. “That’s good for investors.”
Ars Technica
BreachForums, an online bazaar for stolen data, seized by FBI
An earlier iteration of the site was taken down last year; now its reincarnation is gone.
Bleeping Computer
Google fixes third actively exploited Chrome zero-day in a week
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
Bleeping Computer
Google patches third exploited Chrome zero-day in a week
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
DarkReading
Flaw in Wi-Fi-Standard Can Enable SSID Confusion Attacks
Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions.
Security Affairs
FBI seized the notorious BreachForums hacking forum
An international law enforcement operation coordinated by the FBI led to the seizure of the notorious BreachForums hacking forum.
Ars Technica
Google unveils Veo, a high-definition AI video generator that may rival Sora
Google's video synthesis model creates minute-long 1080p videos from written prompts.
DarkReading
Scammers Fake DocuSign Templates to Blackmail & Steal From Companies
Cybercriminals are trafficking DocuSign assets that allow for easy extortion and business email compromise.
DarkReading
FBI, DoJ Shut Down BreachForums, Launch Investigation
Instead of online contraband, the website now asks anyone with information that could help with the investigation to contact authorities.
Bleeping Computer
Android to add new anti-theft and data protection features
Google is introducing multiple anti-theft and data protection features later this year, some available only for Android 15+ devices, while others will roll out to billions of devices running Android 10 and later.
Bleeping Computer
Android 15, Google Play Protect get new anti-malware and anti-fraud features
Today, Google announced new security features coming to Android 15 and Google Play Protect that will help block scams, fraud, and malware apps on users' devices.
Bleeping Computer
Android 15, Google Play get new anti-malware and anti-fraud features
Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices.
Bleeping Computer
Nissan North America data breach impacts over 53,000 employees
Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom.
Security Affairs
A Tornado Cash developer has been sentenced to 64 months in prison
One of the developers of the Tornado Cash cryptocurrency mixer has been sentenced to 64 months in prison.........
The Cyber Express
Banco Santander Confirms Data Breach, Assures Customers’ Transactions Remain Secure
Santander, one of the largest banks in the eurozone, confirmed that an unauthorized party had gained access to a database
Bleeping Computer
Let this bundle help you get Microsoft IT certified for under $60
For a limited time, you can get the complete Microsoft Tech Certification Bundle for $59.97 (reg. $429).
Security Magazine
Meta is the second most spoofed brand for credential phishing
A sophisticated phishing campaign is bypassing multi-factor authentication in order to target Meta business accounts.
The Hacker News
FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity
BreachForums, a notorious online bazaar for stolen data, has been seized by law enforcement agencies for the second time in a year.
Bleeping Computer
Apple blocked $7 billion in fraudulent App Store purchases in 4 years
Apple's antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis.
Cyber Security News
5 Common Phishing Vectors and Examples - 2024
Phishing attacks can be executed through various means, such as SMS and phone calls, but the most prevalent method involves sending victims emails containing malicious attachments.
Infosecurity News
Cyber-Attack Disrupts Christie’s $840M Art Auctions
Despite this setback, the auction house said bids can still be placed by phone and in-person
Bleeping Computer
Windows Quick Assist abused in Black Basta ransomware attacks
Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks.
The Hacker News
Google Launches AI-Powered Theft and Data Protection Features for Android Devices
Google just unveiled new "private space" feature lets you keep your sensitive apps hidden and locked with a separate PIN.
The Hacker News
Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps
Android 15 introduces new features to prevent malicious apps from capturing your sensitive data. Find out more about these crucial updates:
HACKRead
Popular Cyber Crime Forum Breach Forums Seized by Police
The cybercrime and hacker forum Breach Forums has been seized by the Federal Bureau of Investigation (FBI) and the Department of Justice.
Ars Technica
SSH backdoor has infected 400,000 Linux servers over 15 years and keeps on spreading
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
Infosecurity News
PDF Exploitation Targets Foxit Reader Users
CPR said exploit builders in .NET and Python have been employed to deploy this malware
DarkReading
D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day
A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.
The Cyber Express
BREAKING: FBI Seizes BreachForums, Yet Again!
The notorious BreachForums seized for the second time in a year. The U.S. law enforcement today seized the clear web
.webp)
Cyber Security News
New Wi-Fi ‘SSID Confusion’ Attack Let Attackers connecting To Malicious Network
A design flaw in the IEEE 802.11 standard allows for SSID spoofing in WPA2 and WPA3 networks. While authentication protocols prevent
Bleeping Computer
FBI seize BreachForums hacking forum used to leak stolen data
The FBI has seized the notorious BreachForums hacking forum used to leak and sell stolen corporate data to other cybercriminals.
The Cyber Express
The Cybersecurity Guardians: Meet the Top 30 cybersecurity Influencers to Follow in 2024
The ever-evolving landscape of cybersecurity is shaped by a dedicated group of individuals. These pioneers, through their research, entrepreneurship, and
Infosecurity News
NCSC Expands Election Cybersecurity to Safeguard Candidates
The National Cyber Security Centre launches an opt-in Personal Internet Protection service to safeguard individuals from cyber threats during the upcoming election
Loading more articles....