CSO
US AI experts targeted in cyberespionage campaign using SugarGh0st RAT
Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
The Cyber Express
US Charged North Korean Job Fraud Nexus Amassing Funds for Nuclear Program
The U.S. federal prosecutors on Thursday revealed charges against a North Korean job fraud nexus that ran its fraudulent scheme
Bleeping Computer
Five charged for cyber schemes to benefit North Korea's weapons program
The U.S. Justice Department charged five individuals today, a U.S. Citizen woman, a Ukrainian man, and three foreign nationals, for their involvement in cyber schemes that generated revenue for North Korea's nuclear weapons program.
Bleeping Computer
Norway recommends replacing SSL VPN to prevent breaches
The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.
DarkReading
GE Ultrasound Gear Riddled With Bugs, Open to Ransomware & Data Theft
Thankfully, GE ultrasounds aren't Internet-facing. Exploiting most of the bugs to cause serious damage to patients would require physical device access.
The Hacker News
New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks
New Wi-Fi vulnerability discovered! CVE-2023-52424, dubbed "SSID Confusion attack," affects all operating systems and Wi-Fi clients.
Infosecurity News
53,000 Employees' Social Security Numbers Exposed in Nissan Breach
Car manufacturer Nissan revealed that over 53,000 of its North America employees had their social security numbers accessed by a ransomware attacker
Bleeping Computer
How to manage the security risks of generative AI tools
Growth in AI use is widespread, evolving, and showing no signs of slowing, and with it comes risks ranging from competitive and legal concerns to a slew of security implications. Here's how Nudge Security can help you discover and manage AI security risks.
The Hacker News
North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign
Kimsuky hackers launch new social engineering attack using fake Facebook accounts. Learn how they target activists via Messenger and deliver malware.
SecurityWeek
Nissan Data Breach Impacts 53,000 Employees
Nissan North America determined recently that a ransomware attack launched last year resulted in employee personal information compromise.
Security Affairs
Google fixes seventh actively exploited Chrome zero-day this year
Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week.
DarkReading
Patch Now: Another Google Zero-Day Under Exploit in the Wild
Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week.
HACKRead
IoT Cameras Exposed by Chainable Exploits, Millions Affected
The Internet of Things (IoT) promises a world of interconnected devices, but with this connectivity comes a dark side such as security vulnerabilities.
%20(1)%20(1).webp)
Cyber Security News
PoC Exploit Released for Ivanti EPMM MobileIron Core
A newly disclosed vulnerability, identified as CVE-2024-22026, has been found in Ivanti EPMM, formerly known as MobileIron Core.
CSO
BreachForums seized by law enforcement, admin Baphomet arrested
Official telegram channels operated by BreachForums members confirm law enforcement seizures and arrest.
The Cyber Express
Josh Krueger of Project Hosts, Inc. Appointed to Federal Secure Cloud Advisory Committee
Josh Krueger, the Chief Information Security Officer at Project Hosts, Inc. has been appointed to the Federal Secure Cloud Advisory
SecurityWeek
Android 15 Brings Improved Fraud and Malware Protections
Google is boosting fraud and malware protections in Android 15 with live threat detection and expanded restricted settings.
The Cyber Express
A New WiFi Vulnerability in IEEE 802.11 Standard Protocol Leads to SSID Confusion Attack
A new WiFi vulnerability is reportedly leading users to a SSID confusion attack. The vulnerability has been identified in the
Infosecurity News
UK Lags Europe on Exploited Vulnerability Remediation
UK organizations are less likely than their European peers to have known exploited bugs but take longer to fix them
The Hacker News
Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines
Nearly a dozen security flaws have been discovered in the GE HealthCare Vivid Ultrasound product family.
Infosecurity News
BreachForums Hacking Marketplace Taken Down Again
The FBI claims to have seized the domain and servers of hacking forum BreachForums
Latest Hacking News
Vulnerabilities In Cinterion Cellular Modems Threatened IoT And Industrial Devices
Researchers caught numerous security vulnerabilities riddling Cinterion cellular modems, exploiting which would threaten millions of devices. Since no active patches currently exist for the flaws, the researchers recommend applying the suggested mitigations to prevent potential
The Cyber Express
MediSecure Data Breach Confirms Impact on Personal and Health Information of Individuals
A ransomware attack has compromised MediSecure, a leading Australian script provider facilitating electronic prescribing and dispensing of prescriptions. The MediSecure
SecurityWeek
Third Chrome Zero-Day Patched by Google Within One Week
Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.
Cyber Security News
Apple Safari Zero-Day Flaw Exploited At Pwn2Own : Patch Now
To address a zero-day vulnerability in its Safari web browser that was exploited during this year's Pwn2Own Vancouver hacking competition,
%20(2)%20(1).webp)
Cyber Security News
Authorities Seized Notorious Data Leak Site BreachForums
The notorious data leak site BreachForums has been taken over by the police. Cybercrime and data leaks are still being fought.
DarkReading
Nigeria Halts Cybersecurity Tax After Public Outrage
In an economy choking on swelling inflation, the Nigerian government paused plans for a levy on domestic transactions, aimed at enhancing cybersecurity.
Cyber Security News
Critical SAP NetWeaver & CX Commerce Flaw Leads To Complete Takeover
Three vulnerabilities have been discovered in SAP Customer Experience (CX) commerce cloud and SAP Netweaver Application which were
SecurityWeek
BreachForums Shut Down in Apparent Law Enforcement Operation
The hacking forum BreachForums is displaying a notice claiming that the website is under the control of the FBI.
The Cyber Express
Nissan Cybersecurity Incident Update: 53,000 Employees Affected
Following the massive Nissan data breach from November last year that exposed the Social Security numbers of thousands of former
Cyber Security News
Google Chrome Zero-day Vulnerability (CVE-2024-4947) Actively Exploited in The Wild
Google has released update for its Chrome to patch a high-severity vulnerability that is being actively exploited by attackers in the wild.
The Hacker News
Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability
Google fixes critical zero-day vulnerability in Chrome. CVE-2024-4947, a type confusion bug in the V8 JavaScript engine, has been actively exploited b
SC Magazine
Google patches 3rd Chrome browser zero-day inside of a week
Security pros say the uptick in Chrome zero-days this week demonstrates an increased focus by threat actors on attacking browsers.
The Record
Congressional leaders concerned by NYPD's use of Chinese-made drones
The NYPD said it is trying to phase out the Chinese-made drones, but also defended their use, saying they are far more effective and affordable than any produced by American manufacturers.
The Record
US offers $5 million for info on North Korean IT workers involved in job fraud
According to the State Department, a U.S. national named Christina Chapman helped four people fraudulently obtain work as remote software and applications developers with companies in a range of sectors and industries, earning millions of dollars for the North Korean regime.
The Record
UK insurance industry begins to acknowledge role in tackling ransomware
The National Cyber Security Centre worked with the U.K.'s insurance industry on new guidelines for organizations facing ransomware attacks.
Ars Technica
BreachForums, an online bazaar for stolen data, seized by FBI
An earlier iteration of the site was taken down last year; now its reincarnation is gone.
Bleeping Computer
Google fixes third actively exploited Chrome zero-day in a week
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
Bleeping Computer
Google patches third exploited Chrome zero-day in a week
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
DarkReading
Flaw in Wi-Fi-Standard Can Enable SSID Confusion Attacks
Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions.
Security Affairs
FBI seized the notorious BreachForums hacking forum
An international law enforcement operation coordinated by the FBI led to the seizure of the notorious BreachForums hacking forum.
DarkReading
FBI, DoJ Shut Down BreachForums, Launch Investigation
Instead of online contraband, the website now asks anyone with information that could help with the investigation to contact authorities.
Bleeping Computer
Nissan North America data breach impacts over 53,000 employees
Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom.
Security Affairs
A Tornado Cash developer has been sentenced to 64 months in prison
One of the developers of the Tornado Cash cryptocurrency mixer has been sentenced to 64 months in prison.........
The Hacker News
FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity
BreachForums, a notorious online bazaar for stolen data, has been seized by law enforcement agencies for the second time in a year.
Bleeping Computer
Apple blocked $7 billion in fraudulent App Store purchases in 4 years
Apple's antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis.
Cyber Security News
5 Common Phishing Vectors and Examples - 2024
Phishing attacks can be executed through various means, such as SMS and phone calls, but the most prevalent method involves sending victims emails containing malicious attachments.
Bleeping Computer
Windows Quick Assist abused in Black Basta ransomware attacks
Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks.
HACKRead
Popular Cyber Crime Forum Breach Forums Seized by Police
The cybercrime and hacker forum Breach Forums has been seized by the Federal Bureau of Investigation (FBI) and the Department of Justice.
Ars Technica
SSH backdoor has infected 400,000 Linux servers over 15 years and keeps on spreading
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
The Cyber Express
BREAKING: FBI Seizes BreachForums, Yet Again!
The notorious BreachForums seized for the second time in a year. The U.S. law enforcement today seized the clear web
.webp)
Cyber Security News
New Wi-Fi ‘SSID Confusion’ Attack Let Attackers connecting To Malicious Network
A design flaw in the IEEE 802.11 standard allows for SSID spoofing in WPA2 and WPA3 networks. While authentication protocols prevent
Bleeping Computer
FBI seize BreachForums hacking forum used to leak stolen data
The FBI has seized the notorious BreachForums hacking forum used to leak and sell stolen corporate data to other cybercriminals.
SecurityWeek
Threat Actors Abuse GitHub to Distribute Multiple Information Stealers
Russian-speaking threat actors are caught abusing a GitHub profile to distribute information stealers posing as legitimate software.
SecurityWeek
Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities
Intel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities.
Bleeping Computer
Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion
Alexey Pertsev, one of the main developers of the Tornado Cash cryptocurrency tumbler has been sentenced to 64 months in prison for his part in helping launder more than $2 billion worth of cryptocurrency.
CSO
Singing River ransomware attack now thought to have affected over 895,000
The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack.
Infosecurity News
Santander Customer Data Compromised Following Third-Party Breach
Santander has warned that customer and employee data has been breached following unauthorized access to a database held by a third-party provider
The Hacker News
(Cyber) Risk = Probability of Occurrence x Damage
CVSS v4.0 evaluates vulnerabilities using a revised scoring system, emphasizing environmental and threat metrics.
SecurityWeek
400,000 Linux Servers Hit by Ebury Botnet
The Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected.
SecurityWeek
900k Impacted by Data Breach at Mississippi Healthcare Provider
Singing River Health System says the personal information of roughly 900,000 individuals was stolen in an August 2023 ransomware attack.
Infosecurity News
Current Market Forces Disincentivizing Cybersecurity, Says NCSC CTO
NCSC CTO argues current market rewards prioritize cost over security, hindering the development of secure technology
The Hacker News
Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years
Ebury malware botnet has compromised an estimated 400,000 servers since 2009. Learn how to protect your systems from this advanced threat.
Security Affairs
Adobe fixed multiple critical flaws in Acrobat and Reader
Adobe addressed multiple code execution vulnerabilities in several products, including Adobe Acrobat and Reader.
SecurityWeek
Unwanted Tracking Alerts Rolling Out to iOS, Android
Apple and Google have rolled out a new mobile feature that warns users of unwanted trackers moving with them.
The Cyber Express
Microsoft Addresses Zero-Day Vulnerability Exploited by QakBot Malware
Microsoft patched a zero-day vulnerability exploited by attackers to distribute QakBot and other malware payloads on susceptible Windows systems. Identified
Infosecurity News
Microsoft Fixes Three Zero-Days in May Patch Tuesday
Microsoft has released patches for three zero-day vulnerabilities including two actively exploited in the wild
The Cyber Express
SideCopy APT Campaign Found Targeting Indian Universities
Cyble Research and Intelligence Labs (CRIL) researchers have uncovered a new SideCopy campaign. The threat actor group has previously been
The Cyber Express
Chrome Vulnerability Alert: Google’s Rapid Response to 6th Zero-Day Exploit
A new Google Chrome vulnerability has been uncovered and exploited, marking the sixth zero-day incident in 2024 alone. In response,
The Hacker News
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
.webp)
Cyber Security News
WPS Office For Android Vulnerability Puts Over 500 Million+ Users At Risk
WPS Office is a office suite developed by Kingsoft that supports spreadsheets, presentations, documents and others. It has been used
Security Affairs
Ransomware attack on Singing River Health System impacted 895,000 people
The Singing River Health System revealed that the ransomware attack that hit the organization in August 2023 impacted 895,204 people.
Ars Technica
Chief Scientist Ilya Sutskever leaves OpenAI six months after Altman ouster
CEO Altman: "OpenAI would not be what it is without him."
CyberNews
North Korea launders $148 million of stolen crypto using Tornado Cash
A UN sanctions investigation says North Korea laundered $147.5 million of stolen crypto through the virtual mixer platform Tornado Cash in March.
CSO
FBI warns Black Basta ransomware impacted over 500 organizations worldwide
CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting.
SC Magazine
Microsoft fixes exploited Qakbot-delivering 0-day in May Patch Tuesday
In this month’s release, Redmond patched 60 CVEs including two other zero-days and a SharePoint Server remote code execution vulnerability rated critical.
SC Magazine
BreachForums seized by FBI for 2nd time
The infamous data leak site’s domain and Telegram account were seized Wednesday morning.
The Record
Feds seize BreachForums platform, Telegram page
On Wednesday morning, the BreachForums website was replaced by a takedown banner featuring the insignias of the FBI and Justice Department, as well as a slew of international agencies.
SC Magazine
Ransomware attack on Nissan North America results in employee data loss
Security pros believe the incident may be a “smash and grab” attack, where the threat actors go in, grab what data they can find, then try to sell it on the dark web.
DarkReading
Microsoft Windows DWM Zero-Day Poised for Mass Exploit
CVE-2024-30051 is the most concerning out of this month's Patch Tuesday offerings, and is already under active exploit by several QakBot actors.
Security Affairs
Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days
Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day.
Bleeping Computer
Microsoft fixes VPN failures caused by April Windows updates
Today, Microsoft fixed a known issue breaking VPN connections across client and server platforms after installing the April 2024 Windows security updates.
Bleeping Computer
Singing River Health System: Data of 895,000 stolen in ransomware attack
The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023.
Cyber Security News
Alert! Microsoft Fixes 60 Vulnerabilities With 2 Actively Exploited Zero-Days
Microsoft fixed 60 vulnerabilities in its Patch Tuesday release in May 2024, including 2 zero-day vulnerabilities actively exploited in the wild
SecurityWeek
Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities
Microsoft patched 60 security bugs in multiple products and waned of an actively exploited Windows zero-day (CVE-2024-30051)
Bleeping Computer
Microsoft fixes Windows zero-day exploited in QakBot malware attacks
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
Security Affairs
VMware fixed zero-day flaws demonstrated at Pwn2Own2024
VMware fixed four flaws in its Workstation and Fusion desktop hypervisors, including three zero-days exploited at the Pwn2Own Vancouver 2024
Bleeping Computer
Windows 10 KB5037768 update released with new features and 20 fixes
Microsoft has released the KB5037768 cumulative update for Windows 10 21H2 and Windows 10 22H2 with twenty changes, including account notifications in the Start Menu and Widgets on the lock screen.
Bleeping Computer
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
Infosecurity News
Data Breaches in US Schools Exposed 37.6M Records
Comparitech said 2023 was a record year for breaches with 954 reported, up from 139 in 2022 and 783 in 2021
SecurityWeek
Adobe Patches Critical Flaws in Reader, Acrobat
Adobe documents multiple code execution flaws in a wide range of products, including the widely deployed Adobe Acrobat and Reader software.
Infosecurity News
Ebury Botnet Operators Diversify with Financial and Crypto Theft
The 15-year-old Ebury botnet is more active than ever, as ESET found 400,000 Linux servers compromised for cryptocurrency theft and financial gain
DarkReading
Dangerous Google Chrome Zero-Day Allows Sandbox Escape
Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.
Bleeping Computer
Ebury botnet malware infected 400,000 Linux servers since 2009
A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023.
Bleeping Computer
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own
Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition.
Infosecurity News
NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stopped
Several software security experts have told Infosecurity that no new vulnerabilities have been added to the US NVD since May 9
The Hacker News
VMware Patches Severe Security Flaws in Workstation and Fusion Products
Researchers have uncovered a critical vulnerability in VMware's Bluetooth device, allowing code execution by malicious actors.
Bleeping Computer
Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android
On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with them.
Bleeping Computer
VMware fixes three zero-day bugs exploited at Pwn2Own 2024
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest.
Ars Technica
Apple, SpaceX, Microsoft return-to-office mandates drove senior talent away
"It’s easier to manage a team that’s happy.”
Loading more articles....