CSO
US AI experts targeted in cyberespionage campaign using SugarGh0st RAT
Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
CSO
Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
The Cyber Express
The U.S. federal prosecutors on Thursday revealed charges against a North Korean job fraud nexus that ran its fraudulent scheme
Bleeping Computer
The U.S. Justice Department charged five individuals today, a U.S. Citizen woman, a Ukrainian man, and three foreign nationals, for their involvement in cyber schemes that generated revenue for North Korea's nuclear weapons program.
Bleeping Computer
The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.
DarkReading
Thankfully, GE ultrasounds aren't Internet-facing. Exploiting most of the bugs to cause serious damage to patients would require physical device access.
The Hacker News
New Wi-Fi vulnerability discovered! CVE-2023-52424, dubbed "SSID Confusion attack," affects all operating systems and Wi-Fi clients.
Infosecurity News
Car manufacturer Nissan revealed that over 53,000 of its North America employees had their social security numbers accessed by a ransomware attacker
Bleeping Computer
Growth in AI use is widespread, evolving, and showing no signs of slowing, and with it comes risks ranging from competitive and legal concerns to a slew of security implications. Here's how Nudge Security can help you discover and manage AI security risks.
The Hacker News
Kimsuky hackers launch new social engineering attack using fake Facebook accounts. Learn how they target activists via Messenger and deliver malware.
SecurityWeek
Nissan North America determined recently that a ransomware attack launched last year resulted in employee personal information compromise.
Security Affairs
Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week.
DarkReading
Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week.
HACKRead
The Internet of Things (IoT) promises a world of interconnected devices, but with this connectivity comes a dark side such as security vulnerabilities.
Cyber Security News
A newly disclosed vulnerability, identified as CVE-2024-22026, has been found in Ivanti EPMM, formerly known as MobileIron Core.
CSO
Official telegram channels operated by BreachForums members confirm law enforcement seizures and arrest.
The Cyber Express
Josh Krueger, the Chief Information Security Officer at Project Hosts, Inc. has been appointed to the Federal Secure Cloud Advisory
SecurityWeek
Google is boosting fraud and malware protections in Android 15 with live threat detection and expanded restricted settings.
The Cyber Express
A new WiFi vulnerability is reportedly leading users to a SSID confusion attack. The vulnerability has been identified in the
Infosecurity News
UK organizations are less likely than their European peers to have known exploited bugs but take longer to fix them
The Hacker News
Nearly a dozen security flaws have been discovered in the GE HealthCare Vivid Ultrasound product family.
Infosecurity News
The FBI claims to have seized the domain and servers of hacking forum BreachForums
Latest Hacking News
Researchers caught numerous security vulnerabilities riddling Cinterion cellular modems, exploiting which would threaten millions of devices. Since no active patches currently exist for the flaws, the researchers recommend applying the suggested mitigations to prevent potential
The Cyber Express
A ransomware attack has compromised MediSecure, a leading Australian script provider facilitating electronic prescribing and dispensing of prescriptions. The MediSecure
SecurityWeek
Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.
Cyber Security News
To address a zero-day vulnerability in its Safari web browser that was exploited during this year's Pwn2Own Vancouver hacking competition,
Cyber Security News
The notorious data leak site BreachForums has been taken over by the police. Cybercrime and data leaks are still being fought.
DarkReading
In an economy choking on swelling inflation, the Nigerian government paused plans for a levy on domestic transactions, aimed at enhancing cybersecurity.
Cyber Security News
Three vulnerabilities have been discovered in SAP Customer Experience (CX) commerce cloud and SAP Netweaver Application which were
SecurityWeek
The hacking forum BreachForums is displaying a notice claiming that the website is under the control of the FBI.
The Cyber Express
Following the massive Nissan data breach from November last year that exposed the Social Security numbers of thousands of former
Cyber Security News
Google has released update for its Chrome to patch a high-severity vulnerability that is being actively exploited by attackers in the wild.
The Hacker News
Google fixes critical zero-day vulnerability in Chrome. CVE-2024-4947, a type confusion bug in the V8 JavaScript engine, has been actively exploited b
SC Magazine
Security pros say the uptick in Chrome zero-days this week demonstrates an increased focus by threat actors on attacking browsers.
The Record
The NYPD said it is trying to phase out the Chinese-made drones, but also defended their use, saying they are far more effective and affordable than any produced by American manufacturers.
The Record
According to the State Department, a U.S. national named Christina Chapman helped four people fraudulently obtain work as remote software and applications developers with companies in a range of sectors and industries, earning millions of dollars for the North Korean regime.
The Record
The National Cyber Security Centre worked with the U.K.'s insurance industry on new guidelines for organizations facing ransomware attacks.
Ars Technica
An earlier iteration of the site was taken down last year; now its reincarnation is gone.
Bleeping Computer
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
Bleeping Computer
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
DarkReading
Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions.
Security Affairs
An international law enforcement operation coordinated by the FBI led to the seizure of the notorious BreachForums hacking forum.
DarkReading
Instead of online contraband, the website now asks anyone with information that could help with the investigation to contact authorities.
Bleeping Computer
Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom.
Security Affairs
One of the developers of the Tornado Cash cryptocurrency mixer has been sentenced to 64 months in prison.........
The Hacker News
BreachForums, a notorious online bazaar for stolen data, has been seized by law enforcement agencies for the second time in a year.
Bleeping Computer
Apple's antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis.
Cyber Security News
Phishing attacks can be executed through various means, such as SMS and phone calls, but the most prevalent method involves sending victims emails containing malicious attachments.
Bleeping Computer
Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks.
HACKRead
The cybercrime and hacker forum Breach Forums has been seized by the Federal Bureau of Investigation (FBI) and the Department of Justice.
Ars Technica
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
The Cyber Express
The notorious BreachForums seized for the second time in a year. The U.S. law enforcement today seized the clear web
Cyber Security News
A design flaw in the IEEE 802.11 standard allows for SSID spoofing in WPA2 and WPA3 networks. While authentication protocols prevent
Bleeping Computer
The FBI has seized the notorious BreachForums hacking forum used to leak and sell stolen corporate data to other cybercriminals.
SecurityWeek
Russian-speaking threat actors are caught abusing a GitHub profile to distribute information stealers posing as legitimate software.
SecurityWeek
Intel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities.
Bleeping Computer
Alexey Pertsev, one of the main developers of the Tornado Cash cryptocurrency tumbler has been sentenced to 64 months in prison for his part in helping launder more than $2 billion worth of cryptocurrency.
CSO
The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack.
Infosecurity News
Santander has warned that customer and employee data has been breached following unauthorized access to a database held by a third-party provider
The Hacker News
CVSS v4.0 evaluates vulnerabilities using a revised scoring system, emphasizing environmental and threat metrics.
SecurityWeek
The Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected.
SecurityWeek
Singing River Health System says the personal information of roughly 900,000 individuals was stolen in an August 2023 ransomware attack.
Infosecurity News
NCSC CTO argues current market rewards prioritize cost over security, hindering the development of secure technology
The Hacker News
Ebury malware botnet has compromised an estimated 400,000 servers since 2009. Learn how to protect your systems from this advanced threat.
Security Affairs
Adobe addressed multiple code execution vulnerabilities in several products, including Adobe Acrobat and Reader.
SecurityWeek
Apple and Google have rolled out a new mobile feature that warns users of unwanted trackers moving with them.
The Cyber Express
Microsoft patched a zero-day vulnerability exploited by attackers to distribute QakBot and other malware payloads on susceptible Windows systems. Identified
Infosecurity News
Microsoft has released patches for three zero-day vulnerabilities including two actively exploited in the wild
The Cyber Express
Cyble Research and Intelligence Labs (CRIL) researchers have uncovered a new SideCopy campaign. The threat actor group has previously been
The Cyber Express
A new Google Chrome vulnerability has been uncovered and exploited, marking the sixth zero-day incident in 2024 alone. In response,
The Hacker News
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
Cyber Security News
WPS Office is a office suite developed by Kingsoft that supports spreadsheets, presentations, documents and others. It has been used
Security Affairs
The Singing River Health System revealed that the ransomware attack that hit the organization in August 2023 impacted 895,204 people.
Ars Technica
CEO Altman: "OpenAI would not be what it is without him."
CyberNews
A UN sanctions investigation says North Korea laundered $147.5 million of stolen crypto through the virtual mixer platform Tornado Cash in March.
CSO
CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting.
SC Magazine
In this month’s release, Redmond patched 60 CVEs including two other zero-days and a SharePoint Server remote code execution vulnerability rated critical.
SC Magazine
The infamous data leak site’s domain and Telegram account were seized Wednesday morning.
The Record
On Wednesday morning, the BreachForums website was replaced by a takedown banner featuring the insignias of the FBI and Justice Department, as well as a slew of international agencies.
SC Magazine
Security pros believe the incident may be a “smash and grab” attack, where the threat actors go in, grab what data they can find, then try to sell it on the dark web.
DarkReading
CVE-2024-30051 is the most concerning out of this month's Patch Tuesday offerings, and is already under active exploit by several QakBot actors.
Security Affairs
Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day.
Bleeping Computer
Today, Microsoft fixed a known issue breaking VPN connections across client and server platforms after installing the April 2024 Windows security updates.
Bleeping Computer
The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023.
Cyber Security News
Microsoft fixed 60 vulnerabilities in its Patch Tuesday release in May 2024, including 2 zero-day vulnerabilities actively exploited in the wild
SecurityWeek
Microsoft patched 60 security bugs in multiple products and waned of an actively exploited Windows zero-day (CVE-2024-30051)
Bleeping Computer
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
Security Affairs
VMware fixed four flaws in its Workstation and Fusion desktop hypervisors, including three zero-days exploited at the Pwn2Own Vancouver 2024
Bleeping Computer
Microsoft has released the KB5037768 cumulative update for Windows 10 21H2 and Windows 10 22H2 with twenty changes, including account notifications in the Start Menu and Widgets on the lock screen.
Bleeping Computer
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
Infosecurity News
Comparitech said 2023 was a record year for breaches with 954 reported, up from 139 in 2022 and 783 in 2021
SecurityWeek
Adobe documents multiple code execution flaws in a wide range of products, including the widely deployed Adobe Acrobat and Reader software.
Infosecurity News
The 15-year-old Ebury botnet is more active than ever, as ESET found 400,000 Linux servers compromised for cryptocurrency theft and financial gain
DarkReading
Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.
Bleeping Computer
A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023.
Bleeping Computer
Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition.
Infosecurity News
Several software security experts have told Infosecurity that no new vulnerabilities have been added to the US NVD since May 9
The Hacker News
Researchers have uncovered a critical vulnerability in VMware's Bluetooth device, allowing code execution by malicious actors.
Bleeping Computer
On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with them.
Bleeping Computer
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest.
Ars Technica
"It’s easier to manage a team that’s happy.”
Loading more articles....