DarkReading
GE Ultrasound Gear Riddled With Bugs, Open to Ransomware & Data Theft
Thankfully, GE ultrasounds aren't Internet-facing. Exploiting most of the bugs to cause serious damage to patients would require physical device access.
HACKRead
Shadow IT: Personal GitHub Repos Expose Employee Cloud Secrets
Shadow IT involves employees using IT systems without proper security controls, often installing unauthorized software on company computers.
Cyber Security News
Top 10 Best Managed Service Providers (MSP) for CISO, CTO & IT Managers - 2024
Best MSP for CISO, CTO & IT Managers - 1. Perimeter 812. Secureworks 3. IBM 4. Trustwave 5. Wipro 6. Verizon 7. Sophos 8. Symantec.
HACKRead
IoT Cameras Exposed by Chainable Exploits, Millions Affected
The Internet of Things (IoT) promises a world of interconnected devices, but with this connectivity comes a dark side such as security vulnerabilities.
The Hacker News
Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines
Nearly a dozen security flaws have been discovered in the GE HealthCare Vivid Ultrasound product family.
Latest Hacking News
Vulnerabilities In Cinterion Cellular Modems Threatened IoT And Industrial Devices
Researchers caught numerous security vulnerabilities riddling Cinterion cellular modems, exploiting which would threaten millions of devices. Since no active patches currently exist for the flaws, the researchers recommend applying the suggested mitigations to prevent potential
The Cyber Express
The Cybersecurity Guardians: Meet the Top 30 cybersecurity Influencers to Follow in 2024
The ever-evolving landscape of cybersecurity is shaped by a dedicated group of individuals. These pioneers, through their research, entrepreneurship, and
SecurityWeek
400,000 Linux Servers Hit by Ebury Botnet
The Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected.
Cyber Security News
10 Best Network Security Providers for Healthcare Industry in 2024
Best Network Security Providers for the Healthcare Industry - 1. Perimeter 81, 2. Palo Alto Networks, 3. Fortinet, 4. Cisco, 5. Trend Micro
Security Affairs
MITRE released EMB3D Threat Model for embedded devices
The non-profit technology organization MITRE released the EMB3D threat model for embedded devices used in critical infrastructure.
SecurityWeek
MITRE EMB3D Threat Model Officially Released
MITRE announced the public availability of the EMB3D threat model for embedded devices used in critical infrastructure.
Cyber Security News
Critical Flaws In Cinterion Cellular Modems Let Attackers Execute Remote Code
Few Critical vulnerabilities have been discovered in Cinterion Cellular modems that could allow an unauthorized remote attacker to execute
Latest Hacking News
Criminal IP and Quad9 Collaborate to Exchange Domain and IP Threat Intelligence
Torrance, California, May 13th, 2024, CyberNewsWireCriminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has recently signed a technology partnership to exchange threat intelligence data based on domains and potentially
The Cyber Express
Millions of IoT Devices at Risk from Cinterion Modem Vulnerabilities
Millions of Internet of Things (IoT) devices present across the industrial, healthcare, automotive, financial, and telecommunication sectors are at significant
HACKRead
Cinterion Modem Vulnerabilities Leave IoT and Industrial Networks Exposed
Kaspersky researchers have identified multiple security vulnerabilities in Cinterion cellular modems, which could be exploited by threat actors.
%20(1).webp)
Cyber Security News
Criminal IP and Quad9 Collaborate to Exchange Domain and IP Threat Intelligence
"Our partnership with Quad9 is a recognition of the accuracy of Criminal IP's data," stated Byungtak Kang, CEO of AI SPERA.
The Hacker News
MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices
MITREcorp has launched EMB3D, a new threat-modeling framework for embedded devices used in critical infrastructure.
CyberNews
Smart dog collars might help predict earthquakes
A study on dogs in Lima, Peru, wants to find out whether IoT devices on pets can indicate seismic activity.
Bleeping Computer
Criminal IP Teams with Quad9 for Advanced Threat Intelligence Sharing
The Criminal IP Threat Intelligence (CTI) search engine to integrate with Quad9's threat-blocking service. Learn more from Criminal IP about how this integration can help you.
HACKRead
Criminal IP and Quad9 Collaborate to Exchange Domain and IP Threat Intelligence
Torrance, California, May 13th, 2024, CyberNewsWire
SecurityWeek
Cinterion Modem Flaws Pose Risk to Millions of Devices in Industrial, Other Sectors
A critical vulnerability in the Cinterion cellular modems can be exploited for remote code execution via SMS messages.
Bleeping Computer
Get started in penetration testing with $300 off this course bundle
White-hat hacking is one of the best skills you can learn to advance your cybersecurity career. These nine cybersecurity courses teach you how for $49.99, $301 off the $351 MSRP.
The Hacker News
Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries
Kaspersky researchers have uncovered multiple security flaws in Cinterion cellular modems that could put your communication networks and IoT devices a
SecurityWeek
$2.5 Million Offered at Upcoming 'Matrix Cup' Chinese Hacking Contest
Chinese hacking contest Matrix Cup is offering rewards for exploits targeting OS, smartphones, enterprise software, and security products.
SC Magazine
Flaws in Cinterion modems hit multiple critical infrastructure sectors
Security pros say critical flaws in cellular these modems could cut across the industrial, healthcare, automotive, financial, and telecom sectors.
DarkReading
Millions of IoT Devices at Risk From Integrated Modem
Researchers discovered seven vulnerabilities — including an unauthenticated RCE issue — in widely deployed Telit Cinterion modems.
Bleeping Computer
Widely used modems in industrial IoT devices open to SMS attack
Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS.
The Cyber Express
Lenovo Joins Secure by Design Pledge, Enhancing Cybersecurity Standards
Lenovo takes a bold step towards fortifying cybersecurity by joining the Secure by Design pledge, initiated by the US Cybersecurity
Computerworld
Think Shadow AI is bad? Sneaky AI is worse
It’s bad enough when an employee goes rogue and does an end-run around IT; but when a vendor does something similar, the problems could be broadly worse.
SecurityWeek
Healthcare Cybersecurity Firm Blackwell Raises $13 Million
Healthcare cybersecurity company Blackwell Security has raised $13 million and appointed Geyer Jones as its first CEO.
The Cyber Express
Global Infosec Awards 2024: Cyble Wins Nine Accolades, Recognized Among the Best in Cybersecurity
Cyber Defense Magazine (CDM), marking its 12th anniversary as the leading electronic information security magazine, announced the winners of the
SecurityWeek
From Warnings to Action: Preparing America’s Infrastructure for Imminent Cyber Threats
As cyber threats grow more sophisticated, America can't afford complacency. The time for decisive action and enhanced cyber resilience is now.
%20(1).webp)
Cyber Security News
Microsoft Defender XDR Expanded to Malicious OAuth Apps With the Power of AI
Microsoft has announced an expansion of its Defender Extended Detection & Response (XDR) capabilities to include advanced AI-powered detection
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
The weekly news summary keeps you up to date with what’s happening in cybersecurity, including developments, vulnerabilities, breaches, threats, and defensive strategies. Knowing about new cyber risks and attack vectors helps you put up safeguards and preventive measures as soon as possible to protect your systems. Remaining constantly aware gives you a holistic view of […]
Cyber Security News
How U.S K-12 Schools Can Solve Their Top 10 Cybersecurity Challenges - Free E-Book
Solutions for each challenge are explained in more depth by Cynet’s new guide, “Top 10 Cybersecurity Challenges Faced by K-12 Institutions.”
The Hacker News
Expert-Led Webinar - Uncovering Latest DDoS Tactics and Learn How to Fight Back
Our webinar unveils the latest DDoS attack strategies like IoT botnets & amplification tactics. Get real-world examples & proactive defense tips.
SecurityWeek
Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals
A botnet dismantled in January and used by Russia-linked APT28 consisted of more than just Ubiquiti Edge OS routers.
SecurityWeek
Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data
Malware platform roaming around enterprise SOHO routers capable of covertly harvesting public cloud authentication data from internet traffic.
The Cyber Express
Best Practices to Secure your Supply Chains
National Supply Chain Day, which was recently observed on April 29, serves as a dedicated day to recognize the critical
Security Affairs
NCSC: New UK law bans default passwords on smart devices
The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024.
The Hacker News
New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024
The U.K. is the first country to ban default passwords on smart devices starting April 29, 2024. Manufacturers must provide unique passwords and secur
CyberNews
Software supply chain risks for AI and ML models
How AI and ML models can increase software supply chain risks and lead to cybersecurity incidents
Infosecurity News
New UK Smart Device Security Law Comes into Force Today
IoT manufacturers, retailers and importers must comply with new security legislation, the PSTI act, from today
The Record
UK becomes first country to ban default bad passwords on IoT devices
Britain now has IoT hardware standards that ban weak or easily guessable default passwords such as “admin” or “12345." Manufacturers are also required to publish contact details so users can report bugs.
The Record
Telegram blocks, then unblocks, chatbots used by Ukraine’s intelligence services
Ukraine’s government uses the bots to collect and share real-time information about Russian military activity.
HACKRead
Integrated Residential Security Solutions to Employ in 2024
As we progress through 2024, home security is rapidly advancing, with a notable shift towards integrated residential security solutions.
The Cyber Express
State Spies Exploited Cisco Zero-Days to Intrude Government Networks
Networking giant Cisco warned that a group of state-sponsored hackers exploited zero-days in its firewall appliances to spy on government
DarkReading
5 Hard Truths About the State of Cloud Security 2024
Dark Reading talks cloud security with John Kindervag, the godfather of zero trust.
The Record
Chinese, Russian espionage campaigns increasingly targeting edge devices
The cybersecurity firm Mandiant saw a more than 50% growth in zero-day usage compared to 2022.
CyberSecurity Dive
Cyber insurance gaps stick firms with millions in uncovered losses
A CYE analysis of 101 breaches across various sectors revealed insurance gaps resulting in an average of $27.3 million in uncovered losses per incident.
The Cyber Express
Enhancing Cybersecurity Resilience: A Guide for Safeguarding Enterprises
by Neelesh Kripalani, Chief Technology Officer, Clover Infotech As businesses grapple with an ever-changing and increasingly hostile threat environment, the
The Record
EU cyber agency will not create active vulnerability database, says chief cybersecurity officer
Hans de Vries says ENISA wants to create a notification platform for vulnerabilities, not a central database that would otherwise be a security risk itself.
DarkReading
Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attacks
Moobot, Miori, AGoent, and a Gafgyt variant have joined the infamous Mirai botnet in attacking unpatched versions of vulnerable Wi-Fi routers.
.webp)
Cyber Security News
Hackers Exploiting TP-Link Archer Command Injection Vulnerability in the Wild
Exploitation of a critical vulnerability in TP-Link Archer routers, leading to the proliferation of various botnet threats.
The Hacker News
Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services
Researchers alert of a global rise in brute-force attacks from TOR nodes targeting VPNs, web interfaces, and SSH services
The Record
Botnets continue exploiting year-old flaw in unpatched TP-Link routers
The bug affects the the Archer AX21, a popular router model manufactured by TP-Link.
Security Affairs
Blackjack group used ICS malware Fuxnet against Russian targets
The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure.
HACKRead
Palo Alto Patches 0-Day (CVE-2024-3400) Exploited by Python Backdoor
Palo Alto Networks has released patches for a 0-day vulnerability (CVE-2024-3400) that threatened to leave firewalls exposed to cyberattacks.
SecurityWeek
Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure
ICS malware Fuxnet allegedly used by Ukrainian hackers to disrupt industrial sensors and other systems belonging to a Russian firm.
Latest Hacking News
Microsoft April Patch Tuesday Fixes Dozens of RCE Flaws
This month’s Patch Tuesday update bundle from Microsoft is a huge one, requiring immediate user attention for device updates. Specifically, with April 2024 Patch Tuesday, Microsoft addressed 150 different security flaws, including over 60 remote
Bleeping Computer
Learn to use Raspberry Pi & Arduino with an extra 20% off this bundle
Raspberry Pi and Arduino are amazing on their own, but intimidating to learn. These nine coding and robotics courses help you get the most from them for $59.97, $363 off the $423 MSRP, now through the end of April 21st.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.
SecurityWeek
Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars
Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar.
.webp)
Cyber Security News
Ukrainian Hackers Hijacked 87,000 Sensors to Shut down Sewage System
Ukrainian hackers have successfully infiltrated and disabled a vast network of industrial sensors and monitoring infrastructure in Russia.
.webp)
Cyber Security News
Zscaler Acquires Airgap Networks to Enhance Zero Trust SASE
This acquisition is set to redefine the way enterprises protect their internal traffic, particularly in IT and OT environments.
Trend Micro
Cybersecurity Decluttered: A Journey to Consolidation
Learn how far cybersecurity has come from scattered resources to consolidation the future.
Bleeping Computer
Learn how IoT gear works with $220 off this Raspberry Pi training bundle
There's nothing like building your own equipment to your exact specifications. This 10-course open-source IoT bundle shows you how for $29.99, $220 off the $250 MSRP.
The Cyber Express
Microsoft Security Lapse Exposed Sensitive Credentials and Internal Resources of Employees
A significant data leak, purportedly affecting tech giant Microsoft, has been uncovered by cybersecurity researchers. The leak allegedly exposed sensitive
The Cyber Express
Microsoft Patch Tuesday 2024 Update Fixes 147 New Vulnerabilities
Microsoft has released the latest Patch Tuesday update, addressing a large number of vulnerabilities across various products and services. The
Infosecurity News
LG TV Vulnerabilities Expose 91,000 Devices
The issues identified permit unauthorized access to the TV’s root system by bypassing authorization mechanisms
Infosecurity News
Microsoft Patches 150 Flaws Including Two Zero-Days
April’s Patch Tuesday saw fixes for 150 CVEs, including two being actively exploited in the wild
Security Affairs
Cybersecurity in the Evolving Threat Landscape
As technology evolves and our dependence on digital systems increases, the cybersecurity threat landscape also rapidly changes.
Computerworld
Enterprise buyer's guide: How to choose the right UEM platform
Unified endpoint management software lets IT manage all endpoint devices — smartphones, laptops, desktops, printers, IoT devices, and others — from a single management console. Here’s what to look for in a UEM platform and key vendors to consider.
SC Magazine
Raspberry Robin observed spreading via Windows Script Files
The HP Threat Research team says security pros should take note because Raspberry Robin has been used to deliver multiple families of malware – and as a precursor to ransomware.
SC Magazine
Microsoft fixes a record 147 bugs in April release of Patch Tuesday
This month’s bumper crop of patches includes two Microsoft didn’t initially acknowledge were being exploited in the wild.
DarkReading
EV Charging Stations Still Riddled With Cybersecurity Vulnerabilities
As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.
SecurityWeek
Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers
Microsoft documents a serious vulnerability that allows unauthenticated hackers to take complete control of Azure Kubernetes clusters.
Bleeping Computer
Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs.
%20(3)%20(1).webp)
Cyber Security News
90,000+ LG TVs Vulnerable to Authorization Attacks Due to WebOS Vulnerabilities
Bitdefender Labs has revealed a critical security flaw in over 90k LG smart TVs running the company's proprietary WebOS platform.
HACKRead
91,000 Smart LG TV Devices Vulnerable to Remote Takeover
LG TVs vulnerable! Update now to block hackers from taking control & stealing data (webOS 4-7). Millions at risk!
The Record
LG releases updates for vulnerabilities that could allow hackers to gain access to TVs
Four new vulnerabilities affecting thousands of LG TVs have been found by researchers who said the issues allow hackers to add themselves as users and take other actions.
DarkReading
Software-Defined Vehicle Fleets Face a Twisty Road on Cybersecurity
As manufacturers sprint to add software-defined features for vehicles, the ability for third-party maintenance and repair falls behind, leaving businesses with few choices to manage their cybersecurity.
Cyber Security News
300,000 Chinese Devices in US : 40% Increase Despite Official Bans
Chinese devices are suspected of administering cyber espionage due to concerns over potential backdoors, supply chain vulnerabilities, and the
CyberNews
Parental control app exposes live GPS locations of kids on internet
KidSecurity has leaked sensitive information about children for the second time.
The Hacker News
Considerations for Operational Technology Cybersecurity
Operational Technology (OT) Cybersecurity: A Balancing Act! OT systems' unique traits demand tailored security measures. Learn why safeguarding OT req
Infosecurity News
Infostealers Prevalent in Retail Sector Cybercrime Trends
The findings from Netskope also show a shift in the retail sector’s use of cloud applications
SecurityWeek
Number of Chinese Devices in US Networks Growing Despite Bans
An analysis by Forescout shows 300,000 Chinese devices in the US, up 40% compared to the previous year, despite bans.
Cyber Security News
Qualcomm Security Flaws Let Attackers Takeover The Devices
Hackers exploit security flaws in Qualcomm to gain unauthorized access, execute malicious code, or potentially compromise data integrity and
Cyber Security News
GhostWatch & iTrust: Two Game-Changing Solutions Launched by Security & Compliance Leader TrustNet
A prominent provider of cybersecurity and compliance services, recently expanded its portfolio by introducing iTrust and GhostWatch.
SecurityWeek
OWASP Data Breach Caused by Server Misconfiguration
The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members.
CyberSecurity Dive
What’s missing for SMBs? A solid cybersecurity culture
Small businesses can be especially vulnerable to cyberattacks because of their limited resources, and few have employees on staff who truly understand the value of secure business operations.
The Hacker News
Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals
Android VPN apps hijacking devices, covertly turning them into proxy nodes for threat actors and fueling botnet operations.
Cyber Security News
TOP 10 Emerging Cybersecurity Threats for 2030
The European Union Agency for Cybersecurity (ENISA) has published a list of the top ten emerging threats anticipated to impact the digital.
HACKRead
TheMoon Malware Returns: 6,000 Asus Routers Hacked in 72 Hours
A new variant of "TheMoon Malware" has emerged, specifically targeting vulnerable IoT devices, particularly Asus routers.
DarkReading
TheMoon Malware Rises Again with Malicious Botnet for Hire
Outdated SOHO routers and IoT devices being hijacked by TheMoon to operate an anonymous hacker botnet service called Faceless.
The Hacker News
TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy
TheMoon botnet, previously thought to be inactive, is back. Over 40,000 routers & IoT devices hijacked to power Faceless - a criminal proxy service.
The Cyber Express
Navigating the Evolving Cloud Landscape: Strategies for Success in 2024
By Shrikant Navelkar, Director, Clover Infotech Due to the significant advancements in the IT industry, the adoption of cloud computing
SC Magazine
‘TheMoon’ malware shows its dark side, grows to 40,000 bots from 88 countries
Malware first identified in 2014 re-emerges and gets delivered by the criminal proxy service Faceless, now growing at 7,000 users per week.
CyberNews
Thousands of ASUS routers targeted by cybercriminals
Old routers and IoT devices have been identified as key targets for six large malware campaigns. Cybersecurity experts are urging users to update their devices.
DarkReading
Australian Government Doubles Down On Cybersecurity in Wake of Major Attacks
Government proposes more modern and comprehensive cybersecurity regulations for businesses, government, and critical infrastructures providers Down Under.
Loading more articles....