Ars Technica
Arizona woman accused of helping North Koreans get remote IT jobs at 300 companies
Alleged $6.8M conspiracy involved "laptop farm," identity theft, and résumé coaching.
The Cyber Express
MediSecure Data Breach Confirms Impact on Personal and Health Information of Individuals
A ransomware attack has compromised MediSecure, a leading Australian script provider facilitating electronic prescribing and dispensing of prescriptions. The MediSecure
Infosecurity News
Cyber-Attack Disrupts Christie’s $840M Art Auctions
Despite this setback, the auction house said bids can still be placed by phone and in-person
The Cyber Express
The Cybersecurity Guardians: Meet the Top 30 cybersecurity Influencers to Follow in 2024
The ever-evolving landscape of cybersecurity is shaped by a dedicated group of individuals. These pioneers, through their research, entrepreneurship, and
HACKRead
Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data
A new Android malware poses as popular applications like WhatsApp, Instagram, and Snapchat to steal user data, including login credentials.
.jpg?height=635&t=1713982088&width=1200)
Security Magazine
FTC orders Cerebral to restrict how consumer data can be shared
The Federal Trade Commission (FTC) has ordered Cerebral, Inc. to restrict how the company can use and/or disclose sensitive consumer data.
CyberNews
VPN brand brings transparent toilet to the streets of London
VPN provider Surfshark has set up transparent toilets in popular areas of London to raise awareness of online safety and privacy.
The Record
Christie's takes website offline after cyberattack, delays live auction
CEO Guillaume Cerutti confirmed that the auction house was dealing with a “technology security incident” after the organization’s website went down before the weekend.
The Hacker News
Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing
Fake Android apps mimicking popular platforms like Google & WhatsApp are stealing user data.
Ars Technica
Robot dogs armed with AI-targeting rifles undergo US Marines Special Ops evaluation
Quadrupeds being reviewed have automatic targeting systems but require human oversight to fire.
The Record
LockBit claims attack on Wichita as city struggles with payment issues, airport disruption
The ransomware operation gave the Kansas city until May 15 to pay up. The incident continues to unfold as law enforcement agencies announced actions against the gang's suspected leader.
The Hacker News
APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data
APT42, an Iranian state-backed hacking group, is leveling up its social engineering tactics. They're posing as journalists and event organizers to bui
SecurityWeek
CISO Conversations: Talking Cybersecurity With LinkedIn's Geoff Belknap and Meta's Guy Rosen
SecurityWeek discusses cybersecurity leadership with Geoff Belknap, CISO at LinkedIn, and Guy Rosen, CISO at Facebook parent company Meta.
Ars Technica
AWS S3 storage bucket with unlucky name nearly cost developer $1,300
Amazon says it's working on stopping others from "making your AWS bill explode."
The Cyber Express
Privacy Group Files Complaint Against ChatGPT for GDPR Violations
A complaint lodged by privacy advocacy group Noyb with the Austrian data protection authority (DSB) alleged that ChatGPT's generation of
CyberNews
Tesla brutally fires dedicated employee who slept in his car and showered at work
Nico Murillo A former Tesla employee has gone viral on LinkedIn after telling the story of how he was laid off.
Ars Technica
Critics question tech-heavy lineup of new Homeland Security AI safety board
CEO-heavy board to tackle elusive AI safety concept and apply it to US infrastructure.
SecurityWeek
Autodesk Drive Abused in Phishing Attacks
A new phishing campaign abuses compromised email accounts and targets corporate users with PDF files hosted on Autodesk Drive.
Infosecurity News
BEC and Fund Transfer Fraud Top Insurance Claims
Email-borne fraud accounted for more insurance claims than any other category in 2023, says Coalition
HACKRead
This Website is Selling Billions of Private Messages of Discord Users
The website, Spy.pet, is apparently an internet-scraping company, that has been collecting data from Discord since November 2023.
The Cyber Express
PayPal Appoints Shaun Khalfan as Chief Information Security Officer
In today's digital age, where data breaches and cyber threats loom large, the role of Chief Information Security Officer (CISO)
CyberSecurity Dive
Mitre R&D network hit by Ivanti zero-day exploits
Exploits of Ivanti VPN products have hit roughly 1,700 organizations. To Mitre, guidance from the vendor and government fell short.
CSO
Mitre Corporation targeted by nation-state threat actors
According to the non-profit, the breach occurred in January 2024 when the nation-state threat actor conducted a reconnaissance of MITRE’s networks by exploiting one of its VPNs through two Ivanti Connect Secure zero-day vulnerabilities.
The Record
Police warn partnership with tech industry ‘at risk’ over end-to-end encryption
A joint declaration from European police chiefs does not mention Meta by name, but just a few months ago the company began rolling out the technology as default across “all personal chats and calls on Messenger and Facebook.”
The Cyber Express
Bill Dunnion Appointed as New CISO of Mitel to Lead Security Enhancements
Mitel, a leading provider of business communications solutions worldwide, has announced the appointment of Bill Dunnion as its new Chief
Bleeping Computer
Cerebral to pay $7 million settlement in Facebook pixel data leak case
The U.S. Federal Trade Commission has reached a settlement with telehealth firm Cerebral in which the company will pay $7,000,000 over allegations of mishandling people's sensitive health data.
Infosecurity News
Microsoft Most Impersonated Brand in Phishing Scams
New Check Point data found Microsoft was impersonated in 38% of all brand phishing attacks in Q1 2024, up from 33% in Q4 2024
The Hacker News
FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations
The FTC fined mental telehealth service Cerebral over $7 million for deceptive data sharing practices and failing to honor its cancellation policies.
CyberNews
Meta, Google, X, TikTok, Apple still failing with ad transparency
A study shows that ad transparency tools requested by watchdogs are still vague on 11 major tech platforms, leaving users vulnerable to misinformation ahead of the election year.
CyberSecurity Dive
ChatGPT grabs the shadow IT crown: report
Generative AI tools emerged as the latest villain in the enterprise battle to curb SaaS bloat and rationalize software portfolios, Productiv analysis found.
SecurityWeek
Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges
Former security engineer Shakeeb Ahmed was sentenced to prison for hacking and defrauding cryptocurrency exchanges.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.
Krebs on Security
Why CISA is Warning CISOs About a Breach at Sisense
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard.…
Trend Micro
How Red Team Exercises Increases Your Cyber Health
Delve into the world of red team exercises, their vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks, and understand the need for regular testing and improvement to counter evolving threats effectively.
CyberNews
Ransomware attack cripples German business intelligence provider
Ransomware attacks on a database company, GBI Genios, have left German institutions without access to press publications and business information.
DarkReading
EV Charging Stations Still Riddled With Cybersecurity Vulnerabilities
As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.
The Record
German database company Genios confirms ransomware attack
The Munich-based company said that as a result of the incident, “unfortunately we have to assume an outage for several days.”
SecurityWeek
Microsoft's Security Chickens Have Come Home to Roost
SecurityWeek editor-at-large Ryan Naraine says findings of CSRB report on China's hack of Microsoft’s Exchange Online are no surprise.
Cyber Security News
Aembit Selected as Finalist for RSA Conference 2024 Innovation Sandbox Contest
The Leading Company for Securing Access Between Workloads Recognized for the Aembit Workload IAM Platform Aembit, the Workload Identity and Access Management (IAM) Company, has been named one of the Top 10 Finalists for the RSA Conference™ 2024 Innovation Sandbox contest for its platform that manages and secures access between critical software resources, like applications […]
HACKRead
Aembit Selected as Finalist for RSA Conference 2024 Innovation Sandbox Contest
Silver Spring, United States / Maryland, April 3rd, 2024, CyberNewsWire
.webp)
Cyber Security News
StrelaStealer Attacking Users to Steal Logins from Outlook & Thunderbird
StrelaStealer malware identified, targeting Spanish-speaking users with the primary aim of pilfering email account credentials.
SecurityWeek
Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed!
Quantum decryption will make all certificates and everything else using RSA encryption vulnerable to everyone.
Cyber Security News
Hackers Attack Python Developers by Poising With Typosquat on PyPI
An automated risk detection system identified a typosquatting campaign targeting popular Python libraries on PyPI.
SC Magazine
AT&T confirms theft of 73M records, 7.6M current customers affected
The company reset passcodes and acknowledged the years-old leak for the first time Saturday.
Computerworld
McDonald's serves up a master class in how not to explain a system outage
When McDonald's in March suffered a global outage preventing it from accepting payments, it issued a lengthy statement about the incident that was vague, misleading and yet still allowed many of the technical details to be figured out.
SecurityWeek
The Complexity and Need to Manage Mental Well-Being in the Security Team
Avoiding burnout in cybersecurity: Mental well-being is essential but is under constant threat from stress in the cybersecurity profession.
Infosecurity News
NIST Unveils New Consortium to Manage the NVD
After months of speculation, NIST has finally confirmed its intention to establish an industry consortium to develop the NVD in the future
The Hacker News
Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining
Researchers uncover active exploitation of a critical flaw in Anyscale Ray, a popular AI platform.
Bleeping Computer
Hackers exploit Ray framework flaw to breach servers, hijack resources
A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies.
HACKRead
New ShadowRay Campaign Targets Ray AI Framework in Global Attack
Discover the new ShadowRay campaign exploiting CVE-2023-48022 in the Ray AI framework, risking thousands of companies
.webp)
Cyber Security News
Rank Math SEO Plugin Flaw Exposes 2M+ Websites to Cyber Attack
A significant vulnerability has been identified in the Rank Math SEO plugin for WordPress, this flaw cataloged under CVE-2023-32600,
Bleeping Computer
Microsoft to shut down 50 cloud services for Russian businesses
Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December.
The Record
UN probing 58 alleged crypto heists by North Korea worth $3 billion
U.N. experts reported on the activity of North Korean cyberthreat actors, including those known to researchers as Kimsuky, the Lazarus Group, Andariel and BlueNoroff.
DarkReading
NIST's Vuln Database Downshifts, Prompting Questions About Its Future
NVD may be in peril and while alternatives exist, enterprise security managers will need to plan accordingly to stay on top of new threats.
%20Allegedly%20Hacked.webp)
Cyber Security News
French Football Federation (FFF) Allegedly Hacked : Hackers Selling 10 M Records in Darkweb
The Fédération Française de Football (FFF) has been informed of allegations regarding a potential security breach within their systems. The French Football Federation (FFF) is the governing body of football in France. It oversees the operations and organization of French football leagues and national teams. The FFF supports players, clubs, and volunteers nationwide and is […]
SecurityWeek
Microsoft Hires Influential AI Figure Mustafa Suleyman to Head up Consumer AI Business
Microsoft hired Mustafa Suleyman to head up its new AI business, a technology that Suleyman views as both as a boon and threat to humanity.
Krebs on Security
The Not-so-True People-Search Network from China
It's not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts…
CyberNews
Mark Zuckerberg trashes Grok in hyperrealistic deepfake
The deepfake of Mark Zuckerberg is just one of several published online by an AI startup bent on making video cameras a thing of the past.
Ars Technica
Dell tells remote workers that they won’t be eligible for promotion
Report highlights big turnaround from Dell's previous pro-WFH stance.
SC Magazine
Update delays to NIST vulnerability database alarms researchers
Crucial enrichment data is not being added to NVD entries as NIST works through a “transition” process.
.webp)
Cyber Security News
Hackers Use TMChecker Remote Access Tool to Attack Popular VPN & Mail Servers
A new tool has surfaced on the Dark Web, signaling a shift in the methods used by cybercriminals to gain unauthorized remote access.
Krebs on Security
CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and…
%20(1).webp)
Cyber Security News
Android Banking Malware PixPirate Taken Hiding Technique to New Extreme
The Android banking malware known as PixPirate is pushing the boundaries of stealth with innovative techniques to evade detection.
The Cyber Express
Cyble Rockets to Top 100 AI Startups List Funded by Y Combinator!
Atlanta-based Cyble Inc. has once again made waves in the cybersecurity industry. The trailblazing AI-powered threat intelligence platform secured a
Bleeping Computer
Windows 10 KB5035845 update released with 9 new changes, fixes
Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes.
.webp)
Cyber Security News
Remcos Everywhere! Attacking From a Weaponized Zip File
Cybersecurity circles are abuzz with the latest campaign involving the notorious Remote Control System (RAT), Remcos.
The Cyber Express
We’re Not There Yet – Women in Cybersecurity
By Zinet Kemal, Associate Cloud Security Engineer, Best Buy The cybersecurity space, as dynamic and challenging as it is, has
PCMag
Google Engineer Arrested for Stealing AI Trade Secrets
Linwei Ding was allegedly preparing to use information to start his own AI company in China.
Bleeping Computer
News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian...
BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices.
Bleeping Computer
Content farm impersonates 60+ major news outlets, like BBC, CNN, CNBC
BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices.
PCMag
DocuSign Tapping User Data to Train AI Models, Offers Vague Privacy Promises
A new FAQ says 'we may use your data to train DocuSign's in-house, proprietary AI models.'
The Cyber Express
Audacious Attacks, Evading Answers: Why LockBit, BlackCat Targeting US Healthcare?
In a world where technology and healthcare collide, a disturbing pattern has emerged: cyberattacks on hospitals in the United States
Bleeping Computer
Windows 10 KB5034843 update released with 9 new changes, fixes
Microsoft has released the optional KB5034843 Preview cumulative update for Windows 10 22H2 with an updated sharing experience and eight other fixes or changes.
The Cyber Express
Dark Web Actor Selling Source Code for Rust-Based Information Stealer
A newcomer to the underground forum "Crackingx" under the username "10cker" caused a stir by offering the source code of
SC Magazine
ConnectWise link to Change Healthcare breach corroborated
Initial reports that the malware strain involved a LockBit affiliate, but recent data suggests an ALPHV/BlackCat link.
Ars Technica
Avast ordered to stop selling browsing data from its browsing privacy apps
Identifiable data included job searches, map directions, "cosplay erotica."
DarkReading
ConnectWise ScreenConnect Mass Exploitation Delivers Ransomware
Hundreds of initial access brokers and cybercrime gangs are jumping on the max-critical CVE-2024-1709 authentication bypass, threatening orgs and downstream customers.
DarkReading
Alarm Over GenAI Risk Fuels Security Spending in Middle East & Africa
Organizations boost cybersecurity budgets to tackle data-privacy and cloud-security threats amid speedy adoption of generative AI.
CyberNews
LinkedIn scams and how to avoid them
A new report finds that three in ten job board users have fallen victim to fake job ads on popular sites such as Indeed, LinkedIn, and Craigslist.
SecurityWeek
Cyber Insights 2024: Ransomware
The ransomware threat will continue to grow and expand. It is the quintessential business plan for cybercriminals.
SC Magazine
Fears post-LockBit ransomware void won’t last long
After the kingpin RaaS gang’s spectacular takedown, security pros expect other threat groups will be quick to take LockBit’s place.
The Hacker News
New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide
North Korean Hackers Target Defense Sector! Learn how state-sponsored actors employ sophisticated techniques via LinkedIn job scams.
The Hacker News
Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative
Destructive malware, targeted phishing... new report analyzes sophisticated attacks deployed alongside Israel-Hamas war. This is the evolving face of
CyberNews
Grandma loses tens of thousands of dollars, inspires security startup
Romance scams might be the most damaging of all, as victims are not only scammed of thousands of dollars but also have their romantic dreams crushed overnight.
The Hacker News
Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices
Meta uncovers a range of international spyware firms are actively targeting users across iOS, Android, and Windows devices.
CyberScoop
The tangled web of corporations behind the New Hampshire AI robocall
The man alleged to have impersonated Joe Biden appears to control a network of marketing firms and fundraising operations.
SecurityWeek
Beyond the Hype: Questioning FUD in Cybersecurity Marketing
The cybersecurity industry must question marketing claims and use of Fear, Uncertainty, and Doubt (FUD) and misinformation to sell products.
Computerworld
Microsoft and the Taylor Swift genAI deepfake problem
The faked images of singer Taylor Swift that showed up online are likely just the beginning of a coming swarm of deepfakes. Don’t look to Microsoft to do much about the problem.
DarkReading
Hamas Cyberattacks Ceased After the Oct. 7 Terror Attack. But Why?
Hamas-linked threat actors have defied norms, with no discernible uptick in cyber operations prior to its terror attack and a complete abandonment of them thereafter.
Bleeping Computer
Data breaches at Viamedis and Almerys impact 33 million in France
Data breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country.
SecurityWeek
Biden Administration Names a Director of the New AI Safety Institute
Elizabeth Kelly was named as the director of the newly established safety institute for artificial intelligence (AI).
CyberScoop
New Hampshire authorities trace Biden AI robocall to Texas-based telecom
An investigation identified Life Corporation and Lingo Telecom as allegedly behind the operation that impersonated President Joe Biden.
Bleeping Computer
Data breach at French healthcare services firm puts millions at risk
French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country.
Cyber Security News
Google's Open-source Tool Bazel Flaw Let Attackers Insert Malicious Code
Bazel, an open-source software used for automation of building and testing has been discovered with a critical supply chain vulnerability.
HACKRead
Resonance Hires Cybersecurity Pro George Skouroupathis As Its Offensive Security Lead
Cybersecurity firm Resonance has hired the prominent industry veteran George Skouroupathis to head up its offensive security engineering team.
DarkReading
Deepfake-Generating Apps Explode, Allowing Multimillion-Dollar Corporate Heists
Deepfakes are fast becoming more realistic, and access to them more democratic, enabling even ordinary attackers to enact major fraud. What's the most effective way to fight back?
HACKRead
Employee Duped by AI-Generated CFO in $25.6M Deepfake Scam
The Deepfake scam took place in Hong Kong; however, the name of the targeted company is still unknown.
HACKRead
Ethical Hackers Reported 835 Vulnerabilities, Earned $450K in 2023
According to the report, in 2023, 835 vulnerability reports were submitted by 93 ethical hackers, with 96 cases reported in the HackerOne repository.
Security Affairs
The 'Mother of all Breaches': Navigating the Aftermath and Fortifying Your Data with DSPM
What is Data Security Posture Management (DSPM) and how can mitigate the risks of data leaks such as the 'Mother of all Breaches.'
Security Affairs
Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison
A former software engineer with the U.S. CIA has been sentenced to 40 years in prison for leaking classified documents.
Loading more articles....