Ars Technica
Arizona woman accused of helping North Koreans get remote IT jobs at 300 companies
Alleged $6.8M conspiracy involved "laptop farm," identity theft, and résumé coaching.
DarkReading
US AI Experts Targeted in SugarGh0st RAT Campaign
Researchers believe the attacker is likely China-affiliated, since a previous version of the malware was used by a China nation-state attack group.
Bleeping Computer
Save $95 on a 65+ course cybersecurity training library
Constant training is key to staying current on the changing world of cybersecurity. This instant cybersecurity training library lets you fit in the training you need for $24.97, $95 off the $120 MSRP now through the end of May 22th.
HACKRead
Shadow IT: Personal GitHub Repos Expose Employee Cloud Secrets
Shadow IT involves employees using IT systems without proper security controls, often installing unauthorized software on company computers.
The Cyber Express
Gone in 12 Seconds: Siblings Siphon $25M from Ethereum Blockchain
Gone in 60 seconds is a thing of the past. With the world moving towards digital assets and cryptocurrency, “Gone
DarkReading
FCC Reveals 'Royal Tiger' Robocall Campaign
In a first-ever move, the commission's enforcement bureau has high hopes that official classification will allow law enforcement partners to better combat these kinds of threats.
SecurityWeek
Legacy of Wisdom: Security Lessons Inspired by My Father
Honoring my father's memory by translating his timeless life lessons into practical wisdom for the cybersecurity profession.
Cyber Security News
Top 10 Best Managed Service Providers (MSP) for CISO, CTO & IT Managers - 2024
Best MSP for CISO, CTO & IT Managers - 1. Perimeter 812. Secureworks 3. IBM 4. Trustwave 5. Wipro 6. Verizon 7. Sophos 8. Symantec.
HACKRead
IoT Cameras Exposed by Chainable Exploits, Millions Affected
The Internet of Things (IoT) promises a world of interconnected devices, but with this connectivity comes a dark side such as security vulnerabilities.
SecurityWeek
Android 15 Brings Improved Fraud and Malware Protections
Google is boosting fraud and malware protections in Android 15 with live threat detection and expanded restricted settings.
SecurityWeek
Personal Information Stolen in City of Wichita Ransomware Attack
The City of Wichita says files containing personal information were exfiltrated in a recent ransomware attack.
Cyber Security News
LogRhythm and Exabeam to Merge to Boost SIEM & SOAR
LogRhythm and Exabeam, two leading cybersecurity companies to create a powerful force in the security operations and analytics market.
Cyber Security News
Wireshark 4.2.5 Released: What's New!
The Wireshark team has announced the release of Wireshark 4.2.5, a maintenance update to the popular network protocol analyzer.
The Cyber Express
UK NCSC to Defend ‘High-Risk’ Political Candidates from Cyberattacks
In response to heightened cyber threats targeting political candidates, election officials and civil society groups, the National Cyber Security Centre
SecurityWeek
In First AI Dialogue, US Cites ‘Misuse’ of AI by China, Beijing Protests Washington’s Restrictions
US officials raised concerns on China’s “misuse of AI” while Beijing’s representatives rebuked the US over “restrictions and pressure” on AI.
The Record
US offers $5 million for info on North Korean IT workers involved in job fraud
According to the State Department, a U.S. national named Christina Chapman helped four people fraudulently obtain work as remote software and applications developers with companies in a range of sectors and industries, earning millions of dollars for the North Korean regime.
The Record
FCC might require telecoms to report on securing internet's BGP technology
The BGP behaves like an internet traffic controller, routing data as efficiently as possible — but it can be "hijacked" for malicious purposes.
Trend Micro
Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024.
DarkReading
Scammers Fake DocuSign Templates to Blackmail & Steal From Companies
Cybercriminals are trafficking DocuSign assets that allow for easy extortion and business email compromise.
Bleeping Computer
Android 15, Google Play Protect get new anti-malware and anti-fraud features
Today, Google announced new security features coming to Android 15 and Google Play Protect that will help block scams, fraud, and malware apps on users' devices.
Bleeping Computer
Android 15, Google Play get new anti-malware and anti-fraud features
Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices.
Bleeping Computer
Brothers arrested for $25 million theft in Ethereum blockchain attack
The U.S. Department of Justice has indicted two brothers for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a "first-of-its-kind" scheme.
Infosecurity News
Cyber-Attack Disrupts Christie’s $840M Art Auctions
Despite this setback, the auction house said bids can still be placed by phone and in-person
The Hacker News
Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps
Android 15 introduces new features to prevent malicious apps from capturing your sensitive data. Find out more about these crucial updates:
Infosecurity News
PDF Exploitation Targets Foxit Reader Users
CPR said exploit builders in .NET and Python have been employed to deploy this malware
DarkReading
D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day
A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.
The Cyber Express
The Cybersecurity Guardians: Meet the Top 30 cybersecurity Influencers to Follow in 2024
The ever-evolving landscape of cybersecurity is shaped by a dedicated group of individuals. These pioneers, through their research, entrepreneurship, and
Bleeping Computer
Banco Santander warns of a data breach exposing customer info
Banco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers.
Bleeping Computer
Protect against lateral movement attacks by securing credentials
Organizations need to detect and remove intruders quickly to prevent data loss and minimize the impact of lateral movement attacks. Learn more from Specops Software on blocking lateral movement in networks.
Infosecurity News
Google Expands Content Watermarking Tool to AI-Generated Text
Google DeepMind’s SynthID can now be used to watermark AI-generated images, audio, text and video
Security Magazine
Malware was almost 50% of threat detections in Q1 2024
According to a cybersecurity and threat intelligence report, the U.S. was the 4th most targeted country in the world regarding phishing attacks.
The Hacker News
(Cyber) Risk = Probability of Occurrence x Damage
CVSS v4.0 evaluates vulnerabilities using a revised scoring system, emphasizing environmental and threat metrics.
SecurityWeek
Senators Urge $32 Billion in Emergency Spending on AI After Finishing Yearlong Review
Senators are recommending that Congress spend at least $32 billion over the next three years to develop AI and place safeguards around it.
Cyber Security News
10 Best Network Security Providers for Healthcare Industry in 2024
Best Network Security Providers for the Healthcare Industry - 1. Perimeter 81, 2. Palo Alto Networks, 3. Fortinet, 4. Cisco, 5. Trend Micro
Cyber Security News
How To Reduce The Alert Triage Time In Security Operations: SOC Analyst Guide
Alert Triage is a process of recognizing the important alerts from a huge pool of security alerts and allocating the resources accurately.
The Cyber Express
Cybersecurity Alert: Frotcom International Faces Alleged Data Breach
A dark web actor named DuckyMummy claimed responsibility for an alleged data breach at Frotcom International, a prominent player in
DarkReading
Singapore Cybersecurity Update Puts Cloud Providers on Notice
The nation amends its Cybersecurity Act, giving its primary cybersecurity agency more power to regulate critical infrastructure and third parties, and requiring cyber incidents be reported.
CSO
FBI warns Black Basta ransomware impacted over 500 organizations worldwide
CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting.
The Record
British signals agency to protect election candidates’ phones from cyberattacks
The U.K. government has warned that the accounts of political candidates and election officials are “almost certainly attractive targets for cyber actors looking to carry out espionage operations.”
The Record
Law enforcement data stolen in Wichita ransomware attack
In a data breach notice about the incident, which is still affecting numerous city services, the municipality said hackers copied files from its network.
The Record
EU failure to rein in spyware reflects lack of political will, parliamentarian says
“They know what they have to do,” said Sophie in’t Veld, who led the European Parliament investigation into spyware. “The problem is they don't want to do it.”
Cyber Security News
Let's AI Search for You! Google Search Now Gets Advanced AI-Powered Capabilities
Google revealed its plans to integrate advanced generative AI capabilities into its flagship Search product. This move promises to transform the way users interact with and leverage information on the internet.
DarkReading
As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs
Scattered Spider is as active as ever, despite authorities claiming that they're close to nailing its members.
Ars Technica
Google strikes back at OpenAI with “Project Astra” AI agent prototype
AI model updates galore at Google I/O, including 2m context window, Imagen 3, Veo, and more.
Infosecurity News
Ebury Botnet Operators Diversify with Financial and Crypto Theft
The 15-year-old Ebury botnet is more active than ever, as ESET found 400,000 Linux servers compromised for cryptocurrency theft and financial gain
The Hacker News
New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation
Google has released emergency fixes for a new zero-day vulnerability (CVE-2024-4761) that has been actively exploited in the wild.
SecurityWeek
Hacker Conversations: Ron Reiter, and the Making of a Professional Hacker
Ron Reiter was a childhood hacker in Israel and recruited into the IDF’s Unit 8200. Now he is CTO and co-founder of cybersecurity firm Sentra.
The Cyber Express
Cybersecurity Concerns Surround ChatGPT 4o’s Launch; Open AI Assures Beefed up Safety Measure
The field of Artificial Intelligence is rapidly evolving, and OpenAI's ChatGPT is a leader in this revolution. This groundbreaking large
The Hacker News
6 Mistakes Organizations Make When Deploying Advanced Authentication
Advanced authentication: The key to addressing the weakest link in cybersecurity - human users. Learn how to fortify your organization's defenses.
The Cyber Express
The Cyber Express Sets the Stage to Host World CyberCon META Edition 2024 in Dubai
This May, the heartbeat of the cybersecurity industry will resonate through Dubai, where The Cyber Express is set to host
CyberSecurity Dive
Cyber pros weigh an intel-sharing quandary: What to share when attacks hit close to home
The detail and speed with which companies share information after an attack can prevent future pain. But businesses aren’t always keen on transparency.
.webp)
Cyber Security News
Royal Tiger Group With Spoofed Phone Numbers Stealing Credit Card Data: FCC
According to the FCC, the Royal Tiger Group and the people who work with it are a C-Communications Information Services Threat (C-CIST).
The Hacker News
Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices
pple and Google just rolled out a cross-platform feature called "Detecting Unwanted Location Trackers" (DULT) on iOS and Android to protect users.
Cyber Security News
OpenAI Releases GPT-4o, Faster Model & Free For All ChatGPT Users
OpenAI, which is the leading artificial intelligence research lab, recently announced its latest breakthrough in AI technology called GPT-4o.
SC Magazine
LockBit ransomware spread in millions of emails via Phorpiex botnet
Emails from “Jenny Green” delivered LockBit Black through attached ZIP files.
The Record
Civil society under increasing threats from ‘malicious’ state cyber actors, US
State-linked hackers from Russia, China, Iran and North Korea are setting their sights set their sights on NGOs, think tanks, human rights activists and journalists, the advisory warned.
The Record
Is this Iowa congressman the next House Republican point man on cyber?
Rep. Zach Nunn arrived in Congress with arguably more cyber experience than any other new member in history. Can he fill the shoes of Rep. Mike Gallagher, the party's longtime House leader on cybersecurity issues?
Bleeping Computer
Apple backports fix for zero-day exploited in attacks to older iPhones
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS zero-day tagged as exploited in attacks.
Bleeping Computer
Apple backports fix for RTKit iOS zero-day to older iPhones
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks.
Security Affairs
Threat actors may have exploited a zero-day in older iPhones, Apple warns
Apple rolled out urgent security updates to address code execution vulnerabilities in iPhones, iPads, and macOS.
DarkReading
500 Victims In, Black Basta Reinvents With Novel Vishing Strategy
Ransomware groups have always created problems for their victims that only they could solve. Black Basta is taking that core idea in a creative, new direction.
Ars Technica
Black Basta ransomware group is imperiling critical infrastructure, groups warn
Threat group has targeted 500 organizations. One is currently struggling to cope.
DarkReading
Ukrainian, Latvian TV Hijacked to Broadcast Russian Celebrations
At least 15 television channels were interrupted in Ukraine alone, which, reportedly, is not out of the norm in this "information war."
SecurityWeek
Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS
Apple documents another zero-day flaw being exploited on older iPhones and documents security problems in macOS, iOS and iPadOS.
SecurityWeek
China and US Envoys Will Hold First Top-Level Dialogue on Artificial Intelligence
Envoys from the United States and China will meet in Geneva for talks about artificial intelligence, including the risks of the fast-evolving technology.
Ars Technica
ChatGPT-4o allows real-time audio-video conversations with an “emotional” AI chatbot
GPT-4o demo shows new AI model singing a bedtime story, detecting user's facial expressions.
Bleeping Computer
Hackers use DNS tunneling for network scanning, tracking victims
Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities.
CyberNews
Wales joins metaverse to promote tourism
Wales has become the first nation in the UK to join the metaverse, and the first in Europe to use this virtual platform for advertising, according to its tourism body.
CyberNews
Smart dog collars might help predict earthquakes
A study on dogs in Lima, Peru, wants to find out whether IoT devices on pets can indicate seismic activity.
SecurityWeek
NATO Draws a Cyber Red Line in Tensions With Russia
Weakening liberal democracies and weakening the NATO alliance are conjoined in the hybrid war that Russia is conducting against Ukraine.
CyberNews
Netflix changes stance on sports streaming with Christmas NFL games
Netflix, the largest streamier out there, has always claimed it wasn't seeking to show big sports. Now, though, it’s nearing a deal to stream NFL games on Christmas Day.
CyberSecurity Dive
Black Basta ransomware is toying with critical infrastructure providers, authorities say
The threat group has impacted more than 500 targets worldwide and the vast majority of critical infrastructure sectors. Numerous attacks have exploited vulnerabilities in ConnectWise ScreenConnect.
The Cyber Express
Christie’s Auction Website Hacked Just Before Major Sales
Just days before its highly anticipated spring art auctions, Christie's, the renowned auction house, had fallen victim to a cyberattack,
Cyber Security News
CISA Warns Of Black Basta Ransomware Attacking 500+ Industries
Black Basta ransomware is used by threat actors because of its powerful abilities and inconspicuous moves.
%20(2).webp)
Cyber Security News
Google Cloud Accidentally Deletes $125 Billion Pension Fund’s Online Account
A major mistake in setup caused Google Cloud and UniSuper to delete the financial service provider's private cloud account.
The Hacker News
Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo
Researchers found a malicious Python package called requests-darwin-lite hiding a sneaky malware.
CSO
IntelBroker steals classified data from the Europol website
The agency said core operations remain unaffected even as IntelBroker claimed to possess classified, law enforcement data.
The Cyber Express
TCE Cyberwatch: Weekly Wrap on AI, Deepfakes, Cybersecurity Challenges Affecting Nations Worldwide
This week on TCE Cyberwatch we’re covering the different data breaches and vulnerabilities faced by different companies. Along with this,
CyberSecurity Dive
Don’t be afraid of GenAI code, but do be wary
Don’t fall for scare headlines about GenAI code—it offers multiple benefits—but also be aware of its limits and risks.
Krebs on Security
How Did Authorities Identify the Alleged Lockbit Boss?
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy,…
HACKRead
Latvian TV Channels Hacked to Broadcast Russian Victory Day Parade
On Thursday, someone hacked into the system and switched the channels to show the Russian Victory Day parade instead of Latvian programs.
Bleeping Computer
Europol confirms web portal breach, says no operational data stolen
Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data.
Bleeping Computer
Keep the team on task with $10 off Microsoft Project through May 22
Through May 22 only, new users can get a lifetime license to Microsoft Project Pro 2021 on a single PC for $19.97 (reg. $29.99).
The Cyber Express
The Top 10 Cybersecurity Unicorns in The World
The ever-evolving digital landscape presents a constant challenge for businesses and individuals alike: staying secure in the face of increasingly
The Cyber Express
Cybersecurity Startup Treacle Raises About 40 million in Pre-Seeding Round
Treacle, a cybersecurity startup founded in 2021 by Subhasis Mukhopadhyay, Subhajit Manna, and Partha Das, has raised about 40 million
CSO
CISA inks 68 tech vendors to secure-by-design pledge — but will it matter?
CISA’s pledge drew some big names, but the impact on software security could be limited. Meanwhile the org has extended its comment period on the CIRCIA cyberattack reporting law.
HACKRead
New LLMjacking Attack Lets Hackers Hijack AI Models for Profit
Researchers have discovered a novel cyberattack scheme, dubbed, LLMjacking, in which, threat actors gain access to the cloud environment.
Infosecurity News
UK's AI Safety Institute Unveils Platform to Accelerate Safe AI Develo
The UK's open source AI safety evaluation platform, Inspect, is set to empower global collaboration for safer AI development
DarkReading
Cybersecurity Races to Unmask New Wave of AI Deepfakes
Kevin Mandia, CEO of Mandiant at Google Cloud, calls for watermarks as the industry braces for a barrage of mind-bending AI-generated fake audio and video.
Infosecurity News
#RSAC: Experts Highlight Novel Cyber Threats and Tactics
Well-funded cybercriminals are adopting more sophisticated techniques, creating a need for defenders to stay informed about the evolving threat landscape
Bleeping Computer
Learn ethical hacking techniques with $1,000 off this super bundle
Ethical hacking takes the battle to the black hats and keeps them from taking over the internet. These 18 cybersecurity training courses show you how to fight back for $39.97, $1059 off the $1098 MSRP now through 5/12.
The Hacker News
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability
Google has just released an update to patch a new zero-day flaw, CVE-2024-4671, which hackers are actively exploiting in the wild.
The Hacker News
What's the Right EDR for You?
EDR solutions can detect threats that traditional defenses like antivirus often miss. Find out how EDR provides a deeper level of security.
The Cyber Express
LockBitSupp Denies Identification of Group ‘Admin’, Opens Contest to Find Named Dmitry Yuryevich
In an unexpected turn of events, LockBitSupp, the administrator of the notorious LockBit ransomware group, responded publicly to the Federal
SecurityWeek
RSA Conference 2024 – Announcements Summary (Day 4)
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
CyberSecurity Dive
Officials see a real change in Microsoft’s security plans: financial accountability
CISA Director Jen Easterly pointed to Microsoft’s decision to link security to executive compensation as a meaningful signal of its priorities.
.png)
Cyber Security News
Accenture Wins $789 Million Contract to Support Global U.S. Navy Maritime Forces
AFS, a subsidiary of global professional services company Accenture, has been awarded a $789 million contract to bolster the cybersecurity.
The Cyber Express
Lenovo Joins Secure by Design Pledge, Enhancing Cybersecurity Standards
Lenovo takes a bold step towards fortifying cybersecurity by joining the Secure by Design pledge, initiated by the US Cybersecurity
The Cyber Express
Dell Warns Customers of Data Breach: Threat Actor Claims 49M Records Compromised
Dell has issued a warning to its customers regarding a data breach following claims by a threat actor of pilfering
Cyber Security News
Dell Hacked - 49 Million Customers Data Affected
Dell Technologies is investigating a data breach incident involving a company portal containing limited customer information related to purchases.
Loading more articles....