CSO
US AI experts targeted in cyberespionage campaign using SugarGh0st RAT
Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
CSO
Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
Ars Technica
Alleged $6.8M conspiracy involved "laptop farm," identity theft, and résumé coaching.
The Cyber Express
The U.S. federal prosecutors on Thursday revealed charges against a North Korean job fraud nexus that ran its fraudulent scheme
DarkReading
The company reports that customers based in Chile, Spain, and Uruguay were the primary victims of the breach, alongside some former employees of the global bank.
DarkReading
Researchers believe the attacker is likely China-affiliated, since a previous version of the malware was used by a China nation-state attack group.
CyberScoop
Christina Chapman facilitated remote work and financial transfers for North Koreans tied to that nation’s weapons development programs, according to the U.S. government.
Bleeping Computer
The U.S. Justice Department charged five individuals today, a U.S. Citizen woman, a Ukrainian man, and three foreign nationals, for their involvement in cyber schemes that generated revenue for North Korea's nuclear weapons program.
HACKRead
Two MIT graduates were arrested for allegedly stealing $25 million in Ethereum through a sophisticated blockchain manipulation scheme.
Bleeping Computer
Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor.
Infosecurity News
Proofpoint said the attackers modified registry key names for persistence
The Hacker News
New Wi-Fi vulnerability discovered! CVE-2023-52424, dubbed "SSID Confusion attack," affects all operating systems and Wi-Fi clients.
The Cyber Express
Gone in 60 seconds is a thing of the past. With the world moving towards digital assets and cryptocurrency, “Gone
Infosecurity News
Car manufacturer Nissan revealed that over 53,000 of its North America employees had their social security numbers accessed by a ransomware attacker
SecurityWeek
Network infrastructure as-a-service Alkira has raised $100 million in a Series C funding round led by Tiger Global Management.
DarkReading
In a first-ever move, the commission's enforcement bureau has high hopes that official classification will allow law enforcement partners to better combat these kinds of threats.
Bleeping Computer
Microsoft has acknowledged a new known issue causing this month's KB5037765 security update for Windows Server 2019 to fail to install with 0x800f0982 errors.
Infosecurity News
Nearly six out of ten surveyed ClubCISO members are confident AI is used securely in their organizations
The Hacker News
Kimsuky hackers launch new social engineering attack using fake Facebook accounts. Learn how they target activists via Messenger and deliver malware.
DarkReading
When abused by threat actors with sophisticated social-engineering chops, remote-access tools demand that enterprises remain sharp in both defense strategy and employee-awareness training.
SecurityWeek
Nissan North America determined recently that a ransomware attack launched last year resulted in employee personal information compromise.
CSO
Application Security Posture Management tools need to integrate with other security tools to do their job.
The Cyber Express
During a recent Senate committee hearing, Director of National Intelligence Avril Haines emphasized state hackers' continued prominence as a threat,
The Cyber Express
Researchers recently uncovered two new backdoors implanted within the infrastructure of a European Ministry of Foreign Affairs (MFA) and its
CSO
Official telegram channels operated by BreachForums members confirm law enforcement seizures and arrest.
Cyber Security News
Remote assist tools are often targeted by hackers as they create a direct channel that can be used to get into desired systems while using
SecurityWeek
The City of Wichita says files containing personal information were exfiltrated in a recent ransomware attack.
The Cyber Express
A new WiFi vulnerability is reportedly leading users to a SSID confusion attack. The vulnerability has been identified in the
SecurityWeek
Palo Alto Networks and IBM have announced a significant partnership to jointly provide cybersecurity solutions.
The Hacker News
Nearly a dozen security flaws have been discovered in the GE HealthCare Vivid Ultrasound product family.
Infosecurity News
The FBI claims to have seized the domain and servers of hacking forum BreachForums
Cyber Security News
In a major move to bolster its cloud security offerings, Palo Alto Networks announced today that it has agreed to purchase the QRadar .
The Cyber Express
A ransomware attack has compromised MediSecure, a leading Australian script provider facilitating electronic prescribing and dispensing of prescriptions. The MediSecure
Cyber Security News
To address a zero-day vulnerability in its Safari web browser that was exploited during this year's Pwn2Own Vancouver hacking competition,
Cyber Security News
The notorious data leak site BreachForums has been taken over by the police. Cybercrime and data leaks are still being fought.
DarkReading
In an economy choking on swelling inflation, the Nigerian government paused plans for a levy on domestic transactions, aimed at enhancing cybersecurity.
Cyber Security News
LogRhythm and Exabeam, two leading cybersecurity companies to create a powerful force in the security operations and analytics market.
SecurityWeek
The hacking forum BreachForums is displaying a notice claiming that the website is under the control of the FBI.
The Cyber Express
Following the massive Nissan data breach from November last year that exposed the Social Security numbers of thousands of former
The Cyber Express
In response to heightened cyber threats targeting political candidates, election officials and civil society groups, the National Cyber Security Centre
The Hacker News
Beware of Storm-1811! This financially motivated group is abusing Microsoft's Quick Assist tool in social engineering attacks.
The Hacker News
Google fixes critical zero-day vulnerability in Chrome. CVE-2024-4947, a type confusion bug in the V8 JavaScript engine, has been actively exploited b
SecurityWeek
US officials raised concerns on China’s “misuse of AI” while Beijing’s representatives rebuked the US over “restrictions and pressure” on AI.
The Record
“The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify,” SEC Chair Gary Gensler said. “That’s good for investors.”
The Record
The NYPD said it is trying to phase out the Chinese-made drones, but also defended their use, saying they are far more effective and affordable than any produced by American manufacturers.
SC Magazine
Security pros say the uptick in Chrome zero-days this week demonstrates an increased focus by threat actors on attacking browsers.
The Record
According to the State Department, a U.S. national named Christina Chapman helped four people fraudulently obtain work as remote software and applications developers with companies in a range of sectors and industries, earning millions of dollars for the North Korean regime.
SC Magazine
GenAI, API and identity risks are key concerns, as well as conflicts between DevOps and SecOps.
SC Magazine
Threat actors use the remote management tool and social engineering to access victims’ systems and install malware.
The Record
The BGP behaves like an internet traffic controller, routing data as efficiently as possible — but it can be "hijacked" for malicious purposes.
The Record
Kia, General Motors, Subaru and Mitsubishi received “civil investigative demand” letters from the Office of the Texas Attorney General's consumer protection division in late April.
The Record
The Share and Defend system will provide a list of malicious domains to a range of U.K. communications providers so the domains can be added to blocklists.
The Record
The National Cyber Security Centre worked with the U.K.'s insurance industry on new guidelines for organizations facing ransomware attacks.
Ars Technica
An earlier iteration of the site was taken down last year; now its reincarnation is gone.
Bleeping Computer
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
Bleeping Computer
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
DarkReading
Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions.
Bleeping Computer
Google is introducing multiple anti-theft and data protection features later this year, some available only for Android 15+ devices, while others will roll out to billions of devices running Android 10 and later.
Bleeping Computer
Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom.
Bleeping Computer
The U.S. Department of Justice has indicted two brothers for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a "first-of-its-kind" scheme.
The Hacker News
BreachForums, a notorious online bazaar for stolen data, has been seized by law enforcement agencies for the second time in a year.
SecurityWeek
Financial terms were not released but it's likely a hefty price tag with Exabeam’s most recent valuation pegged at $2.5 billion.
Infosecurity News
Despite this setback, the auction house said bids can still be placed by phone and in-person
Bleeping Computer
Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks.
The Hacker News
Android 15 introduces new features to prevent malicious apps from capturing your sensitive data. Find out more about these crucial updates:
The Hacker News
Google just unveiled new "private space" feature lets you keep your sensitive apps hidden and locked with a separate PIN.
Ars Technica
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
Infosecurity News
CPR said exploit builders in .NET and Python have been employed to deploy this malware
DarkReading
A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.
Infosecurity News
The National Cyber Security Centre launches an opt-in Personal Internet Protection service to safeguard individuals from cyber threats during the upcoming election
Bleeping Computer
Banco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers.
SecurityWeek
Russian-speaking threat actors are caught abusing a GitHub profile to distribute information stealers posing as legitimate software.
Cyber Security News
The well-known advanced persistent threat (APT) group Turla, which is based in Russia, is said to be going after the European Ministry.
Infosecurity News
Google DeepMind’s SynthID can now be used to watermark AI-generated images, audio, text and video
The Hacker News
Two new backdoors, LunarWeb and LunarMail, have targeted a European ministry of foreign affairs and its diplomatic missions in the Middle East
CSO
The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack.
SecurityWeek
The Spanish bank Santander said customers in Chile, Spain and Uruguay are affected by a data breach at a third-party provider.
Infosecurity News
Santander has warned that customer and employee data has been breached following unauthorized access to a database held by a third-party provider
The Cyber Express
A Dutch court ruling on Tuesday found one of the co-founders of the now-sanctioned Tornado Cash cryptocurrency mixer service guilty
SecurityWeek
Singing River Health System says the personal information of roughly 900,000 individuals was stolen in an August 2023 ransomware attack.
Infosecurity News
NCSC CTO argues current market rewards prioritize cost over security, hindering the development of secure technology
The Hacker News
Ebury malware botnet has compromised an estimated 400,000 servers since 2009. Learn how to protect your systems from this advanced threat.
Infosecurity News
Trend Micro research claims CISOs are often ignored or dismissed as “nagging” by their board
SecurityWeek
Senators are recommending that Congress spend at least $32 billion over the next three years to develop AI and place safeguards around it.
The Cyber Express
CISA, in collaboration with DHS, FBI, and international cybersecurity entities, has revealed a comprehensive guide aimed at bolstering cybersecurity for
The Cyber Express
Microsoft patched a zero-day vulnerability exploited by attackers to distribute QakBot and other malware payloads on susceptible Windows systems. Identified
The Hacker News
Alexey Pertsev, co-founder of Tornado Cash, sentenced to 5+ years in prison by Dutch court. The crypto mixer service was sanctioned by the U.S.
The Hacker News
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
Security Affairs
The Singing River Health System revealed that the ransomware attack that hit the organization in August 2023 impacted 895,204 people.
SecurityWeek
Vermont passed a bill that prohibits the sale of data, such as social security and drivers’ license numbers, financial or health information.
CyberNews
A UN sanctions investigation says North Korea laundered $147.5 million of stolen crypto through the virtual mixer platform Tornado Cash in March.
DarkReading
The nation amends its Cybersecurity Act, giving its primary cybersecurity agency more power to regulate critical infrastructure and third parties, and requiring cyber incidents be reported.
CSO
CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting.
The Record
In a data breach notice about the incident, which is still affecting numerous city services, the municipality said hackers copied files from its network.
The Record
“They know what they have to do,” said Sophie in’t Veld, who led the European Parliament investigation into spyware. “The problem is they don't want to do it.”
The Record
Sonne Finance, which allows people to lend and borrow funds without the need for intermediaries, said it would commit to not pursuing the heist any further if the perpetrator accepted an undisclosed bounty and returned the stolen cryptocurrency.
SC Magazine
Security pros believe the incident may be a “smash and grab” attack, where the threat actors go in, grab what data they can find, then try to sell it on the dark web.
The Record
Two telecommunications firms will pay separate $1 million fines to the Federal Communications Commission for adding connections to a Caribbean undersea cable network without getting the U.S. government’s approval.
SC Magazine
In this month’s release, Redmond patched 60 CVEs including two other zero-days and a SharePoint Server remote code execution vulnerability rated critical.
The Record
The Biden administration hopes to have consumer devices that have been approved by a voluntary cybersecurity labeling program on store shelves soon.
The Record
“We've got to do a better job of making sure Americans of all political stripes understand what is very probably coming their way over the next less than six months,” Senate Intelligence Chair Mark Warner told leaders from ODNI, CISA and the FBI.
Loading more articles....