Top
item
Advertisement

Category: Security


Cybersecurity, Security

Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor

April 18, 2024

Via: The Hacker News

A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. “The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads […]


Hacking, Security

Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks

April 17, 2024

Via: The Hacker News

A previously undocumented “flexible” backdoor called Kapeka has been “sporadically” observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked […]


Hacking, Security

Watch Out for ‘Latrodectus’ – This Malware Could Be In Your Inbox

April 8, 2024

Via: The Hacker News

Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. “Latrodectus is an up-and-coming downloader with various sandbox evasion functionality,” researchers from Proofpoint and Team […]


Hacking, Security

Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

April 5, 2024

Via: The Hacker News

Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another […]


Cybersecurity, Security

CISO Perspectives on Complying with Cybersecurity Regulations

April 5, 2024

Via: The Hacker News

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means […]


Hacking, Security

China-linked Hackers Deploy New ‘UNAPIMON’ Malware for Stealthy Operations

April 2, 2024

Via: The Hacker News

A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. “Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage […]


Cybersecurity, Security

House of Representatives bans the use of Copilot over security concerns

April 1, 2024

Via: TechSpot

In guidance to congressional offices issued by The House’s Chief Administrative Officer, Catherine Szpindor, and seen by Axios, it’s stated that Copilot is “unauthorized for House use.” The guidance adds that Copilot will be removed from and blocked on all […]


Cybersecurity, Security

AT&T confirms data leak affecting 73 million customers after spending two weeks denying it

April 1, 2024

Via: TechSpot

When the massive trove of data was posted for sale on a cybercrime forum early this month, AT&T said it did not originate from its systems, even though the poster said it was stolen from a 2021 breach of the […]


Cybersecurity, Mobile, Security, Smartphones

Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals

April 1, 2024

Via: The Hacker News

Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN’s Satori Threat Intelligence team, which said the […]


Hacking, Security

Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions

March 27, 2024

Via: The Hacker News

A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users’ systems and carry out malicious actions. “This flaw could have allowed an attacker to exploit a private API, initially intended […]


Cybersecurity, Security

CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products

March 26, 2024

Via: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities added are as follows – CVE-2023-48788 (CVSS score: 9.3) – Fortinet FortiClient EMS SQL Injection […]


Hacking, Security

Ethical hackers show how to open millions of hotel keycard locks

March 21, 2024

Via: TechSpot

Researchers recently disclosed a significant security flaw in Dormakaba’s Saflok electronic RFID locks, which are popular with hotels. It could allow a hacker to clone a hotel’s keycard to access any room in the building. It is unclear whether hackers […]


Cybersecurity, Security

AI used extensively for security but not for coding, JFrog survey finds

March 20, 2024

Via: InfoWorld

In JFrog’s just-released Software Supply Chain State of the Union 2024 report, the software supply chain platform provider found extensive use of AI and machine learning tools for security. However, only one in three software developers the company surveyed use […]


Hacking, Security

New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT

March 19, 2024

Via: The Hacker News

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu. “The PhantomBlu operation introduces a nuanced […]


Cybersecurity, Security

Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In

March 19, 2024

Via: The Hacker News

In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information Security Officers […]


Cybersecurity, Security

Chrome to offer constant, real-time protection against malicious sites 24/7

March 15, 2024

Via: Techradar

Google is upgrading Chrome’s Safe Browsing security tool by allowing it to provide constant protection against suspicious websites in real-time. Before going into the update itself, it’s worth covering the backstory. Safe Browsing gives the Chrome browser a list of […]


Hacking, Security

RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage

March 14, 2024

Via: The Hacker News

The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands. “The Program Compatibility Assistant Service (pcalua.exe) is a Windows service designed to identify and address compatibility issues […]


Privacy, Security

Why passkeys will replace passwords

February 29, 2024

Via: InfoWorld

With the growth of sophisticated attacks against critical software and infrastructure systems, multi-factor authentication (MFA) has emerged as a critical layer of defense against unauthorized access. An increasing number of enterprise and developer-facing technology applications and platforms, from GitHub to […]


Privacy, Security

IBM’s AI-enhanced storage platform can identify ransomware in under a minute

February 28, 2024

Via: TechSpot

As IBM highlights, existing FlashSystem products already scan all incoming data as it is being written, without impacting performance. The new AI-enhanced FlashCore Module 4 (FCM) is even more advanced, continuously monitoring stats gathered from every single I/O to look […]


Cybersecurity, Security

Securing the Digital Frontier: Effective Threat Exposure Management

February 28, 2024

Via: SmartData Collective

AI technology is radically changing the direction of the cybersecurity sector. Companies around the world are expected to spend $102.78 billion on AI to stop cybersecurity threats in 2032 alone. Artificial Intelligence (AI) plays a pivotal role in enhancing cybersecurity […]