Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker
Not everyone opposed the move, however, even as the board reviews the major Salt Typhoon telecom breach. The post Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker appeared first on CyberScoop.
Published on: January 22, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
BreachForums founder to be resentenced after court vacates previous punishment
Conor Fitzpatrick was initially sentenced to 20 years of supervised release following a guilty plea in July 2023. The post BreachForums founder to be resentenced after court vacates previous punishment appeared first on CyberScoop.
Published on: January 22, 2025 | Source:Chinese Cyberspies Target South Korean VPN in Supply Chain Attack
Advanced persistent threat group PlushDaemon, active since 2019, is using a sophisticated modular backdoor to collect data from infected systems in South Korea.
Published on: January 22, 2025 | Source:Trump Pardons 'Silk Road' Dark Web Drug Market Creator
The pardon comes after 11 years in prison for Ross Ulbricht, who was sentenced to life without parole on several charges, including computer hacking, distribution of narcotics, and money laundering.
Published on: January 22, 2025 | Source:βSevereβ bug in ChatGPTβs API could be used to DDoS websites
The vulnerability, described by a researcher as βbad programming,β allows an attacker to send unlimited connection requests through ChatGPTβs API. The post βSevereβ bug in ChatGPTβs API could be used to DDoS websites appeared first on CyberScoop.
Published on: January 22, 2025 | Source:Cloudflare detected (and blocked) the biggest DDoS attack on record
The company said that the 5.6 Tbps attack is indicative of the steady increase in the size of these attacks. The post Cloudflare detected (and blocked) the biggest DDoS attack on record appeared first on CyberScoop.
Published on: January 22, 2025 | Source:MasterCard DNS Error Went Unnoticed for Years
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals.
Published on: January 22, 2025 | Source:Will 2025 See a Rise of NHI Attacks?
The flurry of non-human identity attacks at the end of 2024 demonstrates extremely strong momentum heading into the new year. That does not bode well.
Published on: January 22, 2025 | Source:Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet
Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some
Published on: January 22, 2025 | Source:AI Will Write Complex Laws
Artificial intelligence (AI) is writing law today. This has required no changes in legislative procedure or the rules of legislative bodiesβall it takes is one legislator, or legislative assistant, to use generative AI in the process of drafting a bill. In fact, the use of AI by legislators is only likely to become more prevalent. There are currently projects in the US House, US Senate, and legislatures around the...
Published on: January 22, 2025 | Source:Government battles against tech could leave consumers less secure
Courts and federal regulators too often treat consumers as bystanders, a Center for Cybersecurity Policy and Law expert argues. The post Government battles against tech could leave consumers less secure appeared first on CyberScoop.
Published on: January 22, 2025 | Source:Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks
As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward-thinking security teams are looking for security controls and strategies to address these risks, but they do not always know which risks to prioritize. In some cases, they might have
Published on: January 22, 2025 | Source:President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison
U.S. President Donald Trump on Tuesday granted a "full and unconditional pardon" to Ross Ulbricht, the creator of the infamous Silk Road drug marketplace, after spending more than 11 years behind bars. "I just called the mother of Ross William Ulbricht to let her know that in honor of her and the Libertarian Movement, which supported me so strongly, it was my pleasure to have just signed a full
Published on: January 22, 2025 | Source:PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings from ESET. "The attackers replaced the legitimate installer with one that also deployed the group's signature implant that we have named SlowStepper β a
Published on: January 22, 2025 | Source:Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products
Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances. "Easily exploitable
Published on: January 22, 2025 | Source:Mandatory MFA, Biometrics Make Headway in Middle East, Africa
Despite lagging in technology adoption, African and Middle Eastern organizations are catching up, driven by smartphone acceptance and national identity systems.
Published on: January 22, 2025 | Source:Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices
Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date. The UDP protocol-based attack took place on October 29, 2024, targeting one of its customers, an unnamed internet service provider (ISP) from Eastern Asia. The activity originated
Published on: January 22, 2025 | Source:PlushDaemon compromises supply chain of Korean VPN service
ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon
Published on: January 22, 2025 | Source:[Virtual Event]: Cybersecurity's Most Promising New and Emerging Technologies
Published on: January 21, 2025 | Source:
Ransomware groups pose as fake tech support over Teams
A researcher at Sophos told CyberScoop that the company observed these tactics being used against multiple individuals and at least 15 organizations. The post Ransomware groups pose as fake tech support over Teams appeared first on CyberScoop.
Published on: January 21, 2025 | Source:Trump Fires Cyber Safety Board Investigating Salt Typhoon Hackers
In a letter sent today, the acting DHS secretary terminated membership to all advisory boards, including the Cyber Safety Review Board (CSRB) tasked with investigating state-sponsored cyber threats against the US.
Published on: January 21, 2025 | Source:Email Bombing, 'Vishing' Tactics Abound in Microsoft 365 Attacks
Sophos noted more than 15 attacks have been reported during the past three months.
Published on: January 21, 2025 | Source:DONOT Group Deploys Malicious Android Apps in India
The advanced persistent threat (APT) group is likely India-based and targeting individuals with connections to the country's intelligence community.
Published on: January 21, 2025 | Source:HPE Investigates After Alleged Data Breach
The company reports that it is not experiencing any operational issues within its business, so far.
Published on: January 21, 2025 | Source:Mirai Botnet Spinoffs Unleash Global Wave of DDoS Attacks
Two separate campaigns are targeting flaws in various IoT devices globally, with the goal of compromising them and propagating malware worldwide.
Published on: January 21, 2025 | Source:Cisco Previews AI Defenses to Cloud Security Platform
Set for release in March, Cisco AI Defense will provide algorithmic red teaming of large language models with technology that came over as part of the Robust Intelligence acquisition last year.
Published on: January 21, 2025 | Source:Why CISOs Must Think Clearly Amid Regulatory Chaos
Even as the rule book changes, the profession of the CISO remains unchanged: protecting the organization in a world of constant, continually evolving threats.
Published on: January 21, 2025 | Source:From qualitative to quantifiable: Transforming cyber risk management for critical infrastructure
TSAβs new incident disclosure rules are a good fit for cyber risk quantification. The post From qualitative to quantifiable: Transforming cyber risk management for critical infrastructure appeared first on CyberScoop.
Published on: January 21, 2025 | Source:Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks," Qualys security researcher Shilpesh
Published on: January 21, 2025 | Source:13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks
A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity "take[s] advantage of misconfigured DNS records to pass email protection techniques," Infoblox security researcher David Brunsdon said in a technical report published last week. "This
Published on: January 21, 2025 | Source:AI Mistakes Are Very Different from Human Mistakes
Humans make mistakes all the time. All of us do, every day, in tasks both new and routine. Some of our mistakes are minor and some are catastrophic. Mistakes can break trust with our friends, lose the confidence of our bosses, and sometimes be the difference between life and death. Over the millennia, we have created security systems to deal with the sorts of mistakes humans commonly make. These days, casinos rotate...
Published on: January 21, 2025 | Source:Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties
A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity. Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top Secret security clearance with access to
Published on: January 21, 2025 | Source:HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects
Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, "Were all functionalities of the web app tested?" or " Were there any security issues that could have been identified during testing?" often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest
Published on: January 21, 2025 | Source:Under lock and key: Protecting corporate data from cyberthreats in 2025
Data breaches can cause a loss of revenue and market value as a result of diminished customer trust and reputational damage
Published on: January 21, 2025 | Source:PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers
Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week. The infection chain commences with a phishing
Published on: January 21, 2025 | Source: