Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conducting an audit to assess the "level of security," CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to
Published on: January 21, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Name That Toon: Incentives
Feeling creative? Have something to say about cybersecurity? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Published on: January 20, 2025 | Source:Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access to their networks," Top10VPN said in a study, as part of a collaboration with KU Leuven professor
Published on: January 20, 2025 | Source:DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection
The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the
Published on: January 20, 2025 | Source:US Ban on Automotive Components Could Curb Supply Chain
The US Department of Commerce will prohibit the import of components for connected vehicles from China or Russia, as the US continues to ban technology it sees as potential national security threats.
Published on: January 20, 2025 | Source:Phishing Attacks Are the Most Common Smartphone Security Issue for Consumers
New hands-on testing results show that most devices are unable to catch phishing emails, texts, or calls, leaving users at risk.
Published on: January 20, 2025 | Source:Biden Signs New Cybersecurity Order
President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Some details: The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidentsβnamely, the security failures of federal contractors. The order requires...
Published on: January 20, 2025 | Source:β‘ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]
As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that can't be fought with
Published on: January 20, 2025 | Source:Product Walkthrough: How Satori SecuresΒ Sensitive Data From Production to AI
Every week seems to bring news of another data breach, and itβs no surprise why: securing sensitive data has become harder than ever. And itβs not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements are only getting
Published on: January 20, 2025 | Source:Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP
Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below - @async-mutex/mutex, a typosquat of async-mute (npm) dexscreener, which masquerades as a library for accessing liquidity pool
Published on: January 20, 2025 | Source:TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025
Popular video-sharing social network TikTok has officially gone dark in the United States, as a federal ban on the app comes into effect on January 19, 2025. "We regret that a U.S. law banning TikTok will take effect on January 19 and force us to make our services temporarily unavailable," the company said in a pop-up message. "We're working to restore our service in the U.S. as soon as possible
Published on: January 19, 2025 | Source:U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. "People's Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, including the recent
Published on: January 18, 2025 | Source:U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. "People's Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, including the recent
Published on: January 18, 2025 | Source:Has the TikTok Ban Already Backfired on US Cybersecurity?
The Supreme Court has affirmed TikTok's ban in the US, which has its users in revolt and is creating a whole new set of national cybersecurity concerns.
Published on: January 17, 2025 | Source:Friday Squid Blogging: Opioid Alternatives from Squid Research
Is there nothing that squid research canβt solve? βIf youβre working with an organism like squid that can edit genetic information way better than any other organism, then it makes sense that that might be useful for a therapeutic application like deadening pain,β he said. [β¦] Researchers hope to mimic how squid and octopus use RNA editing in nerve channels that interpret pain and use that knowledge to manipulate human...
Published on: January 17, 2025 | Source:TSA extends cyber requirements for pipeline owners
The agency added an additional year to two post-Colonial Pipeline security directives. The post TSA extends cyber requirements for pipeline owners appeared first on CyberScoop.
Published on: January 17, 2025 | Source:Employees Enter Sensitive Data Into GenAI Prompts Far Too Often
The propensity for users to enter customer data, source code, employee benefits information, financial data, and more into ChatGPT, Copilot, and others is racking up real risk for enterprises.
Published on: January 17, 2025 | Source:15K Fortinet Device Configs Leaked to the Dark Web
The stolen firewall data is thorough but more than 2 years old now, meaning that most organizations following even basic security practices face minimal risk, hopefully.
Published on: January 17, 2025 | Source:US Sanctions Chinese Hacker & Firm for Treasury, Critical Infrastructure Breaches
The cyber actor played a role in the Treasury breach as well as attacks on critical infrastructure, linked to China-backed advanced persistent threat (APT) group Salt Typhoon.
Published on: January 17, 2025 | Source:Noem: No anti-disinformation, misinformation action under her as DHS secretary
She said at her confirmation hearing that CISA needs to be βsmaller, more nimbleβ and it has gone βfar off-mission.β The post Noem: No anti-disinformation, misinformation action under her as DHS secretary appeared first on CyberScoop.
Published on: January 17, 2025 | Source:Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacksΒ
Itβs the first formal attribution for the campaign that has swept up data from at least nine telecoms and the Treasury Department. The post Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks appeared first on CyberScoop.
Published on: January 17, 2025 | Source:Closing software-understanding gap is critical to national security, CISA says
In a joint report with DARPA and others, the cyber agency said that knowledge gap βexacerbatesβ risks posed by threat actors in U.S. critical infrastructure. The post Closing software-understanding gap is critical to national security, CISA says appeared first on CyberScoop.
Published on: January 17, 2025 | Source:Restoring U.S. cyber resilience: A blueprint for the new administration
The Trump administration can start by returning CISA to its core mission, former DHS and California officials argue. The post Restoring U.S. cyber resilience: A blueprint for the new administration appeared first on CyberScoop.
Published on: January 17, 2025 | Source:Leveraging Behavioral Insights to Counter LLM-Enabled Hacking
As LLMs broaden access to hacking and diversify attack strategies, understanding the thought processes behind these innovations will be vital for bolstering IT defenses.
Published on: January 17, 2025 | Source:Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking applications," Claroty's Tomer Goldschmidt said in a Thursday report. "An attacker
Published on: January 17, 2025 | Source:Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation
Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. "Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps," Imperva researcher Daniel Johnston said in an analysis. "These attacks
Published on: January 17, 2025 | Source:Social Engineering to Disable iMessage Protections
I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website. But because they came from unknown phone numbers, the links did not work. Soβthis is the...
Published on: January 17, 2025 | Source:How HHS has strengthened cybersecurity of hospitals and health care systems
The agency has embraced performance goals, provided resources to small systems and improved coordination, its deputy secretary writes. The post How HHS has strengthened cybersecurity of hospitals and health care systems appeared first on CyberScoop.
Published on: January 17, 2025 | Source:How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?
Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access,
Published on: January 17, 2025 | Source:U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People's Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime in violation of international sanctions. "These
Published on: January 17, 2025 | Source:New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December. Nearly 100 domains hosting
Published on: January 17, 2025 | Source:European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users' data to China. The advocacy group is seeking an immediate suspension of such transfers, stating the companies in question cannot shield user data
Published on: January 17, 2025 | Source:Russian APT Phishes Kazakh Gov't for Strategic Intel
A highly targeted cyber-intelligence campaign adds fuel to the increasingly complex relationship between the two former Soviet states.
Published on: January 17, 2025 | Source:Biden's Cybersecurity EO Leaves Trump a Comprehensive Blueprint for Defense
New order mandates securing the federal software supply chain and communications networks, as well as deploying AI tools to protect critical infrastructure from cyberattacks β but will the Trump administration follow through?
Published on: January 16, 2025 | Source:Treasury sanctions North Korea over remote IT worker schemes
The North Korean office responsible for the scheme, Department 53, was created to funnel money back into the countryβs weapons programs. The post Treasury sanctions North Korea over remote IT worker schemes appeared first on CyberScoop.
Published on: January 16, 2025 | Source: