Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
6 AI-Related Security Trends to Watch in 2025
AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks.
Published on: December 31, 2024 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Gift Card Fraud
Itβs becoming an organized crime tactic: Card draining is when criminals remove gift cards from a store display, open them in a separate location, and either record the card numbers and PINs or replace them with a new barcode. The crooks then repair the packaging, return to a store and place the cards back on a rack. When a customer unwittingly selects and loads money onto a tampered card, the criminal is able to...
Published on: December 31, 2024 | Source:New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy
The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. "This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our
Published on: December 31, 2024 | Source:Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents
The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. "On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based
Published on: December 31, 2024 | Source:Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation
Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. "Exploiting these flaws could allow attackers to gain persistent access as shadow administrators
Published on: December 31, 2024 | Source:U.S. Army Soldier Arrested in AT&T, Verizon Extortions
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea.
Published on: December 31, 2024 | Source:Chinese State Hackers Breach US Treasury Department
In what's being called a "major cybersecurity incident," Beijing-backed adversaries broke into cyber vendor BeyondTrust to access the US Department of the Treasury workstations and steal unclassified data, according to a letter sent to lawmakers.
Published on: December 30, 2024 | Source:Treasury workstations hacked by China-linked threat actors
According to a letter sent to Senate leaders and obtained by CyberScoop, the compromises occurred through third-party software provider BeyondTrust, which provides identity and access management security solutions. The post Treasury workstations hacked by China-linked threat actors appeared first on CyberScoop.
Published on: December 30, 2024 | Source:Thousands of industrial routers vulnerable to command injection flawΒ
The vulnerability, found in versions of Four-Faith routers, appears to have been exploited in the wild and has been connected to attempted infections of Mirai. The post Thousands of industrial routers vulnerable to command injection flaw appeared first on CyberScoop.
Published on: December 30, 2024 | Source:How to Get the Most Out of Cyber Insurance
Cyber insurance should augment your cybersecurity strategy β not replace it.
Published on: December 30, 2024 | Source:What Security Lessons Did We Learn in 2024?
Proactive defenses, cross-sector collaboration, and resilience are key to combating increasingly sophisticated threats.
Published on: December 30, 2024 | Source:New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
The United States Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the
Published on: December 30, 2024 | Source:β‘ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [30 Dec]
Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it's a hidden flaw in popular software or a clever new attack method, staying informed is key to protecting yourself and your organization. In this week's update, we'll cover the most important developments in
Published on: December 30, 2024 | Source:Salt Typhoonβs Reach Continues to Grow
The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon.
Published on: December 30, 2024 | Source:When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions
News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure (LayerX, one of the companies involved in
Published on: December 30, 2024 | Source:Deepfakes, Quantum Attacks Loom Over APAC in 2025
Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases.
Published on: December 30, 2024 | Source:Happy 15th Anniversary, KrebsOnSecurity!
KrebsOnSecurity.com turns 15 years old today! Maybe it's indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024's most engrossing security stories were about bad things happening to bad guys. It's also an occasion to note that despite my publishing fewer stories than ever this past year, we somehow managed to attract near record levels of readership (thank...
Published on: December 29, 2024 | Source:Dozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theft
A new attack campaign has targeted known Chrome browser extensions, leading to at least 35 extensions being compromised and exposing over 2.6 million users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to
Published on: December 29, 2024 | Source:16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft
A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to steal
Published on: December 29, 2024 | Source:15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
A high-severity flaw impacting select Four-Faith industrial routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and F3x36. The severity of the shortcoming is lower due to the fact that it
Published on: December 28, 2024 | Source:White House: Salt Typhoon hacks possible because telecoms lacked basic security measures
In an update Friday, the White House says nine telecom companies were impacted by the Chinese espionage effort. The post White House: Salt Typhoon hacks possible because telecoms lacked basic security measures appeared first on CyberScoop.
Published on: December 27, 2024 | Source:North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign
North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as recruiters to trick individuals looking for potential job opportunities into
Published on: December 27, 2024 | Source:Hackers Are Hot for Water Utilities
The US water sector suffered a stream of cyberattacks over the past year-and-a-half from a mix of cybercriminals, hacktivists, and nation-state hacking teams. Here's how the industry and ICS/OT security experts are working to better secure vulnerable drinking and wastewater utilities.
Published on: December 27, 2024 | Source:Defining & Defying Cybersecurity Staff Burnout
Sometimes it feels like burnout is an inevitable part of working in cybersecurity. But a little bit of knowledge can help you and your staff stay healthy.
Published on: December 27, 2024 | Source:Quantum Computing Advances in 2024 Put Security In Spotlight
The work on quantum computing hit some major milestones in 2024, making the path to a workable quantum computer seem closer than ever. Google, Microsoft, and other research efforts hit significant milestones this year, but is the cybersecurity world ready?
Published on: December 27, 2024 | Source:Casino Players Using Hidden Cameras for Cheating
The basic strategy is to place a device with a hidden camera in a position to capture normally hidden card values, which are interpreted by an accomplice off-site and fed back to the player via a hidden microphone. Miniaturization is making these devices harder to detect. Presumably AI will soon obviate the need for an accomplice.
Published on: December 27, 2024 | Source:Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia
The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024. "Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code," Kaspersky researcher Oleg
Published on: December 27, 2024 | Source:Friday Squid Blogging: Squid on Pizza
Pizza Hut in Taiwan has a history of weird pizzas, including a β2022 scalloped pizza with Oreos around the edge, and deep-fried chicken and calamari studded throughout the middle.β Blog moderation policy.
Published on: December 27, 2024 | Source:This month in security with Tony Anscombe β December 2024 edition
From attacks leveraging new new zero-day exploits to a major law enforcement crackdown, December 2024 was packed with impactful cybersecurity news
Published on: December 27, 2024 | Source:Palo Alto Releases Patch for PAN-OS DoS Flaw β Update Immediately
Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions 10.2.8 and later or prior to 11.2.3. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS
Published on: December 27, 2024 | Source:FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks
Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN. "These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings
Published on: December 27, 2024 | Source:Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization
The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and 2.2.X. "The ObjectSerializationDecoder in Apache MINA uses Java's
Published on: December 27, 2024 | Source:South Korea sanctions 15 North Koreans for IT worker scams, financial hacking schemes
The individuals are allegedly working for North Koreaβs 313th General Bureau, under the DPRKβs Ministry of Munitions Industry. The post South Korea sanctions 15 North Koreans for IT worker scams, financial hacking schemes appeared first on CyberScoop.
Published on: December 26, 2024 | Source:Scams Based on Fake Google Emails
Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post.
Published on: December 26, 2024 | Source:SEC Disclosures Up, But Not Enough Details Provided
While companies have responded to the new SEC rules by disclosing incidents promptly, many of the reports don't meet the SEC's "material" standard.
Published on: December 26, 2024 | Source: