Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts
A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company's network in March 2020. Junior Barros De Oliveira, 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving information obtained from protected computers and four counts of threatening communications, the U.S. Department of
Published on: December 26, 2024 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Emerging Threats & Vulnerabilities to Prepare for in 2025
From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.
Published on: December 26, 2024 | Source:DDoS Attacks Surge as Africa Expands Its Digital Footprint
As organizations on the continent expand their use of digital technologies, they increasingly face many of the same threats that entities in other regions have had to deal with for years.
Published on: December 26, 2024 | Source:Ruijie Networks' Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks
Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. "The vulnerabilities, if
Published on: December 25, 2024 | Source:Ruijie Networks' Cloud Platform Flaws Could've Exposed 50,000 Devices to Remote Attacks
Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. "The vulnerabilities, if
Published on: December 25, 2024 | Source:Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS β Patch Now
The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system. "An SQL injection
Published on: December 25, 2024 | Source:Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware
The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP, said it discovered the artifact as part of a "recent" investigation into a compromised machine in Asia that was also infected with the BellaCiao malware. BellaCiao was first
Published on: December 25, 2024 | Source:Too Much 'Trust,' Not Enough 'Verify'
"Zero trust" doesn't mean "zero testing."
Published on: December 24, 2024 | Source:Trump 2.0 Portends Big Shift in Cybersecurity Policies
Changes at CISA and promises of more public-private partnerships and deregulation are just a few ways the incoming administration could upend the feds' role in cybersecurity.
Published on: December 24, 2024 | Source:DNSSEC Denial-of-Service Attacks Show Technology's Fragility
The security extensions for the Domain Name System aimed to make the Internet more reliable, but instead the technology has exchanged one set of problems for another.
Published on: December 24, 2024 | Source:Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts
Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, attracted 118 and 164 downloads each, prior to them being taken down.
Published on: December 24, 2024 | Source:Spyware Maker NSO Group Found Liable for Hacking WhatsApp
A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case.
Published on: December 24, 2024 | Source:North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin
Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. "The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces," the agencies said. "TraderTraitor activity is often characterized by targeted social
Published on: December 24, 2024 | Source:CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that
Published on: December 24, 2024 | Source:Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that
Published on: December 24, 2024 | Source:State Departmentβs disinformation office to close after funding nixed in NDAA
The Global Engagement Center, which tracks and exposes foreign disinformation narratives in foreign countries, will see its authority to operate expire Dec. 24. The post State Departmentβs disinformation office to close after funding nixed in NDAA appeared first on CyberScoop.
Published on: December 23, 2024 | Source:Non-Human Identities Gain Momentum, Requires Both Management, Security
The number of Non-Human Identities (NHIs) in many organizations has exploded. Key trends, drivers, and market landscape in this fast-developing area are explored.
Published on: December 23, 2024 | Source:Judge grants ruling in favor of WhatsApp against spyware firm NSO Group
The ruling is arguably the most important to date against the Israeli maker of the Pegasus spyware. The post Judge grants ruling in favor of WhatsApp against spyware firm NSO Group appeared first on CyberScoop.
Published on: December 23, 2024 | Source:Criminal Complaint against LockBit Ransomware Writer
The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware.
Published on: December 23, 2024 | Source:How CISOs Can Communicate With Their Boards Effectively
With the increased frequency of board reporting, CISOs need to ensure their interactions are brief, productive, and valuable.
Published on: December 23, 2024 | Source:Feds lay blame while Chinese telecom attack continues
Opinion: Implementing new regulations amid the ongoing attack would be a massive misstep, cyber experts argue. The post Feds lay blame while Chinese telecom attack continues appeared first on CyberScoop.
Published on: December 23, 2024 | Source:Middle East Cyberwar Rages On, With No End in Sight
Since October 2023, cyberattacks among countries in the Middle East have persisted, fueled by the conflict between Israel and Hamas, reeling in others on a global scale.
Published on: December 23, 2024 | Source:Name That Toon: Sneaking Around
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Published on: December 23, 2024 | Source:AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case
Cybersecurity researchers have found that it's possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. "Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect," Palo Alto Networks Unit 42 researchers
Published on: December 23, 2024 | Source:β‘ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up. Hackers are using everyday tools in harmful ways, hiding spyware in trusted apps, and finding new ways to take advantage of old security gaps.
Published on: December 23, 2024 | Source:Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service
An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm. "It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable," Sophos said in a new report published last
Published on: December 23, 2024 | Source:Chris Hadfield: The sky is falling β what to do about space junk? | Starmus highlights
The first Canadian to walk in space dives deep into the origins of space debris, how itβs become a growing problem, and how we can clean up the orbital mess
Published on: December 23, 2024 | Source:Chris Hadfield: The sky is falling β what to do about space junk? | Starmus Highlights
The first Canadian to walk in space dives deep into the origins of space debris, how itβs become a growing problem, and how we can clean up the orbital mess
Published on: December 23, 2024 | Source:Top 10 Cybersecurity Trends to Expect in 2025
The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with protecting sensitive information for their customers while continuing to provide seamless and easy user experiences. Hereβs a closer look at ten emerging challenges and threats set to shape the
Published on: December 23, 2024 | Source:U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case
Meta Platforms-owned WhatsApp scored a major legal victory in its fight against Israeli commercial spyware vendor NSO Group after a federal judge in the U.S. state of California ruled in favor of the messaging giant for exploiting a security vulnerability to deliver Pegasus. "The limited evidentiary record before the court does show that defendants' Pegasus code was sent through plaintiffs'
Published on: December 23, 2024 | Source:Italy Fines OpenAI β¬15 Million for ChatGPT GDPR Data Privacy Violations
Italy's data protection authority has fined ChatGPT maker OpenAI a fine of 15 million ($15.66 million) over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users' information to train its service in violation of the European Union's General Data Protection Regulation (GDPR). The authority
Published on: December 23, 2024 | Source:LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice (DoJ) said in a
Published on: December 21, 2024 | Source:Friday Squid Blogging: Squid Sticker
A sticker for your water bottle. Blog moderation policy.
Published on: December 20, 2024 | Source:How to Protect Your Environment From the NTLM Vulnerability
This Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability.
Published on: December 20, 2024 | Source:Justice Department unveils charges against alleged LockBit developer
The U.S. Department of Justice revealed charges Friday against Rostislav Panev, a dual Russian and Israeli national, for his alleged role as a developer in the notorious LockBit ransomware group. Panev was arrested in Israel following a U.S. provisional arrest request and is currently awaiting extradition. Authorities allege that Panev has been an instrumental figure [β¦] The post Justice Department unveils charges...
Published on: December 20, 2024 | Source: