Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Manufacturers Lose Azure Creds to HubSpot Phishing Attack
Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe.
Published on: December 18, 2024 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Wallarm Releases API Honeypot Report Highlighting API Attack Trends
Published on: December 18, 2024 | Source:
New Advances in the Understanding of Prime Numbers
Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters.
Published on: December 18, 2024 | Source:The Importance of Empowering CFOs Against Cyber Threats
Working closely with CISOs, chief financial officers can become key players in protecting their organizations' critical assets and ensuring long-term financial stability.
Published on: December 18, 2024 | Source:Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets
The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block malicious activity.
Published on: December 18, 2024 | Source:HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical,
Published on: December 18, 2024 | Source:HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft
Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical,
Published on: December 18, 2024 | Source:Wald.ai Launches Data Loss Protection for AI Platforms
The cybersecurity startup's data loss protection platform uses contextual redaction to help organizations safely use private business information across AI platforms.
Published on: December 18, 2024 | Source:Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS
Published on: December 18, 2024 | Source:How to Lose a Fortune with Just One Bad Click
Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click "yes" to a Google prompt on his mobile device.
Published on: December 18, 2024 | Source:Not Your Old ActiveState: Introducing our End-to-End OS Platform
Having been at ActiveState for nearly eight years, Iβve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises manage open source for over a decade. In the early days, open source was in its infancy. We focused mainly on the
Published on: December 18, 2024 | Source:APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP
The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously
Published on: December 18, 2024 | Source:ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, itβs vital to understand the current cybersecurity vendor landscape and continually assess the effectiveness of available solutions. Luckily, the 2024 MITRE ATT&CK
Published on: December 18, 2024 | Source:Cybersecurity is never out-of-office: Protecting your business anytime, anywhere
While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack β make sure your company's defenses are ready, no matter the time of year
Published on: December 18, 2024 | Source:BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products
BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users.
Published on: December 18, 2024 | Source:INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse
INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. "The term 'pig butchering' dehumanizes and shames victims of such frauds, deterring people from coming
Published on: December 18, 2024 | Source:Meta Fined β¬251 Million for 2018 Data Breach Impacting 29 Million Accounts
Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined 251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million
Published on: December 18, 2024 | Source:Thai Police Systems Under Fire From 'Yokai' Backdoor
Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness.
Published on: December 18, 2024 | Source:CISA delivers new directive to agencies on securing cloud environments
The cyber agencyβs SCuBA guidelines were developed after pilots with 13 agencies and continue a post-SolarWinds cloud strategy. The post CISA delivers new directive to agencies on securing cloud environments appeared first on CyberScoop.
Published on: December 17, 2024 | Source:Texas Tech Fumbles Medical Data in Massive Breach
The cyberattack impacts at least 1.4 million patients, as tranches of highly sensitive personal, medical, and financial data fall into the hands of cyber crooks who have everything they need to carry out convincing social engineering and fraud attacks.
Published on: December 17, 2024 | Source:Playbook advises federal grant managers how to build cybersecurity into their programs
The guidance comes from the Office of the Director of National Cybersecurity and the Cybersecurity and Infrastructure Security Agency. The post Playbook advises federal grant managers how to build cybersecurity into their programs appeared first on CyberScoop.
Published on: December 17, 2024 | Source:Clop is back to wreak havoc via vulnerable file-transfer software
In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have exploited file-transfer software to carry out attacks. Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT [β¦] The post Clop is back to wreak havoc via vulnerable...
Published on: December 17, 2024 | Source:CISA Directs Federal Agencies to Secure Cloud Environments
Actions direct agencies to deploy specific security configurations to reduce cyber-risk.
Published on: December 17, 2024 | Source:Delinea Joins CVE Numbering Authority Program
Published on: December 17, 2024 | Source:
Hacking Digital License Plates
Not everything needs to be digital and βsmart.β License plates, for example: Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to βjailbreakβ digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, heβs able to rewrite a Reviver...
Published on: December 17, 2024 | Source:Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said. "The attacker failed to install a
Published on: December 17, 2024 | Source:Azure Data Factory Bugs Expose Cloud Infrastructure
Three vulnerabilities in the service's Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware.
Published on: December 17, 2024 | Source:CompTIA Xpert Series Expands With SecurityX Professional Certification
Program designed to validate and sharpen cybersecurity skills for working professionals.
Published on: December 17, 2024 | Source:To Defeat Cybercriminals, Understand How They Think
Getting inside the mind of a threat actor can help security pros understand how they operate and what they're looking for β in essence, what makes a soft target.
Published on: December 17, 2024 | Source:Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks
A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn't obtain the original email used to launch the attack. "One of the
Published on: December 17, 2024 | Source:Even Great Companies Get Breached β Find Out Why and How to Stop It
Even the best companies with the most advanced tools can still get hacked. Itβs a frustrating reality: youβve invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen. So, whatβs going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticedβeven in well-prepared organizations. The good
Published on: December 17, 2024 | Source:Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware
A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. "The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint
Published on: December 17, 2024 | Source:5 Practical Techniques for Effective Cyber Threat Hunting
Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel. To avoid this, use these five battle-tested techniques that are
Published on: December 17, 2024 | Source:Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection
Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday. The attacks make use of fake update alerts that employ
Published on: December 17, 2024 | Source:The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal
A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets
Published on: December 17, 2024 | Source: