Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below - CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted
Published on: December 17, 2024 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
BlackBerry to Sell Cylance to Arctic Wolf
Arctic Wolf plans to integrate Cylance's endpoint detection and response (EDR) technology into its extended detection and response (XDR) platform.
Published on: December 16, 2024 | Source:Arctic Wolf acquires Cylance from BlackBerry for $160 million
The once-prominent technology firm bought Cylance for $1.4 billion in 2018. The post Arctic Wolf acquires Cylance from BlackBerry for $160 million appeared first on CyberScoop.
Published on: December 16, 2024 | Source:Does Desktop AI Come With a Side of Risk?
Artificial intelligence capabilities are coming to a desktop near you β with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks?
Published on: December 16, 2024 | Source:Citizen Development Moves Too Fast for Its Own Good
While low-code/no-code tools can speed up application development, sometimes it's worth taking a slower approach for a safer product.
Published on: December 16, 2024 | Source:CISA pitches updated cyber incident response plan as an βagile, actionableβ framework
The agency is seeking public comment on its much-anticipated draft update to 2016βs PPD-41. The post CISA pitches updated cyber incident response plan as an βagile, actionableβ framework appeared first on CyberScoop.
Published on: December 16, 2024 | Source:PHP backdoor looks to be work of Chinese-linked APT group
Known as Glutton, researchers at QiAnXinβs XLab believe Winnti is responsible for the malware. The post PHP backdoor looks to be work of Chinese-linked APT group appeared first on CyberScoop.
Published on: December 16, 2024 | Source:The Education Industry: Why Its Data Must Be Protected
The sector must prioritize comprehensive data protection strategies to safeguard PII in an aggressive threat environment.
Published on: December 16, 2024 | Source:ESET Threat Report H2 2024: Key findings
ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025
Published on: December 16, 2024 | Source:DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. "Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising β delivering over
Published on: December 16, 2024 | Source:NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool
A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. "NoviSpy allows for capturing sensitive personal data from a target's phone after infection and provides the ability to turn on the phone's microphone or camera remotely," the
Published on: December 16, 2024 | Source:Short-Lived Certificates Coming to Letβs Encrypt
Starting next year: Our longstanding offering wonβt fundamentally change next year, but we are going to introduce a new offering thatβs a big shift from anything weβve done beforeβshort-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event. Because weβve done so much to...
Published on: December 16, 2024 | Source:Data Governance in DevOps: Ensuring Compliance in the AI Era
With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, weβll explore the concept of CI/CD pipeline governance and why it's vital, especially as AI becomes
Published on: December 16, 2024 | Source:Amnesty International exposes Serbian policeβs use of spyware on journalists, activists
The comprehensive report showed how Serbian law enforcement combined Cellebriteβs tech with a novel Android-focused spyware program. The post Amnesty International exposes Serbian policeβs use of spyware on journalists, activists appeared first on CyberScoop.
Published on: December 16, 2024 | Source:Microsoft Teams Vishing Spreads DarkGate RAT
A thwarted attack demonstrates that threat actors using yet another delivery method for the malware, which already has been spread using phishing emails, malvertising, hijacking of instant messages, and SEO poisoning.
Published on: December 16, 2024 | Source:New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide
Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. "The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest
Published on: December 16, 2024 | Source:ESET Threat Report H2 2024
A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
Published on: December 16, 2024 | Source:New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP
Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti (
Published on: December 16, 2024 | Source:Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes
The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia's Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games." Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv. These groups, per the agency,
Published on: December 16, 2024 | Source:Upcoming Speaking Events
This is a current list of where and when I am scheduled to speak: Iβm speaking at a joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM, in Boston, Massachusetts, USA, at 7:00 PM ET on Thursday, January 9, 2025. The event will take place at the Massachusetts Institute of Technology in Room 32-G449 (Kiva), as well as online via Zoom. Please register in advance if you plan to attend (whether...
Published on: December 14, 2024 | Source:Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action
Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains
Published on: December 14, 2024 | Source:Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques
Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior engineer for Netskope's Security Efficacy team, told The Hacker News. "The Yokai backdoor itself is not
Published on: December 14, 2024 | Source:Zerto Introduces Cloud Vault Solution for Enhanced Cyber Resilience Through MSPs
Published on: December 13, 2024 | Source:
Versa Introduces Integrated Endpoint Data Loss Prevention in SASE Solution
Published on: December 13, 2024 | Source:
Friday Squid Blogging: Biology and Ecology of the Colossal Squid
Good survey paper. Blog moderation policy.
Published on: December 13, 2024 | Source:Cleo MFT Zero-Day Exploits Are About Escalate, Analysts Warn
Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued.
Published on: December 13, 2024 | Source:Cleo MFT Zero-Day Exploits Are About to Escalate, Analysts Warn
Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued.
Published on: December 13, 2024 | Source:Generative AI Security Tools Go Open Source
Businesses deploying large language models and other GenAI systems have a growing collection of open source tools for testing AI security.
Published on: December 13, 2024 | Source:With 'TPUXtract,' Attackers Can Steal Orgs' AI Models
A new side-channel attack method is a computationally practical way to infer the structure of a convolutional neural network β meaning that cyberattackers or rival companies can plagiarize AI models and take their data for themselves.
Published on: December 13, 2024 | Source:Test Your Cyber Skills With the SANS Holiday Hack Challenge
Open to players of all skill levels, the "Snow-mageddon" cybersecurity competition takes place in the world of Santa, elves, and Christmas mayhem.
Published on: December 13, 2024 | Source:Arizona man arrested for alleged involvement in violent online terror networks
Baron Martin is linked to extremist online networks 764 and CVLT. The post Arizona man arrested for alleged involvement in violent online terror networks appeared first on CyberScoop.
Published on: December 13, 2024 | Source:390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that
Published on: December 13, 2024 | Source:Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the
Published on: December 13, 2024 | Source:Ultralytics Supply-Chain Attack
Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics βwhich has almost 60 million downloadsβwas published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the projectβs build environment...
Published on: December 13, 2024 | Source:Black Hat Europe 2024: Hacking a car β or rather, its infotainment system
Our βcomputers on wheelsβ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow
Published on: December 13, 2024 | Source: