Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years
The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations. "The conspirators, who worked for
Published on: December 13, 2024 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
OData Injection Risk in Low-Code/No-Code Environments
As the adoption of LCNC grows, so will the complexity of the threats organizations face.
Published on: December 13, 2024 | Source:Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms
Iran-affiliated threat actors have been linked to a new custom malware that's geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable
Published on: December 13, 2024 | Source:How to Generate a CrowdStrike RFM Report With AI in Tines
Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform. Their bi-annual βYou Did What with Tines?!β competition highlights some of the most interesting workflows submitted by their
Published on: December 13, 2024 | Source:Black Hat Europe 2024: Why a CVSS score of 7.5 may be a 'perfect' 10 in your organization
Aggregate vulnerability scores donβt tell the whole story β the relationship between a flawβs public severity rating and the specific risks it poses for your company is more complex than it seems
Published on: December 13, 2024 | Source:New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection
Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. "PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with
Published on: December 13, 2024 | Source:'Dubai Police' Lures Anchor Wave of UAE Mobile Attacks
A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore.
Published on: December 13, 2024 | Source:FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized
The U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace called Rydox ("rydox[.]ru" and "rydox[.]cc") for selling stolen personal information, access devices, and other tools for conducting cybercrime and fraud. In tandem, three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, have been arrested.
Published on: December 13, 2024 | Source:Lloyd's of London Launches New Cyber Insurance Consortium
Under the program, HITRUST-certified organizations gain access to exclusive coverage and rates.
Published on: December 12, 2024 | Source:336K Prometheus Instances Exposed to DoS, 'Repojacking'
Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.
Published on: December 12, 2024 | Source:Chinese Cops Caught Using Android Spyware to Track Mobile Devices
Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows.
Published on: December 12, 2024 | Source:Cybercriminal marketplace Rydox seized in international law enforcement operation
The Justice Department announced Thursday that it had participated in a coordinated effort to seize and dismantle Rydox, an online marketplace for stolen personal information and cybercrime tools. The operation led to the arrest of three individuals alleged to be the siteβs administrators. Rydox has been linked to over 7,600 illicit sales and generated substantial [β¦] The post Cybercriminal marketplace Rydox seized in...
Published on: December 12, 2024 | Source:IoT Cloud Cracked by 'Open Sesame' Over-the-Air Attack
Researchers at Black Hat Europe demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device.
Published on: December 12, 2024 | Source:Court indicts 14 North Korean IT workers tied to $88 million in illicit gains
Itβs part of a broader effort to counter Pyongyangβs use of tech professionals to fool U.S. companies and nonprofits. The post Court indicts 14 North Korean IT workers tied to $88 million in illicit gains appeared first on CyberScoop.
Published on: December 12, 2024 | Source:Europol Cracks Down on Holiday DDoS Attacks
In Operation PowerOFF, global authorities aim to deter individuals from engaging in malicious cyber acts.
Published on: December 12, 2024 | Source:Efforts to Secure US Telcos Beset by Salt Typhoon Might Fall Flat
The rules necessary to secure US communications have already been in place for 30 years, argues Sen. Wyden, the FCC just hasn't enforced them. It's unclear if they will help.
Published on: December 12, 2024 | Source:Notorious Nigerian cybercriminal tied to BEC scams extradited to U.S.
Abiola Kayode, a 37-year-old Nigerian national, has been extradited from Ghana to the United States to face charges of conspiracy to commit wire fraud. Kayode, who was on the FBIβs Most Wanted cybercriminal list, is charged with participating in a business email compromise (BEC) scheme and romance fraud from January 2015 to September 2016, defrauding [β¦] The post Notorious Nigerian cybercriminal tied to BEC scams...
Published on: December 12, 2024 | Source:International crackdown disrupts DDoS-for-hire operations
An operation known as PowerOFF led to the arrest of three individuals and the shutdown of 27 domains. The post International crackdown disrupts DDoS-for-hire operations appeared first on CyberScoop.
Published on: December 12, 2024 | Source:Cultivating a Hacker Mindset in Cybersecurity Defense
Security isn't just about tools β it's about understanding how the enemy thinks and why they make certain choices.
Published on: December 12, 2024 | Source:Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API
Published on: December 12, 2024 | Source:Black Hat Europe 2024: Can AI systems be socially engineered?
Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally?
Published on: December 12, 2024 | Source:Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States
The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both
Published on: December 12, 2024 | Source:Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS
Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved
Published on: December 12, 2024 | Source:SaaS Budget Planning Guide for IT Professionals
SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, itβs no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect both the bottom line and employee productivity. In this article, weβll break down this topic
Published on: December 12, 2024 | Source:WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. "This flaw poses a significant security risk, as it
Published on: December 12, 2024 | Source:Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested
A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 countries, dismantled several booter and stresser websites, including zdstresser.net, orbitalstress.net, and
Published on: December 12, 2024 | Source:Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug
The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.
Published on: December 11, 2024 | Source:Senators, witnesses: $3B for βrip and replaceβ a good start to preventing Salt Typhoon-style breaches
The annual defense spending bill contains money the FCC has sought to use to reimburse telecommunications carriers for removing Chinese equipment. The post Senators, witnesses: $3B for βrip and replaceβ a good start to preventing Salt Typhoon-style breaches appeared first on CyberScoop.
Published on: December 11, 2024 | Source:Krispy Kreme Doughnut Delivery Gets Cooked in Cyberattack
Threat actors punch holes in the company's online ordering systems, tripping up doughnut deliveries across the US after a late November breach.
Published on: December 11, 2024 | Source:How Cryptocurrency Turns to Cash in Russian Banks
A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges -- none...
Published on: December 11, 2024 | Source:Symmetrical Cryptography Pioneer Targets the Post-Quantum Era
Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can't gain enough information to breach.
Published on: December 11, 2024 | Source:Researchers Crack Microsoft Azure MFA in an Hour
A critical flaw in the company's rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.
Published on: December 11, 2024 | Source:Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service
The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically
Published on: December 11, 2024 | Source:Turla living off other cybercriminalsβ tools in order to attack Ukrainian targets
A Russian nation-state threat actor has been observed leveraging tools from other cybercriminal groups to compromise targets in Ukraine, a recent report by Microsoft Threat Intelligence disclosed. This clandestine approach, which is the second time in as many weeks that Microsoft has highlighted the groupβs effort, shows how Turla uses a wide range of attack [β¦] The post Turla living off other cybercriminalsβ tools in...
Published on: December 11, 2024 | Source:Cybersecurity Lessons From 3 Public Breaches
High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others' mistakes.
Published on: December 11, 2024 | Source: