Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Ongoing Phishing and Malware Campaigns in December 2024
Cyber attackers never stop inventing new ways to compromise their targets. That's why organizations must stay updated on the latest threats. Here's a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you. Zero-day Attack: Corrupted Malicious Files Evade Detection by Most Security Systems The analyst
Published on: December 10, 2024 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
CERT-UA Warns of Phishing Attacks Targeting Ukraineβs Defense and Security Force
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defense companies in the country as well as its security and defense forces. The phishing attacks have been attributed to a Russia-linked threat actor called UAC-0185 (aka UNC4221), which has been active since at least 2022. "The phishing emails mimicked official messages
Published on: December 10, 2024 | Source:Microsoft NTLM Zero-Day to Remain Unpatched Until April
The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.
Published on: December 09, 2024 | Source:Millionaire Airbnb Phishing Ring Busted Up by Police
Scammers set up call centers in luxury rentals to run bank help-desk fraud, as well as large-scale phishing campaigns, across at least 10 European countries, according to law enforcement.
Published on: December 09, 2024 | Source:Attackers Can Use QR Codes to Bypass Browser Isolation
Researchers demonstrate a proof-of-concept cyberattack vector that gets around remote, on-premises, and local versions of browser isolation security technology to send malicious communications from an attacker-controlled server.
Published on: December 09, 2024 | Source:New βTermiteβ ransomware group claims responsibility for Blue Yonder cyberattack
The ransomware looks to be a re-worked variant of Babuk. The post New βTermiteβ ransomware group claims responsibility for Blue Yonder cyberattack appeared first on CyberScoop.
Published on: December 09, 2024 | Source:Genetec Physical Security Report Shows Accelerating Hybrid Cloud Adoption
More than 4% of US attempted e-commerce transactions between Thanksgiving and Cyber Monday suspected to be fraudulent.
Published on: December 09, 2024 | Source:How Art Appreciation Supplements Cybersecurity Skills
Using different parts of our brains gives us different perspectives on the world around us and new approaches to the problems we face in security.
Published on: December 09, 2024 | Source:Google Launches Open Source Patch Validation Tool
Vanir automates the process of scanning source code to identify missing security patches.
Published on: December 09, 2024 | Source:Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering
The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user's email to numerous mailing lists simultaneously," Rapid7
Published on: December 09, 2024 | Source:Large-Scale Incidents & the Art of Vulnerability Prioritization
We can anticipate a growing number of emerging vulnerabilities in the near future, emphasizing the need for an effective prioritization strategy.
Published on: December 09, 2024 | Source:β‘ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8)
This weekβs cyber world is like a big spy movie. Hackers are breaking into other hackersβ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to
Published on: December 09, 2024 | Source:Trust Issues in AI
This essay was written with Nathan E. Sanders. It originally appeared as a response to Evgeny Morozov in Boston Reviewβs forum, βThe AI We Deserve.β For a technology that seems startling in its modernity, AI sure has a long history. Google Translate, OpenAI chatbots, and Meta AI image generators are built on decades of advancements in linguistics, signal processing, statistics, and other fields going back to the early...
Published on: December 09, 2024 | Source:Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI
Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print
Published on: December 09, 2024 | Source:Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions
Identity security is all the rage right now, and rightfully so. Securing identities that access an organizationβs resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what we at SSH Communications Security want to talk about today. Letβs look at seven ways to add
Published on: December 09, 2024 | Source:Public and private sectors must partner to address generative AIβs interdependent energy and security requirements
Collaboration across government and industry is the only way to protect energy infrastructure in the generative AI age, a former ODNI official argues. The post Public and private sectors must partner to address generative AIβs interdependent energy and security requirements appeared first on CyberScoop.
Published on: December 09, 2024 | Source:Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices
A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company's security research team said in an analysis
Published on: December 09, 2024 | Source:Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks
Buying a pre-owned phone doesnβt have to mean compromising your security β take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost
Published on: December 09, 2024 | Source:Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions
In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures
Published on: December 07, 2024 | Source:Learn How Experts Secure Privileged AccountsβProven PAS Strategies Webinar
Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots that limit full visibility. Complex deployment processes.
Published on: December 07, 2024 | Source:Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data
Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. "The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said. "The company
Published on: December 07, 2024 | Source:Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok
In a historic decision, Romania's constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference. As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place. CΔlin Georgescu, who won the first round, denounced the verdict as an "officialized coup" and an attack on
Published on: December 07, 2024 | Source:Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device
Fifteen years ago I blogged about a different SQUID. Hereβs an update: Fleeing drivers are a common problem for law enforcement. They just wonβt stop unless persuadedβpersuaded by bullets, barriers, spikes, or snares. Each option is risky business. Shooting up a fugitiveβs car is one possibility. But what if children or hostages are in it? Lay down barriers, and the driver might swerve into a school bus. Spike his...
Published on: December 06, 2024 | Source:Texas Teen Arrested for Scattered Spider Telecom Hacks
An FBI operation nabbed a member of the infamous cybercrime group, who is spilling the tea on "key Scattered Spider members" and their tactics.
Published on: December 06, 2024 | Source:Microsoft Expands Access to Windows Recall AI Feature
The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode.
Published on: December 06, 2024 | Source:FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine
A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and the University of Toronto's Citizen Lab. "The spyware placed on his device allows the operator to track a target device's
Published on: December 06, 2024 | Source:Why SOC Roles Need to Evolve to Attract a New Generation
The cybersecurity industry faces a growing crisis in attracting and retaining SOC analysts.
Published on: December 06, 2024 | Source:Open Source Security Priorities Get a Reshuffle
The "Census of Free and Open Source Software" report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components.
Published on: December 06, 2024 | Source:Detecting Pegasus Infections
This tool seems to do a pretty good job. The companyβs Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for potential compromise. But the company also offers a free version of the feature...
Published on: December 06, 2024 | Source:Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike the first
Published on: December 06, 2024 | Source:Conquering the Complexities of Modern BCDR
The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures that go beyond traditional backup solutions to address the intricacies of todayβs complex IT ecosystems.
Published on: December 06, 2024 | Source:More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader
The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on
Published on: December 06, 2024 | Source:Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's designed to drop the Visual Basic Script malware, Recorded Future's Insikt Group said in a new analysis.
Published on: December 06, 2024 | Source:Compromised Software Code Poses New Systemic Risk to U.S. Critical Infrastructure
New Fortress Information Security research shows 90% of software products used by critical infrastructure organizations contain code developed in China.
Published on: December 05, 2024 | Source:Library of Congress Offers AI Legal Guidance to Researchers
Researchers testing generative AI systems can use prompt injection, re-register after being banned, and bypass rate limits without running afoul of copyright law.
Published on: December 05, 2024 | Source: