Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Russia's 'BlueAlpha' APT Hides in Cloudflare Tunnels
Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks.
Published on: December 05, 2024 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
FCC, for first time, proposes cybersecurity rules tied to wiretapping law
The proposed rules are a response to Salt Typhoonβs breach of at least eight U.S. telecom companies. The post FCC, for first time, proposes cybersecurity rules tied to wiretapping law appeared first on CyberScoop.
Published on: December 05, 2024 | Source:Industry leaders on CISAβs secure-by-design pledge: A great program with some issues
House lawmakers and witnesses weighed in on secure-by-design incentives, subpar developers and the initiativeβs future under new CISA leadership. The post Industry leaders on CISAβs secure-by-design pledge: A great program with some issues appeared first on CyberScoop.
Published on: December 05, 2024 | Source:Bypass Bug Revives Critical N-Day in Mitel MiCollab
A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there's a workaround.
Published on: December 05, 2024 | Source:Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges
At least 17 affiliate groups have used the "DroidBot" Android banking Trojan against 77 financial services companies across Europe, with more to come, researchers warn.
Published on: December 05, 2024 | Source:LLMs Raise Efficiency, Productivity of Cybersecurity Teams
AI-powered tools are making cybersecurity tasks easier to solve, as well as easier for the team to handle.
Published on: December 05, 2024 | Source:'Earth Minotaur' Exploits WeChat Bugs, Sends Spyware to Uyghurs
The emerging threat actor, potentially a Chinese state-sponsored APT, is using the known exploit kit Moonshine in cross-platform attacks that deliver a previously undisclosed backdoor called "DarkNimbus" to ethnic minorities, including Tibetans.
Published on: December 05, 2024 | Source:This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges
As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. "DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring," Cleafy researchers Simone Mattia, Alessandro
Published on: December 05, 2024 | Source:Exclusive: Feds are probing 764, The Comβs use of cybercriminal tactics to carry out violent crimes
Documents reviewed by CyberScoop show that law enforcement is tracking these violent criminal groupsβ use of malicious cyber tools to cause harm to children. The post Exclusive: Feds are probing 764, The Comβs use of cybercriminal tactics to carry out violent crimes appeared first on CyberScoop.
Published on: December 05, 2024 | Source:Vulnerability Management Challenges in IoT & OT Environments
By understanding the unique challenges of protecting IoT and OT devices, organizations can safeguard these critical assets against evolving cyber threats.
Published on: December 05, 2024 | Source:Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access
Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input
Published on: December 05, 2024 | Source:Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers
Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More than 200 terabytes of digital evidence have been collected. In addition, over 80 data storage devices
Published on: December 05, 2024 | Source:Want to Grow Vulnerability Management into Exposure Management? Start Here!
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident. At its core, Vulnerability Management
Published on: December 05, 2024 | Source:Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor
A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. "Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a
Published on: December 05, 2024 | Source:Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers
A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn't rule out the possibility that the intrusion may have occurred earlier. "The attackers moved laterally
Published on: December 05, 2024 | Source:How a Russian manβs harrowing tale shows the physical dangers of spyware
Citizen Lab and a Russian exile-led human rights group investigated spyware implanted on his phone after he was detained, beaten up and released. The post How a Russian manβs harrowing tale shows the physical dangers of spyware appeared first on CyberScoop.
Published on: December 05, 2024 | Source:Philip Torr: AI to the people | Starmus Highlights
Weβre on the cusp of a technological revolution that is poised to transform our lives β and we hold the power to shape its impact
Published on: December 05, 2024 | Source:Philip Torr: AI to the people | Starmus highlights
Weβre on the cusp of a technological revolution that is poised to transform our lives β and we hold the power to shape its impact
Published on: December 05, 2024 | Source:ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan
The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024. The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis. "An interesting aspect of this campaign is the comeback of a backdoor
Published on: December 05, 2024 | Source:African Law Enforcement Nabs 1,000+ Cybercrime Suspects
Authorities across 19 African countries also dismantled their infrastructure and networks, thanks to cooperation between global law enforcement and private firms.
Published on: December 05, 2024 | Source:NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions
The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, codenamed Operation Destabilise, has resulted in the arrest of 84 suspects linked to two Russian-speaking networks
Published on: December 05, 2024 | Source:CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissions
Published on: December 05, 2024 | Source:Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects
Published on: December 04, 2024 | Source:
Wyden and Schmitt Call for Investigation of Pentagon's Phone Systems
Published on: December 04, 2024 | Source:
CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat
Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say.
Published on: December 04, 2024 | Source:White House: Chinese telecom hacks have been in motion for years
A senior administration official said Wednesday the Salt Typhoon hack has impacted dozens of countries in a sweeping espionage campaign The post White House: Chinese telecom hacks have been in motion for years appeared first on CyberScoop.
Published on: December 04, 2024 | Source:Russian FSB Hackers Breach Pakistani APT Storm-0156
Parasitic advanced persistent threat (APT) Secret Blizzard accessed another APT's infrastructure, and stole the same kinds of info it targets in South Asian government and military victims.
Published on: December 04, 2024 | Source:Russian FSB Hackers Breach Pakistan's APT Storm-0156
Parasitic advanced persistent threat Secret Blizzard accesses another APT's infrastructure and steals what it has stolen from South Asian government and military targets.
Published on: December 04, 2024 | Source:Veeam Urges Updates After Discovering Critical Vulnerability
The vulnerability affects certain versions of the Veeam Service Provider Console that can only be fixed by updating with the latest patch.
Published on: December 04, 2024 | Source:Pegasus Spyware Infections Proliferate Across iOS, Android Devices
The notorious spyware from Israel's NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 2,500 mobile phones.
Published on: December 04, 2024 | Source:Federal transportation officials aim to βbridge gapsβ in OT cybersecurity
In a post-Colonial Pipeline world, DOT and TSA leaders say theyβre pursuing a cross-sector approach to protecting operational technology. The post Federal transportation officials aim to βbridge gapsβ in OT cybersecurity appeared first on CyberScoop.
Published on: December 04, 2024 | Source:Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities
The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, first observed in December 2022, is the latest instance of the nation-state adversary "embedding
Published on: December 04, 2024 | Source:Russian-linked Turla caught using Pakistani APT infrastructure for espionage
Both Microsoft and Lumenβs BlackLotus Labs found Turla spying on Afghanistan and India via Pakistani infrastructure. The post Russian-linked Turla caught using Pakistani APT infrastructure for espionage appeared first on CyberScoop.
Published on: December 04, 2024 | Source:Navigating the Changing Landscape of Cybersecurity Regulations
The evolving regulatory environment presents both challenges and opportunities for businesses.
Published on: December 04, 2024 | Source:U.S. Offered $10M for Hacker Just Arrested by Russia
In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as "Wazawaka," a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with...
Published on: December 04, 2024 | Source: