Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday
A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields.
Published on: November 27, 2024 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Appeals court tosses sanctions on Tornado Cash crypto mixer
The mixer was sanctioned after a North Korea hacking group used the software to launder more than $455 million. The post Appeals court tosses sanctions on Tornado Cash crypto mixer appeared first on CyberScoop.
Published on: November 27, 2024 | Source:Researchers Discover "Bootkitty" β First UEFI Bootkit Targeting Linux Kernels
Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. Also tracked as IranuKit, it was uploaded
Published on: November 27, 2024 | Source:Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers
A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023, was not officially made available until August 2024 with the release of version r1720. As of November 26, 2024,
Published on: November 27, 2024 | Source:How Learning to Fly Made Me a Better Cybersecurity CEO
The lessons I've learned soaring through the skies have extended far beyond the runway.
Published on: November 27, 2024 | Source:Russian Script Kiddie Assembles Massive DDoS Botnet
Over the past year, "Matrix" has used publicly available malware tools and exploit scripts to target weakly secured IoT devices β and enterprise servers.
Published on: November 27, 2024 | Source:News Desk 2024: The Rise of Cybersecurity Platforms
Enterprise cybersecurity teams tell Omdia's Maxine Holt that they want to dig out from underneath mounting tech and pivot to a simpler platform model β but they are finding that tricky to pull off.
Published on: November 27, 2024 | Source:Bootkitty marks a new chapter in the evolution of UEFI threats
ESET researchers make a discovery that signals a shift on the UEFI threat landscape and underscores the need for vigilance against future threats
Published on: November 27, 2024 | Source:News Desk 2024: Can GenAI Write Secure Code?
GenAI's 30%-50% coding productivity boost comes with a downside β it's also generating vulnerabilities. Veracode's Chris Wysopal talks about what he finds out in this News Desk interview during Black Hat USA.
Published on: November 27, 2024 | Source:Microsoft Finally Releases Recall as Part of Windows Insider Preview
The preview version now includes multiple security-focused additions Microsoft had promised to add, such as SecureBoot, BitLocker, and Windows Hello.
Published on: November 27, 2024 | Source:NSO Group Spies on People on Behalf of Governments
The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now weβve learned that thatβs not true: that NSO Group employees operate the spyware on behalf of their customers. Legal documents released in ongoing US litigation between NSO Group and WhatsApp...
Published on: November 27, 2024 | Source:Latest Multi-Stage Attack Scenarios with Real-World Examples
Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let's examine real-world examples of some of the most common multi-stage attack scenarios that are active right now. URLs and Other Embedded
Published on: November 27, 2024 | Source:APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign
The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024. "In this attack,
Published on: November 27, 2024 | Source:INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled
An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent. Dubbed Serengeti, the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email
Published on: November 27, 2024 | Source:Israel Defies VC Downturn With More Cybersecurity Investments
With a focus on creating technologies for other markets, Israel continues to be a valued destination for venture capital in cybersecurity outside the US and Europe.
Published on: November 27, 2024 | Source:Bootkitty: Analyzing the first UEFI bootkit for Linux
ESET researchers analyze the first UEFI bootkit designed for Linux systems
Published on: November 27, 2024 | Source:Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign
A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DDoS) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a
Published on: November 27, 2024 | Source:Hacker in Snowflake Extortions May Be a U.S. Soldier
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas...
Published on: November 27, 2024 | Source:8 Tips for Hiring and Training Neurodivergent Talent
Neurodivergent talent can add so much to a cybersecurity team. How can companies ensure they have the right hiring and onboarding practices in place to help these employees succeed?
Published on: November 26, 2024 | Source:'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor
The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.
Published on: November 26, 2024 | Source:Geico, Travelers Fined $11.3M for Lax Data Security
New York state regulators punish insurers after cybercriminals illegally access customer info they then used to file scam unemployment claims during the COVID-19 pandemic.
Published on: November 26, 2024 | Source:Starbucks, UK grocers impacted by ransomware attack on Blue Yonder
A ransomware attack on supply chain management software provider Blue Yonder has impacted global operations at various companies in the United States and United Kingdom, affecting major retailers such as Starbucks and several UK-based supermarket chains. Starbucks has reported difficulties in processing payroll and managing employee schedules due to the incident, telling the Wall Street [β¦] The post Starbucks, UK...
Published on: November 26, 2024 | Source:Salt Typhoon Builds Out Malware Arsenal With GhostSpider
The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected.
Published on: November 26, 2024 | Source:AWS Rolls Out Updates to Amazon Cognito
Amazon Web Services' identity and access management platform has added new features that help developers implement secure, scalable, and customizable authentication solutions for their applications.
Published on: November 26, 2024 | Source:OpenSea Phishers Aim to Drain Crypto Wallets of NFT Enthusiasts
Cyberattackers have been targeting the online NFT marketplace with emails claiming to make an offer to a targeted user; in reality, clicking on a malicious link takes victims to a crypto-draining site.
Published on: November 26, 2024 | Source:African cybercrime crackdown nets more than 1,000 suspects
The international law enforcement operation is the latest to tackle cybercrime on the continent. The post African cybercrime crackdown nets more than 1,000 suspects appeared first on CyberScoop.
Published on: November 26, 2024 | Source:CyberRatings.org Announces Test Results for Cloud Service Provider Native Firewalls
Protection ranged from 0.38% to 50.57% for security effectiveness.
Published on: November 26, 2024 | Source:CyCognito Report Highlights Rising Cybersecurity Risks in Holiday E-Commerce
Findings reveal growing cybersecurity risks in ecommerce, exposing vulnerabilities in PII handling and lack of basic security protections like HTTPS and WAFs
Published on: November 26, 2024 | Source:My Car Knows My Secrets, and I'm (Mostly) OK With That
Imagine your car gossiping to insurance companies about your lead foot, or data brokers peddling your daily coffee run. Welcome to the world of connected cars, where convenience and privacy are locked in a head-on collision.
Published on: November 26, 2024 | Source:Firefox and Windows zero days chained to deliver the RomCom backdoor
The backdoor can execute commands and lets attackers download additional modules onto the victimβs machine, ESET research finds
Published on: November 26, 2024 | Source:Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin for WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in
Published on: November 26, 2024 | Source:What Graykey Can and Canβt Unlock
This is from 404 Media: The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Appleβs mobile operating system, according to documents describing the toolβs capabilities in granular detail obtained by 404 Media. The documents do not appear...
Published on: November 26, 2024 | Source:Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats
When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. Thatβs why Intruder, a leader in attack surface management, built Intel - a free vulnerability intelligence platform designed to help you act fast and prioritize real threats. What is Intel? Intel was created to fill a gap in the resources available for tracking emerging
Published on: November 26, 2024 | Source:Hereβs how simple it is for script kiddies to stand up DDoS services
How plug-and-play hacking tools and lax configs helped a Russian script kiddie start a scheme. The post Hereβs how simple it is for script kiddies to stand up DDoS services appeared first on CyberScoop.
Published on: November 26, 2024 | Source:RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks
The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. "In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code β without any user
Published on: November 26, 2024 | Source: