Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables
Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8. Environment variables are user-defined values that can allow a program
Published on: November 15, 2024 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin
Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange.
Published on: November 15, 2024 | Source:CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition software have come under active exploitation in the wild. To that end, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates
Published on: November 15, 2024 | Source:An Interview With the Target & Home Depot Hacker
In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making...
Published on: November 15, 2024 | Source:TSA Proposes Cyber-Risk Mandates for Pipelines, Transportation Systems
The proposed rules codify existing temporary directives requiring pipeline and railroad operators to report cyber incidents and create cyber-risk management plans.
Published on: November 15, 2024 | Source:Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme
Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently
Published on: November 14, 2024 | Source:ESET APT Activity Report Q2 2024βQ3 2024: Key findings
ESET Chief Security Evangelist Tony Anscombe highlights some of the most intriguing insights revealed in the latest ESET APT Activity Report
Published on: November 14, 2024 | Source:Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes
Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. "Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said. "The landing
Published on: November 14, 2024 | Source:5 BCDR Oversights That Leave You Exposed to Ransomware
Ransomware isnβt just a buzzword; itβs one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.8%) in a recent
Published on: November 14, 2024 | Source:New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones
Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasnβt been used for a few days, it automatically goes into its βBefore First Unlockβ state and has to be rebooted. This is a really good security feature. But various police departments donβt like it, because it makes it harder for them to unlock suspectsβ phones.
Published on: November 14, 2024 | Source:TikTok Pixel Privacy Nightmare: A New Case Study
Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But one online travel marketplace targeting young holidaymakers with ads on the popular video-sharing platform broke GDPR rules when a third-party partner misconfigured
Published on: November 14, 2024 | Source:New RustyAttr Malware Targets macOS Through Extended Attribute Abuse
Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including
Published on: November 14, 2024 | Source:Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user's NTLMv2 hash. It was patched by Microsoft earlier this
Published on: November 14, 2024 | Source:Iranian Cybercriminals Target Aerospace Workers via LinkedIn
The group seeks out aerospace professionals by impersonating job recruiters β a demographic it has targeted in the past as well β then deploys the SlugResin backdoor malware.
Published on: November 13, 2024 | Source:Google AI Platform Bugs Leak Proprietary Enterprise LLMs
The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models.
Published on: November 13, 2024 | Source:Trump administration should focus on cyber rules, grants and international partnerships, Biden official says
Anne Neuberger made her remarks on priorities for the new administration on the same day the outgoing and incoming president met to discuss the transition. The post Trump administration should focus on cyber rules, grants and international partnerships, Biden official says appeared first on CyberScoop.
Published on: November 13, 2024 | Source:Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel
A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis. "The [Israel-Hamas] conflict has not disrupted the WIRTE's
Published on: November 13, 2024 | Source:How CISOs Can Lead the Responsible AI Charge
CISOs understand the risk scenarios that can help create safeguards so everyone can use AI safely and focus on the technology's promises and opportunities.
Published on: November 13, 2024 | Source:Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims
Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker's inner workings, allowing the researchers to discover a "specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted
Published on: November 13, 2024 | Source:Mapping License Plate Scanners in the US
DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The mobile scanners on cars are not mapped.
Published on: November 13, 2024 | Source:Comprehensive Guide to Building a Strong Browser Security Program
The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions. As a result, the browser also becomes a vulnerability that
Published on: November 13, 2024 | Source:ESET Research Podcast: Gamaredon
ESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocation
Published on: November 13, 2024 | Source:OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution
A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. "Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and
Published on: November 13, 2024 | Source:Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs
Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in
Published on: November 13, 2024 | Source:Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks
The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said
Published on: November 13, 2024 | Source:Middle East Cybersecurity Efforts Catch Up After Late Start
Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East β led by Saudi Arabia and other Gulf nations βhave adopted mature frameworks and regulations amid escalating volumes of attacks.
Published on: November 13, 2024 | Source:2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit
The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.
Published on: November 12, 2024 | Source:Amazon Employee Data Compromised in MOVEit Breach
The data leak was not actually due to a breach in Amazon's systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.
Published on: November 12, 2024 | Source:Microsoft Patch Tuesday, November 2024 Edition
Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.
Published on: November 12, 2024 | Source:Moodyβs Rating adds telecoms, airlines, utilities to highest risk category
The financial ratings service says industry digital reliance increases cyber risk. The post Moodyβs Rating adds telecoms, airlines, utilities to highest risk category appeared first on CyberScoop.
Published on: November 12, 2024 | Source:New Essay Competition Explores AI's Role in Cybersecurity
The essays are to focus on the impact that artificial intelligence will have on European policy.
Published on: November 12, 2024 | Source:Trustwave and Cybereason announce merger
The deal is expected to fully close in early 2025. The post Trustwave and Cybereason announce merger appeared first on CyberScoop.
Published on: November 12, 2024 | Source:CrowdStrike Spends to Boost Identity Threat Detection
Adaptive Shield is the third security posture management provider the company has acquired in the past 14 months as identity-based attacks continue to rise.
Published on: November 12, 2024 | Source:DHS nominee Kristi Noem stood alone for rejecting department cyber grants to state, local governments
But the South Dakota governor has touted cybersecurity as her stateβs βnext big industryβ and signed cyber legislation into law. The post DHS nominee Kristi Noem stood alone for rejecting department cyber grants to state, local governments appeared first on CyberScoop.
Published on: November 12, 2024 | Source:'GoIssue' Cybercrime Tool Targets GitHub Developers En Masse
Marketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches.
Published on: November 12, 2024 | Source: