Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXApache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
State Departmentβs disinformation office to close after funding nixed in NDAA
The Global Engagement Center, which tracks and exposes foreign disinformation narratives in foreign countries, will see its authority to operate expire Dec. 24. The post State Departmentβs disinformation office to close after funding nixed in NDAA appeared first on CyberScoop.
Non-Human Identities Gain Momentum, Requires Both Management, Security
The number of Non-Human Identities (NHIs) in many organizations has exploded. Key trends, drivers, and market landscape in this fast-developing area are explored.
Judge grants ruling in favor of WhatsApp against spyware firm NSO Group
The ruling is arguably the most important to date against the Israeli maker of the Pegasus spyware. The post Judge grants ruling in favor of WhatsApp against spyware firm NSO Group appeared first on CyberScoop.
Criminal Complaint against LockBit Ransomware Writer
The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware.
How CISOs Can Communicate With Their Boards Effectively
With the increased frequency of board reporting, CISOs need to ensure their interactions are brief, productive, and valuable.
Feds lay blame while Chinese telecom attack continues
Opinion: Implementing new regulations amid the ongoing attack would be a massive misstep, cyber experts argue. The post Feds lay blame while Chinese telecom attack continues appeared first on CyberScoop.
Middle East Cyberwar Rages On, With No End in Sight
Since October 2023, cyberattacks among countries in the Middle East have persisted, fueled by the conflict between Israel and Hamas, reeling in others on a global scale.
Name That Toon: Sneaking Around
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case
Cybersecurity researchers have found that it's possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. "Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect," Palo Alto Networks Unit 42 researchers
β‘ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up. Hackers are using everyday tools in harmful ways, hiding spyware in trusted apps, and finding new ways to take advantage of old security gaps.
Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service
An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm. "It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable," Sophos said in a new report published last
Chris Hadfield: The sky is falling β what to do about space junk? | Starmus Highlights
The first Canadian to walk in space dives deep into the origins of space debris, how itβs become a growing problem, and how we can clean up the orbital mess
Chris Hadfield: The sky is falling β what to do about space junk? | Starmus highlights
The first Canadian to walk in space dives deep into the origins of space debris, how itβs become a growing problem, and how we can clean up the orbital mess
Top 10 Cybersecurity Trends to Expect in 2025
The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with protecting sensitive information for their customers while continuing to provide seamless and easy user experiences. Hereβs a closer look at ten emerging challenges and threats set to shape the
U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case
Meta Platforms-owned WhatsApp scored a major legal victory in its fight against Israeli commercial spyware vendor NSO Group after a federal judge in the U.S. state of California ruled in favor of the messaging giant for exploiting a security vulnerability to deliver Pegasus. "The limited evidentiary record before the court does show that defendants' Pegasus code was sent through plaintiffs'
Italy Fines OpenAI β¬15 Million for ChatGPT GDPR Data Privacy Violations
Italy's data protection authority has fined ChatGPT maker OpenAI a fine of 15 million ($15.66 million) over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users' information to train its service in violation of the European Union's General Data Protection Regulation (GDPR). The authority
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice (DoJ) said in a
Friday Squid Blogging: Squid Sticker
A sticker for your water bottle. Blog moderation policy.
How to Protect Your Environment From the NTLM Vulnerability
This Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability.
Justice Department unveils charges against alleged LockBit developer
The U.S. Department of Justice revealed charges Friday against Rostislav Panev, a dual Russian and Israeli national, for his alleged role as a developer in the notorious LockBit ransomware group. Panev was arrested in Israel following a U.S. provisional arrest request and is currently awaiting extradition. Authorities allege that Panev has been an instrumental figure [β¦] The post Justice Department unveils charges...
LockBit Ransomware Developer Arrested in Israel
Dual Russian-Israeli national Rostislav Panev was arrested last August and is facing extradition to the US for playing a critical role in LockBit's RaaS activities, dating back to the ransomware gang's origins.
US Ban on TP-Link Routers More About Politics Than Exploitation Risk
While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company's popular routers is more about geopolitics than actual cybersecurity β and that may not be a bad thing.
How Nation-State Cybercriminals Are Targeting the Enterprise
Combating nation-state threat actors at the enterprise level requires more than just cyber readiness and investment β it calls for a collaborative effort.
Managing Threats When Most of the Security Team Is Out of the Office
During holidays and slow weeks, teams thin out and attackers move in.Here are strategies to bridge gaps, stay vigilant, and keep systems secure during those lulls.
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are
ESET Research Podcast: Telekopye, again
Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthalsβ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation
Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows -
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools
A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending specially crafted
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that
Study finds βsignificant uptickβ in cybersecurity disclosures to SEC
However, less than 10% of the disclosures addressed the material impacts of the security incidents. The post Study finds βsignificant uptickβ in cybersecurity disclosures to SEC appeared first on CyberScoop.
OT/ICS Engineering Workstations Face Barrage of Fresh Malware
Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes.
Fortinet Addresses Unpatched Critical RCE Vector
Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files.
Israeli court to hear U.S. extradition request for alleged LockBit developer
Rostislav Panev allegedly served as a software developer for LockBit. The post Israeli court to hear U.S. extradition request for alleged LockBit developer appeared first on CyberScoop.