Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UX'Bootkitty' First Bootloader to Take Aim at Linux
Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Small number of vulnerabilities patched in last Android security update of 2024
None of the patched bugs were considered critical. The post Small number of vulnerabilities patched in last Android security update of 2024 appeared first on CyberScoop.
Interpol Cyber-Fraud Action Nets More Than 5K Arrests
Chalk up another win for global cooperation among law enforcement, this time targeting seven types of cyber fraud, including voice phishing and business email compromise.
AWS Launches New Incident Response Service
AWS Security Incident Response will help security teams defend their organizations from account takeovers, breaches, ransomware attacks, and other types of security threats.
Name That Edge Toon: Shackled!
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Does Your Company Need a Virtual CISO?
With cybersecurity talent hard to come by and companies increasingly looking for guidance and best practices, virtual and fractional chief information security officers can make a lot of sense.
2 UK Hospitals Targeted in Separate Cyberattacks
Alder Hey Children's Hospital got hit with a ransomware attack, while the nature of an incident at Wirral University Teaching Hospital remains undisclosed.
Notorious ransomware developer charged with computer crimes in Russia
Mikhail Matveev, better known as Wazawaka, was in court last week. The post Notorious ransomware developer charged with computer crimes in Russia appeared first on CyberScoop.
Incident Response Playbooks: Are You Prepared?
The playbooks that accompany your incident response plan provide efficiency and consistency in responses, help reduce downtime and dwell time, and can be a cost-saving and reputational-saving measure for your organization.
A Guide to Securing AI App Development: Join This Cybersecurity Webinar
Artificial Intelligence (AI) is no longer a far-off dreamβitβs here, changing the way we live. From ordering coffee to diagnosing diseases, itβs everywhere. But while youβre creating the next big AI-powered app, hackers are already figuring out ways to break it. Every AI app is an opportunityβand a potential risk. The stakes are huge: data leaks, downtime, and even safety threats if security
SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan
Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. "SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks," Fortinet FortiGuard Labs said in a report shared with The Hacker News. "While
Microsoft Boosts Device Security With Windows Resiliency Initiative
Microsoft is readying a new release of Windows in 2025 that will have significant security controls, such as more resilient drivers and a "self-defending" operating system kernel.
Details about the iOS Inactivity Reboot Feature
I recently wrote about the new iOS feature that forces an iPhone to reboot after itβs been inactive for a longish period of time. Here are the technical details, discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi.
THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1)
Ever wonder what happens in the digital world every time you blink? Here's something wild - hackers launch about 2,200 attacks every single day, which means someone's trying to break into a system somewhere every 39 seconds. And get this - while we're all worried about regular hackers, there are now AI systems out there that can craft phishing emails so convincingly, that even cybersecurity
Richard Marko: Rethinking cybersecurity in the age of global challenges | Starmus Highlights
ESET's CEO unpacks the complexities of cybersecurity in todayβs hyper-connected world and highlights the power of innovation in stopping digital threats in their tracks
Richard Marko: Rethinking cybersecurity in the age of global challenges | Starmus highlights
ESET's CEO unpacks the complexities of cybersecurity in todayβs hyper-connected world and highlights the power of innovation in stopping digital threats in their tracks
8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play
Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs. "These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which
INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million
A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies. The coordinated exercise saw the participation of authorities from 40 countries, territories, and regions as part of the latest wave of Operation HAECHI-V, which took place between July and
Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested
A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. "At present,
Friday Squid Blogging: Squid-Inspired Needle Technology
Interesting research: Using jet propulsion inspired by squid, researchers demonstrate a microjet system that delivers medications directly into tissues, matching the effectiveness of traditional needles. Blog moderation policy.
How AI Is Enhancing Security in Ridesharing
Whether it's detecting fraudulent activity, preventing phishing, or protecting sensitive data, AI is transforming cybersecurity in ridesharing.
Ransomware Gangs Seek Pen Testers to Boost Quality
Qualified applicants must be able to test ransomware encryption and find bugs that might enable defenders to jailbreak the malware.
AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections
A Moscow-based company sanctioned by the U.S. earlier this year has been linked to yet another influence operation designed to turn public opinion against Ukraine and erode Western support since at least December 2023. The covert campaign undertaken by Social Design Agency (SDA) leverages videos enhanced using artificial intelligence (AI) and bogus websites impersonating reputable news sources
Month in security with Tony Anscombe β November 2024 edition
Zero days under attack, a new advisory from 'Five Eyes', thousands of ICS units left exposed, and mandatory MFA for all β it's a wrap on another month filled with impactful cybersecurity news
Race Condition Attacks against LLMs
These are two attacks against the system components surrounding LLMs: We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be bypassed, and more about whether user inputs and generated model outputs can adversely affect these other components in the broader...
Protecting Tomorrow's World: Shaping the Cyber-Physical Future
The lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025, we explored the different factors shaping the cyber-physical future. In an insightful conversation with industry experts, we discussed
Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks
Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. "This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA)
Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks
Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. "An
U.S. Citizen Sentenced for Spying on Behalf of China's Intelligence Agency
A 59-year-old U.S. citizen who immigrated from the People's Republic of China (PRC) has been sentenced to four years in prison for conspiring to act as a spy for the country and sharing sensitive information about his employer with China's principal civilian intelligence agency. Ping Li, 59, of Wesley Chapel, Florida, is said to have served as a cooperative contact for the Ministry of State
Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points β Patch ASAP
Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality,
The Future of Serverless Security in 2025: From Logs to Runtime Protection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is
XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner
Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems. The package, named @0xengine/xmlrpc, was originally published on October 2, 2023 as a JavaScript-based XML-RPC
XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner
Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems. The package, named @0xengine/xmlrpc, was originally published on October 2, 2023 as a JavaScript-based XML-RPC
Scams to look out for this holiday season
βTis the season to be wary β be on your guard and donβt let fraud ruin your shopping spree
Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware
A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique