Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXU.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider
U.S. telecom service provider T-Mobile said it recently detected attempts made by bad actors to infiltrate its systems in recent weeks but noted that no sensitive data was accessed. These intrusion attempts "originated from a wireline provider's network that was connected to ours," Jeff Simon, chief security officer at T-Mobile, said in a statement. "We see no instances of prior attempts like
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Trio of South Dakota politicians set to have bigger roles on cybersecurity
The little-populated state is seeing its governor and two senators move into key positions to influence cyber policy. The post Trio of South Dakota politicians set to have bigger roles on cybersecurity appeared first on CyberScoop.
'Operation Undercut' Adds to Russia Malign Influence Campaigns
Just like Russia's DoppelgΓ€nger effort, the goal is to spread misinformation about Ukraine, and about Western efforts to help Ukraine in its war with Russia.
Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday
A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields.
Appeals court tosses sanctions on Tornado Cash crypto mixer
The mixer was sanctioned after a North Korea hacking group used the software to launder more than $455 million. The post Appeals court tosses sanctions on Tornado Cash crypto mixer appeared first on CyberScoop.
Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers
A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023, was not officially made available until August 2024 with the release of version r1720. As of November 26, 2024,
Researchers Discover "Bootkitty" β First UEFI Bootkit Targeting Linux Kernels
Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. Also tracked as IranuKit, it was uploaded
How Learning to Fly Made Me a Better Cybersecurity CEO
The lessons I've learned soaring through the skies have extended far beyond the runway.
Russian Script Kiddie Assembles Massive DDoS Botnet
Over the past year, "Matrix" has used publicly available malware tools and exploit scripts to target weakly secured IoT devices β and enterprise servers.
News Desk 2024: The Rise of Cybersecurity Platforms
Enterprise cybersecurity teams tell Omdia's Maxine Holt that they want to dig out from underneath mounting tech and pivot to a simpler platform model β but they are finding that tricky to pull off.
Bootkitty marks a new chapter in the evolution of UEFI threats
ESET researchers make a discovery that signals a shift on the UEFI threat landscape and underscores the need for vigilance against future threats
News Desk 2024: Can GenAI Write Secure Code?
GenAI's 30%-50% coding productivity boost comes with a downside β it's also generating vulnerabilities. Veracode's Chris Wysopal talks about what he finds out in this News Desk interview during Black Hat USA.
Microsoft Finally Releases Recall as Part of Windows Insider Preview
The preview version now includes multiple security-focused additions Microsoft had promised to add, such as SecureBoot, BitLocker, and Windows Hello.
NSO Group Spies on People on Behalf of Governments
The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now weβve learned that thatβs not true: that NSO Group employees operate the spyware on behalf of their customers. Legal documents released in ongoing US litigation between NSO Group and WhatsApp...
Latest Multi-Stage Attack Scenarios with Real-World Examples
Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let's examine real-world examples of some of the most common multi-stage attack scenarios that are active right now. URLs and Other Embedded
APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign
The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024. "In this attack,
INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled
An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent. Dubbed Serengeti, the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email
Israel Defies VC Downturn With More Cybersecurity Investments
With a focus on creating technologies for other markets, Israel continues to be a valued destination for venture capital in cybersecurity outside the US and Europe.
Bootkitty: Analyzing the first UEFI bootkit for Linux
ESET researchers analyze the first UEFI bootkit designed for Linux systems
Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign
A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DDoS) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a
Hacker in Snowflake Extortions May Be a U.S. Soldier
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas...
8 Tips for Hiring and Training Neurodivergent Talent
Neurodivergent talent can add so much to a cybersecurity team. How can companies ensure they have the right hiring and onboarding practices in place to help these employees succeed?
'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor
The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.
Geico, Travelers Fined $11.3M for Lax Data Security
New York state regulators punish insurers after cybercriminals illegally access customer info they then used to file scam unemployment claims during the COVID-19 pandemic.
Starbucks, UK grocers impacted by ransomware attack on Blue Yonder
A ransomware attack on supply chain management software provider Blue Yonder has impacted global operations at various companies in the United States and United Kingdom, affecting major retailers such as Starbucks and several UK-based supermarket chains. Starbucks has reported difficulties in processing payroll and managing employee schedules due to the incident, telling the Wall Street [β¦] The post Starbucks, UK...
Salt Typhoon Builds Out Malware Arsenal With GhostSpider
The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected.
AWS Rolls Out Updates to Amazon Cognito
Amazon Web Services' identity and access management platform has added new features that help developers implement secure, scalable, and customizable authentication solutions for their applications.
OpenSea Phishers Aim to Drain Crypto Wallets of NFT Enthusiasts
Cyberattackers have been targeting the online NFT marketplace with emails claiming to make an offer to a targeted user; in reality, clicking on a malicious link takes victims to a crypto-draining site.
African cybercrime crackdown nets more than 1,000 suspects
The international law enforcement operation is the latest to tackle cybercrime on the continent. The post African cybercrime crackdown nets more than 1,000 suspects appeared first on CyberScoop.
CyberRatings.org Announces Test Results for Cloud Service Provider Native Firewalls
Protection ranged from 0.38% to 50.57% for security effectiveness.
CyCognito Report Highlights Rising Cybersecurity Risks in Holiday E-Commerce
Findings reveal growing cybersecurity risks in ecommerce, exposing vulnerabilities in PII handling and lack of basic security protections like HTTPS and WAFs
My Car Knows My Secrets, and I'm (Mostly) OK With That
Imagine your car gossiping to insurance companies about your lead foot, or data brokers peddling your daily coffee run. Welcome to the world of connected cars, where convenience and privacy are locked in a head-on collision.
Firefox and Windows zero days chained to deliver the RomCom backdoor
The backdoor can execute commands and lets attackers download additional modules onto the victimβs machine, ESET research finds
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin for WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in
What Graykey Can and Canβt Unlock
This is from 404 Media: The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Appleβs mobile operating system, according to documents describing the toolβs capabilities in granular detail obtained by 404 Media. The documents do not appear...