Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXScattered Spider Cybercrime Members Face Prison Time
Four of the arrested individuals of the cybercriminal gang, known for hacking MGM and Caesars, are American, all of whom could face up to 27 years in prison for the charges against them.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
How a Mental Health Nonprofit Secures Endpoints for Compassionate Care
Consolidating endpoint management boosts cybersecurity while keeping an Oklahoma-based nonprofit focused on community mental health.
Meta cracks down on millions of accounts it tied to pig-butchering scams
Itβs one part of a strategy to combat the fast-growing scheme that has cost victims billions of dollars. The post Meta cracks down on millions of accounts it tied to pig-butchering scams appeared first on CyberScoop.
Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign
As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under active exploitation in the wild. According to statistics shared by the Shadowserver Foundation, a majority of the infections have been reported in the U.S. (554) and India (461), followed by Thailand (80), Mexico (48), Indonesia
Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That's according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023.
Cybersecurity Is Critical, but Breaches Don't Have to Be Disasters
The future of cybersecurity isn't about preventing every breach β it's about learning and growing stronger with each attack.
Privacy-focused mobile phone launches for high-risk individuals
The mobile company Capeβs Android-based phone complies with U.S. law but claims to offer a higher degree of privacy for users. The post Privacy-focused mobile phone launches for high-risk individuals appeared first on CyberScoop.
How Can PR Protect Companies During a Cyberattack?
When a cybersecurity incident occurs, it's not just IT systems and data that are at risk β a company's reputation is on the line, too.
10 Most Impactful PAM Use Cases for Enhancing Organizational Security
Privileged access management (PAM) plays a pivotal role in building a strong security strategy. PAM empowers you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team. As an established provider of a PAM solution, weβve witnessed firsthand how PAM transforms organizational security. In
North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs
Threat actors with ties to the Democratic People's Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers' true origins and
Secret Service Tracking Peopleβs Locations without Warrant
This feels important: The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed on phones. Because users agreed to an opaque terms of service page, the Secret Service believes it doesnβt need a warrant.
Cyber Story Time: The Boy Who Cried "Secure!"
As a relatively new security category, many security operators and executives Iβve met have asked us βWhat are these Automated Security Validation (ASV) tools?β Weβve covered that pretty extensively in the past, so today, instead of covering the βWhat is ASV?β I wanted to address the βWhy ASV?β question. In this article, weβll cover some common use cases and misconceptions of how people misuse
Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online
New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis, which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.2% in South America,
Unveiling WolfsBane: Gelsemiumβs Linux counterpart to Gelsevirine
ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood
5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme
Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars. All of the accused parties have been
Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets,"
NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data
Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher
It's Near-Unanimous: AI, ML Make the SOC Better
Efficiency is the name of the game for the security operations center β and 91% of cybersecurity pros say artificial intelligence and machine learning are winning that game.
CISOs can now obtain professional liability insurance
A new business insurance offering can shield CISOs from personal losses in the event of a lawsuit. The post CISOs can now obtain professional liability insurance appeared first on CyberScoop.
China's 'Liminal Panda' APT Attacks Telcos, Steals Phone Data
In US Senate testimony, a CrowdStrike exec explained how this advanced persistent threat penetrated telcos in Asia and Africa, gathering SMS messages, unique identifiers, and other metadata along the way.
Β US charges five men linked to βScattered Spiderβ with wire fraud
The men have been charged with conspiracy to commit wire fraud. The post US charges five men linked to βScattered Spiderβ with wire fraud appeared first on CyberScoop.
Vulnerability disclosure policy bill for federal contractors clears Senate panel
The Homeland Security and Governmental Affairs Committee on Wednesday also advanced legislation to strengthen the federal IT supply chain. The post Vulnerability disclosure policy bill for federal contractors clears Senate panel appeared first on CyberScoop.
Alleged Ford 'Breach' Encompasses Auto Dealer Info
Cybersecurity investigators found the leaked data to be information from a third party, not Ford itself, that is already accessible to the public and not sensitive in nature.
Steve Bellovinβs Retirement Talk
Steve Bellovin is retiring. Hereβs his retirement talk, reflecting on his career and what the cybersecurity field needs next.
Apple Urgently Patches Actively Exploited Zero-Days
Though information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.
Small US Cyber Agencies Are Underfunded & That's a Problem
If the US wants to maintain its lead in cybersecurity, it needs to make the tough funding decisions that are demanded of it.
'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse
An elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a residential proxy marketplace for state-sponsored cyber-espionage actors and others to use.
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments
Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. "Criminals can now misuse Google Pay and Apple
NHIs Are the Future of Cybersecurity: Meet NHIDR
The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take
Kathryn Thornton: Correcting Hubble's vision | Starmus Highlights
The veteran of four space missions discusses challenges faced by the Hubble Space Telescope and how human ingenuity and teamwork made Hubbleβs success possible
Kathryn Thornton: Correcting Hubble's vision | Starmus highlights
The veteran of four space missions discusses challenges faced by the Hubble Space Telescope and how human ingenuity and teamwork made Hubbleβs success possible
Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that
African Reliance on Foreign Suppliers Boosts Insecurity Concerns
Recent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors.
Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity
Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised. The idea, the tech giant said, is to avoid incidents like that of CrowdStrike's earlier this July, enable more apps and users to be run without admin privileges, add controls surrounding the use of unsafe apps and drivers, and offer
China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks
A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications