Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXGoogle Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes
Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. "Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said. "The landing
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
5 BCDR Oversights That Leave You Exposed to Ransomware
Ransomware isnβt just a buzzword; itβs one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.8%) in a recent
New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones
Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasnβt been used for a few days, it automatically goes into its βBefore First Unlockβ state and has to be rebooted. This is a really good security feature. But various police departments donβt like it, because it makes it harder for them to unlock suspectsβ phones.
TikTok Pixel Privacy Nightmare: A New Case Study
Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But one online travel marketplace targeting young holidaymakers with ads on the popular video-sharing platform broke GDPR rules when a third-party partner misconfigured
New RustyAttr Malware Targets macOS Through Extended Attribute Abuse
Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including
Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user's NTLMv2 hash. It was patched by Microsoft earlier this
Iranian Cybercriminals Target Aerospace Workers via LinkedIn
The group seeks out aerospace professionals by impersonating job recruiters β a demographic it has targeted in the past as well β then deploys the SlugResin backdoor malware.
Google AI Platform Bugs Leak Proprietary Enterprise LLMs
The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models.
Trump administration should focus on cyber rules, grants and international partnerships, Biden official says
Anne Neuberger made her remarks on priorities for the new administration on the same day the outgoing and incoming president met to discuss the transition. The post Trump administration should focus on cyber rules, grants and international partnerships, Biden official says appeared first on CyberScoop.
Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel
A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis. "The [Israel-Hamas] conflict has not disrupted the WIRTE's
How CISOs Can Lead the Responsible AI Charge
CISOs understand the risk scenarios that can help create safeguards so everyone can use AI safely and focus on the technology's promises and opportunities.
Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims
Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker's inner workings, allowing the researchers to discover a "specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted
Mapping License Plate Scanners in the US
DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The mobile scanners on cars are not mapped.
Comprehensive Guide to Building a Strong Browser Security Program
The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions. As a result, the browser also becomes a vulnerability that
ESET Research Podcast: Gamaredon
ESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocation
OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution
A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. "Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and
Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs
Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in
Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks
The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said
Middle East Cybersecurity Efforts Catch Up After Late Start
Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East β led by Saudi Arabia and other Gulf nations βhave adopted mature frameworks and regulations amid escalating volumes of attacks.
2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit
The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.
Amazon Employee Data Compromised in MOVEit Breach
The data leak was not actually due to a breach in Amazon's systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.
Microsoft Patch Tuesday, November 2024 Edition
Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.
Moodyβs Rating adds telecoms, airlines, utilities to highest risk category
The financial ratings service says industry digital reliance increases cyber risk. The post Moodyβs Rating adds telecoms, airlines, utilities to highest risk category appeared first on CyberScoop.
New Essay Competition Explores AI's Role in Cybersecurity
The essays are to focus on the impact that artificial intelligence will have on European policy.
Trustwave and Cybereason announce merger
The deal is expected to fully close in early 2025. The post Trustwave and Cybereason announce merger appeared first on CyberScoop.
CrowdStrike Spends to Boost Identity Threat Detection
Adaptive Shield is the third security posture management provider the company has acquired in the past 14 months as identity-based attacks continue to rise.
DHS nominee Kristi Noem stood alone for rejecting department cyber grants to state, local governments
But the South Dakota governor has touted cybersecurity as her stateβs βnext big industryβ and signed cyber legislation into law. The post DHS nominee Kristi Noem stood alone for rejecting department cyber grants to state, local governments appeared first on CyberScoop.
'GoIssue' Cybercrime Tool Targets GitHub Developers En Masse
Marketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches.
Citrix Patches Zero-Day Recording Manager Bugs
There is some disagreement over whether the remote code execution (RCE) security flaws allow for unauthenticated exploitation or not. Citrix says no, but researchers say the company is downplaying a "good old unauthenticated RCE."
Hereβs the indictment against two men allegedly responsible for Snowflake customer breachΒ
Connor Moucka and John Binns were indicted in the U.S. court of Western Washington. The post Hereβs the indictment against two men allegedly responsible for Snowflake customer breach appeared first on CyberScoop.
Citrix 'Recording Manager' Zero-Day Bug Allows Unauthenticated RCE
The security vulnerability is due to an exposed Microsoft Message Queuing (MSMQ) instance and the use of the insecure BinaryFormatter.
The Power of the Purse: How to Ensure Security by Design
CISA should make its recommended goals mandatory and perform audits to ensure compliance.
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the
New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns
Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub
North Korean-linked hackers were caught experimenting with new macOS malware
Researchers canβt tell if the malware was used in a campaign, or North Korean operatives were caught before they could deploy it in the wild. The post North Korean-linked hackers were caught experimenting with new macOS malware appeared first on CyberScoop.