Nov 25, 2023NewsroomData Security / Vulnerability The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief description of the vulnerabilities is as follows – Disclosure of sensitive credentials and configuration in containerized deployments impacting graphapi versions from
admin
Security researchers have found a way to bypass the popular Windows Hello fingerprint authentication technology, after discovering multiple vulnerabilities. Microsoft’s Offensive Research and Security Engineering (MORSE) asked Blackwing Intelligence to evaluate the security of the top three fingerprint sensors embedded in laptops. The firm studied a Dell Inspiron 15, a Lenovo ThinkPad T14 and a Microsoft
Digital Security AI-driven voice cloning can make things far too easy for scammers – I know because I’ve tested it so that you don’t have to learn about the risks the hard way. Jake Moore 22 Nov 2023 • , 6 min. read The recent theft of my voice brought me to a new fork in the
Nov 25, 2023NewsroomCyber Attack / Threat Intelligence An unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what’s suspected to be an advanced persistent threat (APT) attack. The web shell, a dynamic-link library (DLL) named “hrserv.dll,” exhibits “sophisticated features such as custom encoding methods for client communication and
House sales and purchases across the UK have been disrupted by a cyber-attack affecting multiple conveyancing firms. CTS, a legal sector specialist infrastructure service provider, confirmed in a statement that it has experienced a service outage caused by a cyber-incident. The firm said the cyber-attack has impacted a portion of the services it delivers to
We recently published a blogpost about Telekopye, a Telegram bot that helps cybercriminals scam people in online marketplaces. Telekopye can craft phishing websites, emails, SMS messages, and more. In the first part, we wrote about technical details of Telekopye and hinted at hierarchical structure of its operational groups. In this second part, we focus on
Nov 24, 2023The Hacker NewsDeveloper Tools / API Security The title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian’s engineers had to solve in implementing the mechanisms for their new HasMySecretLeaked service. They wanted to help developers find out if their secrets (passwords, API keys,
Software supply chain attacks conducted by North Korean hackers have skyrocketed over the past few years, according to UK and South Korean government agencies. The MagicLine4NX and 3CX compromises, which both started in March 2023, are two of the most recent examples. To raise public awareness and help prevent compromise, the UK’s National Cyber Security
Digital Security What happens when problems caused by autonomous vehicles are not the result of errors, but the result of purposeful attacks? 21 Nov 2023 • , 7 min. read Fleets of robotaxis hit the brakes, citing the need to “rebuild public trust”. This story had been brewing for a while. It seemed fairly inconsequential
Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That’s why it’s essential that these teams not only have the right
Several government agencies and cybersecurity organizations have raised the alarm in response to multiple threat actor groups exploiting Citrix Bleed, a vulnerability affecting Citrix’s NetScaler web application delivery control (ADC) and NetScaler Gateway appliances. As part of the #StopRansomware coalition, an advisory was issued on November 21 warning organizations about ongoing exploitation of the vulnerability
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks Like the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot. Employees are covertly using AI with little regard for established IT and cybersecurity review procedures. Considering ChatGPT’s meteoric rise to 100 million users
The chief operating officer (COO) of a US network security firm has pleaded guilty to compromising the IT systems of two hospitals in order to generate business for his company. Securolytics executive, Vikas Singla, admitted hacking Gwinnett Medical Center (GMC) hospitals in Duluth and Lawrenceville, Georgia, as explained in a 2021 indictment. The incidents, which
Nov 21, 2023The Hacker NewsCybercrime / Malware Analysis Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information or installing malicious software. One of the latest trends in phishing is the use of QR codes, CAPTCHAs, and steganography. See how they are carried out and
A former NHS secretary has been fined by the data protection regulator after illegally accessing the medical records of over 150 people. The Information Commissioner’s Office (ICO) said that a complaint was first lodged back in June 2019, after a patient raised concerns that their records had been improperly accessed by Loretta Alborghetti, from Redditch.
Today’s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats. On
Royal Mail has revealed a multimillion-pound cost attached to a serious ransomware breach it suffered earlier this year. The British postal service company was hit by a LockBit affiliate, in an incident which caused “severe service disruption” for items sent abroad. It later transpired that the ransomware actors were demanding nearly $80m from the firm
Nov 18, 2023NewsroomCyber Attack / USB Worm Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called LitterDrifter in attacks targeting Ukrainian entities. Check Point, which detailed Gamaredon’s (aka Aqua Blizzard, Iron Tilden, Primitive Bear, Shuckworm, and Winterflounder) latest tactics, branded the group as engaging
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have released a detailed cybersecurity advisory on the sophisticated Scattered Spider threat group, urging critical infrastructure (CNI) firms to implement its mitigation recommendations. The group (also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest and Muddled Libra) is thought to be responsible for big-name
Video An attack against a port operator that ultimately hobbled some 40 percent of Australia’s import and export capacity highlights the kinds of supply chain shocks that a successful cyberattack can cause 17 Nov 2023 This week, one of Australia’s major port operators, DP World, had to pull the plug on its internet connection and
The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks. The findings come from Cisco Talos, which has recorded an increase in activity carried out by cybercriminals. “Most of the group’s Phobos variants are distributed by SmokeLoader, a backdoor trojan,” security researcher Guilherme Venere
involving the spoofing of luxury brands, including Louis Vuitton, Rolex, and Ray-Ban. The hackers craft enticing emails promising heavy discounts on these luxury products, with the email addresses manipulated to mimic the authenticity of the brands. Despite the appearance of legitimacy, a closer look reveals that the email origins have no connection to the actual
Social Media How much contact and personal information do you give away in your LinkedIn profile and who can see it? Here’s why less may be more. Daniel Cunha Barbosa 16 Nov 2023 • , 4 min. read Several friends recently asked me how cybercriminals could gain access to their contact data, especially their mobile
Nov 17, 2023The Hacker News In 2023, the cloud isn’t just a technology—it’s a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip of the iceberg in the cloud security warzone. In collaboration with the esteemed experts from Lacework Labs, The Hacker News proudly presents an exclusive webinar: ‘Navigating the Cloud Attack Landscape:
Almost half (29) of the 60 ransomware groups tracked by WithSecure in 2023 began operations this year, the security vendor has claimed. WithSecure’s analysis found that, although more established groups (8Base, Alphv/BlackCat, Clop, LockBit and Play) accounted for over half of data leaks in the first nine months of 2023, the new wave of ransomware variants
We Live Progress Discover six games that will provide valuable knowledge while turning learning about digital security into an enjoyable and rewarding adventure Luiza Pires 14 Nov 2023 • , 4 min. read In this day and age, knowing your way around the digital world is not merely a valuable asset – it is a
Nov 16, 2023NewsroomCyber Warfare / Threat Intelligence Russian threat actors have been possibly linked to what’s been described as the “largest cyber attack against Danish critical infrastructure,” in which 22 companies associated with the operation of the country’s energy sector were targeted in May 2023. “22 simultaneous, successful cyberattacks against Danish critical infrastructure are not
The Information Commissioner’s Office (ICO) has urged shoppers to investigate the privacy and security credentials of any smart technologies they’re planning to buy this Black Friday. The data protection regulator, which is currently reviewing the tech category before issuing new guidance next year, warned that many buyers may unwittingly put their personal data at risk.
What do basketball teams, government agencies, and car manufacturers have in common? Each one has been breached, having confidential, proprietary, or private information stolen and exposed by insiders. In each case, the motivations and methods varied, but the risk remained the same: insiders have access to too much data with too few controls. Insider threats
A Middle Eastern advanced persistent threat (APT) group launched a new series of targeted cyber-espionage attacks from July to October 2023, using a new initial access downloader dubbed IronWind, according to Proofpoint. The security vendor identified the actor as TA402 (aka Molerats, Gaza Cybergang, Frankenstein, WIRTE), which it said supports Palestinian intelligence gathering objectives. Although
- « Previous Page
- 1
- …
- 3
- 4
- 5
- 6
- 7
- …
- 107
- Next Page »