Secure Coding Through engaging hacking challenges and competitions, CTFs offer an excellent opportunity to test and enhance your security and problem-solving skills Christian Ali Bravo 13 Nov 2023 • , 3 min. read Cybersecurity is not only an ever-evolving and increasingly important concern in our digital age, but it can also be a lot of
Nov 14, 2023NewsroomCyber Espionage / Threat Intelligence Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402,
The EU has cemented ties with Ukraine on cybersecurity cooperation, with a new formal agreement designed to improve information sharing and capacity building. Announced today, the agreement formalizes discussions begun in Warsaw during the EU-Ukraine Cybersecurity Dialogue last year. It was signed by EU security agency ENISA, and Ukraine’s National Cybersecurity Coordination Center (NCCC) and the
Business Security By collecting, analyzing and contextualizing information about possible cyberthreats, including the most advanced ones, threat intelligence offers a critical method to identify, assess and mitigate cyber risk Phil Muncaster 10 Nov 2023 • , 4 min. read When it comes to mitigating an organization’s cyber risk, knowledge and expertise are power. That alone
Nov 13, 2023NewsroomNational Security / Cyber Attack Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. “This activity is believed to be part of a long-term espionage campaign,” Palo Alto Networks Unit 42 researchers said in a report last week.
Two giants of the banking and legal sectors have been breached by suspected ransomware actors, according to reports. Allen & Overy is one of the UK’s “Magic Circle” law firms. It released a statement yesterday revealing a “data incident” impacting a “small number of storage servers.” Although the firm did not name ransomware as the
The Urdu version of the Hunza News website offers readers the option to download an Android app – little do they know that the app is actually spyware 10 Nov 2023 This week, ESET researchers have described the ins and outs of a so-called watering-hole attack against a news website that delivers news about Gilgit-Baltistan,
Nov 11, 2023NewsroomThreat Intelligence / Cybercrime A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a “shift in the persistent actor’s tactics.” Sapphire Sleet, also called
Most British lawmakers are unaware or misinformed about how and where facial recognition technology (FRT) is being used, and the privacy threats it poses, according to a new Privacy International study. The rights group commissioned YouGov to poll 114 UK MPs about the technology, which uses AI to extract biometric data from facial images captured
ESET researchers have identified what appears to be a watering-hole attack on a regional news website that delivers news about Gilgit-Baltistan, a disputed region administered by Pakistan. When opened on a mobile device, the Urdu version of the Hunza News website offers readers the possibility to download the Hunza News Android app directly from the
Nov 10, 2023NewsroomCyber Warfare / Network Security The notorious Russian hackers known as Sandworm targeted an electrical substation in Ukraine last year, causing a brief power outage in October 2022. The findings come from Google’s Mandiant, which described the hack as a “multi-event cyber attack” leveraging a novel technique for impacting industrial control systems (ICS).
Microsoft has revealed a new threat campaign exploiting a zero-day vulnerability in the popular SysAid IT helpdesk software. Posting to X (formerly Twitter) yesterday, the Microsoft Threat Intelligence account said the group is the same one responsible for the MOVEit data theft and extortion campaign – a threat actor known as Lace Tempest (aka DEV-0950,
Nov 10, 2023The Hacker NewsThreat Intelligence / SecOps There is a seemingly never-ending quest to find the right security tools that offer the right capabilities for your organization. SOC teams tend to spend about a third of their day on events that don’t pose any threat to their organization, and this has accelerated the adoption
A leading UK security agency has warned of AI-generated fraud in the coming weeks, after citing new figures that shoppers lost £10.6m ($13m) to scams last festive season. The National Cyber Security Centre (NCSC) referenced new research from the National Fraud Intelligence Bureau (NFIB), run by the City of London Police. Also known as Action
Nov 09, 2023NewsroomCyber Attack / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552 (CVSS score: 7.5), the issue relates to a denial-of-service (DoS) vulnerability that could be
The share of global retailers hit by a serious ransomware breach over the past 12 months fell nearly 10 percentage points year-on-year (YoY), but just 26% were able to disrupt an attack before data was encrypted, according to Sophos. The security vendor polled 355 IT and cybersecurity leaders in retail organizations with between 100 and
Business Security Organizations that intend to tap the potential of LLMs must also be able to manage the risks that could otherwise erode the technology’s business value Phil Muncaster 06 Nov 2023 • , 5 min. read Everyone’s talking about ChatGPT, Bard and generative AI as such. But after the hype inevitably comes the reality
Nov 08, 2023The Hacker NewsWebinar / SaaS Security SaaS applications make up 70% of total company software usage, and as businesses increase their reliance on SaaS apps, they also increase their reliance on those applications being secure. These SaaS apps store an incredibly large volume of data so safeguarding the organization’s SaaS app stack and
The volume of global roaming fraud traffic is set to increase by a staggering 700% over the coming five years as scammers look to tap a growing market, according to a new study from Juniper Research. Its report, Roaming Fraud Market 2023-2028, assessed the size of the global roaming market across data, IoT, SMS and
Nov 07, 2023NewsroomVulnerability / Malware The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE described the campaign as multi-platform, with the attacks also
A security breach at identity and access management (IAM) specialist Okta impacted over 100 of its customers, a handful of which suffered follow-on session hijacking attacks as a result, the vendor has revealed. Okta notified customers about the breach on October 19, more than two weeks after being alerted to suspicious activity by one of
ESET Research How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there 01 Nov 2023 • , 3 min. read In August 2023, the notorious Mozi botnet, infamous for exploiting vulnerabilities in hundreds of thousands of IoT devices each year, experienced a sudden
Nov 06, 2023NewsroomCyber Attack / Online Security Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure. The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June
An advanced strain of malware masquerading as a cryptocurrency miner has managed to fly the radar for over five years, infecting no less than one million devices around the world in the process. That’s according to findings from Kaspersky, which has codenamed the threat StripedFly, describing it as an “intricate modular framework that supports both
The UK Frontier AI Taskforce, a government-funded initiative launched in April 2023 as the Foundation Model Taskforce, is evolving to become the UK AI Safety Institute. British Prime Minister Rishi Sunak announced the creation of the Institute during his closing speech at the AI Safety Summit, held in Bletchley Park, England, on November 2, 2023.
Video Various questions linger following the botnet’s sudden and deliberate demise, including: who actually initiated it? 03 Nov 2023 This week, ESET researchers described what they had aptly called “a fascinating case of cyberforensics” – the sudden and mysterious shutdown of the Mozi botnet. One of the world’s most notorious IoT botnets experienced a sudden
Nov 03, 2023NewsroomCloud Security / Linux The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a “new experimental campaign” designed to breach cloud environments. “Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by extracting credentials
Threat actors have compromised sensitive health data on tens of millions of US patients so far this year, according to new figures released by the Department of Health and Human Services (HHS). The HHS said that there had been a 239% increase in “large breaches” reported to its Office for Civil Rights (OCR) in the
Nov 02, 2023The Hacker NewsSaaS Security / Software This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique “freemium” model Securing employees’ SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often employ different approaches
A new social engineering campaign conducted by the “MuddyWater” group has been observed targeting two Israeli entities with tactics, techniques and procedures (TTPs) previously associated with this threat actor. MuddyWater, a group known for spear-phishing emails since 2020, has historically employed links and PDFs, RTFs and HTML attachments that direct victims to archives hosted on different file-sharing
- « Previous Page
- 1
- …
- 4
- 5
- 6
- 7
- 8
- …
- 107
- Next Page »