Category: CySecurity News – Latest Information Security and Hacking Incidents

  Amazon has confirmed that some employee data was accessed last year, presumably as part of the huge MOVEit hacking campaign. A hacker recently revealed on the BreachForums cybercrime forum that they had stolen Amazon employee information, such as names,…

Read more →

  It has been espoused in the generative AI phenomenon that the technology’s key uses would include providing personalized shopping experiences for customers and creating content. Nonetheless, generative AI can also be seen to be having a very real impact…

Read more →

  Cybersecurity experts have issued a new warning about a large-scale phishing attack targeting Gmail users worldwide. Researchers at Check Point have uncovered the threat, which uses fake Gmail accounts to send emails impersonating well-known companies. These fraudulent messages claim…

Read more →

  The latest phishing attacks involve users being victimised in private information scams through the use of Microsoft Visio files. According to a security firm called Perception Point, the trick mainly involves using the .vsdx file extension, used for business…

Read more →

  Have I Been Pwned warns that an alleged data breach compromised the private data of 56,904,909 Hot Topic, Box Lunch, and Torrid users. Hot Topic is an American retail franchise that specialises in counterculture-themed clothes, accessories, and licensed music…

Read more →

  An essential element of effective crisis management is preparing for both visible and hidden risks. A recent report by Riskonnect, a risk management software provider, warns that companies often overlook the potential threats associated with AI. Although AI offers…

Read more →

  There has recently been a rise in the botnet activity created by the Chinese threat group Volt Typhoon, which leverages similar techniques and infrastructure as those previously created by the group. SecurityScorecard reports that the botnet has recently made…

Read more →

The Transportation Security Administration recently unveiled a proposed rule that would permanently codify cybersecurity reporting requirements in certain segments of U.S. transportation, including pipelines and railroads. This change is set to be permanent after the agency introduced temporary reporting requirements…

Read more →

  Users have always found browser extensions to be a useful tool for increasing productivity and streamlining tasks. They have, however, become a prime target for malicious actors attempting to exploit flaws, impacting both individual users and companies.  Despite efforts…

Read more →

  About two months before the Newpark Resources attack, oilfield services giant Halliburton had been afflicted with a cyberattack that it then disclosed in a regulatory filing, which occurred about two months earlier.  Last week, Halliburton, the world’s largest energy…

Read more →

  On November 8, the World Health Organization (WHO) joined over 50 countries in issuing an urgent warning at the United Nations about the increase in ransomware attacks on healthcare systems worldwide. WHO Director-General Tedros Adhanom Ghebreyesus addressed the UN…

Read more →

  A recent security vulnerability identified as CVE-2024-47295 poses a serious risk for several SEIKO EPSON devices, potentially granting attackers administrative control. This vulnerability stems from a weak initial password setup within SEIKO EPSON’s Web Config software, which manages network…

Read more →

  BlueNoroff, a North Korean threat actor, has been attacking crypto firms with a new multistage malware for macOS systems.  According to the researchers, the campaign is known as Hidden Risk, and it lures victims with emails that include fake…

Read more →

  Hundreds of organizations worldwide have recently fallen victim to a sophisticated spear-phishing campaign, where emails falsely claiming copyright infringement are used to deliver an advanced infostealer malware. Since July, Check Point Research has tracked the distribution of these emails…

Read more →

  The U.S. Supreme Court is deliberating on a high-stakes shareholder lawsuit involving Meta (formerly Facebook), where investors claim the tech giant misled them by omitting crucial data breach information from its risk disclosures. The case, Facebook v. Amalgamated Bank,…

Read more →

  Cyber scammers give new warnings as they do not stop scamming unsuspecting web shoppers through a new phishing campaign posing to be online stores. Many of these fake stores Google has removed from its search results, but links remain…

Read more →

  Recently, a critical VBR (Veeam Backup & Replication) security flaw was exploited by cyber thieves to distribute Frag ransomware along with the Akira and Fog ransomware attacks. Florian Hauser, a security researcher with Code White, has discovered that the…

Read more →

Microsoft emphasized in its 2024 annual Digital Defense report that the cyber threat landscape remains both “dangerous and complex,” posing significant risks to organizations, users, and devices worldwide. The Expanding Threat Landscape Every day, Microsoft’s customers endure more than 600…

Read more →

  The Finnish telecoms equipment firm Nokia is looking into the suspected release of source code material on a criminal hacking site. See also: Gartner Market Guide for DFIR Retainer Services. An attacker going by the handle “IntelBroker,” who is…

Read more →

  The number of hospitals that have been affected by ransomware, business email compromise, and other cyber threats is increasing across all sectors, from small community hospitals such as Memorial Hospital and Manor in Bainbridge, Georgia, to those with a…

Read more →

  In today’s world, the threat of cyberattacks is an ever-present concern for businesses of all sizes. The scenario of receiving a call at 4 a.m. informing you that your company has been hit by a ransomware attack is no…

Read more →

  Advanced hacking toolkit Winos4.0 spreads across the globe, security experts warn. Originally reported by Trend Micro, this new toolkit-just like known kits Cobalt Strike and Sliver-was connected to a string of recent cyber attacks in China, having initially spread…

Read more →

  Several experts have warned that hackers are using malware to attack Windows systems with the intention of mining cryptocurrency and stealing sensitive information from their devices. The latest Kaspersky Security Report claims to have spotted tens of thousands of…

Read more →

 For retro gaming fans, playing classic video games from decades past is a dream, but it’s tough to do legally. This is where game emulation comes in — a way to recreate old consoles in software, letting people play vintage…

Read more →

  Zero-knowledge proof (ZKP) has emerged as a critical security component in Web3 and blockchain because it ensures data integrity and increases privacy. It accomplishes this by allowing verification without exposing data. ZKP is employed on cryptocurrency exchanges to validate…

Read more →

Advertising is a key driver of revenue for many online platforms. However, it has also become a lucrative target for cybercriminals who exploit ad networks to distribute malicious software, a practice known as malvertising. The National Cyber Security Centre (NCSC)…

Read more →

Microsoft has unveiled a sweeping cyber threat posed by a sophisticated Chinese botnet, Quad7, targeting organizations worldwide through advanced password spray attacks. Operated by a group identified as Storm-0940, this campaign primarily aims at high-value entities, including think tanks, government…

Read more →

  As part of its commitment to protecting users’ privacy, Google has announced that by the end of 2025, all Google Cloud accounts will have to implement multi-factor authentication (MFA), also called two-step verification. Considering the sensitive nature of cloud…

Read more →

  Cyber thieves are making use of DocuSign’s Envelopes API to send fake invoices in good faith, complete with names that are giveaways of well-known brands such as Norton and PayPal. Because these messages are sent from a verified domain…

Read more →

  The FBI has warned users of popular email providers such as Gmail, Outlook, Yahoo, and AOL regarding a surge in online criminal activity that compromises email accounts, including those secured by multifactor authentication (MFA).  Online criminals lure people into…

Read more →

  Cisco recently disclosed a critical security vulnerability, tracked as CVE-2024-20418, that affects specific Ultra-Reliable Wireless Backhaul (URWB) access points used in industrial settings. These URWB access points are essential for maintaining robust wireless networks in environments like manufacturing plants,…

Read more →

  OpenAI is taking the challenge of bringing into existence the very first powerful AI agents designed specifically to revolutionise the future of software development. It became so advanced that it could interpret in plain language instructions and generate complex…

Read more →

In the evolving world of AI, data transparency and user privacy are gaining significant attention as companies rely on massive amounts of information to fuel their AI models. While Big Tech giants need enormous datasets to train their AI systems,…

Read more →

  Pakistan’s APT36 threat outfit has been deploying a new and upgraded version of its core ElizaRAT custom implant in what looks to be an increasing number of successful assaults on Indian government agencies, military entities, and diplomatic missions over…

Read more →

  Recent research by NordPass and NordStellar, backed by NordVPN, has shed light on small private businesses being prime targets for cybercriminals. After analyzing around 2,000 global data breaches over two years, they found that retail and technology sectors, particularly…

Read more →

In an unprecedented move, Operation Synergia II has significantly strengthened global cybersecurity efforts. Led by INTERPOL, this extensive operation focused on dismantling malicious networks and thwarting cyber threats across 95 countries. Spanning from April to August 2024, the initiative marks…

Read more →

  Researchers recently revealed that OpenAI’s ChatGPT-4o voice API could be exploited by cybercriminals for financial scams, showing some success despite moderate limitations. This discovery has raised concerns about the misuse potential of this advanced language model. ChatGPT-4o, OpenAI’s latest…

Read more →

  In July, a ransomware attack on Columbus, Ohio, compromised the personal information of an estimated 500,000 residents, marking one of the largest cyber incidents to affect a city in the United States in recent years. There has been great…

Read more →

One of the most alarming trends in recent times is the surge in digital arrest scams, particularly in India. These scams involve cybercriminals impersonating law enforcement officials to extort money from unsuspecting victims.  Cybersecurity threats are rapidly escalating in India,…

Read more →

  Japan Computer Emergency Response Team (JPCERT/CC) has published guidance on early identification of ransomware attacks in the system using Windows Event Logs. Probably by reviewing these logs, firms would identify some signs or clues of an existing ransomware attack…

Read more →

  A new study by consumer group Which? has revealed that popular smart devices are gathering excessive amounts of personal data from users, often beyond what’s required for functionality. The study examined smart TVs, air fryers, speakers, and wearables, rating…

Read more →

  Data collection and use raise serious privacy concerns, even though they can improve driving safety, efficiency, and the whole experience. The automotive industry’s ability to collect, analyse, and exchange such data outpaces the legislative frameworks intended to protect individuals.…

Read more →

  The National Cyber Security Centre (NCSC) recently disclosed the presence of a Linux malware, “Pigmy Goat,” specifically designed to breach Sophos XG firewall devices. This malware, allegedly developed by Chinese cyber actors, represents a significant evolution in network infiltration…

Read more →

  Having access to a Gmail account in the present world is rather dangerous because hackers create new ways of penetrating the account, even if it at times employs a 2FA security feature. While methods like passkey sign-ins and secure…

Read more →

  In a groundbreaking development for Internet of Things (IoT) security, a team of researchers led by Wei Wang has introduced a novel distributed federated intrusion detection system. The study, published in Frontiers of Computer Science and co-published by Higher…

Read more →

In an alarming development for the tech community, especially for those immersed in the Web3 ecosystem, a supply chain attack has targeted the popular animation library, Lottie-Player. If users fall for this prompt, it could enable attackers to drain cryptocurrency…

Read more →

  The US Supreme Court is set to take two landmark cases over Facebook and Nvidia that may rewrite the way investors sue the tech sector after scandals. Two firms urge the Court to narrow legal options available for investment…

Read more →

  Cyble Research and Intelligence Labs (CRIL) has discovered new IT vulnerabilities that affect Fortinet, SonicWall, Grafana Labs, and CyberPanel, among others.  The report for the week of October 23-29 identifies seven security flaws that require immediate attention from security…

Read more →

  Imagine receiving an email with a photo of your house, address, and a threatening message that seems ripped from a horror movie. Unfortunately, this is the reality of modern phishing scams, where attackers use personal information to intimidate victims…

Read more →

  It has been discovered that a newer version of LightSpy spyware, commonly used to target iOS devices, has been enhanced with the capability to compromise the security and stability of the device. LightSpy for macOS was first discovered by…

Read more →

  Phone number of the RCMP used in scams across Thunder Bay. The local Royal Canadian Mounted Police detachment is warning residents of Thunder Bay about a phone scam. Scammers are spoofing the official RCMP number, 807-623-2791, which will have…

Read more →

  Bank fraud is becoming an increasingly serious issue, with cybercriminals devising new tactics to access people’s bank accounts. In 2023, global losses from bank fraud reached nearly $500 billion, according to the 2024 NASDAQ Global Financial Crimes Report. As…

Read more →

  Jacob Steinhardt, an assistant professor at the University of California, Berkeley, shared insights at a recent event in Toronto, Canada, hosted by the Global Risk Institute. During his keynote, Steinhardt, an expert in electrical engineering, computer science, and statistics,…

Read more →

  If you ask some of the field’s top cybersecurity executives what their biggest concerns are, you might not expect bored teenagers to come up. However, in recent years, this totally new generation of money-motivated hackers has carried out some…

Read more →

Data Privacy and State Access Russia’s Ministry of Digital Development, Communications, and Mass Media has introduced a draft decree specifying the conditions under which authorities can access staff and customer data from businesses operating in Russia, according to Forbes. The…

Read more →

  Generative AI has introduced a new wave of technological innovation, but it also brings a set of unique challenges and risks. According to Phil Venables, Chief Information Security Officer of Google Cloud, addressing these risks requires expanding traditional cybersecurity…

Read more →

  Taking cybersecurity seriously is one of the biggest things users can do to protect their company from cyberattacks. While discussing with Bogdan “Bob” Botezatu, Director of Threat Research at Bitdefender, to get a deeper understanding of what is happening…

Read more →

  Human traffickers, according to a report by India Today, are luring Indian citizens to Cambodia, offering them job opportunities, and then coercing them into committing thousands of dollars worth of online financial fraud and cyber crimes. A growing number…

Read more →

  Meta, the parent company of Facebook, has come under fire for its failure to adequately prevent misleading political ads from being run on hacked Facebook pages. A recent investigation by ProPublica and the Tow Center for Digital Journalism uncovered…

Read more →

Search engines like Google have become the gateway to information. We rely on them for everything from trivial facts to critical news updates. However, what if these seemingly neutral tools were subtly shaping the way we perceive the world? According…

Read more →

  Microsoft Threat Intelligence has discovered a new attack campaign by Russian hacker group Midnight Blizzard, targeted at thousands of users from over 100 organisations. The attack uses spear-phishing emails that contain RDP configuration files, allowing perpetrators to connect to…

Read more →

  Cybersecurity remains a big concern, with a recent study from DataDome showing that 91% of websites are at risk from bot attacks. The study looked at over 14,000 sites in industries like healthcare, luxury goods, and e-commerce, revealing that…

Read more →

  The Dutch National Police claimed on Monday that they had secured “full access” to all servers employed by the Redline and Meta infostealers, two of the most common cybercrime tools on the internet. Infostealer malware is a major cybersecurity…

Read more →

  Strava, a popular app for runners and cyclists, is once again in the spotlight due to privacy concerns. Known for its extensive mapping tools, Strava’s heatmap feature can inadvertently expose sensitive locations, as recently highlighted by a report from…

Read more →

Cybercriminals are continually developing new methods to exploit vulnerabilities, and even the most tech-savvy individuals and organizations can find themselves at risk. While some cyberattacks like phishing and malware are well-known, several lesser-known but equally dangerous threats require attention. This…

Read more →

  Cybercriminals are now targeting cookies, specifically the “remember-me” type, to gain unauthorized access to email accounts. These small files store login information for ease of access, helping users bypass multi-factor authentication (MFA). However, when a hacker obtains these cookies,…

Read more →

  Once again, Microsoft has delayed the rollout of its controversial Recall feature for Copilot Plus PCs, which had been planned for December. It had been planned that the software giant would begin testing Recall with Windows Insiders in October,…

Read more →

  A significant security flaw has been uncovered in the LiteSpeed Cache plugin, used by over 6 million WordPress sites, which could allow unauthorized visitors to gain administrator-level access. The vulnerability stems from a weakness in the plugin’s role simulation…

Read more →

  A new phishing campaign unveiled by researchers from DomainTools is a phishing campaign on the go, deceiving users via fake text messages. The messages masquerade as trusted brands like Amazon to get the targets to give away sensitive data.…

Read more →

One recent event that highlights the relentless pace of this digital arms race is QNAP’s swift action to patch a second zero-day vulnerability. QNAP has addressed a second zero-day vulnerability that was exploited by security researchers during the recent Pwn2Own hacking…

Read more →

  A new malvertising effort is using Meta’s advertising network to disseminate the SYS01 infostealer, a cybersecurity issue known to Meta and specifically Facebook users for collecting personal information.  What distinguishes this attack is that it targets millions of people…

Read more →

  Global cybersecurity provider VIPRE Security Group has published its Q3 2024 Email Threat Trends Report, revealing an alarming rise in business email compromise (BEC) and highlighting the evolving techniques cyber criminals are using to deceive employees and breach corporate…

Read more →

  There have been sixty-four years since two men sent the first packet-switched data across a telephone line, and this was the birth of the Internet. To exchange information with each other, Charley Kline and Bill Duvall came up with the…

Read more →

  A new browser vulnerability called CrossBarking has been identified, affecting Opera users through “private” APIs that were meant only for select trusted sites. Browser APIs bridge websites with functionalities like storage, performance, and geolocation to enhance user experience. Most…

Read more →

  Managing unwanted spam messages, calls, and emails has become a necessary part of online life today. Beyond annoyance, these can lead to identity theft, financial fraud, and other issues. Much of this activity is driven by advertisers and marketing…

Read more →

  In a sweeping move to combat organized cybercrime, India’s Ministry of Home Affairs (MHA), through the Indian Cybercrime Coordination Center (I4C), has issued a stark warning about illegal payment gateways reportedly run by transnational cyber criminals. These illicit gateways—PeacePay,…

Read more →

  In the course of Operation Magnus, the FBI has partnered with various international law enforcement agencies to seize the servers, software, and source code of the RedLine and Meta thieves as part of an investigation into these two cyber-crime…

Read more →

  A researcher has developed a tool that bypasses Google’s new App-Bound encryption cookie-theft defences and extracts saved passwords from the Chrome browser.  Alexander Hagenah, a cybersecurity researcher, published the tool, ‘Chrome-App-Bound-Encryption-Decryption,’ after noticing that others had previously identified equivalent…

Read more →

Data breaches are now more rampant than ever, exposing passwords and payment details to hackers. You could be getting breach alerts that pop up every so often, warning you that your data has been exposed. It’s a wake-up call on…

Read more →

  Using stolen Web session cookies, Evasive Panda, a China-sponsored hacking team, has unveiled CloudScout, a sleek and professional toolset created to recover data from compromised cloud services. ESET researchers have discovered CloudScout through an investigation into a couple of…

Read more →

  India, with rapid digital growth and reliance on technology, is in the hit list of cybercriminals. As one of the world’s biggest economies, the country poses a distinct digital threat that cyber-crooks might exploit due to security holes in…

Read more →

  Australians have been cautioned about a recent wave of scam websites falsely advertising significant Centrelink payments. These sites promise financial boosts, sometimes hundreds or thousands of dollars, to low-income residents and seniors, exploiting people facing financial challenges. Fraudsters create…

Read more →

  Free unofficial fixes are now available for a new zero-day flaw in Windows Themes that allows hackers to remotely harvest a target’s NTLM credentials. NTLM has been extensively exploited in NTLM relay attacks, in which threat actors force susceptible…

Read more →

  Over the years, zero trust has become a popular model adopted by organisations due to a growing need to ensure confidential information is kept safe, an aspect that organisations view as paramount in cybersecurity. Zero-trust is a vital security…

Read more →

  Losing access to your Gmail account can be a frightening experience, especially given that Gmail is deeply integrated into the online lives of more than 2.5 billion users globally. Unfortunately, the popularity of Gmail has also attracted scammers who…

Read more →

  With the risk of data misuse and breaches increasing daily, individuals will be driven to seek reliable methods for securing their online privacy in 2024 to manage these risks. A growing number of privacy solutions are available online now,…

Read more →