Category: CySecurity News – Latest Information Security and Hacking Incidents

  Security experts have warned of an upsurge in phishing pages built with Webflow, a website builder tool, as attackers continue to use legitimate services such as Microsoft Sway and Cloudflare.  The malicious campaign targets login credentials for multiple corporate…

Read more →

  The leading advanced persistent threat group in Russia has been phishing thousands of targets in businesses, government agencies, and military institutions.  APT29 (also known as Midnight Blizzard, Nobelium, and Cozy Bear) is one of the world’s most prominent threat…

Read more →

  The Prometei botnet, active since at least 2016, continues to pose a persistent threat worldwide by exploiting unpatched software vulnerabilities. First identified in 2020, Prometei has since infected over 10,000 systems across diverse regions, including Brazil, Indonesia, Turkey, and…

Read more →

  Beginning November 1, 2024, Indian telecom providers Airtel, Jio, and Vi will follow a new set of SMS traceability and monitoring guidelines mandated by the Telecom Regulatory Authority of India (TRAI). Aimed at combating cybercrime, these measures seek to…

Read more →

  Phishing emails have undergone significant changes over the past few decades. Once simple and easy to detect, these scams have now evolved into a sophisticated cyber threat, targeting even the most tech-savvy individuals and organizations. Understanding the development of…

Read more →

  A much more potent version of the Qilin ransomware has been found, according to cybersecurity experts, showing a new and revamped kind that is ready to attack core systems using advanced encryption along with improved stealth techniques. A Rebranding…

Read more →

  Researchers at ESET claim that Embargo ransomware is using custom Rust-based tools to overcome cybersecurity defences built by vendors such as Microsoft and IBM. An instance of this new toolkit was observed during a ransomware incident targeting US companies…

Read more →

  UnitedHealth has acknowledged for the first time that over 100 million people’s personal details and healthcare data were stolen during the Change Healthcare ransomware assault, making it the largest healthcare data breach in recent years.  During a congressional hearing…

Read more →

  The energy industry is experiencing a sharp increase in supply chain risks, largely driven by its growing reliance on external vendors. According to a recent report, two-thirds of security breaches in this sector now originate from software and IT…

Read more →

  Several hundred million people’s personal information was compromised in a hack of UnitedHealth’s (UNH.N) tech unit Change in February, according to data published by the U.S. health department on its website. That makes it the largest healthcare data breach…

Read more →

  A Microsoft investigation published earlier this week revealed that ransomware attacks on the healthcare sector are rising and threatening lives.  The report, which uses both internal corporate data and external data, shows a 300% spike in ransomware attacks on…

Read more →

  There has been unprecedented exploitation by attackers of vulnerabilities in the software, Mandiant announced. According to the newly released report of the Mandiant cybersecurity firm, after an analysis of 138 exploits published in 2023, on average, in five days…

Read more →

  In a significant data breach, Cybernews researchers discovered a 500GB unprotected database from a Mexican health care company on August 26, 2024, exposing sensitive details of approximately 5.3 million people. Information in the leak included names, CURP identification numbers,…

Read more →

  There is a new gang known as Embargo ransomware that specializes in ransomware-as-a-service (RaaS). According to a study by ESET researchers published Wednesday, the Embargo ransomware group is a relatively young and undeveloped ransomware gang. It uses a custom…

Read more →

  The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has proposed a series of stringent security requirements to safeguard American personal data and sensitive government information from potential adversarial states. The initiative aims to prevent foreign entities from exploiting data…

Read more →

  The notorious North Korean hacking outfit dubbed Lazarus has launched a sophisticated attack campaign targeting cryptocurrency investors. This campaign, discovered by Kaspersky researchers, consists of a multi-layered assault chain that includes social engineering, a fake game website, and a…

Read more →

  The generative AI landscape is witnessing fierce competition, with tech giants Microsoft and Salesforce clashing over the best approach to AI-powered business tools. Microsoft, a significant player in AI due to its collaboration with OpenAI, recently unveiled “Copilot Studio”…

Read more →

  WhatsApp has announced enhancements to its contact management features, allowing users to add and manage contacts from any device. Previously, contact management was limited to mobile devices, requiring users to input phone numbers or scan QR codes. The update…

Read more →

  Transak is an operation that enables users to buy cryptocurrencies using the Metamask, Binance, and Trust Wallet platforms. The company has just announced a data breach that exposed the names and identity documents of approximately 93,000 users. According to…

Read more →

Bugcrowd’s annual “Inside the Mind of a Hacker” report for 2024 reveals new trends shaping the ethical hacking landscape, with an emphasis on AI’s role in transforming hacking tactics. Compiled from feedback from over 1,300 ethical hackers, the report explores…

Read more →

  As artificial intelligence (AI) technology advances, cybercriminals are now capable of creating sophisticated “deepfake” scams, which result in significant financial losses for the companies that are targeted. On a video call with her chief financial officer, in which other…

Read more →

  Recent cryptographic analysis by researchers at ETH Zurich has uncovered significant security vulnerabilities in five major end-to-end encrypted (E2EE) cloud storage platforms: Sync, pCloud, Icedrive, Seafile, and Tresorit. These platforms are collectively used by over 22 million people and…

Read more →

  Bhargavi Mani, 28, had her life turned upside down when she fell victim to a sophisticated scam that took place at Kempegowda International Airport in Bengaluru. While trying to gain access to the airport lounge before her flight, Bhargavi…

Read more →

  Hackers are using WordPress sites to install malicious plugins that propagate malware that steals information by displaying fake updates and errors. Infostealing malware has become a global nuisance for security defenders in recent years, as compromised credentials are used…

Read more →

  In today’s plugged-in world, most of us rely on the Internet for nearly everything from shopping and banking to communicating with family members. Whereas increasing reliance on the internet has exposed opportunities for doing just about anything remotely, it…

Read more →

  A now-resolved security vulnerability in Styra’s Open Policy Agent (OPA) could have exposed New Technology LAN Manager (NTLM) hashes, potentially leading to credential leakage. If exploited, the flaw allowed attackers to capture the NTLM credentials of the OPA server’s…

Read more →

  More than a billion people send messages over WeChat and as per a new study recently, it discovered some security flaws in terms of the encryption system. While some applications use end-to-end encryption to prevent secret conversations from being…

Read more →

  Google’s Manifest V3 rules have generated a lot of discussion, primarily because users fear it will make ad blockers, such as Ublock Origin, obsolete. This concern stems from the fact that Ublock Origin is heavily used and has been…

Read more →

  DVD Rental Service Redbox may be a thing of the past, but the data privacy issues it created for users may persist for some time. Redbox allows users to rent DVDs from its 24,000 autonomous kiosks throughout the United…

Read more →

  Google’s Manifest V3 rules have generated a lot of discussion, primarily because users fear it will make ad blockers, such as Ublock Origin, obsolete. This concern stems from the fact that Ublock Origin is heavily used and has been…

Read more →

  DVD Rental Service Redbox may be a thing of the past, but the data privacy issues it created for users may persist for some time. Redbox allows users to rent DVDs from its 24,000 autonomous kiosks throughout the United…

Read more →

  In a landmark case, data storage major Western Digital has been asked to pay the highest fine of $315.7 million for violating patents associated with data encryption technology. SPEX Technologies owns these patents, having acquired them from Spyrus that…

Read more →

  Insight AI technology is being explored by businesses as a tool for balancing the benefits it brings with the risks that are associated. Amidst this backdrop, NetSkope Threat Labs has recently released the latest edition of its Cloud and…

Read more →

  In a recent disclosure, Nidec Corporation, a global leader in precision motors and automotive components, confirmed a significant data breach from a ransomware attack that occurred earlier this year. Hackers, after failing to extort the company, leaked stolen data…

Read more →

  Security experts have recommended caution following a series of doom-laden reports in recent days claiming that Chinese researchers have cracked military-grade encryption via quantum computing technology. The reports, which first appeared in the South China Morning Post last week,…

Read more →

  Several vulnerabilities in the Safari web browser for macOS may have left users open to being spied on, having their data stolen, and acquiring other types of malware thanks to this security weakness. Specifically, the vulnerability arises from the…

Read more →

  Cyble Research and Intelligence Lab recently unearthed an elaborate, multi-stage malware attack targeting not only job seekers but also digital marketing professionals. The hackers are a Vietnamese threat actor who was utilising different sophisticated attacks on systems by making…

Read more →

  A new Linux variant of FASTCash malware has surfaced, targeting the payment switch systems of financial institutions. North Korean hackers, linked to the Hidden Cobra group, have expanded their cyber arsenal to now include Ubuntu 22.04 LTS distributions. Previously,…

Read more →

  Microsoft employs deceptive tactics against phishing actors, creating realistic-looking honeypot tenants with Azure access and luring attackers in to gather intelligence on them.  Tech giant can use the acquired data to map malicious infrastructure, gain a better understanding of…

Read more →

  In recent years, state-sponsored hacker groups have increased their attacks on critical infrastructure, causing great concern across the globe. It has become increasingly evident that these coordinated and sophisticated cyber threats and attacks are posing serious risks to the…

Read more →

  Brazil’s Polícia Federal arrested USDoD, an infamous hacker linked to the National Public Data and InfraGard breaches, as part of “Operation Data Breach”. USDoD, dubbed EquationCorp, has a long history of high-profile data breaches in which he stole data…

Read more →

  Windows Security, the antivirus program built into Microsoft’s operating system, is generally sufficient for most users. It provides a decent level of protection against various threats, but a few important features, like Memory Integrity, remain turned off by default.…

Read more →

  Cybersecurity leaders are facing unprecedented stress as they battle evolving threats, AI-driven cyberattacks, and ransomware. A recent BlackFog study reveals that 93% of CISOs considering leaving their roles cite overwhelming job demands and mental health challenges. Burnout is driven…

Read more →

  It reveals the story of a woman who is emotionally disturbed and seeks the help of artificial intelligence as she tries to erase her past in director Vikramaditya Motwane’s new Hindi film, CTRL. There is no doubt that the…

Read more →

  Several years ago, smart TVs started to become popular choices in households. They are widely available now and provide a wide range of features and applications that make them an excellent choice. To stay competitive, users will be inclined…

Read more →

  Cybersecurity experts say that there is a new threat against Middle East organisations, and more specifically within the United Arab Emirates, and other Gulf countries. There is an Iranian gang cybercrime known as OilRig that aims to hunt login…

Read more →

  Cisco has acknowledged that it is investigating reports of a data breach after a hacker began offering allegedly stolen firm data for sale on a hacking platform. As per a report in a local media outlet, the investigation was…

Read more →

  Large language models (LLMs) are transforming enterprise automation and efficiency but come with significant security risks. These AI models, which lack critical thinking, can be manipulated to disclose sensitive data or even trigger actions within integrated business systems. Jailbreaking…

Read more →

  A perilous new variant of the Android banking malware TrickMo has been discovered, capable of mimicking the Android lock screen and stealing users’ PINs. This comes according to the data compiled by the security firm Zimperium, who made a…

Read more →

  A surprising situation unfolded this summer when buying a car in the U.S. became nearly impossible. In June, a ransomware attack targeted CDK Global, a Chicago-based software company with a market value of about $6.4 billion, halting operations at…

Read more →

  The Iranian state-sponsored hacking outfit APT34, dubbed OilRig, has recently escalated its activity by launching new campaigns against government and vital infrastructure entities in the United Arab Emirates and the Gulf area.  OilRig employed a new backdoor to target…

Read more →

Malware Analyst at Zimperium, Aazim Yaswant, has released an in-depth report on the most recent TrickMo samples, highlighting worrisome new functionalities of this banking trojan. Initially reported by Cleafy in September, this new version of TrickMo employs various techniques to…

Read more →

  Telegram is often perceived as a secure messaging app, but this perception is flawed. Unlike WhatsApp, Telegram doesn’t have end-to-end encryption by default. While Secret Chats offer encryption, users must manually activate this feature, and it doesn’t apply to…

Read more →

  Within a year and a half, ChatGPT has grown from an AI prototype to a broad productivity assistant, even sporting its text and code editor called Canvas. Soon, OpenAI will add direct web search capability to ChatGPT, putting the…

Read more →

  Indonesia has urged Alphabet’s Google and Apple to remove Temu, a Chinese fast fashion e-commerce startup, from their app stores in the nation, a minister said earlier this week.  The decision was intended to safeguard the nation’s small and…

Read more →

  A recent report highlights the alarming rise of China-linked human trafficking and scamming networks, now using AI tools to enhance their operations. Initially concentrated in Southeast Asia, these operations trafficked over 200,000 people into compounds in Myanmar, Cambodia, and…

Read more →

  Currently, there is a cyberattack powered by artificial intelligence that targets Gmail’s huge network of 2.5 billion users, which is currently making waves. As a way of tricking people into sharing sensitive information, hackers use advanced techniques, including realistic…

Read more →

  Watching television seems to be a benign pastime, but as all TVs become “smart” and link to the internet via your network, they will be able to track you as well. When you turn on a smart TV from…

Read more →

  A new cybersecurity report from Sevco has uncovered a critical vulnerability in macOS 15.0 Sequoia and iOS 18, which exposes personal data through iPhone apps when devices are mirrored onto work computers. The issue arose when Sevco researchers detected…

Read more →

  As cybercrime continues to cost the world economy billions annually, a robust new coalition launched by Google, the DNS Research Federation, and the Global Anti-Scam Alliance (GASA) is working to disrupt online scammers at a global level. By all…

Read more →

  A new ransomware strain, known as Trinity, has reportedly compromised at least one healthcare organization in the U.S., according to a recent report from federal authorities. The U.S. Department of Health and Human Services (HHS) issued a warning on…

Read more →

  According to Chinese scientists at Shanghai University, a quantum computer from the Canadian company D-Wave has been demonstrated to be capable of breaking a popular encryption scheme that has been used for many years. A new study shows that…

Read more →

  Fidelity Investments recently disclosed a data breach that impacted 77,099 customers, with details made public in an October 9 filing with the Maine Attorney General’s Office. The breach occurred on August 17, 2024, and was discovered two days later…

Read more →

  ProKYC is a recently revealed artificial intelligence (AI)-powered deep fake tool that nefarious actors can use to circumvent high-level Know Your Customer (KYC) protocols on cryptocurrency exchanges, presenting as a very sophisticated method to circumvent high-level KYC protocols. A…

Read more →

  If the latest reports are correct, Apple consumers have just over a fortnight to wait until the launch of iOS 18.1 and the belated arrival of Apple Intelligence, the flagship feature in the latest iOS release. Until then the…

Read more →

  US Government’s Cybersecurity and Infrastructure Security Agency released a warning regarding cyberattackers use of unencrypted cookies managed by the F5 BIG-IP Local Traffic Manager, by which they gather information about private networks. In this manner, these attackers identify the…

Read more →

  Over the past year, OpenAI has successfully disrupted over 20 operations by foreign actors attempting to misuse its AI technologies, such as ChatGPT, to influence global political sentiments and interfere with elections, including in the U.S. These actors utilized…

Read more →

  Cyberterrorism, biometric data poisoning, and metaverse crimes are the most serious digital threats that humans are expected to face in the future, a senior Dubai official said.  Major Tarek Belhoul, head of Dubai Police’s virtual assets crime branch, stated,…

Read more →

  In HR, blockchain technology is still in its infancy when it comes to gaining acceptance among the people. Despite this, it stands to be a great boon for the future of work as well. The APQC report indicates that…

Read more →

  G DATA Security Lab has discovered a sophisticated malware operation that used Bitbucket, a popular code hosting platform, to propagate AsyncRAT, a well-known remote access trojan.  According to the study, the attackers employed a multi-stage assault strategy, exploiting Bitbucket…

Read more →

  Awaken Likho, also referred to as Core Werewolf or PseudoGamaredon, is a cyber threat group targeting Russian government agencies and industrial entities. Since June 2024, a new campaign has been observed, where attackers have shifted from using UltraVNC to…

Read more →

  Overview of the Exploit Hackers recently leveraged a serious security weakness, said to be a “zero-day,” that exists within the Qualcomm chipsets used in many popular Android devices. Qualcomm confirmed that at the time they were first exploited by…

Read more →

  It is a type of messaging that is protected from everyone, including the messaging service itself, because of end-to-end encryption (E2EE). Using E2EE, a message cannot be decrypted until the sender and the recipient can see it in the…

Read more →

  Japanese tech giant Casio recently experienced a cyberattack on October 5, when an unauthorized individual accessed its internal networks, leading to disruptions in some of its services. The breach was confirmed by Casio Computer, the parent company behind the…

Read more →

  A new information-stealing malware has been discovered that is capable of exfiltrating a large amount of sensitive information while also disabling antivirus products to create persistence on target endpoints. CYFIRMA cybersecurity researchers have published a detailed investigation of the…

Read more →

  Having your Gmail account hacked can feel like a nightmare, especially when recovery details like phone numbers and email addresses have been changed by a hacker. Fortunately, recovering a compromised account is still possible, even if most security and…

Read more →

  Comcast Cable Communications LLC reports that it is a victim of a data breach compromising personal information of more than 237,000 individuals, including 22 residents of Maine. According to an investigation, the breach is traced back to Financial Business…

Read more →

  The rapid advancement of AI technology in the past few years has brought about several benefits for society, but these advances have also led to sophisticated cyber threats. India is experiencing explosive growth in digital adoption, making it one…

Read more →

American Water Works, the country’s largest provider of water services to 14 states, recently reported that it was cyber attacked on its information technology system. The current report has indicated that operational technology systems that control delivery of water within…

Read more →

  In today’s world, technology is integral to the operations of every organization, making the adoption of innovative tools essential for growth and staying competitive. However, with this reliance on technology comes a significant threat—Shadow IT.   Shadow IT refers to…

Read more →

  According to a report issued by the United Nations Office for Drugs and Crime, dated October 7, criminal networks across Southeast Asia are increasingly turning to the messaging platform Telegram for conducting comprehensive illegal activities. It says Telegram, due…

Read more →

In 2023, cybercrime syndicates in Southeast Asia managed to steal up to $37 billion, according to a report by the United Nations Office on Drugs and Crime (UNODC). Inside the World of Cybercrime Syndicates in Southeast Asia This staggering figure…

Read more →

  A new phishing scam is emerging, where hackers send threatening emails to people with personal details like images of their homes and addresses. This scam tricks recipients into believing their privacy is compromised, urging them to pay money or…

Read more →

  A Wall Street Journal report claims that Chinese hackers gained access to systems used for court-authorized wiretaps by breaking into the networks of major US telecommunications companies.  The breach, which targeted companies such as Verizon Communications, AT&T, and Lumen…

Read more →

  The media have reported that the US government has filed yet another lawsuit to recover nearly $2.69 million worth of stolen digital assets from North Korea’s notorious Lazarus hacking group. It was filed on October 4, 2024, and concerns…

Read more →

  Qantas recently experienced a security breach involving employees of India SATS, its ground handler in India. These employees exploited their access to alter customer bookings and divert frequent flyer points into their own accounts. The fraud, which occurred in…

Read more →

Technological advancements have brought about an unparalleled transformation in our lives. However, the flip side to this progress is the escalating threat posed by AI-driven cyberattacks.  Rising AI Threats Artificial intelligence, once considered a tool for enhancing security measures, has…

Read more →

  Microsoft Windows users are facing increasing security risks as the end of support for older versions of Windows approaches. Recently, Microsoft warned 50 million users of outdated operating systems such as Windows XP, Vista, 7, and 8.1 that they…

Read more →

  With the changing nature of threats in cyberspace becoming sharper by the day, business houses are seen as shy about entrusting their precious data to the cybersecurity firm of choice. Shallow, flashy, and blanket marketing tactics that worked a…

Read more →

  Recently, Apple fixed a serious flaw in its VoiceOver feature that caused privacy concerns for users of iPhones and iPads. The bug, known as CVE-2024-44204, allowed the VoiceOver accessibility tool to read saved passwords aloud, a serious concern for…

Read more →

  The creation and use of passwords is one of the areas where websites and mobile apps lay down rules for making them as safe as possible. However, a federal agency thinks some of the requirements do more harm than…

Read more →

  Google has started testing a new feature in its search results that adds a blue checkmark next to certain websites, aiming to enhance user security while browsing. As of now, this experiment is limited to a small number of…

Read more →

  During World War II, the U.S. Army Air Forces launched two attacks on ball bearing factories in Schweinfurt, aiming to disrupt Germany’s ability to produce machinery for war. The belief was that halting production would significantly affect Germany’s capacity…

Read more →

  Aqua Security researchers have raised concerns about a newly identified malware family that targets Linux-based machines in order to get persistent access and control resources for crypto mining. The malware, known as perfctl, purports to exploit over 20,000 different…

Read more →

Insider threats have emerged as a particularly insidious and costly problem. Organizations are experiencing a significant surge in cyberattacks originating from insider threats, with remediation costs soaring up to $2 million per incident. Gurucul’s research, which involved a survey of…

Read more →

  Comcast has confirmed that sensitive data on 237,703 of its customers was stolen in a cyberattack on Financial Business and Consumer Solutions (FBCS), a debt collection agency it previously worked with. The breach, which occurred in February 2024, involved…

Read more →

  A report in The Wall Street Journal on Saturday reported that Chinese hackers broke into the network of a major U.S. broadband service provider and obtained information about the wiretapping system being used by the federal government, according to…

Read more →

  Cyberattacks in healthcare are growing more common and can disrupt an organization’s operations. Healthcare organisations handle a lot of sensitive data, including financial information, patient health records, and identifying data, making them prime targets for cybercriminals.  This vulnerability is…

Read more →

  Google is introducing new high-level theft protection features for Android 10 and above devices across Google Play services. The new technologies were announced at the I/O 2024 event, with the main idea being to protect users’ data and make…

Read more →

  There has been an increase in fraudulent telephone calls disguised as local numbers in recent years which has alarmed Indian citizens. Messages sent by cybercriminals operating internationally originate from Calling Line Identity (CLI) systems that allow them to mask…

Read more →