Category: CySecurity News – Latest Information Security and Hacking Incidents

  As per experts, the website of consumer credit reporting giant Experian comprised a major privacy vulnerability that allowed hackers to obtain customer credit reports with just a little identity data and a small change to the address displayed in…

Read more →

Prototype Pollution Prototype pollution is a severe vulnerability class associated with prototype-based languages, the most popular among them being JavaScript.  However, a researcher has discovered Python-specific variants of prototype pollution, and other class-based programming languages may also be exposed to…

Read more →

  The software supply chain security company Phylum has discovered a malicious assault using the PoweRAT backdoor and an information thief that targets users of the Python Package Index (PyPI). The campaign was initially discovered on December 22, 2022, when…

Read more →

  Several major Toronto hospitals had their digital systems down on Monday, and they are investigating the cause, following which University Health Network issued a “code grey” to indicate a system failure.  Gillian Howard, a spokeswoman for UHN, said the…

Read more →

In the widely-used open-source project, JavaScript library JsonWebToken researchers from Palo Alto Networks unit 42 found a new high-severity vulnerability –  CVE-2022-23529.  Palo Alto Networks released a security advisory on Monday highlighting how the weakness could be used by an attacker to execute…

Read more →

  Traditional Domain Name System (DNS) traffic, such as user requests to visit specific websites, has been largely unencrypted throughout the history of the internet. This means that every party involved in the DNS value chain that your request goes…

Read more →

Email is the primary form of communication in both our personal and professional lives. Users might be surprised to hear that email was never intended to be secure due to our dependency on it. Email communication carries some risks, but…

Read more →

  The changes to Apple’s privacy policy last year were one of those events where the worried predictions turned out to be precisely the opposite of what happened – specifically, marketers will have a significant reduction in their ability to target…

Read more →

A Twitter API vulnerability that was detected in June 2021, and was later patched, has apparently been haunting the organization yet again.  In December 2022, a hacker claimed to have access to the personal data of 400 million Twitter users…

Read more →

  Your WiFi connection might go unnoticed by you. The world is in order as long as it is operational. But maintaining your privacy and keeping your data to yourself requires a secure WiFi network. And you might be unknowingly…

Read more →

  The StrongPity APT hacking group is disseminating a bogus Shagle chat app that is a trojanized version of the Telegram for Android app with a backdoor added. Shagle is a legitimate random video chat platform that allows strangers to…

Read more →

  Russian state-sponsored cyber threat actor Turla victimized a Ukrainian organization in a recent attack. The hackers leveraged legacy Andromeda malware that was executed by other hackers via an infected USB drive, Mandiant reports.  Turla is active since at least…

Read more →

Broward prosecutors are investigating whether the former Schools Superintendent, Robert Runcie, and two other administrators have infringed any law when they used highly guarded information about a district ransomware attack in a private business pitch.  While the district did not…

Read more →

What is LastPass Breach? On 22nd December 2022, online password management service LastPass revealed that threat actors can steal sensitive information from user accounts like billing, end-user names, email IDs, IP address info, and telephone numbers.  The leak also includes…

Read more →

  Several days ago, the commercially available off-the-shelf malware BitRat was observed with a newly discovered distribution method for how it was spread. Now, a new information theft malware called Vidar Stealer has been discovered. This malware uses advanced techniques…

Read more →

Chick-fil-A- is investigating concerns of suspicious transactions on its mobile app after multiple users claimed that hackers gained their personal data, including bank account details. Customers at Chick-fil-A, a well-known chicken restaurant business, may be the latest targets of hackers.…

Read more →

  Data breaches have been a worry ever since Elon Musk invested $44 billion in Twitter and fired a sizable portion of the workforce. Now it appears that a security incident from before Musk’s takeover is giving people trouble. This…

Read more →

  You are not alone if you dislike using passwords. Passwords are inconvenient, forgettable, and often not the best security solution for most of us. The best part is that passwords are likely to become obsolete. Passwords will be phased…

Read more →

Automakers struggling with vulnerabilities A range of automakers from Toyota to Acura is affected by vulnerabilities within their vehicles that can let hackers steal personally identifiable information (PII), lock owners out of their vehicles, and even control functions like starting…

Read more →

  Silvergate, the US bank that offers cryptocurrency services, has reported that its clients have withdrawn over $8 billion (£6.7 billion) of their cryptocurrency-linked deposits over the past several weeks.  In the final three months of 2022, roughly one-third of…

Read more →

Cybersecurity company, Bitdefender, has launched a new tool that would help victims of MegaCortex ransomware unlock their files, offering a sigh of relief to those whose files had been locked for years following the cyberattack.   MegaCortex Ransomware The MegaCortex ransomware…

Read more →

On Friday, a report from Israeli security company Check Point warned companies against the threat actors who have started using OpenAI’s artificially intelligent chatbot ChatGPT to quickly build hacking tools.  Hackers are also working to build other chatbots which will…

Read more →

  Security experts have discovered a new Linux malware downloader that uses cryptocurrency miners and DDoS IRC bots to attack Linux servers with weak security. After the downloader’s shell script compiler (SHC) was uploaded to VirusTotal, researchers from ASEC found…

Read more →

  The Federal Communications Commission of the United States intends to improve federal law enforcement and modernise breach notification needs for telecommunications firms so that customers are notified of security breaches as soon as possible. The FCC’s proposals (first made…

Read more →

Researchers suggest that a widespread cache of email addresses related to roughly 200 million users is probably a revised version of the larger cache with duplicate entries deleted from the end of 2022 when hackers are selling stolen data from…

Read more →

Cybernews researchers have discovered ChatGPT, a platform that provides hackers step-by-step instructions on hacking a website. An AI-based chatbot, ChatGPT was launched recently and has caught the attention of the online community.  The team at Cybernews has warned that AI…

Read more →

  The eSentire’s Threat Research Unit (TRU) confirmed in its recent research that the threat actors are exploiting Fortinet Virtual Private Network (VPN) devices that remain vulnerable to critical authentication bypass vulnerability.  The VPNs were being controlled by third-party providers;…

Read more →

Microsoft has recently revealed information on the four different ransomware families, i.e. KeRanger, FileCoder, MacRansom, and EvilQuest that are apparently impacting Apple macOS systems.  These ransomware families first spread through what the Windows makers refer to as “user-assisted methods,” in…

Read more →

  Bogus advertising: a tightrope walk  Since the early days of the Internet, rogue ads have been a particular plague on the Internet. As a user, you never quite know what’s waiting in the browser, such as an irritating pop-up…

Read more →

  The use of end-to-end encryption for email and other cloud services is expanding. This comes as no surprise given that email is one of the top two cyberattack vectors.  Mail servers made up 28% of all affected hardware, according…

Read more →

On January 5, WhatsApp revealed a new feature that enables users to connect via proxy servers so they may continue using the service even when the internet is restricted or disrupted by shutdowns. Concept of Whatsapp proxy  When selecting a…

Read more →

  A new partnership between satellite phone company Iridium and chip giant Qualcomm will bring satellite connectivity to premium Android smartphones later this year. It implies that handsets can communicate with passing satellites to send and receive messages even in…

Read more →

In October 2020, Christian Lödden’s potential clients sought to discuss just one thing, which carried on for a week. Every individual whom the German criminal defense lawyer has contacted had apparently been utilizing the encrypted phone network EncroChat. This information…

Read more →

What is the Flipper Zero campaign? Experts have found a new phishing campaign that targets cybersecurity professionals and hacking enthusiasts. The campaign steals cryptocurrency and the personal information of victims.  Flipper Zero is behind the attack, it’s a portable multi-tool…

Read more →

  According to Rackspace Technology, a cloud hosting company that provides managed cloud services, the massive December 2 attacks have caused the company to take action. As part of the attack, thousands of small and midsized businesses suffered disruption in…

Read more →

Every day we are witnessing ransomware attacks, and companies worldwide are investing millions to protect their network and systems from digital attacks, however, it is getting increasingly challenging to fight against cyber threats because cyber attackers do not only use…

Read more →

Microsoft has published a warning over the imminent end of support for Windows 8.1, which would not receive any updates or patches after January 10th, 2023. According to the research, over 100 million computers were still running Windows 7 as…

Read more →

  Training artificial intelligence (AI) and machine learning (ML) models to provide enterprises with hybrid cybersecurity at scale requires human intelligence and intuition. When human intelligence and intuition are combined with AI and ML models, subtleties in attack patterns that…

Read more →

  Following a breach of the company’s systems, CircleCI, whose development products are popular with software engineers, has advised customers to rotate their secrets. This is to prevent a repetition of this incident.  There are more than one million engineers…

Read more →

  2022 was a challenging year for cyberspace businesses. Companies faced ransomware, the continued effects of the SolarWinds and Log4j exploits, and rising cyber insurance premiums. Unfortunately, the consequences of malware have gotten worse year after year.  The costs of…

Read more →

On Wednesday, Train ticketing platform RailYatri released its statement in which it confirmed that the platform suffered a data breach in December 2022. The confirmation is coming after the Railway Ministry denied such an attack and also remarked that no…

Read more →

Healthy, clean data can prove to be a major competitive upper hand for businesses that spend resources and time on their data management planning. The industry today lives in the age of data, and the companies that use data smartly…

Read more →

Crowdsourced Security  Organizations of all sizes conventionally use penetration testing to secure their systems. Pen testing simulates a cyberattack with the goal of exposing security flaws, much like any real attack would. These vulnerabilities are patched up once they are…

Read more →

According to an analysis by cybersecurity company Dr. Web, WordPress-based websites are being targeted by an unidentified Linux malware variant. Recognized as LinuxBackDoor.WordPressExploit.1, while it can also operate on 64-bit Linux versions, the Trojan favors 32-bit versions. 30 vulnerabilities in…

Read more →

  In cybersecurity, artificial intelligence is becoming more and more significant, both for good and bad. The most recent AI-based tools can help organizations better identify threats and safeguard their systems and data resources. However, hackers can also employ the…

Read more →

  Since at least October 2022, financial institutions have been targeted by a new version of Android malware called SpyNote, which combines spyware and banking trojan characteristics.  “The reason behind this increase is that the developer of the spyware, who…

Read more →

  Criminals make billions of dollars via digital tricks including romance scams and business email hacks. And they always begin with a small amount of “social engineering” to deceive a victim into taking an unfavourable action, like transferring money into…

Read more →

  The typical approach to detection used by organizations is to employ a variety of methods, such as antivirus software, sandbox engines, extensive data analysis, and anomaly detection, among others. This depends on the organization. Through monitoring and spotting, these…

Read more →

  Data security is becoming costlier for organizations worldwide and the threats of cyber attacks added pressure on organizations from customers to protect their sensitive information. As a result, several organizations have already invested in new processes to safeguard their…

Read more →

  California’s unique consumer privacy law was strengthened on January 1 as a result of a ballot initiative that 2020 voters endorsed. A new privacy law that puts new requirements on companies to make sure that employees have more authority…

Read more →

Suppose you are part of an organization that has any form of an online presence. In that case, you will ultimately have to take initiative to look after the security of the systems, devices, and data. And if driven criminals,…

Read more →

AI in threat detection In the current complicated cybersecurity scenario, threat detection is just a needle in the haystack.  We have seen malicious actors exploiting everything they can get their hands on, from AI tools, to open-source code to multi-factor…

Read more →

  The Abu Dhabi Judicial Department (ADJD) held an awareness-raising lecture on “Cybercrime and its Dangers to Society” in conjunction with “Majalis” Abu Dhabi at the Citizens and Community Affairs Office of the Presidential Court as part of its initiatives…

Read more →

Recently a study has been done on password reuse threats and it was discovered that password reuse is a big security threat to companies worldwide since 64% of people continue to use passwords that have been exposed in a breach. …

Read more →

The CentraState Medical Center’s cybersecurity issue has caused the hospital to divert ambulances and the majority of new patients to other institutions.  The Medical Center’s spokesperson, Lori Palmer says that the hospital’s critical care has not been affected and they…

Read more →

What is the “Year of Mass Exploits?’ Experts at GreyNoise Intelligence have added more than 230 tags since January 1, 2022. It includes detections for more than 160 CVEs. In its annual report titled GreyNoise Intelligence 2022 “Year of Mass…

Read more →

  Since performing national security-related business through personal devices and email accounts, members of the UK government have run the risk of operating in “wild west” conditions, according to intelligence analysts and former government officials. Unsettlingly, it has been reported…

Read more →

  Chinese students studying in the UK have been one of the most common targets of scammers. RedZei (aka RedThief) Group, a Chinese-speaking scammer group that operates online and is becoming more common these days, bypasses all the precautions that…

Read more →

The BlackCat ransomware group is experimenting with a new method of threatening victims into paying extortion building a fake website on the open internet that displays the personal information that was stolen from the victim.  ALPHV, commonly known as BlackCat ransomware, is…

Read more →

  Do you become frustrated when you can’t find the desired app on the official Google Play Store or App Store as a frequent smartphone user? For instance, if you wanted to check out TikTok while you were in India,…

Read more →

  It has been revealed by TRM Labs that a record $3.7 billion worth of crypto funds have been stolen the past year. Of this, 80% have been traced back to attacks against DeFi, as per the research report published…

Read more →

  Volvo revealed in a press release that some of its research and development assets were the target of a cyberattack. The ransomware organization Snatch reportedly released pictures of stolen Volvo papers into the darknet on November 30, according to…

Read more →

  A brand new malware campaign has been discovered which is using important data stolen from a Colombian bank as a lure in phishing emails to drop a remote access trojan called BitRAT.  As of now, it is being reported…

Read more →

Recently, WordPress websites are being attacked by a previously unidentified Linux malware strain that compromises vulnerable systems by taking advantage of vulnerabilities in over twenty plugins and themes.  In the attacks, a list of 19 different plugins and themes with…

Read more →

  Due to the increase in cybercrime, many businesses are infected by viruses and malware that are distributed to them by vendors and business partners.  There has not been a definite plan of action that addresses this as of yet.…

Read more →

CISOs can ensure BYOD and remote work without raising safety costs Remote and hybrid work models are the common trend in the current industry. The sudden shift to this new model of working also has some threats and security risks…

Read more →

  Cybercriminals create more complicated and diverse methods of obtaining sensitive data as we become more dependent on technology and entrust it with more of our personal information. There are many different types of harmful malware, including Trojan Horses. But…

Read more →

  There’s a new way to keep your Gmail safe from prying eyes, and experts say it’s well worth using. Google announced the addition of end-to-end encryption (E2EE) to Gmail on the web, which will allow enrolled Google Workspace users…

Read more →

POS malware- Your business might be at risk If you are a business owner that uses a POS system for receiving payments, you should be cautious about the dangers of point-of-sale malware and various threats associated with it.  Malware is…

Read more →

  Cryptocurrency trading platform 3Commas reported that they suffered a data breach in which API data were stolen. Following the incident, an FBI investigation has been called in.  However, the investigation comes after weeks of criticism from users of the…

Read more →

  Increasingly, organizations and business units are migrating mission-critical data and systems to the cloud.  Migration to and between all kinds of cloud services is indeed associated with security challenges; however, migration between public cloud services is the most challenging…

Read more →

  The latest report from Cyble Research and Intelligence Labs (CRIL) revealed that scammers are targeting Indian residents who submit complaints on social media accounts belonging to various local firms. Fraudsters keep an eye out on Twitter and other social…

Read more →

In a recent case of a Twitter data breach, the hacker named “Ryushi” demanded a ransom worth $200,000 to hand over the stolen data of 400 million users.  In regard to this, a probe has been launched by Ireland’s watchdog.…

Read more →

According to Grey Noise, almost 50% of the upgrades to the KEV catalog in 2022 were due to actively exploited vulnerabilities in Microsoft, Adobe, Cisco, and Apple products. The KEV catalog’s earlier vulnerabilities from before 2022 made up 77% of…

Read more →

Recently, the threat actor, “Ryushi”, allegedly reported having stolen data from Twitter, including details of some famous celebrities worldwide. He is demanding $200,000 (£166,000) to hand over the data back. According to the data, the hacker stole email addresses, and…

Read more →

What is Torchitron? PyTorch has found a harmful dependency with the same name as the framework’s ‘torchtriton’ archive. This resulted in an executable compromise through the dependency confusion attack vector.  PyTorch administrators have warned users that installed PyTorch-nightly during the…

Read more →

  For identifying security issues with Google Home smart speakers, a security researcher recently received a bug bounty award of $107,500. It is possible to exploit these issues to install backdoors into the software and make it able to spy…

Read more →

Researchers have recently discovered a new threat group, PureCoder, apparently selling numerous malware on the dark web. They listed malware such as miners, information stealers, and crypters, used by threat actors for their campaigns.  Spread of PureLogs/PureCrypt  Two of the…

Read more →

  The popular web browser Google Chrome will now automatically block insecure downloads from HTTP sites thanks to a recent code change. Several HTTP sites have since been updated to use HTTPS encryption in an effort to protect the extensive data…

Read more →

The future of Zero Trust security relies greatly on next-generation firewalls (NGFWs). NGFWs are classified by Gartner Research as “deep packet inspection firewalls that incorporate software inspection, intrusion prevention, and the injection of intelligence from outside the firewall  in addition…

Read more →

Downloading unlicensed software can save you a few dollars, but you risk losing much more because researchers have found a cryptocurrency-targeting info stealer hiding within the cracks. “RisePro” is a brand-new piece of information-stealing malware that was discovered by two…

Read more →

  Hackers are utilizing the Google Ads service more consistently than ever before to transmit malware. As soon as the victims click the download link on the threat actors’ fake versions of the official websites, trojanized software is distributed.  Grammarly,…

Read more →

A team of researchers has created an eavesdropping attack for Android devices that, to varying degrees, can identify the gender and identity of the caller and even decipher private speech.  EarSpy Attack  The side-channel attack, EarSpy, opens up new possibilities…

Read more →

  One of the questions that naturally arise for those working within the cybersecurity industry after the fall of the FTX exchange puts an end to the cryptocurrency crash of 2022, includes asking how it will affect the cybercrime economy…

Read more →

  The New Zealand Government declared last month that open banking is coming to the island nation. This much-needed reform is the first step in making New Zealand’s financial ecosystem livelier and more competitive.  As the nation gets ready for…

Read more →