A politically motivated hacking group aligned with Pakistani interests is matching the Indian military’s shift away from the Windows operating system with a heavy focus on malware encoded for Linux. This article has been indexed from Cyware News – Latest…
Category: Cyware News – Latest Cyber News
Microsoft President Set to Testify Before Congress on ‘Security Shortcomings’
A top Microsoft executive will testify next month before the House Committee on Homeland Security on recent cyberattacks that impacted the company and its customers, and Microsoft’s revitalized security strategy. This article has been indexed from Cyware News – Latest…
Cybercriminals are Targeting Elections in India With Influence Campaigns
Around 16 different independent hacktivist groups are targeting Indian elections, including Anon Black Flag Indonesia, Anonymous Bangladesh, and Morocco Black Cyber Army, among others. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
Chinese Hackers Hide on Military and Government Networks for Six Years
Bitdefender researchers who discovered the threat group report that its operations align with Chinese geo-political interests, focusing on intelligence collection and espionage. This article has been indexed from Cyware News – Latest Cyber News Read the original article: Chinese Hackers…
Microsoft’s Recall Stokes Security and Privacy Concerns
Microsoft’s new automatic screenshot retrieval feature could enable hackers to steal sensitive information such as online banking credentials, security experts warned. Additionally, the U.K ICO will probe Recall for compliance with privacy law. This article has been indexed from Cyware…
U.S. House Panel Takes on AI Security and Misuse
Much of the testimony – and concerns raised by the committee – focused on the AI advantages for cybercriminals and nation-state actors, advantages that cybersecurity officials say must be countered by increasingly building AI into products. This article has been…
Keylogger Malware Campaign Exploits Microsoft Exchange Server Flaws to Hit Over 30 Victims
This campaign, active since at least 2021, has targeted over 30 victims in various countries, primarily in Africa and the Middle East, with government agencies being the main victims. This article has been indexed from Cyware News – Latest Cyber…
CLOUD#REVERSER Campaign Leverages Cloud Storage for Malware Delivery
Delivered via a phishing email attachment, the malicious file makes use of the hidden right-to-left override (RLO) Unicode character (U+202E) to reverse the order of the characters that come after that character in the string. This article has been indexed…
Ransomware Fallout: 94% Experience Downtime, 40% Face Work Stoppage
According to Arctic Wolf, 66% of organizations that suffered a data breach in the last year chose to publicly disclose information regarding their incidents, while 30% only disclosed their breaches to impacted parties. This article has been indexed from Cyware…
Snowflake’s Anvilogic Investment Signals Changes in SIEM Market
The joint Snowflake and Anvilogic solution would lead to reduced costs — on the order of 50% to 80%, the companies claim — and will eventually replace legacy SIEM platforms, argues Karthik Kannan, CEO of Anvilogic. This article has been…
Consumer-Grade Spyware App Found on US Hotel Check-in Computers
pcTattletale allows remote monitoring of Android or Windows devices and their data. The app claims to run invisibly in the background, undetectable on the target’s workstation. This article has been indexed from Cyware News – Latest Cyber News Read the…
Apple Wi-Fi Positioning System Open to Global Tracking Abuse
Apple is one of several companies, along with Google, Skyhook, and others, that operate a WPS. They offer client devices a way to determine their location that’s more energy efficient than using the Global Positioning System (GPS). This article has…
Rockwell Automation Urges Disconnection of ICS from the Internet
Rockwell Automation warned customers to disconnect industrial control systems (ICS) from the internet, citing escalating cyber threats and rising global geopolitical tensions. This article has been indexed from Cyware News – Latest Cyber News Read the original article: Rockwell Automation…
Former White House Cyber Official Jeff Greene to Join CISA
Former White House National Security Council cyber staff member Jeff Greene, the current cybersecurity programs director at the Aspen Institute think tank, is joining the CISA next month, the agency confirmed. This article has been indexed from Cyware News –…
SEC Fines NYSE Owner ICE for Delay in Reporting VPN Breach
The U.S. Securities and Exchange Commission (SEC) announced today that a major player in the U.S. financial system has agreed to pay a $10 million penalty for failing to timely report an April 2021 VPN breach. This article has been…
Scammers are Selling Fake NSO Pegasus Spyware
CloudSEK researchers found the fake spyware after perusing around 25,000 posts of individuals offering Pegasus and other NSO tools via channels on the messaging service Telegram. This article has been indexed from Cyware News – Latest Cyber News Read the…
OpenText Boosts MDR Offering for MSPs With Pillr Acquisition
The MDR business was stood up in 2018 as a standalone unit within Novacoast, and rebranded in September 2022 from novaSOC to Pillr. Novacoast CEO Paul Anderson served as Pillr’s chief executive for most of its existence. This article has…
Server-Side Credit Card Skimmer Lodged in Obscure Plugin
There are plenty of widely-used code snippet plugins available but in this case the attackers decided to use a very obscure plugin called Dessky Snippets, with only a few hundred active installations at the time of writing. This article has…
More Than 70% of Surveyed Water Systems Failed to Meet EPA Cyber Standards
Over 70% of water systems surveyed since last September failed to meet certain EPA security standards, leaving them vulnerable to cyberattacks that could disrupt wastewater and water sanitation systems nationwide, the EPA reported on Monday. This article has been indexed…
GhostEngine Mining Attacks Kill EDR Security Using Vulnerable Drivers
A malicious crypto mining campaign codenamed ‘REF4578,’ has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner. This article has been indexed from Cyware News – Latest…
ARPA-H Pledges $50M for Hospital IT Security Auto-Patching
The US government’s Advanced Research Projects Agency for Health (ARPA-H) has pledged more than $50 million to fund the development of technology that aims to automate the process of securing hospital IT environments. This article has been indexed from Cyware…
Snapchat Revises AI Privacy Policy Following UK ICO Probe
Instant messaging app Snapchat its artificial intelligence-powered tool under compliance after the U.K. data regulator said it violated the privacy rights of individual Snapchat users. This article has been indexed from Cyware News – Latest Cyber News Read the original…
Set of Bugs Puts Software Company and IoT Device Makers Into Motion
Cybersecurity researchers and Internet of Things (IoT) technology companies say they worked together to eliminate four software vulnerabilities that could have given malicious hackers deep access to networks. This article has been indexed from Cyware News – Latest Cyber News…
Exploring the Depths of SolarMarker’s Multi-tiered Infrastructure
The core of SolarMarker’s operations is its layered infrastructure, which consists of at least two clusters: a primary one for active operations and a secondary one likely used for testing new strategies or targeting specific regions or industries. This article…
Authelia: Open-Source Authentication and Authorization Server
Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests. This article has been indexed from Cyware News – Latest…
100 Groups Urge Feds to Put UHG on Hook for Breach Notices
Over 100 medical associations and industry groups, representing thousands of U.S. doctors and healthcare professionals, have urged the HHS to hold Change Healthcare accountable for breach notifications following a massive February ransomware attack. This article has been indexed from Cyware…
Zoom Adds ‘Post-Quantum’ Encryption for Video Conferencing
To enable E2EE, all meeting participants must join from the Zoom desktop or mobile app. While those hosting a meeting on a free account can use E2EE, they will still need to verify their phone number via an SMS-delivered code.…
Veeam Warns of Critical Backup Enterprise Manager Auth Bypass Bug
?Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM). This article has been indexed from Cyware News – Latest Cyber News Read the…
New ‘Siren’ Mailing List Aims to Share Threat Intelligence for Open Source Projects
The Open Source Security Foundation (OpenSSF) announced a new email mailing list named Siren that aims to spread threat intelligence related to open-source projects. It will be publicly viewable and will only require registration to post on the list. This…
QNAP QTS Zero-Day in Share Feature Gets Public RCE Exploit
An extensive security audit of QNAP QTS, the operating system for the company’s NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed. This article has been indexed from Cyware News – Latest Cyber News Read the…
Void Manticore Launches Destructive Attacks on Albania and Israel
Void Manticore utilizes five different methods to conduct disruptive operations against its victims. This includes several custom wipers for both Windows and Linux, alongside manual deletion of files and shared drives. This article has been indexed from Cyware News –…
Chinese Telco Gear May Get Banned in Germany
Germany is considering banning the use of Huawei and ZTE equipment in its 5G networks due to national security concerns, despite industry opposition and the potential high costs associated with the removal of the Chinese-made technology. This article has been…
Consumers Continue to Overestimate Their Ability to Spot Deepfakes
The Jumio 2024 Online Identity Study reveals that while consumers are increasingly concerned about the risks posed by deepfakes and generative AI, they continue to overestimate their ability to detect these deceptions. This article has been indexed from Cyware News…
CISA Warns of Actively Exploited NextGen Mirth Connect Pre-Auth RCE Vulnerability
The CISA has required federal agencies to update to a patched version of Mirth Connect (version 4.4.1 or later) by June 10, 2024, to secure their networks against active threats. This article has been indexed from Cyware News – Latest…
‘Linguistic Lumberjack’ Flaw in Logging Utility Fluent Bit Impacts Cloud Services
Cybersecurity researchers have discovered a critical vulnerability, dubbed “Linguistic Lumberjack,” in the popular logging and metrics utility Fluent Bit that could allow for denial-of-service (DoS), information disclosure, or remote code execution. This article has been indexed from Cyware News –…
North Korea-Linked Kimsuky APT Attack Targets Victims via Messenger
Researchers at Genians Security Center (GSC) identified the North Korea-linked Kimsuky APT group targeting victims via Facebook Messenger, using fake accounts posing as South Korean officials to deliver malware. This article has been indexed from Cyware News – Latest Cyber…
The Mystery of the Targeted Ad and the Library Patron
An attorney discovered that the mobile ads she saw were reflecting her recent library audiobook borrowing habits, raising concerns about the privacy of library patron data and the potential for targeted advertising based on that information. This article has been…
Cybercriminals Shift Tactics to Pressure More Victims Into Paying Ransoms
Cybercriminals’ new tactics led to a 64% increase in ransomware claims in 2023, driven by a 415% rise in “indirect” incidents and remote access vulnerabilities, pressuring more victims to pay ransoms, according to At-Bay. This article has been indexed from…
Fortinet FortiSIEM Command Injection Flaw (CVE-2023-34992) Deep-Dive
Researchers at Horizon3.ai discovered a critical remote code execution vulnerability (CVE-2023-34992) in Fortinet FortiSIEM, allowing unauthenticated attackers to execute commands as root users and gain access to sensitive information. This article has been indexed from Cyware News – Latest Cyber…
CyberArk Snaps up Venafi for $1.54B to Ramp up in Machine-to-Machine Security
The acquisition will allow CyberArk to expand its capabilities in securing machine-to-machine communications and address the growing attack surface in the cloud-first, AI-driven, and post-quantum world. This article has been indexed from Cyware News – Latest Cyber News Read the…
GitCaught Campaign Leverages GitHub Repositories and Fake Profiles for Malicious Infrastructure
Insikt Group uncovered a sophisticated campaign led by Russian-speaking actors who used GitHub profiles to spoof legitimate software apps and distribute various malware, including Atomic macOS Stealer (AMOS) and Vidar. This article has been indexed from Cyware News – Latest…
Chinese Duo Indicted for Laundering $73m in Pig Butchering Case
Two Chinese nationals have been indicted for their alleged involvement in a multimillion-dollar “pig butchering” investment fraud scheme, where they laundered over $73 million through US financial institutions and cryptocurrency wallets. This article has been indexed from Cyware News –…
Too Many ICS Assets are Exposed to the Public Internet
The enterprise attack surface is rapidly expanding due to the convergence of IT and OT systems, leading to a large number of ICS assets being exposed to the public internet and creating new vulnerabilities that security teams struggle to manage.…
US SEC Approves Wall Street Data Breach Reporting Regs
The SEC has approved new regulations that require broker-dealers and investment firms to notify their clients within 30 days of detecting a data breach, in an effort to modernize and enhance the protection of consumers’ financial data. This article has…
Latrodectus Malware Loader Emerges as Potential Replacement for IcedID
Researchers have observed a surge in email phishing campaigns delivering Latrodectus, a new malware loader believed to be the successor to the IcedID malware, which is capable of deploying additional payloads such as QakBot, DarkGate, and PikaBot. This article has…
The Importance of Access Controls in Incident Response
Adequate IAM policies are essential for incident management tooling to ensure the right people can quickly address issues without being blocked. Authentication verifies a person’s identity, while authorization manages permissions and access levels. This article has been indexed from Cyware…
Kinsing Hacker Group Expands its Cryptoming Botnet Network with More Vulnerability Exploits
The Kinsing hacker group has demonstrated its ability to continuously evolve and adapt, quickly integrating newly disclosed vulnerabilities into its exploit arsenal to expand its cryptojacking botnet across various operating systems and platforms. This article has been indexed from Cyware…
CISA Senior Official Goldstein to Leave Agency in June
Eric Goldstein, the executive assistant director for cybersecurity at the CISA, is leaving the agency in June after playing a crucial role in driving the agency’s secure-by-design initiatives and strengthening partnerships with the private sector. This article has been indexed…
White House Unveils AI Safety Framework for US Workers
The White House unveiled a framework to protect U.S. workers from AI risks, emphasizing health and safety rights, governance, human oversight, and transparency as organizations adopt new technologies. This article has been indexed from Cyware News – Latest Cyber News…
Are All Linux Vendor Kernels Insecure? A New Study Says Yes, but There’s a Fix
A study by CIQ found that Linux vendor kernels, such as those used in Red Hat Enterprise Linux (RHEL), have significant security vulnerabilities due to the backporting process used to maintain stability. This article has been indexed from Cyware News…
Intel Discloses Max Severity Bug in Its AI Model Compression Software
Intel has disclosed a critical vulnerability in its AI model compression software, Intel Neural Compressor, that allows remote attackers to execute arbitrary code on affected systems. This article has been indexed from Cyware News – Latest Cyber News Read the…
Two Students Uncover Security Bug That Could Let Millions Do Their Laundry for Free
Two students at UC Santa Cruz, Alexander Sherbrooke and Iakov Taranenko, discovered a security vulnerability in the API used by CSC ServiceWorks’ mobile app that allows anyone to remotely operate the company’s laundry machines for free. This article has been…
UK Government Publishes AI Cybersecurity Guidance
The UK government has released guidance to help AI developers and vendors protect their AI models from hacking and potential sabotage, with the goal of transforming this guidance into a global standard to promote security by design in AI systems.…
Researchers Report High-Impact Cat-Phishing Targeting Users
HP’s new report reveals that cybercriminals are increasingly using “cat-phishing” techniques, exploiting open redirects in legitimate websites to deceive users and deliver malware. This article has been indexed from Cyware News – Latest Cyber News Read the original article: Researchers…
CISA Issues Guidance to Help Federal Agencies Better Encrypt DNS Traffic
The CISA has issued new guidance to help federal civilian agencies better encrypt their Domain Name System (DNS) traffic as part of a broader effort to improve the security posture of their internal networks and meet a zero trust deadline…
CISA Warns of Hackers Exploiting Chrome, EoL D-Link Bugs
CISA has added a high-severity vulnerability (CVE-2024-4761) in Chrome’s V8 JavaScript engine to its ‘Known Exploited Vulnerabilities’ catalog, which is being actively exploited. This article has been indexed from Cyware News – Latest Cyber News Read the original article: CISA…
Norway Recommends Replacing SSL VPN to Prevent Breaches
The Norwegian NCSC recommends organizations replace SSL VPN/WebVPN solutions with more secure alternatives, like IPsec with IKEv2, by 2025 to prevent breaches from repeated vulnerabilities. This article has been indexed from Cyware News – Latest Cyber News Read the original…
Kimsuky Hackers Deploy New Linux Backdoor in Attacks on South Korea
Gomir shares many similarities with GoBear and features direct command and control (C2) communication, persistence mechanisms, and support for executing a wide range of commands. This article has been indexed from Cyware News – Latest Cyber News Read the original…
New Backdoors on a European Government’s Network Appear to be Russian
Researchers with the Slovak cybersecurity firm ESET published a technical analysis on Wednesday of the two backdoors by a suspected Russian threat group, which they named LunarWeb and LunarMail. This article has been indexed from Cyware News – Latest Cyber…
Is an Open-Source AI Vulnerability Next?
The challenges within the AI supply chain mirror those of the broader software supply chain, with added complexity when integrating large language models (LLMs) or machine learning (ML) models into organizational frameworks. This article has been indexed from Cyware News…
SEC to Require Financial Firms to Have Data Breach Incident Plans
The SEC now requires certain financial institutions to have written policies for detecting, addressing, and notifying customers of data breaches involving their personal information. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
OWASP Dep-Scan: Open-Source Security and Risk Audit Tool
OWASP dep-scan is an open-source security and risk assessment tool that analyzes project dependencies to identify vulnerabilities, licensing issues, and potential risks like dependency confusion attacks. This article has been indexed from Cyware News – Latest Cyber News Read the…
New UK System Will See ISPs Benefit From Same Protections as Government Networks
The UK’s NCSC has launched a new “Share and Defend” system that will provide internet service providers with the same malicious domain blocklists used to protect government networks, helping to raise cybersecurity resilience across the country. This article has been…
Cybersecurity Leaders Expect Their SOC Budgets to Grow, KPMG Finds
Cybersecurity leaders expect their security operations center (SOC) budgets to grow by up to 20% over the next two years, with the average annual SOC budget currently standing at $14.6 million, according to a survey conducted by KPMG. This article…
Cloud Security Incidents Make Organizations Turn to AI-Powered Prevention
Organizations are increasingly using AI-powered measures to address the rise in cloud security incidents, as traditional tools struggle to keep up with rapid technological advancements and sophisticated cyber threats. This article has been indexed from Cyware News – Latest Cyber…
FCC Might Require Telecoms to Report on Securing Internet’s BGP Technology
The FCC is proposing to mandate that broadband providers develop BGP security plans and document their use of the Resource Public Key Infrastructure (RPKI) security framework. This article has been indexed from Cyware News – Latest Cyber News Read the…
Critical Git Vulnerability Allows RCE When Cloning Repositories With Submodules
The vulnerability can be exploited on multi-user machines, where an attacker can prepare a local repository to look like a partial clone that is missing an object, causing Git to execute arbitrary code during the clone operation. This article has…
Remote-Access Tools the Intrusion Point to Blame for Most Ransomware Attacks
As per cybersecurity insurance firm At-Bay, remote-access tools, particularly self-managed VPNs from Cisco and Citrix, were the primary intrusion point for most ransomware attacks in 2023, accounting for over 60% of incidents. This article has been indexed from Cyware News…
Cybersecurity Analysis Exposes High-Risk Assets in Power and Healthcare Sectors
Traditional approaches to vulnerability management result in a narrow focus of the enterprise attack surface area that overlooks a considerable amount of risk, according to Claroty. This article has been indexed from Cyware News – Latest Cyber News Read the…
GhostSec Announces Shift in Operations from Ransomware to Hacktivism
The cybercriminal group GhostSec has shifted from ransomware to hacktivism, stating they’ve gathered enough funds and will now focus on promoting social and political agendas through hacking. This article has been indexed from Cyware News – Latest Cyber News Read…
Unsafe Software Development Practices Persist, Despite CISA’s Push
Despite repeated efforts by the CISA to eliminate common software vulnerabilities, unsafe software development practices continue to persist across the industry, highlighting the challenges in driving change in coding practices. This article has been indexed from Cyware News – Latest…
Threat Actors Misusing Quick Assist in Social Engineering Attacks Leading to Ransomware
Cybercriminals are exploiting Microsoft’s Quick Assist tool to conduct social engineering attacks and deliver ransomware like Black Basta to target users across various industries. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
Us Offers $5 Million for Info on North Korean IT Workers Involved in Job Fraud
The U.S. government is offering a $5 million reward for information on a network of North Korean IT workers who allegedly scammed U.S. companies out of nearly $7 million through a job fraud scheme. This article has been indexed from…
Flaw in Wi-Fi-Standard can Enable SSID Confusion Attacks
A design flaw in the IEEE 802.11 Wi-Fi standard allows attackers to trick victims into connecting to a less secure wireless network than the one they intended to connect to, exposing them to higher risks of traffic interception and manipulation.…
Ongoing Malvertising Campaign leads to Ransomware
Cybercriminals have weaponized popular software tools like WinSCP and PuTTY to deliver ransomware, tricking users into downloading malicious installers that infect their systems with a Sliver beacon and other malicious payloads. This article has been indexed from Cyware News –…
Brothers Arrested for $25 Million Theft in Ethereum Blockchain Attack
Two brothers, Anton Peraire-Bueno and James Pepaire-Bueno, were arrested for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a “first-of-its-kind” scheme. This article has been indexed from Cyware News – Latest…
UK: NCSC to Defend ‘High-Risk’ Political Candidates from Cyberattacks
The Personal Internet Protection (PIP) service aims to provide an additional layer of security to individuals at “high-risk” of cyberattacks like spear-phishing, malware and other threats, ahead of the upcoming election year. This article has been indexed from Cyware News…
Android to Add New Anti-Theft and Data Protection Features
Google is adding new anti-theft and data protection features for Android, including AI-powered screen locks, remote locking, and improved factory reset protection to secure users’ data if devices are lost or stolen. This article has been indexed from Cyware News…
Palo Alto Networks is Buying Security Assets From IBM to Expand Customer Base
Palo Alto Networks is acquiring IBM’s QRadar cloud security software assets and migrating existing customers to its own Cortex XSIAM platform, as part of a broader partnership that will give Palo Alto access to consultants and a larger customer base.…
Researchers Discover 11 Vulnerabilities in GE Ultrasound Devices
Researchers identified 11 security flaws in certain GE HealthCare ultrasound devices, including the Invenia ABUS 2.0, that could allow malicious actors with physical access to the devices to implant ransomware or access and manipulate patient data. This article has been…
Cyber Trust Label Could be in Place by End of the Year, White House Says
The Biden administration plans to have consumer devices labeled with the U.S. Cyber Trust Mark on store shelves by the end of 2024, to help consumers understand security and encourage manufacturers to include basic digital defenses. This article has been…
Apple and Google Join Forces to Stop Unwanted Tracking
Apple and Google have joined forces to develop an industry specification that will allow users across iOS and Android to be alerted if a Bluetooth tracking device is being used to unknowingly track their location. This article has been indexed…
Scammers Fake DocuSign Templates to Blackmail & Steal From Companies
Cybercriminals are exploiting the popularity of DocuSign by creating and selling fake email templates and login credentials to enable phishing attacks, blackmail, and business email compromise against targeted companies. This article has been indexed from Cyware News – Latest Cyber…
Google Patches Third Exploited Chrome Zero-Day in a Week
Google has released an emergency security update for Chrome to address the third zero-day vulnerability exploited in attacks within a week, highlighting the ongoing challenges in securing the popular web browser against sophisticated cyber threats. This article has been indexed…
Alkira Raises $100M in Series C Funding to Simplify, Secure and Scale Critical Network Infrastructure
Alkira, a leader in on-demand network infrastructure as-a-service, has raised $100 million in Series C funding to further expand its innovative platform that simplifies, secures, and scales critical network infrastructure for enterprises. This article has been indexed from Cyware News…
Tornado Cash Co-Founder Convicted of Laundering $1.2 Billion by Dutch Court
The co-founder of the cryptocurrency anonymizing service Tornado Cash, Alexey Pertsev, was convicted by a Dutch court of money laundering $1.2 billion and sentenced to five years and four months in prison. This article has been indexed from Cyware News…
Adobe Fixed Multiple Critical Flaws in Acrobat and Reader
Adobe patched 35 security vulnerabilities across a range of its products, including Acrobat, Reader, Illustrator, Substance 3D Painter, Aero, Animate, FrameMaker, and Dreamweaver. This article has been indexed from Cyware News – Latest Cyber News Read the original article: Adobe…
Unmasking a Cyberattack that Targets Meta Business Accounts
The phishing campaign uses a multi-step process to steal account information, including the user’s Meta business email, page name, owner details, financial information, and ultimately the account password. This article has been indexed from Cyware News – Latest Cyber News…
Russia-Linked Threats to Operational Technology
Russia-linked APT groups pose a significant threat to OT environments, as demonstrated by their recent attacks targeting critical infrastructure in Ukraine and its allies, with the potential for further disruption and long-term espionage operations. This article has been indexed from…
Cyber Pros Weigh an Intel-Sharing Quandary: What To Share When Attacks Hit Close to Home
Cybersecurity professionals face a dilemma: sharing information after an attack can prevent future incidents, but businesses often hesitate due to fears of litigation, customer inquiries, and reputational harm. This article has been indexed from Cyware News – Latest Cyber News…
SIEM Stalwart LogRhythm to Merge With Exabeam
LogRhythm, a leading SIEM (Security Information and Event Management) company, is merging with Exabeam, another prominent SIEM player, in a move that aims to create a stronger, AI-driven security operations leader in the market. This article has been indexed from…
FBI Seizes Criminal Site BreachForums
The FBI and the DOJ have seized control of the BreachForums hacking forum, which was a marketplace for cybercriminals to buy, sell, and trade stolen data and other illegal services, and are now investigating the forum and its admins. This…
How Scammers Hijack Your Instagram
Scammers exploit Instagram’s influencer program to hijack users’ accounts by hacking into them, posting about cryptocurrencies, and then tricking victims into providing their login credentials to “vote” for the scammer’s fake influencer contest. This article has been indexed from Cyware…
A Cost-Effective Encryption Strategy Starts With Key Management
A cost-effective encryption strategy starts with effective key management, which involves making critical decisions about where to store encryption keys, how to manage them, and how to prepare for the post-quantum future. This article has been indexed from Cyware News…
FTC Fires ‘Shot Across the Bow’ at Automakers Over Connected-Car Data Privacy
The FTC issued a strong warning to automakers about their data collection and sharing practices, particularly regarding the sale of sensitive geolocation data, and emphasized that it will take enforcement action to protect consumer privacy. This article has been indexed…
Report: Data Breaches in US Schools Exposed 37.6M Records
According to Comparitech, data breaches in US schools have exposed over 37.6 million records since 2005, with a significant surge in 2023 due to vulnerabilities in the MOVEit file transfer software affecting over 800 institutions. This article has been indexed…
SideCopy APT Campaign Found Targeting Indian Universities
Active since May 2023, the SideCopy APT campaign targets university students through sophisticated infection chains involving malicious LNK files, HTAs, and loader DLLs disguised as legitimate documents. This article has been indexed from Cyware News – Latest Cyber News Read…
CISA, FBI, and DHS Unveil Cybersecurity Guide For Civil Society Groups
The publication Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society is designed to provide high-risk communities with actionable steps to bolster their cybersecurity defenses. This article has been indexed from Cyware News – Latest Cyber News Read the…
Australia: AFL Players Call for Data Protection Overhaul as Concerns Include Drug Test Results
AFL players are concerned about the risk of their personal and sensitive information, such as drug test results and psychologist session notes, being leaked onto the dark web due to inadequate data protection measures. This article has been indexed from…
NIST Issues New Guidelines on Protecting Unclassified Data in Government Systems
The NIST issued new guidelines to help federal agencies and their private sector contractors better protect sensitive unclassified information, known as Controlled Unclassified Information (CUI), from cyber threats, particularly supply chain risks. This article has been indexed from Cyware News…