AI systems trained to excel at tasks can learn to lie and deceive in order to gain an advantage, posing serious risks to society such as fraud, election tampering, and even the potential loss of human control over AI. This…
Category: Cyware News – Latest Cyber News
Several Vulnerabilities Addressed in Ubuntu 24.04
Ubuntu 24.04 LTS has addressed several security vulnerabilities, including issues in less, Glibc, Curl, GnuTLS, libvirt, and Pillow, which could potentially lead to denial of service or arbitrary code execution. This article has been indexed from Cyware News – Latest…
Scammers are Getting Creative Using Malvertising, Deepfakes, and YouTube
The Avast Q1 2024 Threat Report highlighted a massive surge in social engineering scams, with a staggering 90% of all mobile and 87% of desktop threats falling into this category. This article has been indexed from Cyware News – Latest…
Meet Hackbat: An Open-Source, More Powerful Flipper Zero Alternative
Hackbat is built around a custom PCB and a Raspberry Pi Pico W microcontroller, providing features like Wi-Fi, NFC, RF, microSD storage, USB for keystroke injection, and a display with buttons. This article has been indexed from Cyware News –…
Apple Fixes Safari WebKit Zero-Day Flaw Exploited at Pwn2Own
Apple patched a zero-day vulnerability (CVE-2024-27834) in Safari that was exploited at the Pwn2Own hacking competition. The vulnerability allowed an attacker to bypass Pointer Authentication Codes (PACs) and potentially execute remote code. This article has been indexed from Cyware News…
Ebury Botnet Compromised 400K Linux Servers for Crypto Theft and Financial Gain
The malware modules spread via Ebury are used for various nefarious activities, such as proxying traffic, redirecting HTTP traffic, exfiltrating sensitive information, and intercepting HTTP requests. This article has been indexed from Cyware News – Latest Cyber News Read the…
DeRusha Stepping Down From Federal CISO Role
Chris DeRusha is leaving his position as the federal CISO, a role he has held since January 2021. He is also departing from his role as the deputy national cyber director at the Office of the National Cyber Director (ONCD).…
Singapore Cybersecurity Update Puts Cloud Providers on Notice
The Singapore government has updated its Cybersecurity Act to give its primary cybersecurity agency more power to regulate critical infrastructure and third-party providers, and to require the reporting of cyber incidents. This article has been indexed from Cyware News –…
VMware Fixed Zero-Day Flaws Demonstrated at Pwn2Own2024
VMware addressed four vulnerabilities, including three zero-day flaws demonstrated at the Pwn2Own Vancouver 2024 hacking contest, in its Workstation and Fusion desktop hypervisors. This article has been indexed from Cyware News – Latest Cyber News Read the original article: VMware…
BLint: Open-Source Tool to Check the Security Properties of Your Executables
BLint is a Binary Linter designed to evaluate the security properties and capabilities of executable files. It utilizes LIEF (Library for Executable and Instrumentation Format) for its operations. This article has been indexed from Cyware News – Latest Cyber News…
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
The threat actors then call the impacted users, posing as members of the organization’s IT team, and attempt to socially engineer the users into providing remote access to their computers through the use of legitimate RMM solutions. This article has…
PoC Exploit Released for RCE Zero-Day in D-Link EXO AX4800 Routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. This article has been indexed from Cyware News – Latest Cyber News…
MITRE EMB3D Improves Security for Embedded Devices
The EMB3D model provides a common understanding of cyber threats to embedded devices and the security mechanisms needed to mitigate them. It is based on observations of threat actor activities, security research, and device vulnerability reports. This article has been…
NHS Digital Hints at Exploit Sightings of Arcserve UDP Vulnerabilities
The UK’s National Health Service (NHS) is warning of possible exploitation attempts targeting vulnerabilities in the Arcserve Unified Data Protection (UDP) software, which were disclosed in March and had PoC exploit code released shortly after. This article has been indexed…
Vermont Passes Data Privacy Law Allowing Consumers to Sue Companies
Vermont has passed one of the strongest comprehensive data privacy laws in the country, which includes a provision allowing individuals to sue companies for violating their privacy rights. This article has been indexed from Cyware News – Latest Cyber News…
Apple Backports Fix for Zero-Day Exploited in Attacks to Older iPhones
The flaw is a memory corruption issue in Apple’s RTKit real-time operating system that enables attackers with arbitrary kernel read and write capability to bypass kernel memory protections. This article has been indexed from Cyware News – Latest Cyber News…
Southeast Asian Scam Syndicates Stealing $64 Billion Annually, Researchers Find
Researchers have found that Southeast Asian scam syndicates are stealing an estimated $64 billion annually through various online fraud operations, with the majority of the losses occurring in Cambodia, Laos, and Myanmar. This article has been indexed from Cyware News…
Cyber Insurers Pledge to Help Reduce Ransom Payments
The UK’s NCSC and major insurance associations have partnered to help reduce the profitability of ransomware attacks by providing better support and guidance to victims, encouraging resilience, and promoting alternatives to paying ransoms. This article has been indexed from Cyware…
Google Chrome Emergency Update Fixes Sixth Zero-Day Exploited in 2024
The latest bug is tracked as CVE-2024-4761. It is an out-of-bounds write problem impacting Chrome’s V8 JavaScript engine, which is responsible for executing JS code in the application. This article has been indexed from Cyware News – Latest Cyber News…
Why Tokens are Like Gold for Opportunistic Threat Actors
Tokens are valuable assets for threat actors, as they can be easily obtained through various attack methods and provide unauthorized access to corporate systems without requiring multi-factor authentication. This article has been indexed from Cyware News – Latest Cyber News…
Millions of Messages Distribute LockBit Black Ransomware
The attack chain required user interaction to execute the malicious email attachment, which then initiated a network callout to the Phorpiex botnet infrastructure to download and detonate the LockBit Black ransomware. This article has been indexed from Cyware News –…
Mallox Ransomware Deployed via MS-SQL Honeypot Attack
Upon analyzing Mallox samples, researchers identified two distinct affiliates using different approaches. One focused on exploiting vulnerable assets, while the other aimed at broader compromises of information systems on a larger scale. This article has been indexed from Cyware News…
FCC Reveals Royal Tiger, its First Tagged Robocall Threat Actor
The FCC’s new robocall bad actor classification system, called Consumer Communications Information Services Threat (C-CIST), aims to help authorities identify and track threat actors abusing telecommunications infrastructure. This article has been indexed from Cyware News – Latest Cyber News Read…
FCC Reveals Royal Tiger, its First Tagged Robocall Threat Actor
The FCC’s new robocall bad actor classification system, called Consumer Communications Information Services Threat (C-CIST), aims to help authorities identify and track threat actors abusing telecommunications infrastructure. This article has been indexed from Cyware News – Latest Cyber News Read…
Cybercriminals Steal One-Time Passcodes for SIM Swap Attacks and Raiding Bank Accounts
Cybercriminals are using an automated service called “Estate” to steal one-time passcodes and hijack user accounts, including bank accounts, crypto wallets, and other sensitive services, by tricking them into revealing the codes over the phone. This article has been indexed…
AI’s Rapid Growth Puts Pressure on CISOs to Adapt to New Security Risks
The increased use of AI further complicates CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity, according to a report by Trellix. This article has been indexed from Cyware News – Latest…
Researchers Identify New Campaigns from Scattered Spider
The Scattered Spider, a group of hackers, has been actively attacking the finance and insurance industries worldwide, using tactics like domain impersonation, SIM swapping, and partnering with the BlackCat ransomware group to breach high-value firms. This article has been indexed…
Red Teaming: The Key Ingredient for Responsible AI
Red teaming involves employing ethical hackers to rigorously test AI systems for security and safety issues. It is crucial for developing responsible AI that balances innovation and compliance with ethical standards and regulatory requirements. This article has been indexed from…
In The Shadow Of Venus: Trinity Ransomware’s Covert Ties
Researchers at Cyble discovered a new ransomware variant called Trinity that employs a double extortion technique and shares similarities with the Venus ransomware, suggesting a potential link or common actor behind these two variants. This article has been indexed from…
US and China to Hold Discussions on AI Risks and Security
Biden administration officials lowered expectations about the discussions during a call with reporters, saying the talks were “not focused on promoting any technical cooperation” between the two world superpowers on AI or emerging technologies. This article has been indexed from…
Cyberthreat Landscape Permanently Altered by Chinese Operations, US Officials Say
US officials say that a notorious Chinese hacking operation named Volt Typhoon has permanently altered the cyberthreat landscape by moving beyond traditional nation-state espionage goals and instead aiming to cause disruption and sow societal panic. This article has been indexed…
‘Russian’ Hackers Deface Potentially Hundreds of Local British News Sites
The group published a breaking news story titled “PERVOKLASSNIY RUSSIAN HACKERS ATTACK” on the sites of titles owned by Newsquest Media Group. There is no evidence the story was reproduced in print. This article has been indexed from Cyware News…
How Secure is the “Password Protection” on Your Files and Drives?
Password protection alone is not enough to securely protect files and drives, as it can be easily circumvented, and hardware-based encryption is recommended for robust data security. This article has been indexed from Cyware News – Latest Cyber News Read…
Russian Hackers Hijack Ukrainian TV to Broadcast Victory Day Parade
Russia-aligned hackers hijacked several Ukrainian television channels on Thursday to broadcast a Victory Day parade in Moscow, commemorating the defeat of Nazi Germany in World War II. This article has been indexed from Cyware News – Latest Cyber News Read…
UK’s AI Safety Institute Unveils Platform to Accelerate Safe AI Develo
The platform, called Inspect, is set to pave the way for the safe innovation of AI models, according to the AI Safety Institute and Department for Science, Innovation and Technology (DIST). This article has been indexed from Cyware News –…
Black Basta Ransomware Group’s Worldwide Victim Count Tops 500
The Black Basta ransomware group and its affiliates compromised hundreds of organizations worldwide between April 2022 and May 2024, according to a new report from several US government agencies. This article has been indexed from Cyware News – Latest Cyber…
GoTo Meeting Software Abused to Deploy Remcos RAT via Rust Shellcode Loader
A recent malware campaign was found exploiting the GoTo Meeting software to deploy the Remcos RAT by using DLL sideloading to execute a malicious DLL file named g2m.dll through a Rust-based shellcode loader. This article has been indexed from Cyware…
Researchers Use MITM Attack to Bypass FIDO2 Phishing-Resistant Protection
The passwordless authentication standard FIDO2 has a critical flaw that allows attackers to launch Man-in-the-Middle (MitM) attacks and bypass authentication, gaining access to users’ private areas and potentially removing their registered devices. This article has been indexed from Cyware News…
Nmap 7.95 Released With New OS and Service Detection Signatures
Nmap 7.95 introduces a substantial update with 336 new signatures, expanding the total to 6,036. Notable additions include support for the latest iOS versions 15 & 16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2. This article…
State Attorneys General Implore Congress Not to Preempt Their Privacy Laws
Fifteen state attorneys general on Wednesday called on Congress to prevent new federal comprehensive data privacy legislation from preempting 17 states’ existing or recently passed laws protecting consumer privacy. This article has been indexed from Cyware News – Latest Cyber…
GenAI Enables Cybersecurity Leaders to Hire More Entry-Level Talent
Aroudn 93% of security leaders said public GenAI was in use across their respective organizations, and 91% reported using GenAI specifically for cybersecurity operations, according to Splunk. This article has been indexed from Cyware News – Latest Cyber News Read…
Selfie Spoofing Becomes Popular Identity Document Fraud Technique
Selfie spoofing and document image-of-image fraud have become the most prevalent identity document fraud techniques, with older demographics being targeted at nearly four times the rate, according to Socure. This article has been indexed from Cyware News – Latest Cyber…
Feds, Military Personnel Compete in President’s Cyber Cup Challenge
Artificially Intelligent — a team of four Army servicemembers and one from the Air Force — won the 2024 President’s Cyber Cup Challenge, a five-year-old competition open to federal government and U.S. military personnel. This article has been indexed from…
Malicious Go Binary Delivered via Steganography in PyPI
The malicious package, called “requests-darwin-lite”, was a fork of the popular “requests” Python package. The attacker used the cmdclass feature in the setup.py file to customize the package installation process. This article has been indexed from Cyware News – Latest…
FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX Payloads
The financially motivated group FIN7 has been observed leveraging malicious Google ads that impersonate legitimate brands to deliver NetSupport RAT, highlighting the ongoing threat of malvertising and the abuse of signed MSIX files by cybercriminals. This article has been indexed…
Attack Makes Autonomous Vehicle Tech Ignore Road Signs
Researchers have developed a technique called “GhostStripe” that can exploit the camera-based computer vision systems of autonomous vehicles, causing them to fail to recognize road signs, making it very risky for Tesla and Baidu Apollo vehicles. This article has been…
‘The Mask’ Espionage Group Resurfaces After 10-Year Hiatus
An advanced persistent threat (APT) group that has been missing in action for more than a decade has suddenly resurfaced in a cyber-espionage campaign targeting organizations in Latin America and Central Africa. This article has been indexed from Cyware News…
Telus Acquires Cybersecurity Services Firm Vumetric
Telus announced Tuesday its acquisition of Vumetric Cybersecurity, a Toronto-based cybersecurity provider that specializes in advanced penetration testing designed to identify cyber vulnerabilities and threats to companies across North America. This article has been indexed from Cyware News – Latest…
New LLMjacking Attack Uses Stolen Cloud Credentials to Target Cloud-Hosted AI Models
Sysdig researchers discovered evidence of a reverse proxy for LLMs being used to provide access to the compromised accounts, suggesting a financial motivation. However, another possible motivation is to extract LLM training data. This article has been indexed from Cyware…
Android Remote Access Trojan Equipped to Harvest Credentials
This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices. This includes the icons of Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter). This article has been indexed from…
Update: Thwarted Cyberattack Targeted Library of Congress in Tandem With October British Library Breach
The Library of Congress was targeted in a cyberattack that occurred in parallel with a high-profile intrusion into the British Library in October 2023 but it was a failed attempt, according to internal documents obtained by Nextgov/FCW. This article has…
Report: Global Ransomware Crisis Worsens
According to NTT Security Holdings’ 2024 Global Threat Intelligence report, ransomware and extortion incidents increased by 67% in 2023, with over 5,000 victims detected or posted across social channels, up from 3,000 in 2022. This article has been indexed from…
Ransomware Attacks Impact 20% of Sensitive Data in Healthcare Orgs
Recent cyber incidents demonstrate the healthcare industry continues to be a prime target for ransomware hackers, according to Rubrik. New research by Rubrik Zero Labs reveals that ransomware attacks produce larger impacts against healthcare targets. This article has been indexed…
Monday.com Removes “Share Update” Feature Abused for Phishing Attacks
The phishing emails pretended to come from a “Human Resources” department, asking users to either acknowledge the “organization’s workplace sex policy” or submit feedback as part of a “2024 Employee Evaluation.” This article has been indexed from Cyware News –…
CISA Explains Why it Doesn’t Call Out Tech Vendors by Name
The CISA isn’t inclined to call out technology vendors when their fundamental errors impact customers — officials contend they can make a greater impact by discerning and generalizing those mistakes for a broader audience. This article has been indexed from…
Widely Used Telit Cinterion Modems Open to SMS-based Device Takeover Attacks
The vulnerabilities were found in the Cinterion EHS5-E series modem, but other Telit Cinterion products with similar software and hardware architecture are also likely impacted, including Cinterion BGS5, EHS5/6/7, PDS5/6/8, ELS61/81, and PLS62. This article has been indexed from Cyware…
Citrix Warns Customers to Update PuTTY Version Installed on Their XenCenter System Manually
Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY, a third-party component, for SSH connections to guest VMs. However, PuTTY inclusion was deprecated with XenCenter version 8.2.6, and any versions after 8.2.7 will not include PuTTY. This article…
Regulators are Coming for IoT Device Security
Regulators are increasingly focusing on IoT device security due to the vulnerabilities present in many IoT devices. The lack of expertise among manufacturers in securing connected products has led to significant security risks. This article has been indexed from Cyware…
CISA Starts CVE “Vulnrichment” Program
The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. This article has been indexed from Cyware News…
Cybercriminals are Getting Faster at Exploiting Vulnerabilities
Cybercriminals are exploiting new vulnerabilities at an increasingly rapid pace, with attacks starting on average just 4.76 days after vulnerabilities are publicly disclosed, according to Fortinet. This article has been indexed from Cyware News – Latest Cyber News Read the…
Google Fixes Fifth Chrome Zero-Day Exploited in Attacks This Year
The high-severity issue tracked as CVE-2024-4671 is a “user after free” vulnerability in the Visuals component that handles the rendering and display of content on the browser. This article has been indexed from Cyware News – Latest Cyber News Read…
SocGholish Sets Sights on Victim Peers
The SocGholish malware is targeting enterprises through fake browser update prompts, compromising legitimate websites to deliver malicious payloads that steal sensitive data and establish persistence on infected systems. This article has been indexed from Cyware News – Latest Cyber News…
How Workforce Reductions Affect Cybersecurity Postures
The Cobalt State of Pentesting Report highlights the challenges faced by the cybersecurity industry in balancing the use of AI and protecting against it, amidst significant workforce reductions and resource constraints. This article has been indexed from Cyware News –…
Update: Boeing Confirms Attempted $200 Million Ransomware Extortion Attempt
Boeing confirmed to CyberScoop that it is the unnamed multinational aeronautical and defense corporation referenced in an indictment unsealed Tuesday by the U.S. Department of Justice. This article has been indexed from Cyware News – Latest Cyber News Read the…
Poland Says it was Targeted by Russian Military Intelligence Hackers
Poland’s CERT-PL said on Wednesday that it had observed a large-scale malware campaign, likely carried out by the hacker group APT28, also known as Fancy Bear, associated with Russia’s military intelligence agency, the GRU. This article has been indexed from…
With Nation-State Threats in Mind, Nearly 70 Software Firms Agree to Secure by Design Pledge
The CISA announced the first round of commitments at the RSA Conference on Wednesday, with Director Jen Easterly warning that it was necessary because of widespread hacking campaigns by nation-states like China. This article has been indexed from Cyware News…
Generative AI is a Looming Cybersecurity Threat
Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention. This article has been indexed from Cyware News –…
Security Tools Fail to Translate Risks for Executives
CISOs stress the importance of DevSecOps automation to mitigate risks associated with AI and emphasize the need for modernized security tools to combat evolving cyber threats and comply with regulations. This article has been indexed from Cyware News – Latest…
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Payload Delivery
In the attack chain observed by Juniper Threat Labs, CVE-2023-46805 is exploited to gain access to the “/api/v1/license/key-status/;” endpoint, which is vulnerable to command injection, and inject the payload. This article has been indexed from Cyware News – Latest Cyber…
CISA Extends CIRCIA Rule Comment Period
The CISA will prolong the comment period for new regulations under the Cyber Incident Reporting for Critical Infrastructure Act for another month after requests from the energy and information technology sectors and other industries. This article has been indexed from…
Report: 97% of Organizations Hit by Ransomware Turn to Law Enforcement
According to a new Sophos report, 59% of those organizations that did engage with law enforcement found the process easy or somewhat easy. Only 10% of those surveyed said the process was very difficult. This article has been indexed from…
Fake E-commerce Network Scams $50M from American, European, Australian Shoppers
According to a report by the German cybersecurity firm Security Research Labs GmbH (SRLabs), the BogusBazaar network has attempted to process an estimated $50 million in fake purchases since the operation launched three years ago. This article has been indexed…
Pktstat: Open-Source Ethernet Interface Traffic Monitor
Pktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET, while on other platforms, it employs generic PCAP live wire capture. This article has been indexed from Cyware News – Latest Cyber…
FBI Warns of Gift Card Fraud Ring Targeting Retail Companies
The FBI has issued a warning about a hacking group named Storm-0539 targeting retail companies in the United States through phishing attacks on employees in gift card departments. This article has been indexed from Cyware News – Latest Cyber News…
Ransomware Criminals SIM Swap Executives’ Kids to Pressure Parents
Ransomware infections have morphed into “a psychological attack against the victim organization,” as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant. This article has been indexed from Cyware News – Latest…
US Advances on Cyber Goals Amid Rapidly Changing Threat Environment, White House Says
Despite the progress in improving cybersecurity posture, the United States still faces various threats, including ransomware attacks, cyberattacks on critical infrastructure, and the growing use of artificial intelligence in malicious activities. This article has been indexed from Cyware News –…
Veeam Fixes RCE Flaw in Backup Management Platform
The vulnerability exists due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server during communication between the management agent and its components. This article has been indexed from Cyware News – Latest Cyber News Read…
Two-Thirds of Organizations Failing to Address AI Risks, ISACA Finds
Only a third of organizations are adequately addressing security, privacy and ethical risks with AI, despite surging use of these technologies in the workplace, according to new ISACA research. This article has been indexed from Cyware News – Latest Cyber…
Undetectable Threats Found in F5 BIG-IP Next Central Manager
The two vulnerabilities, an SQL injection flaw (CVE-2024-26026) and an OData injection vulnerability (CVE-2024-21793), could allow attackers to gain admin control and create hidden rogue accounts on managed assets. This article has been indexed from Cyware News – Latest Cyber…
Desperate Taylor Swift Fans Defrauded by Ticket Scams
As reported by the BBC, Lloyds Bank estimates that fans have lost an estimated £1m ($1.25 m) in ticket scams ahead of the UK leg of Taylor Swift’s Eras tour. Roughly 90% of these scams were said to have started…
Blackwell Security Raises $13M in Funding
The healthcare cybersecurity services company intends to use the funds to broaden its offerings, including capabilities such as healthcare threat intelligence and automated response. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
Akamai to Acquire Noname for $450 Million
Noname, one of the top API security vendors in the market, will enhance Akamai’s existing API Security solution and accelerate its ability to meet growing customer demand and market requirements as the use of APIs continues to expand. This article…
BetterHelp to Pay $7.8 Million to 800,000 in Health Data Sharing Settlement
Following an investigation into BetterHelp’s handling of customer data, the FTC revealed in March 2023 that the service collected data without consent from its app users or website visitors, even from people who had not signed up for counseling. This…
Report: Log4J Still Among Top Exploited Vulnerabilities
In a new report, Cato observed that the Log4J exploit represented 30% of the outbound vulnerability exploitations and 18% of the inbound vulnerability exploitations detected in the first quarter of 2024. This article has been indexed from Cyware News –…
Update: MITRE Attributes the Recent Attack to China-linked UNC5221
The attackers exploited two zero-day vulnerabilities in Ivanti Connect Secure to gain initial access to MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE) in late December 2023. This article has been indexed from Cyware News – Latest Cyber News Read…
Ransomware Operations are Becoming Less Profitable
Ransomware operations are experiencing a decline in profitability due to various factors such as increased cyber resilience of organizations, the availability of decryptors, and more frequent law enforcement actions. This article has been indexed from Cyware News – Latest Cyber…
Scattered Spider Group a Unique Challenge for Cyber Cops, FBI Leader Says
Identified by analysts in 2022, the hackers use social engineering to lure users into giving up their login credentials or one-time password codes to bypass multifactor authentication. This article has been indexed from Cyware News – Latest Cyber News Read…
Hackers Exploit LiteSpeed Cache Flaw to Create WordPress Admins
WPScan observed in April increased exploitation activity against WordPress sites with versions of the plugin older than 5.7.0.1, which are vulnerable to a high-severity (8.8) unauthenticated cross-site scripting flaw tracked as CVE-2023-40000. This article has been indexed from Cyware News…
Over 50,000 Tinyproxy Servers Vulnerable to Critical RCE Flaw
A critical remote code execution (RCE) flaw, CVE-2023-49606, was found affecting nearly 52,000 Tinyproxy servers. This vulnerability was disclosed by Cisco Talos in December 2023, impacting versions 1.11.1 and 1.10.0 of Tinyproxy. This article has been indexed from Cyware News…
Law Enforcement Agencies Identified LockBit Ransomware Admin and Sanctioned Him
The FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’, and issued sanctions against him. This article has been indexed from Cyware News – Latest Cyber…
AT&T Splits Cybersecurity Services Business, Launches LevelBlue
AT&T has split its cybersecurity services business to form a new company called LevelBlue. It includes AT&T’s managed security services business, cybersecurity consulting business, and assets from the acquisition of AlienVault in 2018. This article has been indexed from Cyware…
Germany Recalls Ambassador to Russia Over Cyberattacks
Germany has recalled its ambassador to Russia in response to alleged Moscow-backed cyberattacks targeting various sectors in Germany, including defense, aerospace, and IT companies, as well as the German Social Democratic Party. This article has been indexed from Cyware News…
Report: Only 45% of Organizations Use MFA to Protect Against Fraud
A report by Ping Identity highlighted the pressing need for enhanced identity protection strategies, as 97% of organizations struggle with identity verification, and 48% lack confidence in defending against AI-related attacks. This article has been indexed from Cyware News –…
White House in Talks With Industry to Build Legal Framework for Software Liability
The White House is engaging with the tech industry to establish a legal framework for software liability as part of a broader cybersecurity strategy, aiming to incentivize software developers to create products without exploitable security flaws. This article has been…
DBIR: Supply Chain Breaches up 68% Year Over Year
According to Verizon’s latest Data Breach Investigations Report (DBIR), supply chain breaches increased by 68% year-over-year, primarily due to software vulnerabilities exploited in ransomware and extortion attacks. This article has been indexed from Cyware News – Latest Cyber News Read…
Synopsys to Sell its Software Integrity Business to Clearlake Capital and Francisco Partners
After the transaction, the business will operate independently as an application security testing software provider, with the current management team expected to lead the new entity. This article has been indexed from Cyware News – Latest Cyber News Read the…
Dangerous Scammers From the Yahoo Boys Group Operate Openly on Social Media
The Yahoo Boys, a group of scammers primarily based in West Africa, openly operate on various social media platforms like Facebook, WhatsApp, and Telegram, engaging in fraudulent activities that range from romance fraud to business email compromise. This article has…
US Sets Sights on Partnerships to Counter Cyberthreats, Secure AI in New Global Cyber Strategy
The new strategy of the U.S. government aims to defend against cyberattacks on critical infrastructure, prevent surveillance misuses, and promote digital solidarity among global partners. This article has been indexed from Cyware News – Latest Cyber News Read the original…
Krebs, Luber Added to Cyber Safety Review Board
The Cyber Safety Review Board (CSRB) has added four new members, including Chris Krebs, former Director of the CISA, and David Luber, head of the NSA’s Cybersecurity Directorate. This article has been indexed from Cyware News – Latest Cyber News…
Global Fraud Prevention Leader BioCatch Valued at $1.3bn in Permira Takeover
The acquisition will involve Permira buying out shares primarily from Bain Capital Tech Opportunities and Maverick Ventures, while existing shareholders Sapphire Ventures and Macquarie Capital will also increase their stakes in BioCatch. This article has been indexed from Cyware News…