Amazon has confirmed that some employee data was accessed last year, presumably as part of the huge MOVEit hacking campaign. A hacker recently revealed on the BreachForums cybercrime forum that they had stolen Amazon employee information, such as names,…
Tag: CySecurity News – Latest Information Security and Hacking Incidents
Reimagining Healthcare with Synthetic Data
It has been espoused in the generative AI phenomenon that the technology’s key uses would include providing personalized shopping experiences for customers and creating content. Nonetheless, generative AI can also be seen to be having a very real impact…
Gmail Alert: Massive Phishing Campaign Spreads Rhadamanthys Malware
Cybersecurity experts have issued a new warning about a large-scale phishing attack targeting Gmail users worldwide. Researchers at Check Point have uncovered the threat, which uses fake Gmail accounts to send emails impersonating well-known companies. These fraudulent messages claim…
Phishing Scams use Microsoft Visio Files to Steal Information
The latest phishing attacks involve users being victimised in private information scams through the use of Microsoft Visio files. According to a security firm called Perception Point, the trick mainly involves using the .vsdx file extension, used for business…
Hot Topic Data Breach Exposes Private Data of 57 Million Users
Have I Been Pwned warns that an alleged data breach compromised the private data of 56,904,909 Hot Topic, Box Lunch, and Torrid users. Hot Topic is an American retail franchise that specialises in counterculture-themed clothes, accessories, and licensed music…
Addressing AI Risks: Best Practices for Proactive Crisis Management
An essential element of effective crisis management is preparing for both visible and hidden risks. A recent report by Riskonnect, a risk management software provider, warns that companies often overlook the potential threats associated with AI. Although AI offers…
Volt Typhoon rebuilds malware botnet following FBI disruption
There has recently been a rise in the botnet activity created by the Chinese threat group Volt Typhoon, which leverages similar techniques and infrastructure as those previously created by the group. SecurityScorecard reports that the botnet has recently made…
New TSA Rules to Boost Cybersecurity in Transport
The Transportation Security Administration recently unveiled a proposed rule that would permanently codify cybersecurity reporting requirements in certain segments of U.S. transportation, including pipelines and railroads. This change is set to be permanent after the agency introduced temporary reporting requirements…
Chrome Extensions Continue to Pose a Threat, Even With Google’s Manifest V3
Users have always found browser extensions to be a useful tool for increasing productivity and streamlining tasks. They have, however, become a prime target for malicious actors attempting to exploit flaws, impacting both individual users and companies. Despite efforts…
Texas Oilfield Supplier Operations Impacted by Ransomware Incident
About two months before the Newpark Resources attack, oilfield services giant Halliburton had been afflicted with a cyberattack that it then disclosed in a regulatory filing, which occurred about two months earlier. Last week, Halliburton, the world’s largest energy…
WHO and Global Leaders Warn Against Rise of Ransomware Attacks Targeting Hospitals
On November 8, the World Health Organization (WHO) joined over 50 countries in issuing an urgent warning at the United Nations about the increase in ransomware attacks on healthcare systems worldwide. WHO Director-General Tedros Adhanom Ghebreyesus addressed the UN…
Critical Security Flaw in SEIKO EPSON Devices Allows Unauthorized Access
A recent security vulnerability identified as CVE-2024-47295 poses a serious risk for several SEIKO EPSON devices, potentially granting attackers administrative control. This vulnerability stems from a weak initial password setup within SEIKO EPSON’s Web Config software, which manages network…
North Korean Hackers Employ macOS Malware to Target Crypto Firms
BlueNoroff, a North Korean threat actor, has been attacking crypto firms with a new multistage malware for macOS systems. According to the researchers, the campaign is known as Hidden Risk, and it lures victims with emails that include fake…
Global Companies Targeted by “CopyR(ight)hadamantys” Phishing Scam Using Advanced Infostealer Malware
Hundreds of organizations worldwide have recently fallen victim to a sophisticated spear-phishing campaign, where emails falsely claiming copyright infringement are used to deliver an advanced infostealer malware. Since July, Check Point Research has tracked the distribution of these emails…
Supreme Court Weighs Shareholder Lawsuit Against Meta Over Data Disclosure
The U.S. Supreme Court is deliberating on a high-stakes shareholder lawsuit involving Meta (formerly Facebook), where investors claim the tech giant misled them by omitting crucial data breach information from its risk disclosures. The case, Facebook v. Amalgamated Bank,…
Browser Warning: Fake Websites Steal Millions from Users
Cyber scammers give new warnings as they do not stop scamming unsuspecting web shoppers through a new phishing campaign posing to be online stores. Many of these fake stores Google has removed from its search results, but links remain…
Veeam RCE Bug Now a Target for Frag Ransomware Operators
Recently, a critical VBR (Veeam Backup & Replication) security flaw was exploited by cyber thieves to distribute Frag ransomware along with the Akira and Fog ransomware attacks. Florian Hauser, a security researcher with Code White, has discovered that the…
600 Million Daily Cyberattacks: Microsoft Warns of Escalating Risks in 2024
Microsoft emphasized in its 2024 annual Digital Defense report that the cyber threat landscape remains both “dangerous and complex,” posing significant risks to organizations, users, and devices worldwide. The Expanding Threat Landscape Every day, Microsoft’s customers endure more than 600…
Hacker Claims to Publish Nokia Source Code
The Finnish telecoms equipment firm Nokia is looking into the suspected release of source code material on a criminal hacking site. See also: Gartner Market Guide for DFIR Retainer Services. An attacker going by the handle “IntelBroker,” who is…
Cyberattack Impacts Georgia Hospital, Colorado Pathology Services
The number of hospitals that have been affected by ransomware, business email compromise, and other cyber threats is increasing across all sectors, from small community hospitals such as Memorial Hospital and Manor in Bainbridge, Georgia, to those with a…
How to Prevent a Ransomware Attack and Secure Your Business
In today’s world, the threat of cyberattacks is an ever-present concern for businesses of all sizes. The scenario of receiving a call at 4 a.m. informing you that your company has been hit by a ransomware attack is no…
Growing Use of Winos4.0 Toolkit Poses New Threat to Windows Users
Advanced hacking toolkit Winos4.0 spreads across the globe, security experts warn. Originally reported by Trend Micro, this new toolkit-just like known kits Cobalt Strike and Sliver-was connected to a string of recent cyber attacks in China, having initially spread…
Windows PCs at Risk as SteelFox Malware Targets Driver Vulnerabilities
Several experts have warned that hackers are using malware to attack Windows systems with the intention of mining cryptocurrency and stealing sensitive information from their devices. The latest Kaspersky Security Report claims to have spotted tens of thousands of…
Game Emulation: Keeping Classic Games Alive Despite Legal Hurdles
For retro gaming fans, playing classic video games from decades past is a dream, but it’s tough to do legally. This is where game emulation comes in — a way to recreate old consoles in software, letting people play vintage…
ZKP Emerged as the “Must-Have” Component of Blockchain Security.
Zero-knowledge proof (ZKP) has emerged as a critical security component in Web3 and blockchain because it ensures data integrity and increases privacy. It accomplishes this by allowing verification without exposing data. ZKP is employed on cryptocurrency exchanges to validate…
How to Protect Your Brand from Malvertising: Insights from the NCSC
Advertising is a key driver of revenue for many online platforms. However, it has also become a lucrative target for cybercriminals who exploit ad networks to distribute malicious software, a practice known as malvertising. The National Cyber Security Centre (NCSC)…
Chinese Botnet Quad7 Targets Global Organizations in Espionage Campaign
Microsoft has unveiled a sweeping cyber threat posed by a sophisticated Chinese botnet, Quad7, targeting organizations worldwide through advanced password spray attacks. Operated by a group identified as Storm-0940, this campaign primarily aims at high-value entities, including think tanks, government…
Google Cloud to Enforce Multi-Factor Authentication for Enhanced Security in 2025
As part of its commitment to protecting users’ privacy, Google has announced that by the end of 2025, all Google Cloud accounts will have to implement multi-factor authentication (MFA), also called two-step verification. Considering the sensitive nature of cloud…
Fake Invoices Spread Through DocuSign’s API in New Scam
Cyber thieves are making use of DocuSign’s Envelopes API to send fake invoices in good faith, complete with names that are giveaways of well-known brands such as Norton and PayPal. Because these messages are sent from a verified domain…
FBI Cautioned Gmail Users Regarding Cookie Theft
The FBI has warned users of popular email providers such as Gmail, Outlook, Yahoo, and AOL regarding a surge in online criminal activity that compromises email accounts, including those secured by multifactor authentication (MFA). Online criminals lure people into…
Cisco Fixes Critical CVE-2024-20418 Vulnerability in Industrial Wireless Access Points
Cisco recently disclosed a critical security vulnerability, tracked as CVE-2024-20418, that affects specific Ultra-Reliable Wireless Backhaul (URWB) access points used in industrial settings. These URWB access points are essential for maintaining robust wireless networks in environments like manufacturing plants,…
How OpenAI’s New AI Agents Are Shaping the Future of Coding
OpenAI is taking the challenge of bringing into existence the very first powerful AI agents designed specifically to revolutionise the future of software development. It became so advanced that it could interpret in plain language instructions and generate complex…
Big Tech’s Data-Driven AI: Transparency, Consent, and Your Privacy
In the evolving world of AI, data transparency and user privacy are gaining significant attention as companies rely on massive amounts of information to fuel their AI models. While Big Tech giants need enormous datasets to train their AI systems,…
Check Point Uncover Pakistan-Linked APT36’s New Malware Targeting Indian Systems
Pakistan’s APT36 threat outfit has been deploying a new and upgraded version of its core ElizaRAT custom implant in what looks to be an increasing number of successful assaults on Indian government agencies, military entities, and diplomatic missions over…
Why Small Businesses Are Major Targets for Cyberattacks and How to Defend Against Them
Recent research by NordPass and NordStellar, backed by NordVPN, has shed light on small private businesses being prime targets for cybercriminals. After analyzing around 2,000 global data breaches over two years, they found that retail and technology sectors, particularly…
Operation Synergia II: A Global Effort to Dismantle Cybercrime Networks
In an unprecedented move, Operation Synergia II has significantly strengthened global cybersecurity efforts. Led by INTERPOL, this extensive operation focused on dismantling malicious networks and thwarting cyber threats across 95 countries. Spanning from April to August 2024, the initiative marks…
UIUC Researchers Expose Security Risks in OpenAI’s Voice-Enabled ChatGPT-4o API, Revealing Potential for Financial Scams
Researchers recently revealed that OpenAI’s ChatGPT-4o voice API could be exploited by cybercriminals for financial scams, showing some success despite moderate limitations. This discovery has raised concerns about the misuse potential of this advanced language model. ChatGPT-4o, OpenAI’s latest…
Columbus Data Breach Affects 500,000 in Recent Cyberattack
In July, a ransomware attack on Columbus, Ohio, compromised the personal information of an estimated 500,000 residents, marking one of the largest cyber incidents to affect a city in the United States in recent years. There has been great…
Digital Arrest: How Even The Educated Become Victims
One of the most alarming trends in recent times is the surge in digital arrest scams, particularly in India. These scams involve cybercriminals impersonating law enforcement officials to extort money from unsuspecting victims. Cybersecurity threats are rapidly escalating in India,…
JPCERT Explains How to Identify Ransomware Attacks from Windows Event Logs
Japan Computer Emergency Response Team (JPCERT/CC) has published guidance on early identification of ransomware attacks in the system using Windows Event Logs. Probably by reviewing these logs, firms would identify some signs or clues of an existing ransomware attack…
UK Watchdog Urges Data Privacy Overhaul as Smart Devices Collect “Excessive” User Data
A new study by consumer group Which? has revealed that popular smart devices are gathering excessive amounts of personal data from users, often beyond what’s required for functionality. The study examined smart TVs, air fryers, speakers, and wearables, rating…
The Growing Concern Regarding Privacy in Connected Cars
Data collection and use raise serious privacy concerns, even though they can improve driving safety, efficiency, and the whole experience. The automotive industry’s ability to collect, analyse, and exchange such data outpaces the legislative frameworks intended to protect individuals.…
NCSC Unveils “Pigmy Goat” Malware Targeting Sophos Firewalls in Advanced Chinese Cyberattack
The National Cyber Security Centre (NCSC) recently disclosed the presence of a Linux malware, “Pigmy Goat,” specifically designed to breach Sophos XG firewall devices. This malware, allegedly developed by Chinese cyber actors, represents a significant evolution in network infiltration…
Gmail Under Attack: Secure a Backup Account
Having access to a Gmail account in the present world is rather dangerous because hackers create new ways of penetrating the account, even if it at times employs a 2FA security feature. While methods like passkey sign-ins and secure…
Researchers Develop Blockchain-Based Federated Learning Model to Boost IoT Security
In a groundbreaking development for Internet of Things (IoT) security, a team of researchers led by Wei Wang has introduced a novel distributed federated intrusion detection system. The study, published in Frontiers of Computer Science and co-published by Higher…
Crypto Bull Market Targeted: The Lottie-Player Security Breach
In an alarming development for the tech community, especially for those immersed in the Web3 ecosystem, a supply chain attack has targeted the popular animation library, Lottie-Player. If users fall for this prompt, it could enable attackers to drain cryptocurrency…
Facebook, Nvidia Push SCOTUS to Limit Investor Lawsuits
The US Supreme Court is set to take two landmark cases over Facebook and Nvidia that may rewrite the way investors sue the tech sector after scandals. Two firms urge the Court to narrow legal options available for investment…
New Flaws in Fortinet, SonicWall, and Grafana Pose Significant Threats
Cyble Research and Intelligence Labs (CRIL) has discovered new IT vulnerabilities that affect Fortinet, SonicWall, Grafana Labs, and CyberPanel, among others. The report for the week of October 23-29 identifies seven security flaws that require immediate attention from security…
How to Protect Yourself Against Phishing Extortion Scams Involving Personal Data
Imagine receiving an email with a photo of your house, address, and a threatening message that seems ripped from a horror movie. Unfortunately, this is the reality of modern phishing scams, where attackers use personal information to intimidate victims…
LightSpy Update Expands Surveillance on iOS Devices
It has been discovered that a newer version of LightSpy spyware, commonly used to target iOS devices, has been enhanced with the capability to compromise the security and stability of the device. LightSpy for macOS was first discovered by…
Scammers Impersonate Thunder Bay RCMP in New Phone Spoofing Scheme
Phone number of the RCMP used in scams across Thunder Bay. The local Royal Canadian Mounted Police detachment is warning residents of Thunder Bay about a phone scam. Scammers are spoofing the official RCMP number, 807-623-2791, which will have…
Rising Bank Fraud: Steps You Can Take to Safeguard Your Money
Bank fraud is becoming an increasingly serious issue, with cybercriminals devising new tactics to access people’s bank accounts. In 2023, global losses from bank fraud reached nearly $500 billion, according to the 2024 NASDAQ Global Financial Crimes Report. As…
Tech Expert Warns AI Could Surpass Humans in Cyber Attacks by 2030
Jacob Steinhardt, an assistant professor at the University of California, Berkeley, shared insights at a recent event in Toronto, Canada, hosted by the Global Risk Institute. During his keynote, Steinhardt, an expert in electrical engineering, computer science, and statistics,…
Advanced Persistent Teenagers: A Rising Security Threat
If you ask some of the field’s top cybersecurity executives what their biggest concerns are, you might not expect bored teenagers to come up. However, in recent years, this totally new generation of money-motivated hackers has carried out some…
Balancing Act: Russia’s New Data Decree and the Privacy Dilemma
Data Privacy and State Access Russia’s Ministry of Digital Development, Communications, and Mass Media has introduced a draft decree specifying the conditions under which authorities can access staff and customer data from businesses operating in Russia, according to Forbes. The…
Securing Generative AI: Tackling Unique Risks and Challenges
Generative AI has introduced a new wave of technological innovation, but it also brings a set of unique challenges and risks. According to Phil Venables, Chief Information Security Officer of Google Cloud, addressing these risks requires expanding traditional cybersecurity…
Bitdefender’s Perspective on Weaponized AI and Its Impact on Cybersecurity
Taking cybersecurity seriously is one of the biggest things users can do to protect their company from cyberattacks. While discussing with Bogdan “Bob” Botezatu, Director of Threat Research at Bitdefender, to get a deeper understanding of what is happening…
Cambodia-Based Cybercriminals Exploit Digital Arrest Scam on Indian Victims
Human traffickers, according to a report by India Today, are luring Indian citizens to Cambodia, offering them job opportunities, and then coercing them into committing thousands of dollars worth of online financial fraud and cyber crimes. A growing number…
Meta Struggles to Curb Misleading Ads on Hacked Facebook Pages
Meta, the parent company of Facebook, has come under fire for its failure to adequately prevent misleading political ads from being run on hacked Facebook pages. A recent investigation by ProPublica and the Tow Center for Digital Journalism uncovered…
Behind the Search Bar: How Google Algorithm Shapes Our Perspectives
Search engines like Google have become the gateway to information. We rely on them for everything from trivial facts to critical news updates. However, what if these seemingly neutral tools were subtly shaping the way we perceive the world? According…
Microsoft Warns of Russian Spear-Phishing Campaign Targeting Multiple Organizations
Microsoft Threat Intelligence has discovered a new attack campaign by Russian hacker group Midnight Blizzard, targeted at thousands of users from over 100 organisations. The attack uses spear-phishing emails that contain RDP configuration files, allowing perpetrators to connect to…
Cybersecurity and AI Challenges: How Companies Must Evolve to Stay Secure and Competitive
Cybersecurity remains a big concern, with a recent study from DataDome showing that 91% of websites are at risk from bot attacks. The study looked at over 14,000 sites in industries like healthcare, luxury goods, and e-commerce, revealing that…
Redline And Meta Infostealers Targeted in Operation Magnus
The Dutch National Police claimed on Monday that they had secured “full access” to all servers employed by the Redline and Meta infostealers, two of the most common cybercrime tools on the internet. Infostealer malware is a major cybersecurity…
Strava’s Privacy Flaws: Exposing Sensitive Locations of Leaders and Users Alike
Strava, a popular app for runners and cyclists, is once again in the spotlight due to privacy concerns. Known for its extensive mapping tools, Strava’s heatmap feature can inadvertently expose sensitive locations, as recently highlighted by a report from…
Cybersecurity Beyond Phishing: Six Underrated Threats
Cybercriminals are continually developing new methods to exploit vulnerabilities, and even the most tech-savvy individuals and organizations can find themselves at risk. While some cyberattacks like phishing and malware are well-known, several lesser-known but equally dangerous threats require attention. This…
FBI Warns of Cybercriminals Stealing Cookies to Bypass Security
Cybercriminals are now targeting cookies, specifically the “remember-me” type, to gain unauthorized access to email accounts. These small files store login information for ease of access, helping users bypass multi-factor authentication (MFA). However, when a hacker obtains these cookies,…
Windows Recall Release Pushed Back, Microsoft Sets December Date
Once again, Microsoft has delayed the rollout of its controversial Recall feature for Copilot Plus PCs, which had been planned for December. It had been planned that the software giant would begin testing Recall with Windows Insiders in October,…
Critical Security Vulnerability Found in LiteSpeed Cache Plugin: Urgent Update Advised for WordPress Users
A significant security flaw has been uncovered in the LiteSpeed Cache plugin, used by over 6 million WordPress sites, which could allow unauthorized visitors to gain administrator-level access. The vulnerability stems from a weakness in the plugin’s role simulation…
Chenlun’s New Phishing Schemes Target Big-Name Brands
A new phishing campaign unveiled by researchers from DomainTools is a phishing campaign on the go, deceiving users via fake text messages. The messages masquerade as trusted brands like Amazon to get the targets to give away sensitive data.…
Hacking Contest: How QNAP Overcame Critical Zero-Day Flaws
One recent event that highlights the relentless pace of this digital arms race is QNAP’s swift action to patch a second zero-day vulnerability. QNAP has addressed a second zero-day vulnerability that was exploited by security researchers during the recent Pwn2Own hacking…
Malvertising Campaign Hijacks Facebook Accounts to Propagate SYS01stealer
A new malvertising effort is using Meta’s advertising network to disseminate the SYS01 infostealer, a cybersecurity issue known to Meta and specifically Facebook users for collecting personal information. What distinguishes this attack is that it targets millions of people…
Business Email Compromise Soars in Q3 2024 as Cybercriminals Refine Tactics: VIPRE Report
Global cybersecurity provider VIPRE Security Group has published its Q3 2024 Email Threat Trends Report, revealing an alarming rise in business email compromise (BEC) and highlighting the evolving techniques cyber criminals are using to deceive employees and breach corporate…
ARPANET to Internet The First Connection That Changed the World
There have been sixty-four years since two men sent the first packet-switched data across a telephone line, and this was the birth of the Internet. To exchange information with each other, Charley Kline and Bill Duvall came up with the…
CrossBarking Exploit in Opera Browser Exposes Users to Extensive Risks
A new browser vulnerability called CrossBarking has been identified, affecting Opera users through “private” APIs that were meant only for select trusted sites. Browser APIs bridge websites with functionalities like storage, performance, and geolocation to enhance user experience. Most…
How Incogni Helps Protect Your Digital Privacy and Reduces Spam
Managing unwanted spam messages, calls, and emails has become a necessary part of online life today. Beyond annoyance, these can lead to identity theft, financial fraud, and other issues. Much of this activity is driven by advertisers and marketing…
India Cracks Down on Cybercrime with Warning Against Illegal Payment Gateways
In a sweeping move to combat organized cybercrime, India’s Ministry of Home Affairs (MHA), through the Indian Cybercrime Coordination Center (I4C), has issued a stark warning about illegal payment gateways reportedly run by transnational cyber criminals. These illicit gateways—PeacePay,…
Meta Infostealer Malware Network Taken Down by Authorities
In the course of Operation Magnus, the FBI has partnered with various international law enforcement agencies to seize the servers, software, and source code of the RedLine and Meta thieves as part of an investigation into these two cyber-crime…
New Tool Circumvents Google Chrome’s New Cookie Encryption System
A researcher has developed a tool that bypasses Google’s new App-Bound encryption cookie-theft defences and extracts saved passwords from the Chrome browser. Alexander Hagenah, a cybersecurity researcher, published the tool, ‘Chrome-App-Bound-Encryption-Decryption,’ after noticing that others had previously identified equivalent…
Why Ignoring Data Breaches Can Be Costly
Data breaches are now more rampant than ever, exposing passwords and payment details to hackers. You could be getting breach alerts that pop up every so often, warning you that your data has been exposed. It’s a wake-up call on…
Evasive Panda Unfurls Cloud Services Under Siege
Using stolen Web session cookies, Evasive Panda, a China-sponsored hacking team, has unveiled CloudScout, a sleek and professional toolset created to recover data from compromised cloud services. ESET researchers have discovered CloudScout through an investigation into a couple of…
India Faces Rising Ransomware Threat Amid Digital Growth
India, with rapid digital growth and reliance on technology, is in the hit list of cybercriminals. As one of the world’s biggest economies, the country poses a distinct digital threat that cyber-crooks might exploit due to security holes in…
Scammers Use Fake Centrelink Promises to Target Australians Online
Australians have been cautioned about a recent wave of scam websites falsely advertising significant Centrelink payments. These sites promise financial boosts, sometimes hundreds or thousands of dollars, to low-income residents and seniors, exploiting people facing financial challenges. Fraudsters create…
Unofficial Patches Published for New Windows Themes Zero-Day Exploit
Free unofficial fixes are now available for a new zero-day flaw in Windows Themes that allows hackers to remotely harvest a target’s NTLM credentials. NTLM has been extensively exploited in NTLM relay attacks, in which threat actors force susceptible…
Zero-Trust Log Intelligence: Safeguarding Data with Secure Access
Over the years, zero trust has become a popular model adopted by organisations due to a growing need to ensure confidential information is kept safe, an aspect that organisations view as paramount in cybersecurity. Zero-trust is a vital security…
Avoiding Social Media Scams When Recovering a Locked Gmail Account
Losing access to your Gmail account can be a frightening experience, especially given that Gmail is deeply integrated into the online lives of more than 2.5 billion users globally. Unfortunately, the popularity of Gmail has also attracted scammers who…
When and Why to Consider a Data Removal Service
With the risk of data misuse and breaches increasing daily, individuals will be driven to seek reliable methods for securing their online privacy in 2024 to manage these risks. A growing number of privacy solutions are available online now,…
Webflow Sites Employed to Trick Users Into Sharing Login Details
Security experts have warned of an upsurge in phishing pages built with Webflow, a website builder tool, as attackers continue to use legitimate services such as Microsoft Sway and Cloudflare. The malicious campaign targets login credentials for multiple corporate…
Amazon Identified Internet domains Exploited by Russian APT29
The leading advanced persistent threat group in Russia has been phishing thousands of targets in businesses, government agencies, and military institutions. APT29 (also known as Midnight Blizzard, Nobelium, and Cozy Bear) is one of the world’s most prominent threat…
Prometei Botnet: The Persistent Threat Targeting Global Systems
The Prometei botnet, active since at least 2016, continues to pose a persistent threat worldwide by exploiting unpatched software vulnerabilities. First identified in 2020, Prometei has since infected over 10,000 systems across diverse regions, including Brazil, Indonesia, Turkey, and…
India’s New SMS Traceability Rules to Combat Fraud Begin November 1, 2024
Beginning November 1, 2024, Indian telecom providers Airtel, Jio, and Vi will follow a new set of SMS traceability and monitoring guidelines mandated by the Telecom Regulatory Authority of India (TRAI). Aimed at combating cybercrime, these measures seek to…
The Evolution of Phishing Emails: From Simple Scams to Sophisticated Cyber Threats
Phishing emails have undergone significant changes over the past few decades. Once simple and easy to detect, these scams have now evolved into a sophisticated cyber threat, targeting even the most tech-savvy individuals and organizations. Understanding the development of…
NEW Qilin Ransomware Variant Emerges with Improved Evasion Techniques
A much more potent version of the Qilin ransomware has been found, according to cybersecurity experts, showing a new and revamped kind that is ready to attack core systems using advanced encryption along with improved stealth techniques. A Rebranding…
Embargo Ransomware Uses Custom Rust-Based Tools for Advanced Defense Evasion
Researchers at ESET claim that Embargo ransomware is using custom Rust-based tools to overcome cybersecurity defences built by vendors such as Microsoft and IBM. An instance of this new toolkit was observed during a ransomware incident targeting US companies…
UnitedHealth Claims Data of 100 Million Siphoned in Change Healthcare Breach
UnitedHealth has acknowledged for the first time that over 100 million people’s personal details and healthcare data were stolen during the Change Healthcare ransomware assault, making it the largest healthcare data breach in recent years. During a congressional hearing…
Energy Sector Faces Heightened Supply Chain Risks Amid Growing Dependence on IT and Software Vendors
The energy industry is experiencing a sharp increase in supply chain risks, largely driven by its growing reliance on external vendors. According to a recent report, two-thirds of security breaches in this sector now originate from software and IT…
UnitedHealth Confirms 100M Affected in Record-Breaking Change Healthcare Hack
Several hundred million people’s personal information was compromised in a hack of UnitedHealth’s (UNH.N) tech unit Change in February, according to data published by the U.S. health department on its website. That makes it the largest healthcare data breach…
Microsoft: Healthcare Sector Sees 300% Surge in Ransomware Assaults
A Microsoft investigation published earlier this week revealed that ransomware attacks on the healthcare sector are rising and threatening lives. The report, which uses both internal corporate data and external data, shows a 300% spike in ransomware attacks on…
Think You’re Safe? Cyberattackers Are Exploiting Flaws in Record Time
There has been unprecedented exploitation by attackers of vulnerabilities in the software, Mandiant announced. According to the newly released report of the Mandiant cybersecurity firm, after an analysis of 138 exploits published in 2023, on average, in five days…
Massive Data Breach in Mexican Health Care Sector Exposes 5.3 Million Users’ Data
In a significant data breach, Cybernews researchers discovered a 500GB unprotected database from a Mexican health care company on August 26, 2024, exposing sensitive details of approximately 5.3 million people. Information in the leak included names, CURP identification numbers,…
Security Defenses Crippled by Embargo Ransomware
There is a new gang known as Embargo ransomware that specializes in ransomware-as-a-service (RaaS). According to a study by ESET researchers published Wednesday, the Embargo ransomware group is a relatively young and undeveloped ransomware gang. It uses a custom…