Tag: CySecurity News – Latest Information Security and Hacking Incidents

  Due to fresh Kaspersky research, fraudulent use of the InterPlanetary File System appears to have surged recently. Since 2022, fraudsters have leveraged IPFS for email phishing attacks. IPFS is a peer-to-peer network protocol that allows for the creation of…

Read more →

  Given how widespread malware has become, new “families” of each type are being developed. Qbot, a family of malware that is used to steal data, falls under this category.  Qbot’s history  As is sometimes the case with malware, Qbot…

Read more →

  The Tasmanian Department of Education, Children, and Young People experienced a cyber attack where hackers targeted and breached the third-party file transfer service GoAnywhere MFT. The breach took place last month and the state government confirmed on March 31…

Read more →

  There was a national cyber-security strategy published by the White House on March 2. It contains a list of threats to U.S. networks terrestrially and in space related to Russian and Chinese hackers.  “Evolving intelligence” suggests many options could…

Read more →

Trustwave SpiderLabs security researchers have recently discovered a new malicious browser extension, named Rilide, targeting Chromium-based browsers like Google Chrome, Brave, Opera, and Microsoft Edge.  The malicious activities include monitoring browsing history, taking screenshots and stealing cryptocurrency through scripts injected…

Read more →

  Along with the benefits of emerging generative AI services come new hazards. PassGAN, a sophisticated solution to password cracking, has just emerged. Using the most recent AI, it was able to hack 51% of passwords in under a minute…

Read more →

Smart home devices have become increasingly popular in recent years, promising convenience, efficiency, and security. However, recent cyber security vulnerabilities in the Nexx Garage Door Opener have highlighted the risks of relying too heavily on technology without considering the potential…

Read more →

  MSI (short for Micro-Star International), a Taiwanese PC vendor, revealed today that its network had been compromised in a cyberattack in response to claims of a ransomware attack.  The Money Message ransomware group earlier this week claimed to have…

Read more →

  Malicious code was injected into eFile.com’s server, an online service that assists people with filing tax returns. This resulted in malware being delivered to users’ computers.  It was discovered that the software service, which is authorized by the Internal…

Read more →

APT43, also known as Kimsuky or Thallium, recently exposed by the Mandiant researchers, is a cyberespionage threat group supporting the objectives of the North Korean regime. By conducting credential harvesting attacks and successfully compromising its targets using social engineering, ATP43…

Read more →

As cyber threats continue to evolve, traditional security models are becoming less effective in protecting against them. That’s why many organizations are turning to a zero-trust security model to secure their networks, data, and applications. ‘ Zero trust is a…

Read more →

  A number of cybersecurity businesses, including Microsoft, launched a full-scale legal crackdown on one of the primary hacking tools used by malware criminal groups in their operations. Microsoft, Fortra, and the Health Information Sharing and Analysis Center (H-ISAC) announced…

Read more →

A recent survey conducted by cybersecurity firm Bitdefender highlights the ongoing struggle of organizations to handle data breaches and cybersecurity challenges. The survey revealed that a third of organizations have admitted to covering up data breaches, while 42% of IT…

Read more →

Critical infrastructure refers to physical and digital assets that are crucial for national security, economy, public health, or safety. It can be government or privately owned and includes not only power plants or electricity but also monetary systems.  Cyber attacks…

Read more →

Law enforcement agencies worldwide have dealt a blow to the criminal underworld with the takedown of Genesis Market, a notorious website used to buy and sell stolen data, hacking tools, and other illicit goods and services. The investigation involved coordinated…

Read more →

The developers of ThingsBoard, an open-source platform used for managing IoT devices for various industry sectors have recently patched a flaw that could apparently enable attackers to acquire administrative access to a server and send requests.  The vulnerability, identified as…

Read more →

  A mayor from Australia claimed he would file a lawsuit because of the misleading information advanced chatbot ChatGPT presented.  Mayor of Hepburn Shire Council Brian Hood claims a tool owned by OpenAI falsely claimed he was jailed for bribery…

Read more →

  In its takedown of Genesis Market, a site famous in the cybercriminal realm for selling access to user accounts, the FBI gathered information on possibly tens of thousands of hackers. Senior FBI and Justice Department officials stated in a…

Read more →

  Organizations are constantly bombarded with malicious activity, suffering negative impacts. In the State of Ransomware 2022 report, published by Sophos, a global leader in next-generation cybersecurity, a comprehensive overview of the real-world ransomware experiences of consumers has been provided…

Read more →

Are you a YouTube user? Beware of a new phishing scam that has been making rounds lately! In recent times, YouTube users have been targeted by a new phishing scam. The scammers use an authentic email address from YouTube, which…

Read more →

  According to findings from a security researcher, hackers can remotely tap into a specific brand of smart garage door opener controllers and open them all over the world due to a number of security weaknesses that the firm, Nexx,…

Read more →

  An increasingly popular form of fraud that utilizes legitimate proxyware services to hijack legitimate ones has been identified by threat actors. Some services allow people to sell Internet bandwidth to third parties to make extra money. According to researchers from…

Read more →

Google is implementing a new data policy for Android apps that also includes a setting for account deletion to provide customers with more transparency and control over the data.  The measure would compel app developers to provide users with in-app…

Read more →

  Ichitaro is a widely recognized word processing software in Japan created by JustSystems. Cisco Talos recently discovered four bugs in it that might result in arbitrary code execution. Ichitaro employs the.jtd file extension and the ATOK input method (IME).…

Read more →

Cryptocurrency companies were among the targets of the recent 3CX supply chain attack, according to security researchers. The attack began with the compromise of 3CX, a VoIP provider used by businesses for communication services. Cyber attackers then installed a backdoor…

Read more →

Chatbots have become increasingly popular in recent years, thanks to advancements in artificial intelligence (AI) and natural language processing (NLP). These bots can mimic human conversation and are used in a variety of applications, such as customer service and mental…

Read more →

  It has been confirmed that Greg Wells, Service NSW’s chief executive, said that the personal information of 3,700 customers was left exposed. This incident occurred on March 20 between 1:20 pm and 2:54 pm.  Earlier this week, 3700 affected…

Read more →

US Immigration and Customs Enforcement (ICE) have come under scrutiny for its questionable tactics in data collection that may have violated the privacy of individuals and organizations. Recently, ICE’s use of custom summons to gather data from schools, clinics, and…

Read more →

  Security researchers are concerned about a new ransomware strain that they characterise as a hybrid of the most potent ransomwares currently in use.  Researchers from the Israeli cybersecurity company Check Point named the new ransomware “Rorschach” and claimed their…

Read more →

STYX, a new dark web marketplace is turning into a booming hub for purchasing and selling illicit services or stolen data. STYX is a new dark web marketplace that was launched earlier this year, and it seems to be on…

Read more →

  An ALPHV/BlackCat ransomware affiliate was spotted gaining early access to the target network by abusing three flaws in the Veritas Backup product. The ALPHV ransomware operation first appeared in December 2021, and it is thought to be controlled by…

Read more →

Exploring the World of Cybercrime: Insights from “Inside the Halls of a Cybercrime Business” The world of cybercrime is shrouded in mystery, with many of us left wondering how these criminals operate and how they remain undetected. However, a recent…

Read more →

The Bank of England has taken steps to prepare financial institutions for the possibility of a major cyber attack by instructing them to enhance their defenses. The Bank is concerned that Russian-linked hackers may attempt to destabilize the financial system,…

Read more →

  After Italy became the first Western country to block advanced chatbot ChatGPT on Friday due to a lack of transparency in its data use, Europe is wondering who will follow. Several neighboring countries have already expressed interest in the…

Read more →

  On the threat landscape in recent years, alarming numbers of ransomware groups sprung up. This is just as mushrooms grow from the ground after a shower.  In recent months, an emerging ransomware group called ‘Money Message’ has appeared. This…

Read more →

Pinduoduo, a popular Chinese e-commerce app, has come under scrutiny from cybersecurity experts after multiple reports of malware surfaced. According to CNN, a recent analysis found that the app contained a ‘sophisticated and complex’ malware strain that allowed attackers to…

Read more →

Clearview’s CEO has recently acknowledged the notorious facial recognition database, used by the law enforcement agencies across the nation, that was apparently built in part using 30 billion photos that were illicitly scraped by the company from Facebook and other…

Read more →

  Today, almost every industry is plagued by the fear of catastrophic flaws and dangers supported by nation-states. Cyber threats are understandable in their scope and sophistication. The lucrative nature of ransomware, automation, intellectual property theft, and business email breach…

Read more →

The internet has come a long way since its inception, and it has undergone several changes. The initial version of the internet, known as Web 1.0, was mostly static and one-way, with users only able to consume content. With the…

Read more →

In 2018, a group of men in Maharashtra state of India was tricked into being unwitting participants in a major bank heist. The men, who believed they were being offered small roles in a Bollywood film, were in fact being…

Read more →

A multiple class action class lawsuit has been filed against Dish Network, following a ransomware incident that caused the company’s multi-day “network outage.”  The lawsuit, filed across several states, asserts that DISH “overstated” its operating efficiency while operating with inferior…

Read more →

  Some of the victims of the 3CX supply chain attack had their systems backdoored with Gopuram malware, with threat actors targeting cryptocurrency companies, particularly with this additional malicious payload.  In a large-scale supply chain attack, North Korean threat actors…

Read more →

Penetration testing is a critical component of any cybersecurity program. It involves simulating a real-world attack on an organization’s systems and infrastructure to identify vulnerabilities that can be exploited by hackers. However, traditional penetration testing methods can be time-consuming, labor-intensive,…

Read more →

  In a report, German authorities have seized Internet servers used by FlyHosting, a dark web company that offers DDoS-for-hire services. On November 20, 2022, FlyHosting posted an advertisement on a cybercrime forum to attract customers. The company stated that…

Read more →

  The dark web has developed into a centre for criminal activity in recent years, including human trafficking, cybercrime, and drug trafficking. And now, sources claim that Delhi is quickly becoming a hub for dark web syndicates.  Multiple criminal organisations…

Read more →

Blockchain technology is a digital ledger that is revolutionizing the way we conduct transactions, store data, and manage digital assets. It is a distributed, decentralized system that provides transparency, security, and immutability, making it a perfect fit for various industries. …

Read more →

  Recently, Latitude Financial, a company listed on the Australian Securities Exchange (ASX), reported that it had suffered a cyber attack. The company stated that the attack was believed to have originated from a major vendor used by the company…

Read more →

  LastPass, a password management company, made headlines last month when it revealed that one of their DevOps engineers had his personal home computer hacked and infected with keylogging malware, resulting in the exfiltration of corporate data from the vendor’s…

Read more →

Adaptive Access Technologies: A Dynamic Approach to Security and Agility Adaptive access technologies are gaining traction in the realm of cybersecurity due to their dynamic and intelligent approach to security that can adapt to the ever-changing threat landscape and provide…

Read more →

A recently discovered supply chain attack has targeted the 3CX desktop app, compromising the security of thousands of users. According to reports, the attackers exploited a 10-year-old Windows bug that had an opt-in fix to gain access to the 3CX…

Read more →

The Ukrainian police have detained 10 suspects, arresting two for allegedly being involved in a cybercrime group that conducted phishing campaigns and was a part of fraudulent online marketplaces, stealing more than $4.3 million from over 1,000 users across Europe. …

Read more →

  Microsoft Azure Active Directory (Azure AD) appears vulnerable to a new vulnerability discovered by security researchers. It was discovered that a vulnerability in Bing search results allowed users to alter the results and view users’ private information. This included…

Read more →

  Sundar Pichai, CEO of Alphabet and Google, has announced that the company will soon offer more competent AI models in response to criticism of his ChatGPT rival, Bard.  According to Pichai, Bard is now competing with “more powerful automobiles”…

Read more →

  To perform espionage, an advanced hacking group known as ‘Winter Vivern’ targets European government organizations and telecommunications service providers. Since this group’s activities align with the interests of the Russian and Belarusian governments, it is presumed to be a…

Read more →

NTC Vulkan is a cybersecurity consultancy firm based in Moscow, which appears to offer ordinary cybersecurity services on the surface. However, a recent leak of confidential documents has revealed that the company’s engineers are also involved in the development of…

Read more →

The SafeMoon token liquidity pool lost $8.9 million, after a threat actor took advantage of a recently developed “burn” smart contract function that artificially inflate the token price, enabling the actors to sell SafeMoon at a much higher price.  SafeMoon…

Read more →

On March 31, 2023, several companies reported that their 3CX phone systems had suddenly stopped working. Upon investigation, they found that their systems had been compromised by a malicious software update delivered by 3CX’s automatic update system. In this blog,…

Read more →

Cybersecurity threats are increasing every year, and 2023 is no exception. In February 2023, there was a surge in ransomware attacks, with NCC Group reporting a 67% increase in such attacks compared to January. The attacks targeted businesses of all…

Read more →

  Since February 2023, a Russian hacking group known as TA473, also identified as “Winter Vivern,” has been actively stealing the emails of NATO leaders, governments, soldiers, and diplomats by taking advantage of flaws in unpatched Zimbra endpoints. Sentinel Labs…

Read more →

  It has become increasingly apparent in the past few years that technology has played a significant role to assist hospitals and patients in managing their interactions. This is at a time when healthcare systems are stretched to their limits.…

Read more →

  Proofpoint, a cybersecurity research firm, recently discovered two new variants of the IcedID malware namely “Lite” and “Forked.” The original IcedID malware has been around since 2017 and is commonly used by cybercriminals, but these new versions were only…

Read more →

Although it seems simple in theory, the reality is more nuanced when it comes to privacy. Our experience online has been significantly changed by ongoing technological advancements. Today, we use the internet for more than simply work and study; we…

Read more →

  Researchers at the University of Rochester examined what ChatGPT would write after being asked questions sprinkled with conspiracy theories to determine how the artificial intelligence chatbot would respond.  In recent years, researchers have advised companies to avoid chatbots not…

Read more →

Chatbots are curbing a crucial line of defense against bogus phishing emails by rectifying grammatical and spelling errors, a key attribute to trace fraudulent mails, according to experts.  The warning comes as international advisory published from the law enforcement agency…

Read more →

  Cybersecurity experts are warning about a new threat in the form of trojanized Tor browser installers. The Tor browser is a popular tool used by individuals to browse the internet anonymously. However, cybercriminals have been able to create fake…

Read more →

IBM’s widely used Aspera Faspex has been found to have a critical vulnerability with a 9.8 CVSS rating, which could have serious consequences for organizations using the software. This blog will discuss the vulnerability in detail and the importance of…

Read more →

  The company ByteDance, which owns TikTok’s parent company ByteDance, released Lemon8, a social network app. Lemon8 boasts being one of this week’s top 10 most downloaded apps on the US App Store.  Lemon8 was released in Japan in 2020,…

Read more →

  Threat actors can use a new modular toolkit called ‘AlienFox’ to scan for misconfigured servers and steal authentication secrets and credentials for cloud-based email services. The toolkit is sold to cybercriminals through a private Telegram channel, which has become…

Read more →

  New social media sites are launched on a regular basis. Many of these social platforms gain popularity and then fade away. This begs the question, are there any disadvantages to joining a new social media site? The most straightforward…

Read more →

  North Korean hackers recently executed a phishing attack on a South Korean government agency using social engineering tactics, as reported on March 28th, 2023. The perpetrators belonged to a group known as APT Kimsuky, linked to North Korea’s intelligence…

Read more →

  Elon Musk, Steve Wozniak, and Tristan Harris of the Center for Humane Technology are among the more than 1,100 signatories to an open letter that was published online Tuesday evening and requests that “all AI labs immediately pause for…

Read more →

Microsoft has been integrating Copilot AI assistants across its product line as part of its $10 billion investment in OpenAI. The latest one is Microsoft Security Copilot, that aids security teams in their investigation and response to security issues.  According…

Read more →

Clearview, a facial recognition company has apparently conducted nearly a million searches, helping US police. Haon Ton, CEO of Clearview has revealed to BBC that the firm now has looked into as much as 30 billion images from various platforms…

Read more →

  Uptycs, a cybersecurity company that discovered the information-stealing malware while searching for threats on the dark web, is warning that Mac computers have been the latest targets of updated info-stealing malware.  The iCloud Keychain can easily access cryptocurrency wallets…

Read more →

  A firm providing virtual mental health services for children is the latest victim of Fortra’s widespread ransomware onslaught, which has spread its effects even further.  The American healthcare behemoth Blue Shield of California confirmed that data from one of…

Read more →

A new cybersecurity threat has recently emerged in the form of the NullMixer campaign, which is causing concern among experts. The campaign has been found to distribute new polymorphic loaders, a type of malware that poses a significant threat to…

Read more →

  In accordance with a new report, Pinduoduo, a popular Chinese shopping app, exploited a zero-day vulnerability in the Android operating system to uplift its own privileges, rob personal data from infected endpoints, and install malicious apps.   Numerous sources validated…

Read more →

  Cybercrime is a problem that is only escalating and is bad for business, as one might anticipate. Regardless of how you feel about it, it forces your business to take action in order to secure its infrastructure. Current threat…

Read more →

InterPlanetary File System (IPFS) is a peer-to-peer distributed file system, that allows users around the world to exchange files. Instead of using file paths for addressing like centralized systems do, IPFS uses unique content identifiers (CID). The file itself stays…

Read more →

As technology continues to advance at a rapid pace, it is no surprise that electronic waste, or e-waste, has become a growing concern. With many companies constantly upgrading their IT equipment, the amount of electronic waste being produced is on…

Read more →

  The UPI (Unified Payment Interface) payment system has significantly changed how online payments are made in India. The UPI system allows banking customers to transfer money instantly across bank accounts for all kinds of transactions, including online shopping and…

Read more →

  You’re not alone if you’ve felt paranoid after your phone displayed an advertisement for a random item you just discussed. If you’ve recently been discussing it with a friend, seeing an advertisement for the same product can leave you…

Read more →

Recently, Microsoft has acted quickly in patching up the ‘acropalypse’ bug that was discovered earlier this week. The bug could apparently enable information cropped out of images via the Windows screenshot tools to be recovered.  According to BleepingComputer, Microsoft has…

Read more →

  Dallas County officials are striving to determine the scope of a potentially massive data breach after discovering that personal data remained on thousands of computers sold at auction. The sheriff’s department used some of the computers, which comprised data…

Read more →

  As the US Congress considers a ban on the Chinese social media app TikTok over security concerns, millions of Americans continue to download Chinese-designed apps that pose even greater privacy risks. Despite this, there has been no outcry from…

Read more →

  It is now reported that the Clop ransomware group – known for its Linux variant recently – has used the zero-day vulnerability of the GoAnywhere MFT file transfer tool that they claim to have hacked into hundreds of organizations…

Read more →

Online security has become a major concern for individuals and businesses alike, as cyber-attacks become more sophisticated and prevalent. Passwords play a critical role in protecting online security, but the traditional method of using passwords has become inadequate due to…

Read more →

In nearly every congress hearing on big tech, be it on privacy, monopoly, or in the case of last week’s TikTok hearing on national security, at least one lawmaker is seen to be concerned about something along with the lines…

Read more →

  Among the largest asset managers in the United Kingdom, the U.K. Pension Protection Fund, which manages £39 billion in assets, confirmed that the hack against GoAnywhere, the popular file-transferring service, had impacted it.  There have been many reports in…

Read more →

Malvertising has been a more popular tool employed by cybercriminals in recent years to exploit unsuspecting internet users. When people click on an infected ad, malware is transferred to their computers and mobile devices, which is known as malvertising. Sadly,…

Read more →

  Cybercriminals most frequently use phishing as a method of attack. This communication is a hoax designed to trick the recipient into disclosing private information, sending money, or clicking on a dangerous link. Usually, it is transmitted by email, social…

Read more →

  Microsoft has released a detailed guide to assist customers in detecting signs of compromise by exploiting a recently patched Outlook zero-day vulnerability. This privilege escalation security flaw in the Outlook client for Windows, tracked as CVE-2023-23397, enables attackers to…

Read more →

UK’s National Crime Agency (NCA) has recently conducted a sting operation as a part of Operation Power Off, a collaboration of international law enforcement agencies to shut down DDoS (distributed denial of service) infrastructure.  In order to sabotage the online…

Read more →

  After taking ChatGPT offline on Monday, OpenAI has revealed additional information, including the possibility that some users’ financial information may have been compromised.  A redis-py bug, which led to a caching problem, caused certain active users to potentially see…

Read more →

OpenAI’s ChatGPT, an artificial intelligence (AI) language model that can produce text that resembles human speech, has a security flaw. The flaw enabled the model to unintentionally expose private user information, endangering the privacy of several users. This event serves…

Read more →

  Many documents purported to have been stolen from Minneapolis Public Schools, and have now been posted online. In the days following the announcement of the breach, a cyber gang claimed that the district did not meet its deadline to…

Read more →

MLflow, an open-source framework used by many organizations to manage and record machine-learning tests, has been patched for a critical vulnerability that could enable attackers to extract sensitive information from servers such as SSH keys and AWS credentials. Since MLflow…

Read more →

  The open-source developer platform GitHub, which is owned by Microsoft, has revealed the debut of Copilot X, the company’s perception of the future of AI-powered software development. GitHub has adopted OpenAI’s new GPT-4 model and added chat and voice…

Read more →

  The sense of wondering if you’ve just infected your phone or computer with a virus is familiar if you’ve ever clicked on a link someone sent you, say in an email or a direct message, only to be sent…

Read more →

  In a joint warning issued by the German and South Korean intelligence agencies, it has been noted that a North Korean hacker group named Kimsuky has been increasing cyber-attack tactics against the South Korean network. With sophisticated phishing campaigns…

Read more →