Tag: Cyware News – Latest Cyber News

EUCLEAK Attack Allows Yubico Security Keys to be Cloned

Despite this, the risk is limited as attackers would need physical access to the device, specific knowledge of targeted accounts, and specialized equipment for the attack. This article has been indexed from Cyware News – Latest Cyber News Read the…

Complying with PCI DSS Requirements by 2025

The latest version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS) has introduced key changes to address the evolving digital landscape. While some requirements are already in effect, others will come into play by April 2025. This…

How Ransomware Groups Weaponize Stolen Data

Ransomware groups are increasingly weaponizing stolen data to pressure victims into paying. They analyze data to maximize damage and create opportunities for extortion, targeting business leaders and employees for blame. This article has been indexed from Cyware News – Latest…

HHS Drops Appeal of Hospital Web Tracking Decision

The Biden administration has dropped its appeal of a court decision that rejected new regulations restricting hospitals’ use of web-tracking tools. A Texas judge ruled the administration’s efforts illegal in June. This article has been indexed from Cyware News –…

Damn Vulnerable UEFI: Simulate Real-world Firmware Attacks

DVUEFI was created to assist ethical hackers, security researchers, and firmware enthusiasts in beginning their journey into UEFI firmware security by providing examples to explore potential vulnerabilities. This article has been indexed from Cyware News – Latest Cyber News Read…

FTC: Over $110 Million Lost to Bitcoin ATM Scams in 2023

The most common scams involve government impersonation, business impersonation, and tech support, where scammers persuade victims to withdraw cash from their bank accounts and deposit it into Bitcoin ATMs. This article has been indexed from Cyware News – Latest Cyber…

Verkada to Pay $2.95 Million for Alleged CAN-SPAM Act Violations

Hackers exploited a vulnerability in Verkada’s customer support server, gaining access to the Command platform and extracting video footage and customer data. Another incident involved a hacker installing the Mirai botnet on Verkada’s network server. This article has been indexed…

Keeping up With Automated Threats is Becoming Harder

Automated threats are increasingly difficult to keep up with, with 98% of organizations attacked by bots experiencing revenue loss, according to Kasada. Web scraping and account fraud are the primary threats causing revenue losses. This article has been indexed from…

Researchers Link ManticoraLoader Malware to Ares Malware Developer

Researchers have traced the new ManticoraLoader malware-as-a-service (MaaS) to the cybercriminal group ‘DarkBLUP,’ previously associated with distributing AresLoader and AiDLocker ransomware from the DeadXInject group. This article has been indexed from Cyware News – Latest Cyber News Read the original…

Novel Attack on Windows Spotted in Chinese Phishing Campaign

The malicious DLL implant for the Cobalt Strike attack toolkit gets injected into the Windows binary “runonce.exe,” giving total control to the attackers. The campaign further deploys various malicious tools for reconnaissance and data exfiltration. This article has been indexed…

A Macro Look at the Most Pressing Cybersecurity Risks

A Forescout report highlighted a 43% increase in published vulnerabilities, with 23,668 reported in H1 2024. Ransomware attacks also rose by 6%, totaling 3,085 incidents, with the U.S. being the most targeted country. This article has been indexed from Cyware…

Uniqkey Raises $5.92M in Funding

Backers included BackingMinds, in combination with industry veterans such as Jesper Zerlang (ex-CEO of Logpoint), Lars Ankjer, Otto Krabbe, Rolf Bladt, and several angels and key employees. This article has been indexed from Cyware News – Latest Cyber News Read…

NIST Releases New Draft of Digital Identity Proofing Guidelines

The new draft of NIST’s digital identity proofing guidelines includes updates to accommodate passkeys and mobile driver’s licenses, as well as options for identification without using biometrics like facial recognition. This article has been indexed from Cyware News – Latest…

Cyber Threats That Shaped the First Half of 2024

According to a report by Critical Start Cyber Research Unit, the manufacturing industry was the top target for cyber threats in H1 2024, professional services saw a 15% increase in attacks, and healthcare experienced a 180% surge in incidents. This…

Rocinante: The Trojan Horse That Wanted to Fly

Once installed, the Rocinante malware prompts the victim to grant Accessibility Services and displays phishing screens tailored to different banks to steal personal information. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…

Godzilla Fileless Backdoors Targeting Atlassian Confluence

The Godzilla fileless backdoor relies on a complex series of actions, such as cryptographic operations, class loading, and dynamic injection, to establish unauthorized access. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…

Suspected Espionage Campaign Delivers New Voldemort Malware

The campaign, which targeted organizations worldwide, involved impersonating tax authorities from various countries and utilizing Google Sheets for command and control (C2). This article has been indexed from Cyware News – Latest Cyber News Read the original article: Suspected Espionage…

Cybercriminals Capitalize on Travel Industry’s Peak Season

Cequence Security found that cyberattacks against the travel industry surge during holidays, with 91% of severe vulnerabilities in the top 10 travel and hospitality sites enabling man-in-the-middle attacks. This article has been indexed from Cyware News – Latest Cyber News…

Third-Party Risk Management is Under the Spotlight

Third-party risk management is a critical issue in the wake of the CrowdStrike IT outage, revealing vulnerabilities within financial institutions related to supply chain resilience, especially in vital sectors like financial services. This article has been indexed from Cyware News…

Integrity360 Expands to South Africa with Grove Acquisition

Grove Group, a cybersecurity and cloud services company based in Cape Town, brings around 600 customers across 51 countries to Integrity360. This acquisition will also enhance Integrity360’s security operations center (SOC) business. This article has been indexed from Cyware News…

The NIS2 Directive: How Far Does it Reach?

Key aspects of the NIS2 Directive include a focus on proactive cybersecurity measures for entities within its scope, such as risk analysis, incident handling, and supply chain security. This article has been indexed from Cyware News – Latest Cyber News…

Philippines: Intel Fusion Center Eyed to Boost Cybersecurity

The Department of Information and Communications Technology (DICT) is focusing on enhancing cybersecurity in the Philippines through the National CyberSecurity Plan (NCSP) 2023-2028. This article has been indexed from Cyware News – Latest Cyber News Read the original article: Philippines:…

Cisco Bolsters AI Security by Buying Robust Intelligence

Cisco is strengthening its AI security by acquiring Robust Intelligence, a startup led by a former Harvard professor. This acquisition emphasizes the importance of AI security in modern IT infrastructure. This article has been indexed from Cyware News – Latest…

LummaC2 Infostealer Resurfaces with Obfuscated PowerShell Tactics

The latest variant employs obfuscated PowerShell commands to download and execute malicious payloads, utilizing Windows binaries like Mshta.exe and Dllhost.exe for stealth. This article has been indexed from Cyware News – Latest Cyber News Read the original article: LummaC2 Infostealer…

Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE

A critical vulnerability, CVE-2024-42815, with a CVSS score of 9.8, has been discovered in TP-Link RE365 V1_180213 series routers, allowing for remote exploitation and potential takeover. This article has been indexed from Cyware News – Latest Cyber News Read the…

AWS Load Balancer Plagued by Authentication Bypass Flaw

Miggo has uncovered a security flaw in AWS Load Balancer that could allow cybercriminals to bypass authentication and authorization services, potentially affecting over 15,000 applications. This article has been indexed from Cyware News – Latest Cyber News Read the original…

Check Point Acquires Cybersecurity Startup Cyberint

Israeli cybersecurity firm Check Point Software Technologies has announced the acquisition of threat intelligence company Cyberint, marking its third startup acquisition in a year. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…

Lateral Movement: Clearest Sign of Unfolding Ransomware Attack

Lateral movement is a key indicator of ransomware attacks, with 44% of attacks being spotted during this phase, as reported by Barracuda Networks. Additionally, file modifications and off-pattern behavior were also significant triggers for detection. This article has been indexed…

Uber Hit With $324m GDPR Fine

The Dutch Data Protection Authority (AP) announced the €290m ($324m) fine yesterday, claiming that it stems from the same concerns that have led to years-long legal wranglings between the EU and US. This article has been indexed from Cyware News…

Nuclei: Open-Source Vulnerability Scanner

Nuclei is an open-source vulnerability scanner known for its speed and customizable YAML-based templates. It offers flexibility in security checks by allowing customization of templates to send requests to multiple targets. This article has been indexed from Cyware News –…

The Changing Dynamics of Ransomware as Law Enforcement Strikes

Despite law enforcement actions disrupting major ransomware operations, the long-term impact remains uncertain as groups adapt and evolve. Ransomware-as-a-Service (RaaS) collectives are facing growing competition to attract affiliates. This article has been indexed from Cyware News – Latest Cyber News…