Tag: Information Security Buzz

Intel is looking into claims that private OEM BootGuard keys are out there after MSI reported a ransomware assault last month. Micro-Star International (MSI), a Taiwanese computer hardware manufacturer, said the previous month in a filing with the Taiwan Stock…

Read more →

13 more domains connected to DDoS-for-hire platforms, sometimes referred to as “booter” or “stressor” services, have been seized, according to a recent announcement from the US Justice Department. The seizures this week are a part of Operation PowerOFF, an international…

Read more →

Hackers broke into the computers of NextGen Healthcare, an American provider of electronic health record software, and stole the personal information of over a million patients. NextGen Healthcare reported that hackers accessed the personal information of 1.05 million patients, including…

Read more →

The Financial Services industry (FinServ) has left its mark on the API landscape and continues to provide new reasons for innovation. From the first UK bank that pioneered Open Banking to the booming mobile payment industry, FinServ has prompted –…

Read more →

The compound word, DevOps, defines an extensive procedure and culture that comprises the process and technology of software planning/development (Dev) and IT operations (Ops). DevOps has helped shorten the time for organizational system development, improving the running of software while attaining…

Read more →

Based on the Computer Emergency Response Team of Ukraine (CERT-UA), the SmokeLoader malware is now being spread via a phishing campaign using lures centered around invoices. A ZIP folder containing a fake document and a JavaScript file is attached to…

Read more →

A summary of news and events that happened this week with ransomware, data breaches, rapid response security, etc. Chatgpt Triumphantly Returns To Italy After …… Tech businesses and regulatory authorities must communicate and cooperate to resolve ChatGPT’s prohibition in Italy…

Read more →

On Thursday, Canadian software firm Constellation Software reported that threat actors had broken into some of its networks and stolen personal information and corporate data. A small number of systems used for internal financial reporting and related data storage by…

Read more →

Recent data breaches have demonstrated that relying solely on passwords may be insufficient. Hence, the need for online security. A single password is frequently insufficient to protect sensitive data, such as what’s in your bank account or social media accounts.  This…

Read more →

Cisco has warned that SPA112 2-Port Phone Adapters have a serious security flaw that could be used by a remote attacker to run any code on vulnerable devices. The problem, which is known as CVE-2023-20126, it also has a CVSS…

Read more →

Increasing numbers of organisations are moving to a Zero Trust security model. The growing frequency and sophistication of cyber threats is driving the popularity of this model which takes a robust ‘never trust, always verify’ approach to security. The National…

Read more →

Nearly five months after integrating passkey support into its Chrome browser, the tech giant has started implementing the password-free option for all Google Accounts across all platforms. This enables users to sign into their Google accounts without having to input…

Read more →

Hundreds of well-developed fake profiles on Facebook and Instagram were used by three separate threat actors to launch separate assaults on users in Southern Asia. To spread their malware and steal sensitive information, each of these APTs leaned significantly on…

Read more →

Denis Gennadievich Kulkov, a Russian national, was indicted by the U.S. government today on charges of running a stolen credit card checking business that made them gather in tens of millions of dollars. Kulkov allegedly made at least $18 million…

Read more →

Locking down some of its IT systems, the city of Dallas, Texas, was able to block the spread of the ransomware onslaught. Dallas City, Texas, is home to over 2.6 million people, which makes it the tenth most populous city…

Read more →

Over $1 million worth of digital assets were stolen from Level Finance, one of the leading cryptocurrency exchanges in the world. The incident happened on April 29, 2023, despite the exchange having gone through two security assessments and audits in…

Read more →

Nine cryptocurrency exchange websites that enabled money laundering for scammers and hackers, including ransomware operators, have been taken down by the FBI and Ukrainian police. According to a press release from the FBI, the ‘crypto exchanges’ operation was supported by…

Read more →

In reaction to a new rule requiring websites to verify that a visitor from the state is 18 or older, adult film production company MindGeek has barred entrance to its websites platform in Utah (including PornHub, Brazzers, RedTube, YouPorn, and…

Read more →

The alert notes that the fact that there are tens of thousands of TBK DVRs available under several brands, publicly accessible PoC code, and an easy-to-exploit make this issue an attractive target for attackers. The recent increase in IPS detections…

Read more →

Businesses today are facing two acute challenges – the economy and cybercrime. This is forcing CISOs to make some tough decisions about spending. The UK government’s Cyber Security Breaches Survey 2022 found that in the last 12 months, 39% of UK…

Read more →

As of now, the release of Apple’s initial Rapid Security Response update to the public, which includes security fixes for iOS 16.4.1 and macOS 13.3.1, hasn’t been entirely smooth. According to a support document recently published by the company, RSR…

Read more →

Although this breach only affected 1,000 customers as opposed to the 37 million affected by the previous one, T-Mobile US Inc. disclosed another data breach, its second disclosed breach in 2023. This is the eighth data breach since 2018. 836…

Read more →

Various government entities in the nation have been the target of cyberattacks by Russian nation-state hackers, all based on the Computer Emergency Response Team of Ukraine (CERT-UA). APT28, also known as Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and…

Read more →

In a surprising turn of events, the Italian government has now made a decision to lift the ban on OpenAI’s popular chatbot, ChatGPT, less than a month after its initial prohibition. The ban had been enacted over privacy concerns relating…

Read more →

A summary of news and events that happened this week with ransomware, data breaches, the banning of developers’ accounts, etc. Yellow Pages Canada Alerts of Cyberattack  The Black Basta cyber attack on Yellow Pages Canada shows the continued threat of…

Read more →

It follows that vectors with greater internet exposure will also attract more attention from threat actors. Because of this, malicious actors frequently exploit public email servers, and a wide variety of cyber dangers can spread through them. We found some…

Read more →

The DNA sequencing machines used by genomics major Illumina have been found to include a critical software flaw that might be used by hackers to change or steal sensitive patient medical data. The U.S. Food and Drug Administration and cybersecurity…

Read more →

Security professionals have issued alerts regarding a new type of malware that targets MacOS devices in an effort to steal sensitive data, including credit card details, credit card expiration dates, and information from over 50 Bitcoin browser extensions. The threat,…

Read more →

According to an update released yesterday, Google is making it more difficult for unscrupulous developers to publish their software on its Play Store while also deleting a significant number of bad accounts. The tech leader claimed that in 2022, it…

Read more →

A group of 38 Minecraft-like games on Google Play attacked devices with the Android adware “HiddenAds,” which loaded ads in the background without the user’s knowledge. This made money for the games’ creators. Minecraft is a successful sandbox game with…

Read more →

What does a “good” cyber-security programme look like? How can we, in our role as Chief Information Security Officer (CISO), work to improve the effectiveness of the policies and practices implemented in our organisations? Measuring activity does not necessarily have…

Read more →

Employees at CommScope claim they haven’t heard from officials about the company’s response to a ransomware assault that allowed hackers to steal vast amounts of corporate and employee data from its networks in more than a week. The IT firm…

Read more →

Businesses and organizations of all kinds are increasingly concerned about ransomware attacks, and recent information from Microsoft reveals that even well-liked software applications can be exposed to attack.  Microsoft recently acknowledged that the PaperCut servers were utilized to distribute the…

Read more →

Google has filed a lawsuit against individuals who use Cryptbot to infect Google Chrome users and steal their data. As part of its efforts to combat this malicious activity, Google is taking down the malware infrastructure associated with Cryptbot. In…

Read more →

At its default settings, Apache Superset is vulnerable to authentication bypass and remote code execution, allowing attackers to read and alter data, gather passwords, and issue commands. Apache Superset is a top-level project of the Apache Software Foundation since 2021.…

Read more →

Data has emerged as a company’s most essential asset in the modern world. Every security team prioritizes protecting sensitive data, but changes to the perimeter have forced teams to adapt how they approach enterprise security. SaaS adoption has skyrocketed in…

Read more →

To address zero-day vulnerabilities that might be used to achieve code execution on computers using unpatched versions of VMware’s Workstation and Fusion software hypervisors, the company has provided security upgrades. On the second day of the Pwn2Own Vancouver 2023 hacking…

Read more →

Threat actors can conduct enormous denial-of-service attacks with 2,200X amplification thanks to a new reflected Denial-of-Service (DoS) increasing its vulnerability in the Service Location Protocol (SLP). Researchers at BitSight and Curesec identified this weakness as CVE-2023-29552. They claim that around…

Read more →

Thousands of exposed artifacts in cloud software repositories and registries with more than 250 million artifacts and over 65,000 container images have been found by cloud security company Aqua Security. Aqua found that even huge firms unintentionally exposed secrets, used…

Read more →

The upgrade matches a feature that rival authenticator apps and password-manager services have long provided. Thanks to Google’s Authenticator app, you no longer need to keep your one-time codes in a single location to secure your accounts. They can instead…

Read more →

A fake giveaway fraud that resulted in the theft of more than $22.6K in cryptocurrency was promoted by attackers after their access to KuCoin’s Twitter account was compromised. The bitcoin trading and exchange platform has pledged to fully compensate victims…

Read more →

Yellow Pages Canada, an online and print directory service provider, has stated that it was the victim of a cyber attack that resulted in losing its customers’ data. The hacking organization Black Basta claimed to have collected personal information from approximately…

Read more →

When it comes to cybersecurity and privacy, people are always on the lookout for solutions that will ensure their safety online. This solution that has been gaining popularity in recent times is the Tails operating system. Tails is a Linux-based…

Read more →

Here is a rundown of news and events that happened over the week. Chinese App Uses Android Flaw To Spy On Users, CISA Warns A top US security firm has given the government until May 4 to patch a zero-day…

Read more →

Security experts have revealed information about a Google Cloud Platform (GCP) zero-day vulnerability that has since been patched that may have allowed threat actors to hide an irremovable, malicious application inside a victim’s Google account. The flaw, dubbed GhostToken by…

Read more →

Cisco Systems has taken steps to enhance the security of its products by releasing a series of updates that fix critical vulnerabilities in its system. These vulnerabilities were identified as being capable of being exploited by attackers, who could then…

Read more →

A ransomware attack affecting several of its systems is being dealt with this week by a New England health insurance company that provides services to over two million people. According to Point32Health, created through the merger of Harvard Pilgrim Health…

Read more →

African Telecom Service Providers Targeted by Daggerfly Cyberattack Campaign. Recently, the Daggerfly cyberattack campaign, aimed at numerous institutions worldwide, shocked the cybersecurity community. Experts describe this sophisticated attack effort as one of the most sophisticated and hazardous cyberattacks since it has caused…

Read more →

Security researchers at Check Point Research (CPR) have released an advisory that details the unique evasion techniques employed by threat actors who rely on the Raspberry Robin malware to avoid detection. In the advisory published on Tuesday, CPR experts explain the novel malware…

Read more →

There is a new “class” of Russian hackers, the UK cyber-agency warns. Due to an increased danger of attacks by state-aligned Russian hackers, the National Cyber Security Centre (NCSC) of the UK is encouraging all businesses to put the recommended…

Read more →

Yet another zero-day attack on widely used software from a major technology provider. To address a security flaw that has already been publicly exploited, Google released a significant upgrade to Chrome Desktop on Friday, joining the list of vendors grappling…

Read more →

Yet another zero-day attack on widely used software from a major technology provider. To address a security flaw that has already been publicly exploited, Google released a significant upgrade to Chrome Desktop on Friday, joining the list of vendors grappling…

Read more →

The Rust programming language has been gaining popularity over the years due to its many advantages, including its high level of control, memory safety, and flexibility. However, while these features make it a powerful tool for developers, they also make…

Read more →

Goldoson malware, a new Android malware outbreak, has been found in over 60 genuine Google Play Store apps with over 100 million downloads. ONE shop, a popular South Korean third-party app marketplace, has logged eight million more installations. The rogue…

Read more →

In the latest ThreatLabz Phishing Report from zero trust security firm Zscaler, the number of phishing campaigns worldwide increased by about 50% in 2022 compared to 2021, partly because of new AI tools that threaten actors could access and phishing…

Read more →

According to MalwareHunterTeam, the LockBit ransomware group is purportedly working on a new variant of malware that may encrypt data on Apple macOS. Although LockBit has traditionally concentrated on Linux and Windows systems, this would be the first instance of…

Read more →

Ransomware struck American payments company NCR datacenter, focusing on one of its data facilities in Aloha, Hawaii. A few days after beginning to look into a “problem” with its Aloha restaurant point-of-sale (PoS) product, the company disclosed the hack on…

Read more →

The data theft assaults against a Taiwanese media outlet and an Italian job search firm were carried out by the Chinese state-sponsored hacking organization APT41, which was discovered abusing the GC2 (Google Command and Control) red teaming tool. Chinese state-sponsored…

Read more →

The Chinese app for e-commerce Pinduoduo is suspected of having used a high-severity Android vulnerability as a zero-day to spy on its users, in line with the U.S. Cybersecurity and Infrastructure Security Agency (CISA). For unpatched Android devices, this security…

Read more →

Have you ever heard of computer worms? These malicious programs can cause havoc on your computer system and compromise your data. In the world of cybersecurity, computer worms are a serious threat. They are malware that spreads through networks, infecting…

Read more →

Here is catching up on news and events that happened this week in the world of cybersecurity. Estonian National Charged in U.S. for Acquiring Hacking-Tools An Estonian was prosecuted for buying U.S. military and government equipment for Russia. On March…

Read more →

On Thursday, the cybersecurity firm Darktrace released a statement after being mentioned on the LockBit ransomware group’s breach website. We learned of tweets from the cybercriminal LockBit earlier this morning, which claimed to have infiltrated Darktrace’s internal security systems and…

Read more →

After hackers stole the Kodi Foundation’s MyBB forum database, which contained user information and private messages, and made an attempt to sell it online, the organization disclosed the Kodi data breach. Open-source, cross-platform Kodi is a media player, organizer, and…

Read more →

European cloud costs are soaring, with analysts predicting an increase of almost a quarter this year alone. As a result, enterprises are adjusting cloud strategies to ensure greater efficiency and control. That includes more effective use of network monitoring –…

Read more →

Many new security features for WhatsApp have been unveiled today, one of which is called “Device Verification” and is intended to offer improved defense against account takeover (ATO) assaults. Device Verification stops malware from impersonating accounts and using stolen authentication…

Read more →

Over the Easter weekend, a well-known manufacturer of high-end yachts for the super-wealthy was the victim of a ransomware assault; however, it is unclear if private client data was taken. German Superyacht-Maker Lürssen, established in 1875, is thought to generate…

Read more →

Hyundai Notifies Vehicle Owners in France and Italy of Data Breach. Hyundai, a South Korean multinational automaker that sells over 500,000 automobiles a year throughout Europe, has announced a data breach that has affected car owners in France and Italy.…

Read more →

DeathNote’s Lazarus Hacker Squad Evolves Its Strategies, Tools, and Targets as part of a long-running operation known as DeathNote. The Lazarus hacker Group, a North Korean threat actor, has been observed swiftly developing its tools and methods and shifting its…

Read more →

As technology evolves, artificial intelligence is becoming more prevalent in various industries. While AI technology is designed to make our lives easier, it’s also transforming job industries and taking over human responsibilities. Here we look at automation processes that AI…

Read more →

As part of its bug bounty program, introduced on April 11, 2023, OpenAI is paying white hat hackers up to $20,000 to discover security holes and ChatGPT Vulnerabilities. The ChatGPT developer introduced the effort as part of their dedication to…

Read more →

With the increase in online transactions and digital communication, the threat of phishing scams has become more prevalent than ever hence the need for phishing tools. Phishing scams have become increasingly common in recent years and can significantly threaten your…

Read more →

Ransomware is a growing epidemic. 2022 saw a slew of high-profile attacks leading to massive paydays for cybercriminals. While the headlines sound the alarm for businesses concerned about their data safety, they create allure amongst would-be thieves looking for their…

Read more →

Depending on the type of malicious behaviour that online criminals demand, malware producers have established a booming market. This is where they offer to add dangerous Android malware apps to Google Play for anywhere between $2,000 and $20,000. On hacker…

Read more →

A notice of security breach to warn the public has been filled by a Yum! Brands, Inc., the parent company of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grills. Based on a cybersecurity incident that happened in mid-January…

Read more →

Top US officials are investigating a military intel leak. This extraordinary level of detail in the files revealed how the United States spies on both allies and enemies. This has left U.S. officials and their foreign allies stunned and occasionally…

Read more →

An Estonian national has been accused in the US of buying electronics and computer hacking tools developed in the US on behalf of the Russian military and government. Andrei Shevlyakov was detained on March 28 in Estonia. In the US,…

Read more →

Online security is now a top worry for all internet users in the digital era. Using secure and distinctive passwords for each of your online accounts is one of the primary steps to protecting your online identity and sensitive data.…

Read more →

Here is the rundown of news and events that happened this week in the world of cybersecurity. TMX Financial Reveals 4.8 Million Persons Affected By Data Breach TMX Finance, an American consumer loan company, announced a major data breach three…

Read more →

MSI (short for Micro-Star International), a Taiwanese PC vendor, revealed today that its network had been compromised in a cyberattack in response to claims of a ransomware attack. The Money Message ransomware group allegedly breached some of MSI’s systems earlier…

Read more →

To combat the widespread exploitation of Cobalt Strike abuse, a legitimate testing tool that attackers have used to devastate the healthcare sector, Microsoft and two partner organizations have been given a court order. In a project unveiled on Thursday, the…

Read more →

Regulators announced Thursday that the company behind ChatGPT would submit ways to address the data protection issues that prompted a temporary Italian ban on the artificial intelligence chatbot. This means that OpenAI to profer solutions to Italy’s ChatGPT ban. Last…

Read more →

Google strives to increase the security of Play Store apps and make users more aware of how Android apps use their data. Google is adopting a new policy for Android apps developer to give users and developers more control and…

Read more →

In the modern world, technology has enabled people to connect and communicate virtually anywhere. With the internet being a critical part of our lives, we transmit and receive a vast amount of sensitive data daily, from banking information to personal…

Read more →

The authentic no-reply@youtube.com email address is being used in a new phishing scam that YouTube is investigating and alerting users to. The scam attempts to trick users into divulging their login information. One of the biggest video-sharing websites in the…

Read more →

More than 600,000 records from a well-known online store have leaked due to a database bug. Concerns have been made about the security and privacy of users’ personal information in the wake of the incident brought on by a system…

Read more →

In a new revelation, North Korean military-linked hackers posed as journalists to target North Korean policy experts. The research from Google’s Threat Analysis Group (TAG) follows Mandiant’s analysis from last week. APT43, a group of alleged North Korean government hackers,…

Read more →

The police in Spain have taken José Luis Huertas, 19, into custody. He goes by the aliases “Alcaseca,” “Mango,” and “Chimichurri.” The creation of the Udyat (the eye of Horus) search engine, which is dedicated to selling massive quantities of…

Read more →

One of the most important online criminal sites, Genesis Market, was taken down on Tuesday in an FBI-led investigation involving more than a dozen international partners. Genesis has been connected to millions of financially driven cyber incidents worldwide, from fraud…

Read more →

Since September 2022, Palestinian entities have been targeted by Arid Viper, a threat actor observed using updated versions of its malware toolkit. According to Symantec, which monitors the group under the name Mantis, the adversary is taking significant measures to…

Read more →

TikTok was fined £12.7 million (~$15.7M) for violating UK’s children data protection law, particularly child protection requirements. The Information Commissioner’s Office (ICO) said today that the video-sharing site “did not do what is expected” to examine who was using their…

Read more →

After allegations that the note-taking service is being increasingly misused for malware transmission, Microsoft has revealed steps to automatically remove embedded files with “dangerous extensions” in OneNote security. Users were previously presented with a window warning them that opening specific…

Read more →

Capita has acknowledged that a cyberattack occurred last Friday. Many clients across the UK, including government organizations, experienced disruption due to the incident, which disrupted access to internal Microsoft Office 365 apps at the IT services and consultancy firm. In…

Read more →

Western Digital reported today that a compromise in its network allowed an unauthorized person access to several corporate systems. The network security vulnerability was discovered last Sunday, March 26, according to a press release from the California-based manufacturer of computer…

Read more →

On March 30, 2023, TMX Finance Corporate Services, Inc. (hereafter referred to as “TMX Finance” or “TMX”) notified the Attorney General of Maine of a data breach. This is after realizing that a third party had gained access to and…

Read more →

Here is the rundown of news and events that happened this week in the world of cybersecurity. 14 Million Customer Details Breached In Latitude Financial Firm A significant security breach took the personal data of 14 million Australians and New…

Read more →

Privacy and anonymity are increasingly becoming rare commodities in today’s digitally-driven world. With governments and corporations tracking our online activities, protecting our identity and online data has become imperative. One such action is using the Tor Browser without disclosing your…

Read more →

Beginning on October 1, the Food and Drug Administration(FDA) will “refuse to accept” medical devices and associated systems due to cybersecurity concerns, according to a March 29 announcement from the agency. Beginning March 29, all new device submissions must have…

Read more →

The significance of keeping data integrity has never been more important in a world where data breaches appear to occur every day. It is because cybersecurity threats are expanding at an alarming rate. Businesses must take proactive steps to ensure…

Read more →

The Ukraine cyberpolice has detained members of a fraud ring that defrauded over a thousand people in the EU out of over $4,300,000. The criminal organization set up over 100 fictitious “phishing” websites to lure customers with discounted goods from…

Read more →

The 3CX desktop app is being utilized with a digitally signed and trojanized version by an ongoing supply chain attack to target the customers of the business. 3CX is a software development company that specializes in VoIP IPBX, and its…

Read more →