Top

Threats & Malware, Vulnerabilities

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

March 14, 2024

Via: The Hacker News

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS […]


Cyber-crime, Malware

Ande Loader Malware Targets Manufacturing Sector in North America

March 14, 2024

Via: The Hacker News

The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users […]


Threats & Malware, Virus & Malware

Keyloggers, spyware, and stealers dominate SMB malware detections

March 13, 2024

Via: Help Net Security

In 2023, 50% of malware detections for SMBs were keyloggers, spyware and stealers, malware that attackers use to steal data and credentials, according to Sophos. Attackers subsequently use this stolen information to gain unauthorized remote access, extort victims, deploy ransomware, […]


Mobile, Wireless security

BSAM: Open-source methodology for Bluetooth security assessment

March 13, 2024

Via: Help Net Security

Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. “Many of the examples presented during the conference were […]


Data loss, Threats & Malware

EquiLend Ransomware Attack Leads to Data Breach 

March 12, 2024

Via: Security Week

On January 24, the company announced that some of its systems were taken offline due to “a technical issue” and that services would be disrupted for several days. EquiLend, which confirmed the next day that the disruption was caused by […]


Cyber warfare, Cyber-crime

Russia-aligned hackers take down French state services in massive DDoS attack

March 12, 2024

Via: CSO Online

Anonymous Sudan, a Russian-speaking hacktivist group, has claimed the severe distributed denial of service (DDoS) attacks that disrupted several French government services on Monday. In a statement issued on Monday, Prime Minister Gabriel Attal’s office confirmed that a series of […]


Application security, Security

API sprawl: navigating the web of connectivity and security challenges

March 11, 2024

Via: TechRadar

In today’s fast evolving digital space, the proliferation of application programming interfaces (APIs) has been nothing short of explosive. One forecast predicts there will be nearly 1.7 billion active APIs by 2030 which ushers in unparalleled opportunities for innovation and […]


Hacker, Threats & Malware

Russian Hackers Gained Access to Microsoft Source Code, Customer Secrets

March 11, 2024

Via: SecureWorld

In a sobering update released March 8th, Microsoft has revealed that the Russian state-sponsored hacking group Midnight Blizzard, also tracked as Nobelium, has gained unauthorized access to some of the company’s source code repositories and internal systems. This follows an […]


Threats & Malware, Virus & Malware

Change Healthcare Restores Pharmacy Services Disrupted by Ransomware

March 8, 2024

Via: Security Week

In an incident update on Thursday, the company revealed that it continues to work aggressively on restoring its systems and services and that key functionality is coming back online. “Electronic prescribing is now fully functional with claim submission and payment […]


Threats & Malware, Vulnerabilities

CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

March 8, 2024

Via: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: […]


Mobile, Mobile security

13 WhatsApp Scams to Know in 2024 + Tips to Stay Safe

March 7, 2024

Via: Panda Security

WhatsApp scams and text scams can deceive users into giving away personal information and trick them into paying money for fake services or products. According to Robokiller, there were 19.2 billion spam texts sent in January 2024 alone. This equates […]


Cyber-crime, Data loss, Malware, Threats & Malware

LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage

March 6, 2024

Via: Security Affairs

While embattled ransomware gang LockBit 3.0 fights for its survival following Operation Cronos, a coordinated takedown of the syndicate’s web infrastructure by global authorities, the availability of victim data leaked by the gang persists via peer-to-peer (P2P) torrent networks. The […]


Cyber warfare, Cyber-crime

Ukraine’s GUR hacked the Russian Ministry of Defense

March 5, 2024

Via: Security Affairs

The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense announced it had breached the Russian Ministry of Defense servers as part of a special operation, and exfiltrated confidential documents. Stolen documents include: confidential documents, including orders and reports circulated […]


Threats & Malware, Virus & Malware

New Linux variant of BIFROSE RAT uses deceptive domain strategies

March 4, 2024

Via: Security Affairs

Palo Alto Networks Unit 42 researchers discovered a new Linux variant of Bifrost (aka Bifrose) RAT that uses a deceptive domain (download.vmfare[.]com) that mimics the legitimate VMware domain. The Bifrost RAT has been active since 2004, it allows its operators […]


Cyber-crime, Identity theft

Threat actors hacked Taiwan-based Chunghwa Telecom

March 4, 2024

Via: Security Affairs

Chunghwa Telecom Company, Ltd. (literally Chinese Telecom Company) is the largest integrated telecom service provider in Taiwan, and the incumbent local exchange carrier of PSTN, Mobile, and broadband services in the country. Threat actors stole sensitive information from the company, […]


Privacy protection, Security

Keeping one step ahead of cyber security threats

March 1, 2024

Via: The Register

Dealing with cyber security incidents is an expensive business. Each data breach costs an estimated $4.35 million on average and it’s not as if the volume of cyber attacks is falling – last year, they rose by 38 percent according […]


Threats & Malware, Vulnerabilities

In the vanguard of 21st century cyber threats

March 1, 2024

Via: The Register

The quantum threat might seem futuristic, more like something you’d encounter in a science fiction film. But it’s arguably already a danger to real cyber security defences. Strengthening those defences relies heavily on knowledge and preparation. Arqit can help you […]


Editorial

The Anatomy of Residential Security Systems

February 29, 2024

Via: Caitlin Simmons

Thinking about how safe, or unsafe, your home is can be an uncomfortable thought. No doubt that it’s a concern that goes through every homeowner’s mind, and the thought of an intruder or breach of privacy is enough to send […]


Privacy protection, Security

Meta’s pay-or-consent model hides ‘massive illegal data processing ops’: lawsuit

February 29, 2024

Via: The Register

Consumer groups are filing legal complaints in the EU in a coordinated attempt to use data protection law to stop Meta from giving local users a “fake choice” between paying up and consenting to being profiled and tracked via data […]


Privacy protection, Security

Chinese ‘connected’ cars are a national security threat, says Biden

February 29, 2024

Via: The Register

Concerned over the chance that Chinese-made cars could pose a future threat to national security, Biden’s administration is proposing plans to probe potential threats posed by “connected” vehicles made in the Middle Kingdom. In a statement this morning, the US […]