Top

Tag: Cybersecurity


Threats & Malware, Vulnerabilities

JetBrains urges swift patching of latest critical TeamCity flaw

February 7, 2024

Via: The Register

JetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool. Tracked as CVE-2024-23917, the vulnerability has been assigned a provisional 9.8 CVSS score and allows […]


Cyber-crime, Malware

Iran’s cyber operations in Israel a potential prelude to US election interference

February 7, 2024

Via: The Register

Iran’s anti-Israel cyber operations are providing a window into the techniques the country may deploy in the run-up to the 2024 US Presidential elections, Microsoft says. An analysis of Iran’s activity, published by Microsoft Threat Analysis Center (MTAC) today, concluded […]


Cyber-crime, Malware

U.S. Implements Visa Ban to Counter Spyware Proliferation

February 7, 2024

Via: SecureWorld

The U.S. State Department announced Monday a new policy to impose visa restrictions on individuals linked to the misuse of commercial spyware tools that enable unlawful surveillance and human rights abuses globally. “The misuse of commercial spyware threatens privacy and […]


Cyber-crime, Malware

EquiLend back in the saddle as ransom payment rumors swirl

February 6, 2024

Via: The Register

Global securities finance tech company EquiLend’s systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago. EquiLend was founded in 2001 by some of Wall Street’s biggest players – its board of directors includes BlackRock, […]


Threats & Malware, Vulnerabilities

Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM

February 6, 2024

Via: The Register

Fortinet’s FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution. Both CVE-2024-23108 and CVE-2024-23109 have been assigned provisional scores of 10 on the CVSS scale, suggesting exploits can be carried out remotely by […]


Cyber-crime, Malware

Chinese Coathanger malware hung out to dry by Dutch defense department

February 6, 2024

Via: The Register

Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense (MoD), blaming Chinese state-sponsored attackers for the espionage-focused intrusion. Specialists from the Netherlands’ Military Intelligence and Security Service (MIVD) and the General Intelligence […]


Threats & Malware, Vulnerabilities

Critical vulnerability in Mastodon is pounced upon by fast-acting admins

February 2, 2024

Via: The Register

Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. With a 9.4 severity score, exploiting CVE-2024-23832 potentially allows attackers to take over Mastodon accounts remotely. While […]


Data loss, Threats & Malware

Biden will veto attempts to kill off SEC’s security breach reporting rules

February 1, 2024

Via: The Register

The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission’s (SEC) strict data breach reporting rule. In a policy statement [PDF] published yesterday by Biden’s Office of Management and Budget (OMB), the […]


Cyber-crime, Malware

LockBit shows no remorse for ransomware attack on children’s hospital

February 1, 2024

Via: The Register

Ransomware gang LockBit is claiming responsibility for an attack on a Chicago children’s hospital in an apparent deviation from its previous policy of not targeting nonprofits. Stooping to new lows, the criminals are reportedly unwilling to reverse the attack on […]


Threats & Malware, Vulnerabilities

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

January 31, 2024

Via: Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer Authentication. […]


Editorial

23andMe: A Cybersecurity Cautionary Tale

January 30, 2024

Via: Camila Mendes

As we kick off the new year, businesses and organizations will set new goals, implement fresh strategies, and work towards new milestones. If there’s one thing that never quite makes it on the list, it’s cybersecurity. Not as exciting as […]


Cyber-crime, Phishing

Microsoft 365 users need to be on their guard — new phishing campaign could cause some serious damage, and it’s being offered for sale for barely nothing to lure new criminals in

January 29, 2024

Via: Tech Xplore

A new report from Trustwave cybersecurity researchers SpiderLabs has claimed hackers are increasingly turning to the Greatness phishing kit due to its advanced features, simplicity in use, and relatively low cost. Greatness was developed by a threat actor going by […]


Threats & Malware, Virus & Malware

Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months

January 26, 2024

Via: The Register

Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts. In a collection of […]


Network security, Security

Wait, security courses aren’t a requirement to graduate with a computer science degree?

January 26, 2024

Via: The Register

There’s a line in the latest plea from CISA – the US government’s cybersecurity agency – to software developers to do a better job of writing secure code that may make you spit out your coffee. Jack Cable, a CISA […]


Threats & Malware, Vulnerabilities

Using GoAnywhere MFT for file transfers? Patch now – an exploit’s out for a critical bug

January 24, 2024

Via: The Register

Security experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago. Customers were first advised by Fortra on the mitigations for the critical authentication […]


Threats & Malware, Vulnerabilities

SEC X Account Hack: SIM Swap Exposed Vulnerability

January 24, 2024

Via: SecureWorld

On January 9, during a period of heightened anticipation surrounding the potential approval of Bitcoin exchange-traded funds (ETFs), an unauthorized post appeared on the SEC’s X account claiming the approval had been granted. This triggered a surge in Bitcoin’s price […]


Privacy protection, Security

CISA Director Says Americans Should Be Confident Elections Are Secure

January 23, 2024

Via: SecureWorld

Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), told MSNBC’s Andrea Mitchell in a January 19th segment that “the American people should have confidence in the election process” in 2024 and beyond, despite concerns over AI […]


Cloud security, Security

Enter the era of platform-based cloud security

January 18, 2024

Via: The Register

Reports suggest that forward-looking organisations are ditching legacy point-based cloud security offerings and replacing them with more efficient integrated platforms which slash management overheads while significantly improving the app security. Cybersecurity Insiders notes that, in the past, companies have typically […]


Cyber-crime, Malware

Ransomware attacks hospitalizing security pros, as one admits suicidal feelings

January 18, 2024

Via: The Register

Ransomware attacks are being linked to a litany of psychological and physical illnesses reported by infosec professionals, and in some cases blamed for hospitalizations. A cybersecurity worker in the financial services industry, for example, pinned the stress of remediating ransomware […]


Threats & Malware, Virus & Malware

FBI: Beware of thieves building Androxgh0st botnets using stolen creds

January 17, 2024

Via: The Register

Crooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). In a joint warning issued on Tuesday, the US government agencies said the […]