Threats & Malware, Vulnerabilities
February 7, 2024
Via: The RegisterJetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool. Tracked as CVE-2024-23917, the vulnerability has been assigned a provisional 9.8 CVSS score and allows […]
February 7, 2024
Via: The RegisterIran’s anti-Israel cyber operations are providing a window into the techniques the country may deploy in the run-up to the 2024 US Presidential elections, Microsoft says. An analysis of Iran’s activity, published by Microsoft Threat Analysis Center (MTAC) today, concluded […]
February 7, 2024
Via: SecureWorldThe U.S. State Department announced Monday a new policy to impose visa restrictions on individuals linked to the misuse of commercial spyware tools that enable unlawful surveillance and human rights abuses globally. “The misuse of commercial spyware threatens privacy and […]
February 6, 2024
Via: The RegisterGlobal securities finance tech company EquiLend’s systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago. EquiLend was founded in 2001 by some of Wall Street’s biggest players – its board of directors includes BlackRock, […]
Threats & Malware, Vulnerabilities
February 6, 2024
Via: The RegisterFortinet’s FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution. Both CVE-2024-23108 and CVE-2024-23109 have been assigned provisional scores of 10 on the CVSS scale, suggesting exploits can be carried out remotely by […]
February 6, 2024
Via: The RegisterDutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense (MoD), blaming Chinese state-sponsored attackers for the espionage-focused intrusion. Specialists from the Netherlands’ Military Intelligence and Security Service (MIVD) and the General Intelligence […]
Threats & Malware, Vulnerabilities
February 2, 2024
Via: The RegisterMastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. With a 9.4 severity score, exploiting CVE-2024-23832 potentially allows attackers to take over Mastodon accounts remotely. While […]
February 1, 2024
Via: The RegisterThe Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission’s (SEC) strict data breach reporting rule. In a policy statement [PDF] published yesterday by Biden’s Office of Management and Budget (OMB), the […]
February 1, 2024
Via: The RegisterRansomware gang LockBit is claiming responsibility for an attack on a Chicago children’s hospital in an apparent deviation from its previous policy of not targeting nonprofits. Stooping to new lows, the criminals are reportedly unwilling to reverse the attack on […]
Threats & Malware, Vulnerabilities
January 31, 2024
Via: Security AffairsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer Authentication. […]
January 30, 2024
Via: Camila MendesAs we kick off the new year, businesses and organizations will set new goals, implement fresh strategies, and work towards new milestones. If there’s one thing that never quite makes it on the list, it’s cybersecurity. Not as exciting as […]
January 29, 2024
Via: Tech XploreA new report from Trustwave cybersecurity researchers SpiderLabs has claimed hackers are increasingly turning to the Greatness phishing kit due to its advanced features, simplicity in use, and relatively low cost. Greatness was developed by a threat actor going by […]
Threats & Malware, Virus & Malware
January 26, 2024
Via: The RegisterBiotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts. In a collection of […]
January 26, 2024
Via: The RegisterThere’s a line in the latest plea from CISA – the US government’s cybersecurity agency – to software developers to do a better job of writing secure code that may make you spit out your coffee. Jack Cable, a CISA […]
Threats & Malware, Vulnerabilities
January 24, 2024
Via: The RegisterSecurity experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago. Customers were first advised by Fortra on the mitigations for the critical authentication […]
Threats & Malware, Vulnerabilities
January 24, 2024
Via: SecureWorldOn January 9, during a period of heightened anticipation surrounding the potential approval of Bitcoin exchange-traded funds (ETFs), an unauthorized post appeared on the SEC’s X account claiming the approval had been granted. This triggered a surge in Bitcoin’s price […]
January 23, 2024
Via: SecureWorldJen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), told MSNBC’s Andrea Mitchell in a January 19th segment that “the American people should have confidence in the election process” in 2024 and beyond, despite concerns over AI […]
January 18, 2024
Via: The RegisterReports suggest that forward-looking organisations are ditching legacy point-based cloud security offerings and replacing them with more efficient integrated platforms which slash management overheads while significantly improving the app security. Cybersecurity Insiders notes that, in the past, companies have typically […]
January 18, 2024
Via: The RegisterRansomware attacks are being linked to a litany of psychological and physical illnesses reported by infosec professionals, and in some cases blamed for hospitalizations. A cybersecurity worker in the financial services industry, for example, pinned the stress of remediating ransomware […]
Threats & Malware, Virus & Malware
January 17, 2024
Via: The RegisterCrooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). In a joint warning issued on Tuesday, the US government agencies said the […]