Today's News

2024-04-16 16:07:51 UTC

Don't miss the Virtual Ransomware Resilience & Recovery Summit happening tomorrow. Learn how to protect your organization from ransomware attacks and effectively recover from them. Tune in to gain valuable insights on defending against these cyber threats. Join the event to stay ahead!

2024-04-16 15:24:24 UTC

A critical vulnerability in PuTTY, labeled as CVE-2024-31497, has been identified, which enables attackers to retrieve private keys and manipulate signatures. This flaw raises concerns about security breaches. The news was reported by SecurityWeek.

2024-04-16 15:16:00 UTC

The OpenJS Foundation is facing a potential takeover attempt, security researchers have found. The incident is similar to a recent attack on the XZ Utils project. The OpenJS Foundation Cross Project Council received suspicious emails with similar messages and GitHub-associated emails. This is a concerning development for the foundation.

2024-04-16 13:39:00 UTC

Hackers belonging to the group TA558 have been using steganography to launch large-scale malware attacks. This technique involves hiding malicious code within images to deliver various types of malware, including Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm. The group utilized steganography by sending VBSs, PowerShell code, and RTF documents with embedded exploits.

2024-04-16 13:35:31 UTC

Charles O. Parks III has been arrested and charged for allegedly defrauding two cloud-services providers of $3.5 million. The individual, known as a cryptojacker, was apprehended for his involvement in the scheme. The incident has raised concerns about cybersecurity threats in the digital landscape.

2024-04-16 13:32:22 UTC

Cloud security experts have identified a potential risk of data exposure for users of Azure, AWS, and Google Cloud command-line tools. The warning was issued following an investigation into the security vulnerabilities associated with these tools. The post on SecurityWeek highlights the need for users to be cautious when using command-line tools in the cloud.

2024-04-16 13:07:20 UTC

A cyber attack on Giant Tiger has resulted in the leaking of 2.8 million records, according to a threat actor. The Canadian retail chain is grappling with the aftermath of the breach.

2024-04-16 13:00:39 UTC

S Ventures has made a strategic investment in Guardz, aiming to transform cybersecurity for small and medium-sized businesses (SMBs). The funding from S Ventures will help empower Managed Service Providers (MSPs) in protecting and ensuring the cybersecurity of SMBs.

2024-04-16 13:00:10 UTC

A vulnerability allowing remote code execution in Telegram has been discovered. Improve your cybersecurity skills with training by John Hammond at Name Your Price Training. Join Hammond's newsletter, support his channel on Patreon, and sponsor his content. Follow him on various social media platforms and send malware samples for analysis. Remember to like, comment, and subscribe on YouTube to support the channel.

2024-04-16 12:00:33 UTC

Cisco's Duo Security and Identity Intelligence have combined forces to enhance cybersecurity defenses with advanced threat detection and response solutions. Explore the synergies of these two technologies working together to combat identity threats.

2024-04-16 11:55:29 UTC

Kevin O'Connor, who discovered his hacking skills in middle school, has transitioned from being a hacker to working for the NSA and is currently the director of threat research at Adlumin. This journey was highlighted in a recent article titled "Hacker Conversations: Kevin O'Connor, From Childhood Hacker to NSA Operative" on SecurityWeek's website.

2024-04-16 11:29:25 UTC

The RansomHub group has begun releasing data they claim was stolen from Change Healthcare back in February 2024. This cyber ransomware group has recently started leaking information that was allegedly taken from the healthcare company. The post on SecurityWeek brings attention to the fact that sensitive data has been compromised by this group.

2024-04-16 11:26:55 UTC

A mysterious cyber attack on South Carolina's revenue department in 2012, resulting in the theft of 3.6 million tax records, may finally have been solved. Investigators suspect a Russian hacking group, responsible for other high-profile breaches, could be behind the theft. Residents have been left in the dark for nearly twelve years, but new evidence suggests a possible culprit.

2024-04-16 11:22:27 UTC

In a recent Security Week article titled "You Against the World: The Offenders Dilemma," the author highlights the challenges faced by individuals when it comes to protecting themselves against foreign attackers. With an array of tools at their disposal, it is crucial to be selective in modeling, preparation, and fortification strategies to enhance cybersecurity defenses.

2024-04-16 11:14:00 UTC

The popular PuTTY SSH client has been discovered to be vulnerable to a key recovery attack. Versions 0.68 through 0.80 are affected, with the flaw allowing for the full recovery of NIST P-521 private keys. The CVE identifier CVE-2024-31497 has been assigned to this critical vulnerability, which was discovered by researchers Fabian Bäumer and Marcus. Users are advised to update their PuTTY client to protect against potential exploitation.

2024-04-16 11:10:00 UTC

In a fast-paced digital world, organizations are confronting a growing number of cybersecurity threats. The rise of cloud services and remote work setups has left digital identities at risk of exploitation. To combat this, businesses must enhance their identity security protocols. A recent research report titled 'The Identity Underground' addresses these unseen threats and sheds light on the importance of protecting digital identities in today's cyber landscape.

2024-04-16 11:00:58 UTC

A recent report by Brian Krebs revealed that X (formerly Twitter) was automatically changing twitter.com links to x.com links. However, this caused a concern as it altered the appearance of the link, but not the underlying URL. This could have potentially been exploited by phishers. Fortunately, the issue has been resolved.

2024-04-16 10:53:04 UTC

Omni Hotels has reported that personal information of customers was stolen in a ransomware attack by the Daixin Team group. This cyberattack compromised the security of guest data. The hotel chain is taking steps to address the breach.

2024-04-16 09:50:00 UTC

Delinea rushes to fix critical security flaw after failed disclosure attempt: PAM company Delinea is scrambling to patch an authentication bypass vulnerability following a failed attempt at responsible disclosure. The incident highlights the importance of prompt and effective communication between security researchers and companies.

2024-04-16 08:36:00 UTC

Mental health startup Cerebral has been fined $7 million by the FTC for privacy violations. The company has been ordered to stop using personal data for advertising and has been accused of sharing users' sensitive health information with third parties. Cerebral failed to honor cancellation policies, leading to the hefty fine.

2024-04-16 07:33:00 UTC

In a global crackdown, authorities in Australia and the U.S. have arrested two individuals linked to the creation of Hive RAT, a remote access trojan previously known as Firebird. The accused masterminds, allegedly responsible for the cryptojacking scheme, face charges for distributing malware that allowed control over victim computers and access to private communications and login credentials. The U.S. Justice Department (DoJ) has been leading the investigation.

2024-04-16 06:30:00 UTC

Prepare now for the future threat of Quantum computers, which may be able to break today's encryption methods. Ensure your Mac's protection by utilizing iMessage's newest features.

2024-04-15 22:39:47 UTC

Tom Uren and The Grugq analyze Google's review of 0days in 2023 in the latest edition of Between Two Nerds. The duo delves into the significance of this information and how Google's perspective shapes the report.

2024-04-15 19:00:06 UTC

Kickstart your cybersecurity career with TryHackMe, a platform that features tutorials on hacking and cyber security. Learn how to protect your organization against cyber threats with Enterprise Password Management by requesting a demo from Keeper Security. Find out more at https://www.tcm.rocks/KeeperDemo. Stay tuned for more hacking tips and tricks on TryHackMe's social media channels and consider supporting the channel through Patreon or one-time donations.

2024-04-15 18:34:59 UTC

Cisco Duo has issued a warning about a hack at a telephony supplier that exposed MFA SMS logs, including phone numbers and carriers. This breach could potentially lead to social engineering attacks. Cisco Duo's announcement highlights the importance of cybersecurity measures in protecting sensitive data.

2024-04-15 16:51:00 UTC

New findings from Binarly show that Intel and Lenovo BMCs contain an unpatched security flaw in the Lighttpd web server. The original vulnerability was identified and fixed by Lighttpd in August 2018, but device vendors have failed to update their BMCs with version 1.4.51. This oversight leaves the systems open to potential attacks.

2024-04-15 16:22:51 UTC

Amazon Web Services (AWS) has released the Winter 2023 SOC 1 report in Japanese, Korean, and Spanish, in response to feedback from customers, regulators, and stakeholders. This marks the first time that an AWS SOC 1 report is available in Japanese, expanding accessibility for international users seeking audit, assurance, certification, and attestation programs.