The BBC has confirmed a breach of its pension scheme, exposing the personal data of many of its employees. The public service broadcaster revealed that attackers copied files containing some BBC Trust members’ personal details from a cloud-based storage device. The information includes names, National Insurance numbers, dates of birth and home addresses. The BBC
Month: May 2024
In the age of digital transformation, Artificial Intelligence (AI) has swiftly become a cornerstone of organizational operations. Recruitment – a process that all organizations of any size will have to undertake at some point – is no exception. However, the talent acquisition landscape is a bit of a minefield with an average of over 250
May 31, 2024NewsroomThreat Detection / Endpoint Security Digital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, this has created an expansive attack surface and has
A new operation coordinated by Europol has targeted several significant malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. Dubbed “Endgame” and conducted between May 27 and 29 2024, the operation aimed to disrupt criminal networks by arresting high-value targets, dismantling their infrastructure and freezing illicit proceeds. The targeted malware facilitated ransomware and other malicious
Hundreds of cybersecurity professionals, analysts and decision-makers came together earlier this month for ESET World 2024, a conference that showcased the company’s vision and technological advancements and featured a number of insightful talks about the latest trends in cybersecurity and beyond. The topics ran the gamut, but it’s safe to say that the subjects that
Security leaders are in a tricky position trying to discern how much new AI-driven cybersecurity tools could actually benefit a security operations center (SOC). The hype about generative AI is still everywhere, but security teams have to live in reality. They face constantly incoming alerts from endpoint security platforms, SIEM tools, and phishing emails reported
A malicious email campaign has been discovered leveraging piano-themed messages to perpetrate advance fee fraud (AFF) scams. These campaigns, active since at least January 2024, primarily target students and faculty at North American colleges and universities. However, industries such as healthcare and food and beverage services have also been affected. According to Proofpoint, who discovered
Digital Security A new white paper from ESET uncovers the risks and opportunities of artificial intelligence for cyber-defenders Phil Muncaster 28 May 2024 • , 5 min. read Artificial intelligence (AI) is the topic du jour, with the latest and greatest in AI technology drawing breathless news coverage. And probably few industries are set to
May 29, 2024NewsroomCybercrime / Cybersecurity The U.S. Department of Justice (DoJ) has sentenced a 31-year-old man to 10 years in prison for laundering more than $4.5 million through business email compromise (BEC) schemes and romance scams. Malachi Mullings, 31, of Sandy Springs, Georgia pleaded guilty to the money laundering offenses in January 2023. According to
Cybersecurity firm Check Point has urged customers to review their VPN configurations to prevent potential exploitation by threat actors seeking initial access to enterprise networks. Writing in a security advisory on Monday, the company reported that VPNs from various cybersecurity vendors have been increasingly targeted. In particular, Check Point has observed attempts to breach its
An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in prison and a $250,000 fine. He was arrested
Security researchers have reported a significant increase in cyber activity targeting the upcoming Indian general election. This surge, driven by various hacktivist groups, has resulted in the leakage of personal identifiable information (PII) of Indian citizens on the dark web. The election, set to occur in seven phases from April 19 to June 1 2024, will
Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that’s behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. “Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate,” the company said in its latest Cyber Signals report. “We’ve seen
Source code of fake Pegasus spyware is being sold on the surface web, the dark web and instant messaging platforms, CloudSEK has found. Following Apple’s recent warning about “mercenary spyware” attacks, cloud security provider CloudSEK investigated the clear and dark web for spyware-related threats. The firm analyzed approximately 25,000 Telegram posts and found that many
ESET Research Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to strings 23 May 2024 • , 6 min. read The Nim programming language has become increasingly attractive to malware developers
May 24, 2024NewsroomEndpoint Security / Threat Intelligence The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment. “The adversary created their own rogue VMs within the VMware
Microsoft has warned retailers and restaurants of sophisticated gift card fraud which can cost victims up to $100,000 a day. In a new Cyber Signals report, the tech giant highlighted a 30% rise in intrusion activity by the threat actor Storm-0539 between March and May 2024. The group, which operates out of Morocco, focuses on
Video As the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond? 24 May 2024 UK authorities are reportedly planning to make it mandatory for ransomware victims to report incidents to the government and obtain a
May 25, 2024NewsroomMachine Learning / Data Breach Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. “Exploitation of this vulnerability would have allowed unauthorized access to the AI prompts and results of all
Australian patients’ health and personal information has reportedly been published online by following the ransomware attack on medical prescriptions provider MediSecure. The Melbourne-based company confirmed on May 24 that a data set containing the personal information and limited health data of its customers has been posted onto a dark web forum by a cybercriminal group.
Business Security The prerequisites for becoming a security elite create a skills ceiling that is tough to break through – especially when it comes to hiring skilled EDR or XDR operators. How can businesses crack this conundrum? Márk Szabó 21 May 2024 • , 4 min. read Human resource professionals know that the market price
May 24, 2024The Hacker NewsCybersecurity Webinar Don’t be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they’re getting smarter every day. Join our FREE webinar “Navigating the SMB Threat Landscape: Key Insights from Huntress’ Threat Report,” in which Jamie
Security researchers have revealed a series of criminal campaigns that exploit cloud storage services such as Amazon S3, Google Cloud Storage, Backblaze B2 and IBM Cloud Object Storage. These campaigns, driven by unnamed threat actors, aim to redirect users to malicious websites to steal their information using SMS messages. According to a technical write-up published
Digital Security As AI gets closer to the ability to cause physical harm and impact the real world, “it’s complicated” is no longer a satisfying response Cameron Camp 22 May 2024 • , 3 min. read We have seen AI morphing from answering simple chat questions for school homework to attempting to detect weapons in
Conversations about data security tend to diverge into three main threads: How can we protect the data we store on our on-premises or cloud infrastructure? What strategies and tools or platforms can reliably backup and restore data? What would losing all this data cost us, and how quickly could we get it back? All are
Security experts have reported a 341% increase in malicious phishing links, business email compromise (BEC), QR code and attachment-based threats in the past six months. This data comes from SlashNext’s mid-year The State of Phishing 2024 report, which also identified an 856% increase in malicious email and messaging threats over the previous 12 months. Since the
Since the first edition of The Ultimate SaaS Security Posture Management (SSPM) Checklist was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace. In large enterprises, the number of SaaS applications in use today is in the hundreds, spread across departmental stacks, complicating the job of security teams to
Security researchers have observed a new DoppelGänger campaign dubbed Operation Matriochka aimed at challenging the credibility of journalists and fact-checkers since May 2022. By leveraging X (formerly Twitter), the operation not only disseminated disinformation articles but also engaged in commenting and sharing to prompt further investigation. According to a technical write-up published by the Sekoia
One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience. Today’s cyber threat landscape is rife with sophisticated attacks aimed at all different parts of the software supply chain and the urgency for software-producing organizations to adopt DevSecOps practices that
A new report has revealed that 59% of geographically distributed businesses encounter network issues at least once a month. Kaspersky’s findings, titled “Managing geographically distributed businesses: challenges and solutions,” highlight the frequent network outages, lost connections and poor performance of services and applications that these companies face. The study also shows that 46% of these businesses