May 25, 2024NewsroomMachine Learning / Data Breach Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. “Exploitation of this vulnerability would have allowed unauthorized access to the AI prompts and results of all
Australian patients’ health and personal information has reportedly been published online by following the ransomware attack on medical prescriptions provider MediSecure. The Melbourne-based company confirmed on May 24 that a data set containing the personal information and limited health data of its customers has been posted onto a dark web forum by a cybercriminal group.
Business Security The prerequisites for becoming a security elite create a skills ceiling that is tough to break through – especially when it comes to hiring skilled EDR or XDR operators. How can businesses crack this conundrum? Márk Szabó 21 May 2024 • , 4 min. read Human resource professionals know that the market price
May 24, 2024The Hacker NewsCybersecurity Webinar Don’t be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they’re getting smarter every day. Join our FREE webinar “Navigating the SMB Threat Landscape: Key Insights from Huntress’ Threat Report,” in which Jamie
Security researchers have revealed a series of criminal campaigns that exploit cloud storage services such as Amazon S3, Google Cloud Storage, Backblaze B2 and IBM Cloud Object Storage. These campaigns, driven by unnamed threat actors, aim to redirect users to malicious websites to steal their information using SMS messages. According to a technical write-up published
Digital Security As AI gets closer to the ability to cause physical harm and impact the real world, “it’s complicated” is no longer a satisfying response Cameron Camp 22 May 2024 • , 3 min. read We have seen AI morphing from answering simple chat questions for school homework to attempting to detect weapons in
Conversations about data security tend to diverge into three main threads: How can we protect the data we store on our on-premises or cloud infrastructure? What strategies and tools or platforms can reliably backup and restore data? What would losing all this data cost us, and how quickly could we get it back? All are
Security experts have reported a 341% increase in malicious phishing links, business email compromise (BEC), QR code and attachment-based threats in the past six months. This data comes from SlashNext’s mid-year The State of Phishing 2024 report, which also identified an 856% increase in malicious email and messaging threats over the previous 12 months. Since the
Since the first edition of The Ultimate SaaS Security Posture Management (SSPM) Checklist was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace. In large enterprises, the number of SaaS applications in use today is in the hundreds, spread across departmental stacks, complicating the job of security teams to
Security researchers have observed a new DoppelGänger campaign dubbed Operation Matriochka aimed at challenging the credibility of journalists and fact-checkers since May 2022. By leveraging X (formerly Twitter), the operation not only disseminated disinformation articles but also engaged in commenting and sharing to prompt further investigation. According to a technical write-up published by the Sekoia
One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience. Today’s cyber threat landscape is rife with sophisticated attacks aimed at all different parts of the software supply chain and the urgency for software-producing organizations to adopt DevSecOps practices that
A new report has revealed that 59% of geographically distributed businesses encounter network issues at least once a month. Kaspersky’s findings, titled “Managing geographically distributed businesses: challenges and solutions,” highlight the frequent network outages, lost connections and poor performance of services and applications that these companies face. The study also shows that 46% of these businesses
May 20, 2024The Hacker NewsSoftware Security / Vulnerability All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days. 96%
Australian healthcare company MediSecure has suffered a “large scale” ransomware attack, putting individuals’ personal and health information at risk. The electronic prescriptions provider confirmed the incident in a statement on May 16, which it admitted has impacted the personal and health information of individuals. The company confirmed that the attack was caused by an attack
The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles on April 12 and May 16, respectively. The foreign
A new banking Trojan targeting Android devices has been detected by Cyble Research and Intelligence Labs (CRIL), the research branch of threat intelligence provider Cycble. In a report published on May 16, CRIL described sophisticated malware incorporating a range of malicious features, including overlay attacks, keylogging and obfuscation capabilities. The researchers called the Trojan “Antidot”
Video This week, ESET experts released several research publications that shone the spotlight on a number of notable attacks and broader developments on the threat landscape 17 May 2024 This week, ESET experts released several research publications that shone the spotlight on a number of notable attacks and broader developments on the threat landscape. First,
May 17, 2024NewsroomCryptojacking / Malware The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating
Multiple UK councils have warned that citizens’ personal data may have been breached following a ransomware attack on a medical equipment supplier. Nottingham Rehab Supplies (NRS) Healthcare, which supplies health and care equipment numerous local authorities across the UK, was hit by a ransomware attack at the start of April 2024. The attack resulted in
ESET Research One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft Marc-Etienne M.Léveillé 14 May 2024 • , 3 min. read Ten years ago we raised awareness of Ebury by publishing a white paper we
May 17, 2024NewsroomLinux / Malware The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea’s Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is “structurally almost identical to GoBear, with
Security researchers have detected Storm-1811, a financially motivated cybercriminal group, exploiting Quick Assist, a client management tool, in social engineering attacks. According to a technical blog post published by Microsoft on Wednesday, Storm-1811, notorious for deploying Black Basta ransomware, has been observed initiating these attacks through voice phishing (vishing) since mid-April 2024, employing tactics like
ESET researchers discovered two previously unknown backdoors – which we named LunarWeb and LunarMail – compromising a European ministry of foreign affairs (MFA) and its diplomatic missions abroad. We believe that the Lunar toolset has been used since at least 2020 and, given the similarities between the tools’ tactics, techniques, and procedures (TTPs) and past
Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances. “The impacts enabled by these flaws are manifold: from the implant of ransomware on the ultrasound machine to the
A cyber-attack has disrupted auction house Christie’s attempts to sell art and other high-value items worth an estimated $840m. Among the items up for auction are a Vincent van Gogh painting valued at $35m and a rare wine. The cyber-attack has taken Christie’s website offline, possibly last week, preventing potential buyers from viewing the lots
ESET Research, Threat Reports An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024 Jean-Ian Boutin 14 May 2024 • , 2 min. read ESET APT Activity Report Q4 2023–Q1 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented
Here’s How to Enhance Your Cyber Resilience with CVSS In late 2023, the Common Vulnerability Scoring System (CVSS) v4.0 was unveiled, succeeding the eight-year-old CVSS v3.0, with the aim to enhance vulnerability assessment for both industry and the public. This latest version introduces additional metrics like safety and automation to address criticism of lacking granularity
Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded – a dramatic rise from 139 in 2022 and 783 in 2021. This surge was primarily attributed to MOVEit file transfer software vulnerabilities,
Digital Security We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024 10 May 2024 • , 1 min. read We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor
May 14, 2024The Hacker NewsCyber Threat / Machine Learning Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of authentication
- « Previous Page
- 1
- …
- 9
- 10
- 11
- 12
- 13
- …
- 130
- Next Page »