The frequency and complexity of cyber threats are constantly evolving. At the same time, organizations are now collecting sensitive data that, if compromised, could result in severe financial and reputational damage. According to Cybersecurity Ventures, the cost of cybercrime is predicted to hit $8 trillion in 2023 and will grow to $10.5 trillion by 2025.
Government agencies alongside education and healthcare organizations have become prime targets for ransomware operators over the past three years. According to a new report published on August 2, 2023, by data protection provider Barracuda Networks, the number of reported attacks against municipalities, education and healthcare has doubled since last year and more than quadrupled since 2021.
by Paul Ducklin The latest full new version of Firefox is out, marking the first of two “monthly” upgrades you’ll see this month. Just as there will be a blue moon in August 2023 (that’s the name applied to a second full moon in the same calendar month, rather than reference to an atmospheric phenomenon
Aug 02, 2023THNICS/SCADA Security About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S.
An NHS trust has been reprimanded by the UK’s data protection regulator after it was discovered that staff had been sharing patient details on an unapproved app for two years. Some 26 staff at NHS Lanarkshire accessed the WhatsApp group between April 2020 and April 2022, entering sensitive patient data including names, phone numbers, addresses,
by Paul Ducklin Last week, the US Securities and Exchange Commission (SEC) announced new and fairly strict rules about cybersecurity breach disclosures for any people or companies that fall under its regulatory remit. The SEC, by the way, was founded at the height of the US Great Depression in the 1930s, with the aim of
Aug 01, 2023THNMobile Security / Malware Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023. “The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a combination of remote
The International Bar Association (IBA) has published what it claims to be a “first-of-its-kind” report to guide senior executives and boards to protect their organization from cyber risk. Released today, Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors, is a lengthy document designed to give leaders
Jul 31, 2023THNCyber Threat / Botnet The P2PInfect peer-to-peer (P2) worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. “The malware compromises exposed instances of the Redis data store by exploiting the replication feature,” Cado Security researchers Nate Bill and Matt Muir said
The UK’s Ministry of Defence (MoD) is launching an investigation after a typing error reportedly led to classified emails being sent to a close ally of Russia instead of the intended recipients. The emails were meant for the US military, identifiable by the domain “.mil.” However, due to a simple mistake omitting the letter “i,” the messages
Jul 29, 2023The Hacker NewsBrowser Security / Data Security Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop “The Definitive Browser Security RFP Template.” This resource helps streamline
Nominations are open for the eighth annual Security Serious Unsung Heroes Awards to be held in London and run by Eskenzi PR. The awards are all about celebrating the UK’s cybersecurity professionals, teachers, lecturers, leaders and those working to make the industry not only more secure, but also more diverse and healthier for employees. Whether educating the
Jul 29, 2023THNAndroid / Malware A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather sensitive data stored in pictures. CherryBlos, per Trend Micro, is distributed via bogus posts on social media platforms and comes with capabilities to steal cryptocurrency wallet-related credentials and act as
The Australian and US governments have issued a joint advisory about the growing cyber-threats to web applications and application programming interfaces (APIs). The guidance, Preventing Web Application Access Control Abuse was released by the Australian Cyber Security Centre (ACSC), US Cybersecurity and Infrastructure Security Agency (CISA), and US National Security Agency (NSA) on July 27,
by Paul Ducklin ONE WEEK, TWO BWAINS Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge.
Jul 28, 2023THNMalware / Cyber Threat The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that’s used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that started
You may have heard Sam Altman, the man behind ChatGPT, call for the regulation of future AI models while at the same time his company OpenAI lobbied the EU to water down its own AI Act. OpenAI and generative AI pioneers Google, Microsoft and Anthropic are now taking Altman’s pledge a step further, launching the
by Paul Ducklin If you’d been quietly chasing down cryptographic bugs in a proprietary police radio system since 2021, but you’d had to wait until the second half of 2023 to go public with your research, how would you deal with the reveal? You’d probably do what researchers at boutique Dutch cybersecurity consultancy Midnight Blue
Jul 27, 2023THNLinux / Endpoint Security Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users. “The impacted
Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1
by Paul Ducklin Remember Heartbleed? That was the bug, back in 2014, that introduced the suffix -bleed for vulnerabilities that leak data in a haphazard way that neither the attacker nor the victim can reliably control. In other words, a crook can’t use a bleed-style bug for a precision attack, such as “Find the shadow
A new study conducted by Uptycs has uncovered a stark increase in the distribution of information stealing (a.k.a. infostealer or stealer) malware. Incidents have more than doubled in Q1 2023, indicating an alarming trend that threatens global organizations. According to the new Uptycs’ whitepaper, Stealers are Organization Killers, a variety of new info stealers have
The UK Government’s Cyber Security Skills in the UK Labour Market 2023 report shows a staggering 50% of all UK businesses have a basic cybersecurity skills gap. This shows little improvement from the 2022 report, which found that 51% of businesses lacked these basic skills. Meanwhile, the 2023 report found that 33% have an advanced
by Paul Ducklin Two weeks ago, we urged Apple users with recent hardware to grab the company’s second-ever Rapid Response patch. As we pointed out at the time, this was an emergency bug fix to block off a web-browsing security hole that had apparently been used in real-world spyware attacks: Component: WebKit Impact: Processing web
Jul 25, 2023THNMalware / Cyber Threat The financially motivated threat actors behind the Casbaneiro banking malware family have been observed making use of a User Account Control (UAC) bypass technique to gain full administrative privileges on a machine, a sign that the threat actor is evolving their tactics to avoid detection and execute malicious code
Application security provider Checkmarx has identified what it described as the first open source software supply chain attacks targeting the banking sector. In a recent report, Checkmarx researchers analyzed two distinct, sophisticated supply chain attacks relying on open source toolsets. Both attacks’ targets were banks. The first attack started in February 2023, when a threat
Jul 24, 2023THNLinux / Network Security Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. “This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent,” Saeed Abbasi, manager of vulnerability research at Qualys,
Generative AI tools have conquered the workplace, especially large language model-based (LLM) chatbots like OpenAI’s ChatGPT and Google’s Bard. These powerful tools are capable of performing a broad range of tasks, from helping to draft perfect emails to providing digestible summaries, freeing up the time-strapped worker to focus on more strategic activities. However, using LLMs
Jul 21, 2023THNEmail Security / Cyber Attack The recent attack against Microsoft’s email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought. According to cloud security company Wiz, the inactive Microsoft account (MSA) consumer signing key used to forge Azure Active Directory (Azure AD
The US Department of Justice (DoJ) is doubling the size of the team investigating cryptocurrency crime, with the fight against ransomware “an urgent priority.” In a speech at the Center for Strategic and International Studies on Thursday, July 20, Principal Deputy Assistant Attorney General Nicole M. Argentieri announced the merger of the National Cryptocurrency Enforcement
- « Previous Page
- 1
- …
- 34
- 35
- 36
- 37
- 38
- …
- 130
- Next Page »