Cryptocurrency scams seem to be gaining momentum by the day. Hard on the heels of scammers tricking Discord users by offering nonexistent coins on fake exchanges, inventing stories about lucky winners on fake news sites, and simulating helicopter money, a new scheme is exploiting Lightshot’s screen-sharing tool show more ...
Surging levels of fraud and financial crime during the pandemic threaten to overwhelm banking teams working from home with disjointed internal systems, according to new research from FICO.
India’s top military official says the country plans to seek help from the US and other countries to shore up its defense infrastructure that is vulnerable to China-backed cyber-attacks.
Last year, a new version of the NAT Slipstreaming vulnerability was disclosed that allows scripts on malicious websites to bypass visitors' NAT firewall and gain access to any TCP/UDP port on the visitor's internal network.
People are using easy-to-guess passwords, including their pet's name, family members' names, significant dates, their favorite sports team – or even 'Password', and that could be putting them at risk of their accounts being compromised.
Teams have a choice between spending many precious hours determining whether their apps contain a library that needs to be updated and then updating it, or just as likely, simply ignoring the problem.
Securiti announced participation from Cisco Investments in its latest round of funding. The company plans to work with Cisco and help their customers solve the challenge of multi-cloud and edge security, privacy, and compliance.
APKPure, a popular third-party and unofficial alternative hub to download Android and iOS applications, was recently infiltrated with malware that is used to download Trojans to other Android devices.
Mozilla volunteers have recently been flooded with requests from online merchants and marketers for their domains to be added to what's called a Public Suffix List (PSL).
Organizations continue to fall victim to ransomware, and yet progress on tackling these attacks, which now constitute one of the biggest security problems on the internet, remains slow.
Audio chat app Clubhouse has denied any breach or hack after a report said that a database containing 1.3 million scraped records of the platform's users were posted on a popular hacker forum.
The study, conducted by Mike McGuire a senior lecturer in criminology at the University of Surrey, reveals that the world is coming increasingly close to nation-state retaliating against cyber-attacks with violence.
A pair of security researchers at the virtual Pwn2Own hacking contest exploited a combination of three individual zero-day bugs in the Zoom client to show how attackers could gain complete remote control of any PC or notebook computer.
Over a year into the coronavirus pandemic, more people have become accustomed to doomsday talk. Americans following public officials’ remarks about cybersecurity, though, may have been expecting a kind of digital apocalypse for decades.
Nearly two-thirds of Americans avoid using websites or accounts for which they have forgotten their password, according to new research published today by password manager LastPass.
Trading app Upstox has alerted customers of a security breach that exposed contact data and KYC details of customers. The retail broking firm assured users that their funds and securities remain safe despite the breach.
Almost every global organization suffered at least one mobile malware attack in 2020, according to a new report from Check Point. The security vendor polled 1800 customers of its Harmony Mobile device threat protection product to compile its report.
Fitch Ratings published an alert last week to warn of the “material risk” to water and sewer utilities caused by cyber-attacks that could also impact their ability to repay debt.
More than 500,000 Huawei users have downloaded from the company’s official Android store applications infected with Joker malware that subscribes to premium mobile services.
Leading French pharmaceutical group Pierre Fabre suffered a REvil ransomware attack where the threat actors initially demanded a $25 million ransom. Pierre Fabre is the second largest pharmaceutical group in France.
Multiple security experts discovered threat actors tampered with the APKPure client version 3.17.18 of the popular alternative third-party Android app store. APKPure is available only on devices that use Google Mobile Services (GMS).
The alert from the NCSC follows a report by Kaspersky detailing how cybercriminals are exploiting a Fortinet VPN vulnerability (CVE-2018-13379) to distribute ransomware by exploiting unpatched systems and remotely accessing usernames and passwords.
The 2021 spring edition of the Pwn2Own hacking contest concluded last week and witnessed successful attempts on Zoom, Apple Safari, Microsoft Exchange, Microsoft Teams, Parallels Desktop, Windows 10, and Ubuntu Desktop operating systems.
Microsoft is warning businesses to beware of cybercriminals using company website contact forms to deliver the IcedID info-stealing banking trojan in email with Google URLs to employees.
Recent research found that REvil ransomware has repurposed its attack technique that involves modifying the user’s system login password and force a system reboot to allow the malware to encrypt the files.
A new spear-phishing campaign has been targeting LinkedIn users with fake job offers in an attempt to attain control over victims’ computers using a sophisticated backdoor trojan called more_eggs.
Researchers are looking at an uncanny resemblance between ransomware groups Mount Locker and Astro Locker Team. Experts imply a possible tie-up to expedite Mount Locker's onboarding as a RaaS operation.
A relatively sophisticated new malware downloader, dubbed as Saint Bot, has surfaced in recent weeks that, though not widespread yet, appears to be gaining momentum. The downloader is being used to drop stealers on compromised systems.
In a whitepaper entitled “Ransom Mafia – Analysis of the World’s First Ransomware Cartel”, DiMaggio and his team aimed to provide an analytical assessment on whether there is indeed a ransomware cartel.
Darktrace, the British cybersecurity firm fired the gun on its $4 billion London listing on Monday, aiming to raise new funds to accelerate product development and strengthen its balance sheet.
The exploit purchase platform is currently tempting exploit developers and vendors with a $300,000 payout, three times more than the normal cost. The announcement was made via Twitter.
The 2021 Serious and Organised Crime Threat Assessment (SOCTA) highlighted how criminals are increasingly incorporating digital technologies into their activities, a trend that has been exacerbated in the last year amid COVID-19 lockdowns.
U.S. President Joe Biden is nominating Chris Inglis to be the National Cyber Director and Jen Easterly to be director of the Cybersecurity and Infrastructure Security Agency, the White House said on Monday.
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
Ubuntu Security Notice 4899-2 - USN-4899-1 fixed a vulnerability in SpamAssassin. This update provides the corresponding update for Ubuntu 14.04 ESM. Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code. Various other issues were also addressed.
The ZeroNights 2021 Call For Papers has been announced. It will be held in Saint-Petersburg, Russia on June 30th, 2021.
vsftpd version 2.3.4 backdoor remote command execution exploit.
The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized by the Zero Day Initiative (ZDI). Targets with successful attempts included Zoom, Apple
Behind the strategies and solutions needed to counter today's cyber threats are—dedicated cybersecurity researchers. They spend their lives dissecting code and analyzing incident reports to discover how to stop the bad guys. But what drives these specialists? To understand the motivations for why these cybersecurity pros do what they do, we decided to talk with cybersecurity analysts from
Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents pulled
Indian stock trading firm Upstox has revealed to users that it has suffered a serious security breach that may have seen unauthorised criminal access to millions of customers' personal information.
