For the 293rd episode of the Kaspersky Transatlantic Cable podcast, we are down to a two-man booth as both Dave and Jag are away on vacation. To kick things off, Ahmed and I take a look at a story that pulls the curtain back on one of the webs most notorious websites – 4Chan. We were kind of shocked when we saw who show more ...
Consolidating identity management on one platform gives organizations real-time access management for all identities on hybrid and multicloud installations. (First of a two-part series.)
Your family's SUV could be gone in the night thanks to a headlight crack and hack attack.
The effort aims to disrupt the use of altered Cobalt Strike software by cybercriminals in ransomware and other attacks.
By developing new tools to defend against adversarial AI, companies can help ensure that artificial intelligence is developed and used in a responsible and safe manner.
App developers are ignoring laws and guidelines regulating data protection measures aimed at minors, putting their monetization plans in jeopardy and risking user trust.
Security teams need to find the best, most effective uses of large language models for defensive purposes.
It's not hacking if organizations fail to terminate password access after employees leave.
Vulnerabilities in the device firmware and drivers underscore how printers cannot be set-and-forget technology and need to be managed.
Microsoft’s Digital Crimes Unit, cybersecurity firm Fortra, and the Health Information Sharing & Analysis Center announced legal action Thursday to seize domains related to criminal activity involving cracked copies of Cobalt Strike.
Multiple vulnerabilities have been discovered in Google Chrome. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user.
Sensitive documents leaked by a whistleblower reveal Moscow-based IT contractor NTC Vulkan's involvement in developing offensive tools for the Russian military, intelligence agencies, and the Russia-linked APT group Sandworm. The leaked documents specifically cover details of three projects, named Scan, Amesit, and Krystal-2B.
With the increasing use of cloud-based office productivity and collaboration tools, attackers can now easily host and share malicious documents, files, and malware on reputable domains.
Today, the Medusa ransomware group posted OUC on its data leak site, giving the institute 14 days to respond to its ransom demands. The hackers asked for $100,000. However, it set the same price for both deleting the data as well as for selling it.
Companies currently implement MFA at many different levels, however, the report shows the technique only works if it is broadly applied, according to Scott Stransky, managing director and head of the Marsh McLennan Cyber Risk Analytics Center.
Cisco this week announced patches for multiple vulnerabilities across its product portfolio, including high-severity issues impacting its Secure Network Analytics and Identity Services Engine (ISE) products.
Researchers in China and the US have published details of a security shortcoming in the network processing units (NPUs) in Qualcomm and HiSilicon chips found at the heart of various wireless access points (APs).
With access to CCTV footage, cybercriminals can do a lot of damage – from learning a household’s daily schedule to plan burglaries to accessing financial or personal information to steal identities for social engineering attacks or fraud.
In this attack, hackers are sending fake invoices from a legitimate Quickbooks domain. This email comes directly from Quickbooks. It has a QuickBooks email address, meaning it will pass all SPF checks, domain checks, and more.
UNC4466, tracked as an affiliate of ALPHV/BlackCat ransomware, was observed abusing three security holes in the Veritas Backup Exec product. The high-severity flaws targeted by the group include CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878. In spite of a fix released in 2021, several endpoints are vulnerable even today.
Over two-fifths (42%) of IT professionals have been told to keep a security breach under wraps, potentially inflaming regulatory compliance risk, according to a new study from Bitdefender.
During the many years of Balada Injector’s operation since 2017, Sucuri researchers have observed consistent patterns of infection waves on a pretty regular basis. These waves tended to occur every couple of weeks, sometimes once a month.
The FBI, NJ State Homeland Security's office, and the New Jersey attorney general’s office were all notified of the incident and are assisting in the investigation, several officials said.
Security teams ought to seize on the opportunities of failures of the past to make meaningful change in how we approach incident response, urged Sarah Armstrong-Smith, chief security advisor at Microsoft, during UK Cyber Week 2023.
A crew of English-speaking European teenagers with a variety of skills and a propensity for allusions to Greek and Roman mythology are likely behind an up-and-coming cybercrime group called FusionCore.
The email states that Adobe has reset the password for the account associated with the users’ Adobe ID, as it may have been compromised in data breaches from other online services.
The critical issue, tracked as CVE-2023-1671 (CVSS score of 9.8), was identified in the warning page handler of the appliance and it could be exploited without authentication.
Hackers have released 16,000 Tasmanian education department documents on the dark web including school children’s personal information, the state government has confirmed.
The flaw was fixed in ThingsBoard version 3.4.2 by generating a random key for every new installation or upgrade to version 3.4.2 or later. If admins can't upgrade immediately, they can manually change the default signing key for older versions.
NoName057(16) reportedly claimed it was behind DoS attacks against the Finnish parliament’s website on Tuesday, the day the country joined NATO. The country’s Technical Research Centre of Finland was also hacked, according to Finnish news site, YLE.
The Cybersecurity and Infrastructure Security Agency (CISA) has published eight Industrial Control Systems (ICS) advisories warning of critical flaws affecting products from Hitachi Energy, mySCADA Technologies, Industrial Control Links, and Nexx.
Crypto miner/stealer for hire, Typhon Stealer, received a new update, disclosed Palo Alto Networks. The new variant boasts enhanced anti-analysis techniques, as well as other stealing and file-grabber features. The malware leverages Telegram’s API and infrastructure to exfiltrate all stolen data.
Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center (Health-ISAC) to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware. To that end, the tech giant's Digital Crimes Unit (DCU) revealed that it secured a court order in the U.S. to "remove illegal, legacy copies of Cobalt Strike so they can no longer be used by
Less than a month ago, Twitter indirectly acknowledged that some of its source code had been leaked on the code-sharing platform GitHub by sending a copyright infringement notice to take down the incriminated repository. The latter is now inaccessible, but according to the media, it was accessible to the public for several months. A user going by the name FreeSpeechEnthousiast committed
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published eight Industrial Control Systems (ICS) advisories warning of critical flaws affecting products from Hitachi Energy, mySCADA Technologies, Industrial Control Links, and Nexx. Topping the list is CVE-2022-3682 (CVSS score: 9.9), impacting Hitachi Energy's MicroSCADA System Data Manager SDM600 that could allow an
In yet another sign that Telegram is increasingly becoming a thriving hub for cybercrime, researchers have found that threat actors are using the messaging platform to peddle phishing kits and help set up phishing campaigns. "To promote their 'goods,' phishers create Telegram channels through which they educate their audience about phishing and entertain subscribers with polls like, 'What type
