The notorious LockBit ransomware group has recently struck again, allegedly targeting a diverse range of entities and adding ten new victims to their dark web portal. Among the victims of this latest LockBit cyberattack are Silver Airways, Taiwan Textiles, CABC, Plexus Teleradiology, Fiduciaire Cornelis & Budts, show more ...
Lili’s Brownies, a renowned confectionery specializing in delectable treats since 1991, has allegedly become a victim of a cyberattack orchestrated by the infamous 8BASE ransomware group. This Lili’s Brownies cyberattack, which surfaced on the dark web, marks another addition to the long list of show more ...
The notorious Hunters ransomware group allegedly claimed the Dalmahoy Hotel & Country Club cyberattack, adding the UK-based 4-star hotel to its victim list. The perpetrators, identified as the Hunters’ ransomware group, claimed to have breached the security of this establishment. Situated near Edinburgh, show more ...
La Colline, the renowned Swiss Riviera Beauty Treatment brand, has allegedly fallen victim to a cyberattack claimed by the infamous LockBit ransomware group. The threat actor behind the La Colline cyberattack issued a ransom ultimatum, setting a deadline for March 3, 2024, threatening to publish the compromised files. show more ...
The BlackSuit ransomware attack has claimed a new victim: the Campaign for Tobacco-Free Kids, an American non-profit organization dedicated to advocating for reduced tobacco consumption. The announcement for this Campaign for Tobacco-Free Kids cyberattack surfaced via a dark web channel, where the group boasted about show more ...
Navigating the current dating landscape can be perplexing; its filled with apps, websites, catfishing, and lurking stalkers. While pre-Tinder dating had its challenges, it sure seemed to be less intricate. Complicating matters is the heightened uncertainty about the identity of your virtual conversational partner, and show more ...
The hacking group Dark Storm Team has issued a menacing ultimatum, vowing to unleash a wave of cyberattacks targeting the services and government websites of NATO countries, Israel, and those nations lending support to the Israeli cause. Dark Storm Team, known for its sophisticated cyber warfare tactics and notorious show more ...
The MEDUSA ransomware group has struck again, this time targeting two new victims: Amoskeag Network Consulting Group LLC and Kadac Pty Ltd. The dark web portal of the ransomware group showcased these additions, adding to their growing list of victims. However, crucial details such as the extent of the data show more ...
After the US and its allies formally accused China of irresponsible and malicious behavior in cyberspace back in 2021, the government there has been on a mission to cast the US in the same light.
Attackers are breaching cloud environments and playing games with corporate Microsoft 365 apps, and further victims are likely to come.
Brand-new vulnerabilities from both vendors this week — one exploited in the wild — add to a steady stream of critical security issues in the security platforms.
Continuously evaluating and updating your third-party risk assessment can improve your security posture and ensure your company doesn't have the next headline-making incident.
Viamedis and Almerys, two payment processors widely used by French health insurers, were victims of cyberattackers who struck five days apart.
The move by the State Department complements a Hive infrastructure takedown by international law enforcement.
The UN is reportedly investigating dozens of crypto cyberattacks suspected to have earned the North Korean regime billions to fund its nuclear program.
The National Association of State Chief Information Officers' top 10 list sheds light on where state and local governments need to direct their cybersecurity efforts. Here's what it means for application security.
The developers behind a widespread worm are nesting further into networks by exploiting Windows escalation opportunities faster than organizations can patch them.
According to a report by Chainalysis, ransomware attacks caused a record-breaking $1.1 billion in financial damage in 2023, with a 49% increase in victim organizations being publicly threatened.
A new FCC Declaratory Ruling recognizes AI-generated voices in robocalls as "artificial" and illegal, giving State Attorneys General new tools to crack down on these scams and protect the public.
Two men, one from Malta and the other from Nigeria, have been arrested for their involvement in selling and providing customer support for remote access Trojan (RAT) malware on hacking forums since 2012.
The bug affected versions 12.23.1 – 12.72.0 of ExpressVPN for Windows and allowed some DNS requests to bypass ExpressVPN's server, potentially exposing users' browsing history.
The partial Facebook Marketplace database was allegedly leaked by a threat actor, exposing sensitive personal information of approximately 200,000 users, including full names, Facebook IDs, phone numbers, physical IDs, and email addresses.
Email attacks using QR codes, known as "quishing," have surged, especially targeting corporate executives and managers, highlighting the need for enhanced digital protections for business leadership.
The Cybersecurity and Infrastructure Security Agency (CISA) partnered with the NFL to promote cybersecurity awareness during the Super Bowl, aiming to encourage strong passwords, multifactor authentication, and phishing reporting.
CISA confirmed active exploitation of a critical remote code execution (RCE) bug in Fortinet's FortiOS, urging immediate security updates or SSL VPN disabling to mitigate the risk.
Businesses and consumers are facing heightened levels of identity-focused attacks, with over 30% of businesses reporting growth in data and security breaches, impacting industries beyond the financial sector, according to AuthenticID.
In 2023, the U.S. FTC reported that Americans lost over $10 billion to scammers, a 14% increase from the previous year. Imposter scams were the most frequently reported, followed by online shopping scams and investment scams.
As per a new study by CybSafe, 97% of office workers in the United Kingdom and United States trust their cybersecurity teams to prevent or minimize damage from cyberattacks.
The US government is offering rewards of up to $10 million for information leading to the identification, location, arrest, and conviction of members of the Hive ransomware group.
The technique involves using a vulnerable signed Minifilter Driver to create a program capable of terminating a targeted process, particularly to evade detection by security solutions like EDR.
Threat actors are targeting Microsoft Azure corporate clouds with sophisticated and tailored phishing attacks, compromising a wide range of user accounts for activities such as data exfiltration and financial fraud.
Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a decryptor.
The deal will result in the formation of a separate company called DataCo to handle Veritas' remaining assets, while Cohesity will follow a "no customer left behind" approach.
This initiative aligns with CISA's Open Source Software Security Roadmap's objective of collaborating with relevant working groups to develop security principles for package managers.
The Hipocrate Information System (HIS) used by hospitals to manage medical activity and patient data was targeted over the weekend and is now offline after its database was encrypted.
The United Nations is investigating 58 suspected cyberattacks by North Korea, totaling around $3 billion, which are believed to be funding the country's development of weapons of mass destruction.
National Cyber Director Harry Coker emphasized the need for a collaborative effort between the government and industry to address cyber threats, harmonize regulations, and build a diverse cybersecurity workforce.
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Debian Linux Security Advisory 5619-1 - Two vulnerabilities were discovered in libgit2, a low-level Git library, which may result in denial of service or potentially the execution of arbitrary code.
LaborOfficeFree installs a MySQL instance that runs as SYSTEM and calculates the MySQL root password based on two constants. Each time the program needs to connect to MySQL as root, it employs the reverse algorithm to calculate the root password. This issue has been tested on version 19.10 exclusively, but allegedly, versions prior to 19.10 are also vulnerable.
Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 6630-1 - It was discovered that Glance_store incorrectly handled logging when the DEBUG log level is enabled. A local attacker could use this issue to obtain access_key values.
This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass.
An issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request.
WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET.
An issue was discovered on WyreStorm Apollo VX20 devices prior to version 1.3.58. The TELNET service prompts for a password only after a valid username is entered. Attackers who can reach the Apollo VX20 Telnet service can determine valid accounts allowing for account discovery.
Red Hat Security Advisory 2024-0773-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.
Red Hat Security Advisory 2024-0772-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.
Red Hat Security Advisory 2024-0771-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.
Red Hat Security Advisory 2024-0769-03 - An update for tcpdump is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-0768-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.
Enpass Desktop Application version 6.9.2 suffers from an html injection vulnerability.
Complaint Management System version 2.0 suffers from multiple remote SQL injection vulnerabilities.
SCHLIX version 2.2.8-1 suffers from a REGEX processing denial of service vulnerability.
By Jonathon Dixon, Vice President and Managing Director – APJC, Cloudflare Digitization and technology are deeply rooted within the DNA of modern businesses – no matter the size or industry – as the benefits of implementing these critical tools can help increase efficiency, enable cost savings, enhance show more ...
By April Miller, Managing Editor at ReHack Magazine How close is quantum computing to breaking encryption? It might happen sooner than you think. Standard cybersecurity protocols aren’t advanced enough to defend against it. If security experts don’t find a solution in time, the digital world as you know it will show more ...
Microsoft said it's introducing Sudo for Windows 11 as part of an early preview version to help users execute commands with administrator privileges. "Sudo for Windows is a new way for users to run elevated commands directly from an unelevated console session," Microsoft Product Manager Jordi Adoumie said. "It is an ergonomic and familiar solution for users who want to elevate a command
The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation. It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person "conspiring to participate in or attempting to participate in Hive ransomware activity."
Incident response (IR) is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you’re still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files and outbound network connections. However, the identity aspect - namely
Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA). "Through a comprehensive analysis of Rhysida Ransomware, we identified an
When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it's important to remember that MFA isn't foolproof. It can be bypassed, and it often is. If a password is compromised, there are several options
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it's partnering with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish a new framework to secure package repositories. Called the Principles for Package Repository Security, the framework aims to establish a set of foundational rules for package
A simple-to-avoid security flaw allowed unauthorised parties to track the location of anyone wearing Livall ski and biking helmets, and listen to group conversations. Read more in my article on the Hot for Security blog.
