The Dutch Data Protection Authority (DPA) has imposed a massive fine of 290 million euros on ride-hailing giant Uber, after it was found lacking adequate safeguards for the transfer of personal data of European taxi drivers to the United State, marking the third time the Dutch DPA has taken action against Uber. The show more ...
Telegram CEO Pavel Durov’s detention has been extended by French authorities on Sunday. Pavel was arrested last weekend at a Paris airport over allegations that his messaging app facilitated criminal activities, including money laundering and drug trafficking. According to a report by the AFP, an investigating show more ...
As cybersecurity grows in importance worldwide, NASA's Katherine Johnson Independent Verification and Validation (IV&V) Facility has increased its focus on providing cybersecurity services and education. Traditionally, the IV&V Facility has focused on examining software in developing NASA missions to show more ...
The University of New South Wales (UNSW) is set to welcome students from universities across Australia for the highly anticipated Australian Cybersecurity Games. Organized by SECedu, a prominent network dedicated to cybersecurity education and professional development, the event will unfold from September 2 to show more ...
The aggressive introduction of AI in Microsoft products, geopolitical tensions, and a series of cybersecurity incidents involving the Redmond giant are pushing many organizations worldwide to switch to open-source alternatives to Windows and Office. To replace the latter, both OpenOffice and its offshoot LibreOffice show more ...
As the entire Port of Seattle struggles to become fully operational once more, the airport recommends that those who are traveling take extra precautions.
_Agnostus_Alamy.jpg)
Such cyberattack enablement services let attackers breach security measures, establish new fake accounts, and brute-force servers.
The tech giant seeks to work with endpoint security partners, including CrowdStrike, on how to prevent an outage event of such gravity from happening again.
The financial and government sectors have come under increasing attacks in India, with the Reserve Bank of India (RBI) warning banks to double down on cybersecurity.
As enterprises in the world embrace Microsoft's AI assistant, researcher Michael Bargury warns its security is lacking. Check out his News Desk interview during Black Hat USA.
A threat actor resembling APT41 performed "AppDomainManager Injection," which is like DLL sideloading, but arguably easier and stealthier.
_Artur_Marciniec_Alamy.jpg)
Employees and management must fully support change detection and file integrity monitoring, allowing a proactive approach with definitive security controls to be implemented against threat actors.
SolarWinds has fixed another critical bug in Web Help Desk, known as CVE-2024-28987. This flaw involves hardcoded credentials that can be exploited by remote unauthenticated users to access internal functions and alter data.
Equiniti Trust Company, a financial services company, has been fined $850,000 by the Securities and Exchange Commission for failing to protect customer assets in two separate cyberattacks that resulted in the theft of over $6.6 million.
Gartner's 2024 Hype Cycle for Emerging Technologies highlights autonomous AI, developer productivity, total experience, and human-centric security and privacy programs as the key technology trends to look out for.
Cybercriminals are continuously evolving their tactics, emphasizing the need for organizations to have continuous monitoring to detect suspicious activities, according to a report by Malwarebytes.
The increasing connectivity of airplanes to data networks has prompted regulators to consider cybersecurity threats from various sources, including maintenance laptops, airport networks, wireless sensors, and satellite communications.
A sophisticated Linux malware called 'sedexp' has been flying under the radar since 2022, utilizing a unique persistence technique not yet recognized by the MITRE ATT&CK framework.
GenAI security measures are easily compromised, with 95% of experts expressing low confidence in their security. Attack methods specific to GenAI make it easy for anyone to manipulate applications, gain unauthorized access, and steal data.
A memory-only dropper decrypts and executes a PowerShell-based downloader known as PEAKLIGHT, allowing for the distribution of malware such as Lumma Stealer, Hijack Loader, and CryptBot.
The Kremlin attributed the widespread website disruptions in Russia to a DDoS attack, but digital experts disagree, stating that it is unlikely to target all 2,000 Russian telecom operators simultaneously.
Researchers recently warned that Ecovacs vacuum and lawn mower robots could be hacked to spy on their owners, with one flaw that allows attackers to take over devices' cameras and microphones via Bluetooth.
YouTube has launched an AI tool to help users recover hacked accounts more easily. The AI chatbot called "support assistant" will guide users through the process of securing their login and recovering their account.
Meta Platforms revealed an Iranian hacker group targeting global political figures on WhatsApp. The Iranian state-sponsored threat actor APT42 used WhatsApp accounts to target individuals in Israel, Palestine, Iran, the U.K., and the U.S.
The C-suite's lack of engagement in cybersecurity poses a significant risk despite the growing threat landscape. Organizations need to prioritize cyber-risk management to prevent financial losses and damage to their reputation.
The vulnerability, CVE-2024-39717, allows administrators to upload a malicious file disguised as a PNG image through the "Change Favicon" feature in Versa Director's GUI.
As per GetApp's 2024 Executive Cybersecurity Report, 72% of cybersecurity professionals in the US have reported attacks on senior executives in the past 18 months, with AI-generated deepfakes playing a role in 27% of these incidents.
WordPress websites were found distributing the ClearFake Trojan malware, a dangerous threat that can lead to ransomware infections. The malware was disguised as a prompt to install a root certificate.
CISA's new $524M headquarters, set to be completed in 2027, will be located at the DHS campus in Washington. Construction is expected to begin in the fall, consolidating the agency's workforce currently spread across five office rentals.
A new malware campaign has targeted numerous online stores, compromising their security by injecting digital skimmers that can steal credit card information during the checkout process.
Lingo Telecom failed to comply with caller ID rules before the New Hampshire primary. FCC is seeking a $6 million fine against political consultant Steve Kramer for arranging the calls.
The group, which has been active since 2020, specializes in data extortion and ransomware attacks. They have targeted at least 20 healthcare entities since 2021 and claim to have stolen patient information.
The US government has filed a lawsuit against the Georgia Institute of Technology (Georgia Tech) and its affiliate Georgia Tech Research Corporation (GTRC) for alleged cybersecurity violations.
The two vulnerabilities are path traversal flaws, with CVE-2024-24809 allowing unrestricted file upload with dangerous types and CVE-2024-31214 enabling remote code execution through device image uploads.
NIST has issued new quantum-resistant cryptography standards, alerting cybersecurity teams to prepare for quantum threats. Quantum computing is expected to jeopardize current cryptographic methods within ten years.
Hiya, a call-blocking service, identified nearly 20 billion spam calls in the first half of 2024, with over 107 million spam calls daily. Of the 42 countries analyzed, 25 had spam flag rates exceeding 20%, some even surpassing 50%.
A 33-year-old Latvian man, Deniss Zolotarjovs, residing in Moscow, has been charged in the U.S. with money laundering, financial fraud, and extortion related to the Russian ransomware group Karakurt.
A report from Critical Start’s Cyber Research Unit revealed over 3400 high and critical cyber alerts in the first half of 2024, marking a 46.15% increase in attacks in the US compared to 2023.
This type of scam typically starts with a comment on a funeral home's Facebook notification, promoting a fake live stream of the funeral service or soliciting donations on behalf of the deceased family.
A 29-year-old Russian national has been arrested in Buenos Aires, Argentina by the federal police on charges of money laundering for North Korean Lazarus hackers using cryptocurrency.
The FBI lacks proper policies and controls for tracking and disposing of storage media, leading to risks of loss or theft. The audit also identified physical security gaps in the media destruction process at FBI facilities.
Vulnerability prioritization is crucial in managing security threats but is only the beginning. Knowing which vulnerabilities to address is not enough; the focus should be on quickly addressing and mitigating them.
A new report from the CMO Council and KPMG shows that building strong relationships between marketing and data security teams is crucial, but one-third of partnerships struggle with collaboration.
Debian Linux Security Advisory 5758-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or request smuggling.
Das U-Boot suffers from a buffer overread vulnerability. An attacker with access to the local network and faster response times than the default DHCP server can trigger a memory leak by responding with malicious DHCP offers to a vulnerable U-Boot DHCP client.
Invesalius versions 3.1.99991 through 3.1.99998 suffer from a remote code execution vulnerability. The exploitation steps of this vulnerability involve the use of a specifically crafted DICOM file which, once imported inside the victim's client application, allows an attacker to gain remote code execution.
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Calibre Web version 0.6.21 suffers from a persistent cross site scripting vulnerability.
Ubuntu Security Notice 6974-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Helpdeskz version 2.0.2 suffers from a persistent cross site scripting vulnerability.
Debian Linux Security Advisory 5757-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
SPIP version 4.2.11 suffers from a code execution vulnerability.
Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Ubuntu Security Notice 6973-2 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Jobs Finder System version 1.0 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 6972-3 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth show more ...
HughesNet HT2000W Satellite Modem remote password reset exploit that leverages a path traversal vulnerability.
Human Resource Management System version 2024 version 1.0 suffers from a cross site scripting vulnerability.
Employee Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
DETS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Aruba 501 version CN12G5W0XX suffers from a remote command execution vulnerability.
Bang Resto version 1.0 suffers from an information disclosure vulnerability.
School Log Management System version 1.0 appears to suffers from a remote SQL injection vulnerability that allows an attacker to achieve code execution.
Simple College Website version 1.0 appears to suffers from a remote SQL injection vulnerability that allows an attacker to achieve code execution.
Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as NGate, stating it observed the crimeware campaign targeting three banks in Czechia. The malware "has
Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized if guest registration is enabled, which is the default configuration for Traccar 5, Horizon3.ai
Nowadays, sensitive and critical data is traveling in everyday business channels that offer only the basic level of security and encryption, and companies are often oblivious to the risk. A case in point: Disney suffered a devastating data leak by a hacktivist group known as NullBulge that got hold of over 1.2 terabytes of data from Disney's internal Slack messaging channels. The breach exposed
Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms. These vulnerabilities, which are described as inherent- and implementation-based flaws, could have severe consequences, ranging from arbitrary code execution to loading
SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. "An improper access control vulnerability has been identified in the SonicWall SonicOS
The Dutch Data Protection Authority (DPA) has fined Uber a record €290 million ($324 million) for allegedly failing to comply with European Union (E.U.) data protection standards when sending sensitive driver data to the U.S. "The Dutch DPA found that Uber transferred personal data of European taxi drivers to the United States (U.S.) and failed to appropriately safeguard the data with regard to
The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure
Source: www.databreachtoday.com – Author: 1 Cybercrime , Fraud Management & Cybercrime Pavel Durov Reportedly Detained For Complicity Over Criminal Use Akshaya Asokan (asokan_akshaya) • August 25, 2024 French authorities arrested Telegram CEO Pavel Durov, reportedly for complicity in criminal show more ...
