Latest Cybersecurity News and Articles
17 September 2024
Scattered Spider uses social engineering techniques to target high-privileged accounts like IT service desk administrators, compromising cloud services and launching ransomware attacks.
17 September 2024
Apple Vision Pro suffered from a vulnerability known as GAZEploit that could allow attackers to infer data entered on the device's virtual keyboard by analyzing the eye movements of the virtual avatar.
17 September 2024
Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled “Improvements to data analysis in ChatGPT,” the post outlines how users can add files directly from Google Drive and Microsoft OneDrive. It’s worth mentioning
17 September 2024
A recent WooCommerce skimming attack used a creative method to steal credit card details by hiding malicious code within style tags and embedding a fake payment overlay in an image file disguised as a favicon.
17 September 2024
Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.
Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim's clipboard activity and steal sensitive data a user copies, including
17 September 2024
This year's event will bring together the UK’s cyber security community to examine and advance what it means to take a whole of society approach to cyber security.
17 September 2024
SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution.
The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data.
"SolarWinds Access Rights
16 September 2024
New research shows how the cyber threat landscape is evolving, requiring greater proactive security strategies from organizations.
16 September 2024
A recent report also reveals that the challenge of protecting sensitive data will only get more complex with the rise of artificial intelligence (AI).
16 September 2024
A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion.
The vulnerability has been codenamed CloudImposer by Tenable Research.
"The vulnerability could have allowed an attacker to hijack an internal software dependency
16 September 2024
Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor.
The latest advisory comes from Jamf Threat Labs, which said it spotted an attack attempt in which a user was contacted on the professional social network by claiming to be a recruiter for a legitimate decentralized
16 September 2024
Research has identified malicious software packages associated with the North Korean hacking group, Lazarus Group.
16 September 2024
Imagine this... You arrive at work to a chaotic scene. Systems are down, panic is in the air. The culprit? Not a rogue virus, but a compromised identity. The attacker is inside your walls, masquerading as a trusted user. This isn't a horror movie, it's the new reality of cybercrime. The question is, are you prepared?
Traditional incident response plans are like old maps in a new world. They
16 September 2024
Although Indodax did not confirm the exact amount stolen, reports suggest $22 million. The company warned users about potential scammers taking advantage of the situation.
16 September 2024
The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection mechanism. With the deadline fast approaching
16 September 2024
Threat actors are infecting publicly exposed Selenium Grid servers to utilize victims' internet bandwidth for cryptomining, proxyjacking, and potentially more harmful activities.
16 September 2024
A recently patched Windows vulnerability, identified as CVE-2024-43461, was exploited by the Void Banshee APT hacking group in zero-day attacks to install information-stealing malware.
16 September 2024
Cybersecurity researchers have identified ongoing phishing campaigns that exploit refresh entries in HTTP headers to distribute fake email login pages to steal user credentials.
16 September 2024
Mandiant's report highlights the escalating cyber threats facing Mexico, with a rise in global espionage and local cybercrime targeting individuals and businesses. Since 2020, cyber espionage groups from over 10 countries have targeted Mexican firms.
16 September 2024
Teams are encouraged to sign up for the CyberFirst Girls Competition 2024/ 25.