Latest Cybersecurity News and Articles
16 September 2024
The FCC is seeking volunteers to serve as administrators for a new cybersecurity labeling program, allowing consumers to identify products less vulnerable to cyberattacks.
16 September 2024
Nonhuman identity and access management company Aembit Inc. has secured $25 million in funding to enhance its solutions. The Series A funding round was led by Acrew Capital.
16 September 2024
Ireland's data protection authorities are investigating Google's AI model to ensure compliance with GDPR. The Irish Data Protection Commission (DPC) is leading the inquiry into Google Ireland under Section 110 of the Data Protection Act 2018.
16 September 2024
A recent report by Xavier Mertens, a Senior ISC Handler and cybersecurity consultant, highlights a concerning trend where cybercriminals are increasingly using legitimate Python libraries for malicious activities.
16 September 2024
WordPress will require two-factor authentication for plugin developers starting October 1, 2024. This mandate will also apply to theme authors. The organization aims to enhance security by preventing hijacked accounts from spreading malicious code.
16 September 2024
In an effort to bolster the insights and intelligence used to secure today’s digital economy, Mastercard has agreed to acquire global threat intelligence company Recorded Future from Insight Partners for $2.65bn.
16 September 2024
ColorTokens has acquired identity security provider PureID to enhance its microsegmentation platform, Xshield. The acquisition will integrate identity-based segmentation for various environments, including cloud and IoT/OT.
16 September 2024
Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information.
The development was first reported by The Washington Post on Friday.
The iPhone maker said its efforts, coupled with those of others in the industry and national governments to tackle
16 September 2024
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials.
"Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content," Palo Alto
14 September 2024
GitLab released updates covering versions 17.1.7, 17.2.5, and 17.3.2 for GitLab Community Edition (CE) and Enterprise Edition (EE), addressing a total of 18 security issues.
14 September 2024
Cybersecurity researchers at Cleafy discovered a new variant of the TrickMo Android banking trojan that evades analysis and displays fake login screens to steal banking credentials.
14 September 2024
In a newly uncovered advanced malware campaign, threat actors are using a complex, fileless approach to deliver the Remcos Remote Access Trojan (RAT), leveraging a benign-looking Excel document as the attack vector.
14 September 2024
A recent congressional investigation revealed that Chinese-made port cranes in the United States contained hidden modems that could provide unauthorized access to the machines.
14 September 2024
Discovering the threat in May 2024, Group-IB highlighted that the malware is spread through Telegram channels disguised as legitimate banking and government service applications.
14 September 2024
Federal civilian agencies have until the end of the month to address these issues. The vulnerabilities are part of Microsoft's monthly security release, with CVE-2024-43491 considered the most concerning due to its severity score.
14 September 2024
Threat actors are actively engaging in domain fraud, brand impersonation, and Ponzi schemes targeting the retail sector, which plays a significant role in the global economy.
14 September 2024
The Vo1d malware campaign targets specific Android firmware versions like Android 7.1.2 and Android 10.1. The malware modifies system files to launch itself on boot and persist on the device.
14 September 2024
Trend Micro researchers uncovered remote code execution attacks targeting Progress Software's WhatsUp Gold using the vulnerabilities tracked as CVE-2024-6670 and CVE-2024-6671.
14 September 2024
Users of Citrix Workspace App are advised to update due to two privilege escalation flaws. Cloud Software Group disclosed vulnerabilities (CVE-2024-7889 & CVE-2024-7890) in the Windows app, allowing attackers to gain high-level access.
14 September 2024
Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild.
The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances.
"An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows