Latest Cybersecurity News and Articles

---

Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe

The Irish Data Protection Commission (DPC) has announced that it has commenced a "Cross-Border statutory inquiry" into Google's foundational artificial intelligence (AI) model to determine whether the tech giant has adhered to data protection regulations in the region when processing the personal data of European users. "The statutory inquiry concerns the question of whether Google has complied

---

Microsoft Discloses Four Zero-Days in September Update

Microsoft recently revealed four zero-day vulnerabilities in its September update, part of the Patch Tuesday release containing 79 vulnerabilities, making it the fourth-largest release of the year.

---

New PIXHELL Acoustic Attack Leaks Secrets From LCD Screen Noise

New acoustic attack named 'PIXHELL' can leak secrets from air-gapped systems through LCD monitors without speakers. Malware modulates pixel patterns to induce noise in the 0-22 kHz range, allowing data exfiltration up to 2 meters at 20 bps.

---

ToneShell Backdoor Targets IISS Defence Summit Attendees in Latest Espionage Campaign

The ToneShell backdoor, attributed to the Mustang Panda cyber espionage group, has resurfaced in a new attack targeting attendees of the 2024 IISS Defence Summit in Prague.

---

Exploiting CI/CD Pipelines for Fun and Profit

On September 8, 2024, a significant exploit chain was discovered, starting from a publicly exposed . git directory, leading to a full server takeover. The vulnerabilities stem from websites exposing their . git folders.

---

UK datacentres to be designated critical infrastructure

Facilities to receive greater protection in attempt to reduce potential impact of adverse incidents or attacksDatacentres in the UK are to be designated as critical national infrastructure in an effort to protect them from cyber-attacks and IT blackouts, the government has said.The buildings store much of the data generated in the UK, including photos taken on smartphones, financial information and NHS records. Continue reading...

---

WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily. The enforcement is expected to come into effect starting October 1, 2024. "Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress sites worldwide," the

---

UK’s ICO and NCA Sign Memorandum to Boost Reporting and Resilience

The UK’s data protection watchdog and serious and organized crime agency have signed a memorandum of understanding (MoU) designed to enhance cooperation and reaffirm their commitment to helping victim organizations.

---

Tech Stack Uniformity has Become a Systemic Vulnerability

By recognizing the importance of diversity in technology stacks and incorporating it into security protocols and incident response plans, companies can proactively protect their infrastructure and reduce the likelihood of catastrophic events.

---

DoJ Distributes $18.5 Million to Western Union Fraud Victims

The U.S. Department of Justice has distributed $18. 5m to about 3000 victims of fraud facilitated by Western Union. This is part of the second phase of the Western Union Remission program, which aims to fully compensate victims.

---

Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, according to a new report by French cybersecurity company Sekoia. "The Quad7 botnet operators appear to be

---

Progress Software issues fix for maximum severity vulnerability

Security leaders discuss the maximum severity vulnerability in Progress Software products. 

---

Security Budgets Continue Modest Growth, but Staff Hiring Slows Considerably, Research Finds

Security budgets are seeing modest growth in 2024, with an 8% increase compared to a 6% growth in 2023. However, hiring of security staff has significantly slowed down, according to a report by IANS Research and Artico Search.

---

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China. "

---

DDoS Attacks Double With Governments Most Targeted

DDoS attacks have doubled, with governments being the most targeted sector, according to StormWall's report. The number of DDoS incidents globally increased by 102% in the first half of 2024 compared to the same period in 2023.

---

Quad7 Botnet Targets More SOHO and VPN Routers, Media Servers

Quad7 botnet is expanding its reach by targeting additional SOHO devices with custom malware for Zyxel VPN appliances, Ruckus wireless routers, and Axentra media servers, in addition to previously reported TP-Link and ASUS routers.

---

AI Cybersecurity Needs to be as Multi-Layered as the System it’s Protecting

LLMs can be manipulated to generate harmful outputs through malicious prompts, posing risks to enterprises. To counter these attacks, companies must focus on the design, development, deployment, and operation of their AI systems.

---

72% of BEC attacks were from free webmail domains

A report found that fraudsters are calling potential victims directly and luring them with messages containing a phone number for the target to call.

---

Chinese ‘Crimson Palace’ Espionage Campaign Keeps Hacking Southeast Asian Governments

A sophisticated trio of Chinese cyberespionage groups known as Cluster Alpha, Cluster Bravo, and Cluster Charlie are behind the Crimson Palace espionage campaign targeting government organizations in Southeast Asia.

---

DHS Cyber Review Board Will Announce Next Investigation ‘Soon’

The DHS Cyber Safety Review Board, led by Homeland Security officials, is preparing to announce its next investigation soon, as hinted by DHS undersecretary Rob Silvers. Silvers mentioned criteria for incident review but did not reveal details.