Latest Cybersecurity News and Articles

---

Firefox Zero-Day Under Attack: Update Your Browser Immediately

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component. "An attacker was able to achieve code execution in the content process by exploiting a use-after-free in

---

DDoS attacks surge in H2 2023

2023 saw an increase in DDoS attacks.

---

Lamborghini Carjackers Lured by $243M Cyberheist

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later, while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom.

---

Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale

Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams. The initiative, which has been codenamed the Global Signal Exchange (GSE), is designed to create real-time insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to create

---

Security experts discuss the American Water cyberattack

On Thursday, October 3, 2024, American Water discovered unauthorized activity in its systems.

---

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera

---

Rejoice! The charade of having to change our passwords every few months is coming to an end | Kate O'Flaherty

The US government is finally admitting there’s no need – instead, to fend off cyber-attacks we need passwords that are long but memorableOver the past decade or so, people have accumulated a vast array of logins for dozens of sites and apps, as more of our work and home lives moves on to the internet. That’s why it has never made sense that so many IT departments have belligerently insisted on maintaining a major hurdle to password management. Namely, the need to change passwords regularly.It’s a familiar scenario. You arrive at the office and need to log on to your company laptop quickly, before your morning meeting. But speed is not going to be of the essence today, because an annoying prompt has appeared: you need to change your password.Kate O’Flaherty is a freelance technology journalist Continue reading...

---

N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware

Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023. "The threat actor behind CL-STA-0240

---

35% of UK security leaders cite competition as cause of skills shortage

Issues faced by IT leaders in the U.K. were analyzed in a recent Hyve Managed Hosting report, including the current cybersecurity talent gap.

---

Russian hacking group intercepted by Microsoft and DOJ

Microsoft and the United States Department of Justice has announced the disruption of COLDRIVER’s technical infrastructure. 

---

Social Media Accounts: The Weak Link in Organizational SaaS Security

Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access — a situation no organization wants as

---

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based

---

Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks

Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise (BEC) attacks, which ultimately result

---

Finance industry most at risk for phishing attacks

Phishing attacks targeted the finance industry in H1 2024.

---

47% of Organizations Have Dealt With Deepfake Attacks

Deepfake attacks are on the rise.

---

Patch Tuesday, October 2024 Edition

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 "Sequoia" update that broke many cybersecurity tools.

---

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated

---

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community," Morphisec researcher Shmuel Uzan said in a new report published today, adding "this malware

---

81% of U.S. workers have not been trained on generative AI

Security practices were analyzed in a recent report, finding that one in two office workers admit to using personal devices to log into work networks.

---

Security leaders discuss the new vulnerability added to CISA’s catalog

CISA has issued a warning regarding a known, exploited vulnerability.