Latest Cybersecurity News and Articles
08 October 2024
CISA has issued a warning regarding a known, exploited vulnerability.
08 October 2024
A team of CyberFirst Bursary alumni will join teams from Japan, the USA, and Europe at the inaugural Kunoichi Cyber Games in November.
08 October 2024
Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho.
"The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems," Kaspersky said, detailing a new campaign that began in June 2024 and continued at least until
08 October 2024
Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case study here.
The Invisible Threat in Online Shopping
When is a checkout page, not a checkout page? When it's an “evil twin”! Malicious redirects can send unsuspecting shoppers to these perfect-looking
08 October 2024
Introduction
Artificial intelligence (AI) deepfakes and misinformation may cause worry in the world of technology and investment, but this powerful, foundational technology has the potential to benefit organizations of all kinds when harnessed appropriately.
In the world of cybersecurity, one of the most important areas of application of AI is augmenting and enhancing identity management
08 October 2024
A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets.
Victims included a South Asian embassy in Belarus and a European Union government (E.U.) organization, Slovak cybersecurity company ESET said.
"The ultimate goal of
08 October 2024
Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters.
The incident took place on the night of October 7, VGTRK confirmed, describing it as an "unprecedented hacker attack." However, it said "no significant damage" was caused and that everything was working normally
08 October 2024
Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal Processor (DSP) Service that could lead to "memory corruption
07 October 2024
Global threats were analyzed in a recent Elastic report. The report focused on security tools, malware attacks and cloud environment security.
07 October 2024
There are vulnerabilities in 19 commercial platforms used by United States government agencies and courts.
07 October 2024
Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these security threats account for up to 11.8% of global cyber events and losses, emphasizing the escalating
07 October 2024
The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations are at risk of experiencing data breaches, leaks, and significant financial losses.
While traditional password-based systems offer
07 October 2024
Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code.
Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with a shocking attack density" between September 4 and September 27, 2024. No less than 20,000 commands designed
07 October 2024
A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances.
The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4.
"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute
07 October 2024
Ever heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week's cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans.
Get the scoop before it's too late!
⚡ Threat of the Week
Double Trouble: Evil Corp & LockBit Fall: A consortium of international law enforcement agencies took steps to arrest four
07 October 2024
Google has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil.
The enhanced fraud protection feature aims to keep users safe when they attempt to install malicious apps from sources other than the Google Play Store, such as web browsers, messaging apps,
07 October 2024
Europe's top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating in the region.
"An online social network such as Facebook cannot use all of the personal data
05 October 2024
Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology.
The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with
04 October 2024
Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country.
"The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials
04 October 2024
The stress of cybersecurity professionals was analyzed in a report finding that 38% of organizations are experiencing increased cybersecurity attacks.