Latest Cybersecurity News and Articles
02 October 2024
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting.
Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,
02 October 2024
The use of artificial intelligence (AI) by information technology (IT) professionals in the U.S. was analyzed in a recent report by GetApp.
02 October 2024
Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease.
1. Interactivity
Having the ability to interact with the
02 October 2024
Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack.
"While the attackers didn't succeed in deploying ransomware on the networks of any of the organizations affected, it is likely that the attacks were financially motivated," Symantec, part of Broadcom, said in a
02 October 2024
The clinic said the hackers had access to personal data between May 4 and May 7, stealing information including Social Security numbers, passport numbers, financial account numbers with CVV numbers and expiration dates.
02 October 2024
The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. The US also indicted one of its members for conducting BitPaymer ransomware attacks.
02 October 2024
The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using AI for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition.
02 October 2024
Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration.
Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a severe security flaw in its postjournal service that could enable unauthenticated attackers to
02 October 2024
A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets.
"The attack targeted users of Atomic, Trust Wallet, Metamask, Ronin, TronLink, Exodus, and other prominent wallets in the crypto ecosystem,"
02 October 2024
Handala's most serious claims are unverified, but the Iranian threat group's actions have led to numerous account suspensions and website shutdowns due to its persistent activities.
02 October 2024
Cyble researchers have uncovered a sophisticated campaign that starts with a suspicious .LNK file and uses VSCode to establish persistence and remote access – and installs the VSCode CLI if VSCode isn’t found on the victim machine.
02 October 2024
Attackers are actively targeting a severe remote code execution vulnerability that Zimbra recently disclosed in its SMTP server, heightening the urgency for affected organizations to patch vulnerable instances right away.
02 October 2024
Federal prosecutors have charged a man for an alleged “hack-to-trade” scheme that earned him millions of dollars by breaking into the Office365 accounts of executives at publicly traded companies.
02 October 2024
Checkmarx researchers discovered PyPI malware posing as crypto wallet tools. These malicious packages stole private keys and recovery phrases, targeting wallets like Metamask, Trust Wallet, and Exodus.
01 October 2024
The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition."
"This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in
01 October 2024
This latest investment, led by New Era Capital Partners, brings Apono's total funding to $20. 5 million, positioning the company to lead the identity security market with its innovative AI-driven product.
01 October 2024
The Taiwan Computer Emergency Response Team (TWCERT/CC) has released a series of security advisories highlighting critical vulnerabilities affecting various PLANET Technology switch models.
01 October 2024
The UK and US issued a joint warning about the increasing Iranian spear phishing threat, attributing it to Iran's Islamic Revolutionary Guard Corps targeting individuals in Iranian and Middle Eastern affairs, as well as US political campaigns.
01 October 2024
The KartLANPwn vulnerability (CVE-2024-45200) targets Mario Kart 8 Deluxe's LAN Play feature, potentially allowing hackers to execute remote code on players' game consoles.
01 October 2024
Logpoint, a SIEM company based in Copenhagen, acquired Muninn, an AI-powered NDR startup, to enhance threat detection capabilities. Muninn's AI technology is designed to detect complex attacks in environments where traditional methods fall short.