Security

5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage
Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with ...
2024-10-01 16:00
local_offer
Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials
More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective...
2024-10-01 08:00
local_offer
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet
Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Sw...
2024-10-01 06:00
local_offer
U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails
The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be ...
2024-10-01 03:00
local_offer
THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29)
Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time,...
2024-09-30 14:00
local_offer
Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks
Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be explo...
2024-09-30 13:00
local_offer
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).  Attacks on ses...
2024-09-30 13:00
local_offer
A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme
Imagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business dat...
2024-09-30 12:00
local_offer
Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext
The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems. The...
2024-09-30 07:00
local_offer
Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign
Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identi...
2024-09-28 15:24
local_offer
U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes
U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The D...
2024-09-28 11:33
local_offer
Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now
Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The compan...
2024-09-27 21:14
local_offer
Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution
A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. "A remote unauthenticated attacker can silently replac...
2024-09-27 18:03
local_offer
How to Plan and Prepare for Penetration Testing
As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choi...
2024-09-27 16:56
local_offer
Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks
The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and pe...
2024-09-27 16:41
local_offer
Cybersecurity Certifications: The Gateway to Career Advancement
In today's fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you're ...
2024-09-27 14:34
local_offer
New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users
Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed u...
2024-09-27 14:30
local_offer
U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering
The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The vir...
2024-09-27 13:17
local_offer
Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers
A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked a...
2024-09-27 11:24
local_offer
Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates
Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed r...
2024-09-26 21:32
local_offer