News
-
New ‘LLMjacking’ Attack Exploits Stolen Cloud Credentials
Sysdig said the attackers gained access to these credentials from a vulnerable version of Laravel Read More
-
FBI warns US retailers that hackers are targeting their gift card systems
The FBI has issued a warning to US retailers about a financially-motivated malicious hacking ring that has been targeting employees with phishing attacks in an attempt to create fraudulent gift cards. Read more in my article on the Tripwire State of Security blog. Read More
-
Mobile Banking Malware Surges 32%
Afghanistan, Turkmenistan and Tajikistan victims experienced the highest share of banking Trojans Read More
-
Cancer patients’ sensitive information accessed by “unidentified parties” after being left exposed by screening lab for years
A medical lab that specialises in cancer screenings has admitted to an alarming data breach that left sensitive patient information exposed for years – and accessible by unauthorised parties. California-based Guardant Health is notifying affected individuals that information related to samples collected in late 2019 and 2020 was “inadvertently” left exposed online to the general…
-
AI-Powered Russian Network Pushes Fake Political News
Researchers discover large-scale Russian influence operation using GenAI to influence voters Read More
-
Fake Online Stores Scam Over 850,000 Shoppers
Researchers discover 75,000+ domains hosting fraudulent e-commerce sites, in a campaign dubbed BogusBazaar Read More
-
Smashing Security podcast #371: Unmasking LockBitsupp, company extortion, and a Tinder fraudster
The kingpin of the LockBit ransomware is named and sanctioned, a cybersecurity consultant is charged with a $1.5 million extortion, and a romance fraudster defrauded women he met on Tinder of £80,000. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and…
-
#RSAC: Three Strategies to Boost Open-Source Security
Experts at the RSA Conference discussed how governments, the open-source community and end users can work together to drastically improve the security of open-source software Read More
-
From Spam to AsyncRAT: Tracking the Surge in Non-PE Cyber Threats
Authored by Yashvi Shah and Preksha Saxena AsyncRAT, also known as “Asynchronous Remote Access Trojan,” represents a highly sophisticated malware variant meticulously crafted to breach computer systems security and steal confidential data. McAfee Labs has recently uncovered a novel infection chain, shedding light on its potent lethality and the various security bypass mechanisms it employs.…
-
#RSAC: CISA Launches Vulnrichment Program to Address NVD Challenges
CISA launched a new software vulnerability enrichment program to fill the gap left by NIST’s National Vulnerability Database backlog Read More