According to a new report, SIM-swapping crimes are rising worldwide, mainly committed by eSIM (Embedded Subscriber Identity Modules) users. eSIMs are digitally stored SIM cards that are embedded using software into devices. As a result, hackers are now attempting to exploit vulnerabilities within this software to brute force their way into victims’ phone accounts to port their mobile numbers to their own devices through brute force. …
Read More
In recent months, cybersecurity researchers have observed a concerning surge in search-based malvertising campaigns, with documented incidents nearly doubling compared to previous periods. Amidst this uptick in online threats, one particular malware variant has captured the attention of experts: FakeBat.  This malware employs unique techniques in its distribution, posing significant challenges to cybersecurity efforts worldwide.…
Read More

The operators behind the DarkGate malware have been taking advantage of a recently patched flaw in Windows SmartScreen through a phishing scheme. This campaign involves circulating counterfeit Microsoft software installers to spread the malicious code. Researchers from Trend Micro, along with others, uncovered a vulnerability earlier this year, known as CVE-2024-21412, which allowed attackers to bypass security measures in Internet Shortcut Files.…
Read More
A recent study conducted by the Chartered Institute of Information Security (CIISec) has uncovered a concerning trend in the cybersecurity field. The study reveals that many cybersecurity professionals, facing low pay and high stress, are resorting to engaging in cybercrime activities on the dark web. This revelation adds to the challenges faced by security leaders who already feel ill-equipped to combat the increasing threat of AI-driven cybercrime.…
Read More

The cyberattack’s widespread destruction underscores how threat actors can do significant damage by targeting a relatively unknown vendor that serves a vital operational function behind the scenes. The AlphV ransomware group disrupted basic operations to the critical systems of US healthcare services by attacking a vital financial and claims processing link in a highly interconnected industry.…
Read More

Following a cyberattack on the largest health insurer in the United States last month, health care providers are still scrambling as insurance payments and prescription orders continue to be disrupted, costing physicians an estimated $100 million each day.  According to the American Medical Association, that estimate was generated by First Health Advisory, a cybersecurity company that focuses on the healthcare sector.…
Read More

SEC disclosure mandate The Securities and Exchange Commission’s recently implemented cybersecurity regulations have prompted some breach disclosures from publicly traded firms, such as Microsoft and Hewlett Packard Enterprise.

Among other things, the guidelines mandate that a “material” cybersecurity event be reported to the SEC within four days of its classification as such.…

Read More

 

Recent research has surfaced serious security vulnerabilities within ChatGPT plugins, raising concerns about potential data breaches and account takeovers. These flaws could allow attackers to gain control of organisational accounts on third-party platforms and access sensitive user data, including Personal Identifiable Information (PII).

According to Darren Guccione, CEO and co-founder of Keeper Security, the vulnerabilities found in ChatGPT plugins pose a significant risk to organisations as employees often input sensitive data, including intellectual property and financial information, into AI tools.…

Read More
In today’s digital landscape, small and medium-sized businesses (SMBs) are increasingly becoming prime targets for cybercriminals looking to exploit vulnerabilities for financial gain. A recent report from cybersecurity firm Sophos sheds light on the top cyber threats facing SMBs, highlighting information-stealing malware, ransomware, and business email compromise (BEC) as the most prevalent dangers. …
Read More

Voice phishing, also known as vishing, is popular right now, with multiple active campaigns throughout the world ensnaring even savvy victims who appear to know better, defrauding them of millions of dollars.  South Korea is one of the global regions hardest hit by the attack vector; in fact, a fraud in August 2022 resulted in the largest amount ever stolen in a single phishing case in the country.…
Read More
The realm of cybersecurity, particularly within the Microsoft 365 environment, is in a constant state of evolution. Recent events involving major tech firms and cybersecurity entities underscore a crucial truth: grasping security best practices for Microsoft 365 isn’t synonymous with effectively putting them into action. According to Kaspersky, 2023 witnessed a significant 53% surge in cyber threats targeting documents, notably Microsoft Office documents, on a daily basis.…
Read More
In a concerning development for website owners and administrators, hackers have been exploiting a vulnerability in the popular Popup Builder plugin for WordPress, resulting in the infection of over 3,300 websites worldwide. This security flaw, officially tracked as CVE-2023-6000, allows malicious actors to execute cross-site scripting (XSS) attacks on websites that are using outdated versions of the Popup Builder plugin, specifically versions 4.2.3 and older. …
Read More

Researchers have found a new way of hijacking WiFi networks at Tesla charging stations for stealing vehicles- a design flaw that only needs an affordable, off-the-shelf tool.

Experts find an easy way to steal a Tesla

As Mysk Inc. cybersecurity experts Tommy Mysk and Talal Haj Bakry have shown in a recent YouTube video hackers only require a simple $169 hacking tool known as Flipper Zero, a Raspberry Pi, or just a laptop to pull the hack off. …

Read More

Artificial Intelligence (AI) is reshaping the world of social media content creation, offering creators new possibilities and challenges. The fusion of art and technology is empowering creators by automating routine tasks, allowing them to channel their energy into more imaginative pursuits. AI-driven tools like Midjourney, ElevenLabs, Opus Clip, and Papercup are democratising content production, making it accessible and cost-effective for creators from diverse backgrounds.  …

Read More

In the digital society, defenders are grappling with the transformative impact of artificial intelligence (AI), automation, and the rise of Cybercrime-as-a-Service. Recent research commissioned by Darktrace reveals that 89% of global IT security teams believe AI-augmented cyber threats will significantly impact their organisations within the next two years, yet 60% feel unprepared to defend against these evolving attacks.…

Read More

There was an update on the hacking attempts by hackers linked to Russian foreign intelligence on Friday. They used data stolen from corporate emails in January to gain access to Microsoft’s systems again, which were used by the foreign intelligence services to gain access to the tech giant’s products, which are widely used in the national security establishment in the United States. …
Read More
In a significant cybersecurity revelation, critical vulnerabilities were discovered in the GovQA platform, a tool extensively used by state and local governments across the U.S. to manage public records requests.  Independent researcher Jason Parker uncovered flaws that, if exploited, could have allowed hackers to access and download troves of unsecured files connected to public records inquiries.…
Read More

 

Through a recent report by PIXM, a cybersecurity firm specialising in artificial intelligence solutions, public schools in the United States face a significant increase in sophisticated phishing campaigns. Threat actors are employing targeted spear phishing attacks, utilising stealthy patterns to target officials in large school districts, effectively bypassing Multi-Factor Authentication (MFA) protections.…

Read More
In a recent cybersecurity incident, UnitedHealth Group revealed that its tech unit, Change Healthcare, fell victim to a cyberattack orchestrated by the infamous ransomware gang, Blackcat. The attack, which disrupted healthcare organizations nationwide, targeted electronic pharmacy refills and insurance transactions, prompting urgent responses from both the affected healthcare provider and the U.S.…
Read More

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) raised the alarm by adding two such vulnerabilities in Apple’s iOS and iPad to its Known Exploited Vulnerabilities catalog. These vulnerabilities are actively exploited, posing significant risks to users’ privacy, data, and device security.

The Vulnerabilities

CVE-2024-23225: This vulnerability targets the kernel of both Apple iOS and iPadOS.…

Read More

Chinese threat actors strike again

Users of a Tibetan language translation app and website visitors to a Buddhist festival were compromised by a focused watering-hole malware connected to a Chinese threat group.

According to recent data from ESET, the so-called Evasive Panda hacking team’s cyber-operations campaign started in September 2023 or earlier and impacted systems in Taiwan, Hong Kong, Taiwan, Australia, and the United States.…

Read More
Fidelity Investments Life Insurance Company (FILI) faces another data breach challenge as it discloses a breach affecting a significant number of individuals. The breach, linked to third-party service provider Infosys McCamish (IMS), heightens worries over data security in today’s digital landscape.  Approximately 28,268 individuals have been notified by Fidelity regarding the breach.…
Read More

Woman discloses scam, alerts netizens

By bringing attention to a fresh cybercrime strategy, a marketing expert from Chennai has assisted others in avoiding the scam. Lavanya Mohan, the woman, talked about her experience on X, (formerly Twitter). She said how she got a call saying that someone was using her Aadhaar card to carry drugs over international borders.…

Read More

A new version of the infamous GhostLocker ransomware has been developed by cyber criminals, and they are now targeting users across the Middle East, Africa, and Asia with this ransomware. With the help of the new GhostLocker 2.0 ransomware, two ransomware groups have joined forces in attacking organizations in Lebanon, Israel, South Africa, Turkey, Egypt, India, Vietnam, and Thailand in double-extortion ransomware attacks, which have been conducted by two groups of ransomware groups, GhostSec and Stormous. …
Read More

The Canadian city of Hamilton is still getting over a ransomware attack that compromised nearly every facet of municipal operations.  Since February 25, when the ransomware attack was first reported, city officials have been working nonstop. Foundational services, such as waste collection, transit, and water and wastewater treatment, are functioning as of Wednesday.…
Read More
The increasing prevalence of programmable logic controllers (PLCs) featuring embedded web servers has opened avenues for potential catastrophic remote attacks on operational technology (OT) within industrial control systems (ICS) in critical infrastructure sectors.  Researchers from the Georgia Institute of Technology have developed malware that could enable adversaries to remotely access embedded web servers in PLCs, potentially leading to manipulation of output signals, falsification of sensor readings, disabling safety systems, and other actions with severe consequences, including loss of life.…
Read More

Recently, in a telecommunications setback, damage to submarine cables in the Red Sea is causing disruptions in communication networks, affecting a quarter of the traffic between Asia, Europe, and the Middle East, including internet services. Four major telecom networks, including Hong Kong’s HGC Global Communications, report that cables have been cut, leading to a substantial impact on communication in the Middle East.…

Read More

Change Healthcare breach

There is evidence that the ransomware group behind the Change Healthcare breach, which has caused chaos for hospitals and pharmacies attempting to handle prescriptions, may have received $22 million from UnitedHealth Group.

Researchers studying security issues discovered a post made by an associate member claiming to be a member of the ALPHV/Blackcat ransomware group in a Russian forum used by cybercriminals.…

Read More

The US Health and Human Services Department (HHS) announced Tuesday that it would assist doctors and hospitals in locating alternate claims processing platforms to help restart the flow of business following a cyberattack on a UnitedHealth Group (UNH) subsidiary that crippled operations of a large swath of America’s health systems for the past two weeks. …
Read More

In today’s tech-driven world, APIs (Application Programming Interfaces) are like the connective tissue that allows different software to talk to each other, making our digital experiences seamless. But because they are so crucial, they are also prime targets for hackers. 

They could break in to steal our sensitive data, mess with our systems, or even shut down services.…
Read More