Researchers disclosed vulnerabilities today that impact 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide, allowing the researchers to easily unlock any door in a hotel by …
Author: Cyware
The US government has published new distributed denial-of-service (DDoS) attack guidance for public sector entities to help prevent disruption to critical services.
The document is designed to serve as a …
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet’s FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
Tracked as CVE-2023-48788, …
Amid the constant drumbeat of successful cyberattacks, some fake data breaches have also cropped up to make sensational headlines. Unfortunately, even fake data breaches can have real repercussions.
Earlier this …
The Department of Transportation (DOT) will review data collection practices for the country’s 10 largest airlines in a bid to improve passenger privacy protections, Secretary Pete Buttigieg said on Thursday. …
The South China Athletic Association (SCAA) was rocked by a cyberattack as unauthorized third parties breached the organization’s computer servers, sparking concerns over the security of member data. In response …
WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting.…
The Rhysida ransomware group claims it was responsible for the cyberattack at US luxury yacht dealer MarineMax earlier this month.
MarineMax, which posted multibillion-dollar revenues last year, disclosed a cyberattack …
Imagine a hospital’s email system suddenly filled with thousands of spam …
An unpatchable vulnerability in Apple’s M-series chips has been reported. The Apple M-series chip vulnerability could potentially leak secret encryption keys. This flaw, embedded deep within the architecture of the …
93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year, according to Thales.
The number of enterprises experiencing ransomware attacks …
A hacker allegedly connected to the People’s Republic of China has been exploiting two popular vulnerabilities to attack U.S. defense contractors, U.K. government entities and institutions in Asia.
A new …
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the …
As AI gets baked into enterprise tech stacks, AI applications are becoming prime targets for cyber attacks. In response, many cybersecurity teams are adapting existing cybersecurity practices to mitigate these …
A malware campaign offering malware-as-a-service (MaaS) is targeting Android users based in India.
According to Broadcom, the campaign distributes malicious APK packages and seeks out banking information, SMS messages, and …
An international freight technology company said it has cut off a portion of its business in Canada after a cyberattack.
The company — Radiant Logistics — did not respond to …
An Australian IT contractor has been sentenced to 30 months jail for ripping off the National Maritime Museum.
The nonprofit museum celebrates Australia’s maritime heritage – a matter of some …
Ivanti addressed a critical remote code execution vulnerability, tracked as CVE-2023-41724 (CVSS score of 9.6), impacting Standalone Sentry solution.
An unauthenticated attacker can exploit this vulnerability to execute arbitrary commands …
An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence.…
A new denial-of-service attack dubbed ‘Loop DoS’ targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic.
Devised by researchers at the CISPA Helmholtz-Center …
Atlassian addressed multiple vulnerabilities in its Bamboo, Bitbucket, Confluence, and Jira products. The most severe vulnerability, tracked as CVE-2024-1597 (CVSS score of 10), is a SQL injection flaw that impacts …
New and sophisticated tax phishing scams are targeting taxpayers, warns Microsoft. These scams impersonate trusted sources and use urgency tactics to steal personal and financial data.
Taxpayers beware! Phishing scams …
Threat actors are attempting to compromise Social Security numbers with a tax phishing attack targeting small business owners and self-employed filers.
Worryingly, the social engineering scammers are likely operating with …
Security researchers have warned of a slew of fake obituaries designed to make money for their creators by redirecting visitors to adult entertainment sites and initiating antivirus (AV) popups.
Secureworks …
ESET Research has recorded a considerable increase in AceCryptor attacks, with detections tripling between the first and second halves of 2023.
In recent months, researchers registered a significant change in …
Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher.
The Spa Gran Prix …
The federal government’s HR shop is pitching a legislative proposal to give federal agencies new authorities and flexibilities in how they hire and pay cybersecurity workers to members of Congress, …
AndroxGh0st is a Python-based malware designed to target Laravel applications. It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio. …
Ukrainian cyber police have arrested three men suspected of hijacking the accounts of over 100 million internet users.
The trio, aged between 20 and 40, were arrested by police in …
According to the UAE Cybersecurity Council, in 2023, the UAE repelled over 50,000 cyberattacks daily. These findings, highlighted in a report from Frost & Sullivan (F&S), show the exponential growth …
An emerging and unsophisticated threat actor is spreading various types of malware with accounting report lures in a phishing campaign that relies on readily available malicious and legitimate software for …
A cyberattacker and extortionist of a medical center has pleaded guilty to federal computer fraud and abuse charges in the US.
Robert Purbeck, adopting the aliases “Lifelock” and “Studmaster” during …
An Iran-linked hacking group claims to have breached the computer network of a sensitive Israeli nuclear installation in an incident declared by the ‘Anonymous’ hackers as a protest against the …
In the past few years, an increasing number of tech companies, organizations, and even governments have been working on one of the next big things in the tech world: successfully …
U.S. National Security Advisor Jake Sullivan and Environmental Protection Agency (EPA) Administrator Michael Regan warned governors today that hackers are “striking” critical infrastructure across the country’s water sector.
In a …
Healthcare , HIPAA/HITECH , Industry Specific
Facing AHA Lawsuit, HHS Tempers 2022 Warning About Tracking IP Addresses, Other PHI Marianne Kolbasuk McGee (HealthInfoSec) • March 19, 2024
HHS…Smokeloader malware used by Russia-linked cybercriminals remains one of the major tools for financial hacks in Ukraine, according to a recent report.
Between May and November 2023, researchers identified 23 …
In the eBook “Active adversaries: Who they are and how they’re targeting your organization,” we outlined recent research from the Sophos X-Ops team on how active adversaries are breaching organizations …
Earlier this month, cybercriminals masquerading as law firms tricked multiple companies into downloading initial access malware that may precede greater attacks down the line.
The group in question, which BlueVoyant …
It’s been three months since the Securities and Exchange Commission’s cyber disclosure rules took effect and rather than creating a deluge of incident revelations, only a trickle has emerged.
Companies …
New research has shed light on the profound impact of ransomware attacks on the IT and construction sectors, revealing that these industries bore the brunt of nearly half of all …
Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security (TLS) to provide increased security.
Rivest–Shamir–Adleman (RSA) is an asymmetric cryptography …
Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD.
Hardening with LynisLynis conducts a thorough security examination of the system directly. Its …
Healthcare , Industry Specific , Legislation & Litigation
Lawsuit Claims Change Healthcare Outage Is Pushing Clinic, Others Into Bankruptcy Marianne Kolbasuk McGee (HealthInfoSec) • March 18, 2024
Image:…Fraud Management & Cybercrime , Ransomware
Review of Attacks Finds Inconsistent Data Leaks and Victim Naming, Broken Promises Mathew J. Schwartz (euroinfosec)
• March 18, 2024
A pig…
Over 50,000 vulnerabilities have been submitted to the US Department of Defense (DoD) through its vulnerability disclosure program (VDP).
The DoD Cyber Crime Center (DC3) reported on March 15, 2024, …
The Pokémon Company said it detected hacking attempts against some of its users and reset those user account passwords.
Last week, an alert was visible on Pokémon’s official support website …
Zero tolerance of failure by information security professionals is unrealistic, and makes it harder for cyber security folk to do the essential part of their job: recovering fast from inevitable …
Russian state hackers are performing targeted phishing campaigns in at least nine countries spread across four continents. Their emails tout official government business and, if successful, threaten not just sensitive …
Editor’s note: The following is a guest article from Michael Kosak, senior principal intelligence analyst at LastPass.
The White House recently issued an executive order authorizing the attorney general to prevent the …