Data Security News
The Hacker News
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaignby [email protected] (The Hacker News)
North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. […]
- Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russiaby [email protected] (The Hacker News)
The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns […]
- Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediatelyby [email protected] (The Hacker News)
Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on […]
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacksby [email protected] (The Hacker News)
Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, […]
- Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serializationby [email protected] (The Hacker News)
The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework […]
- Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accountsby [email protected] (The Hacker News)
A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company's network in […]
- Ruijie Networks' Cloud Platform Flaws Could've Exposed 50,000 Devices to Remote Attacksby [email protected] (The Hacker News)
Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an […]
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Nowby [email protected] (The Hacker News)
The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully […]
Graham Cluley Blog
- The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!)by Graham Cluley
In episode 30 of The AI Fix, AIs are caught lying to avoid being turned off, Apple’s AI flubs a headline, ChatGPT is available to people who […]
- Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kremeby Graham Cluley
This week, we delve into the dark world of fake CAPTCHAs designed to hijack your computer. Plus, the AI safety clock is ticking down – is doomsday […]
- It’s time to stop calling it “pig butchering”by Graham Cluley
Online romance and investment scams are painful enough without its victims being described as "pigs." Read more in my article on the Hot for […]
- The AI Fix #29: AI on OnlyFans, and the bot that wants to be a billionaireby Graham Cluley
In episode 29 of The AI Fix, an AI company makes the bold step of urging us to "stop hiring humans", Graham is wrong about GB AI, parents prepare […]
- Rydox cybercrime marketplace seized by law enforcement, suspected admins arrestedby Graham Cluley
Rydox, an online marketplace used by cybercriminals to sell hacked personal information and tools to commit fraud, has been seized in an […]
- Doughnut orders disrupted! Krispy Kreme suffers hack attackby Graham Cluley
Krispy Kreme, the dispenser of delectable doughnuts, says that it suffered a cyber attack at the end of last month which saw its IT systems […]
- 27 DDoS-for-hire services disrupted in run-up to holiday seasonby Graham Cluley
Operation PowerOFF has disrupted what was anticipated to be a surge of distributed denial-of-service (DDoS) attacks over the Christmas period by […]
- Smashing Security podcast #397: Snowflake hackers, and under the influenceby Graham Cluley
A Canadian man is arrested in relation to the Snowflake hacks from earlier this year - after a cybersecurity researcher managed to track his […]
Infosecurity Magazine
- CISA's 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration
The US Cybersecurity and Infrastructure Security Agency’s 2024 Year in Review marks Jen Easterly’s final report before resignation
- Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%
The vacuum left by RedLine’s takedown will likely lead to a bump in the activity of other a infostealers
- US and Japan Blame North Korea for $308m Crypto Heist
A joint US-Japan alert attributed North Korean hackers with a May 2024 crypto heist worth $308m from Japan-based company DMM
- Spyware Maker NSO Group Liable for WhatsApp User Hacks
A US judge has ruled in favor of WhatsApp in a long-running case against commercial spyware-maker NSO Group
- Major Biometric Data Farming Operation Uncovered
Researchers at iProov have discovered a dark web group compiling identity documents and biometric data to bypass KYC checks
- Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP
The vulnerabilities, now patched, posed significant risks, including unauthorized file uploads, privilege escalation and SQL injection attacks
- Ransomware Attack Exposes Data of 5.6 Million Ascension Patients
US healthcare giant Ascension revealed that 5.6 million individuals have had their personal, medical and financial information breached in a […]
- Cryptomining Malware Found in Popular Open Source Packages
Cryptomining malware hits popular npm packages rspack and vant, posing risks to open source tools
Dark Reading News
- Hackers Are Hot for Water Utilitiesby Kelly Jackson Higgins, Editor-in-Chief, Dark Reading
The US water sector suffered a stream of cyberattacks over the past year and half, from a mix of cybercriminals, hacktivists, and nation-state […]
- Defining & Defying Cybersecurity Staff Burnoutby Karen Spiegelman, Features Editor
Sometimes it feels like burnout is an inevitable part of working in cybersecurity. But a little bit of knowledge can help you and your staff stay […]
- Quantum Computing Advances in 2024 Put Security In Spotlightby Robert Lemos, Contributing Writer
The work on quantum computing hit some major milestones in 2024, making the path to a workable quantum computer seem closer than ever. Google, […]
- SEC Disclosures Up, But Not Enough Details Providedby Fahmida Y. Rashid
While companies have responded to the new SEC rules by disclosing incidents promptly, many of the reports don't meet the SEC's "material" standard.
- Emerging Threats & Vulnerabilities to Prepare for in 2025by Kristina Beek, Associate Editor, Dark Reading
From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.
- DDoS Attacks Surge as Africa Expands Its Digital Footprintby Jai Vijayan, Contributing Writer
As organizations on the continent expand their use of digital technologies, they increasingly face many of the same threats that entities in other […]
- Too Much 'Trust,' Not Enough 'Verify'by Rob Sloan, Sam Curry
"Zero trust" doesn't mean "zero testing."
- Trump 2.0 Portends Big Shift in Cybersecurity Policiesby Becky Bracken, Senior Editor, Dark Reading
Changes at CISA and promises of more public-private partnerships and deregulation are just a few ways the incoming administration could upend the […]
