Data Security News
The Hacker News
- North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domainsby [email protected] (The Hacker News)
Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a […]
- Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Toolby [email protected] (The Hacker News)
As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be […]
- The High-Stakes Disconnect For ICS/OT Securityby [email protected] (The Hacker News)
Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t […]
- FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operationby [email protected] (The Hacker News)
The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to […]
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Updateby [email protected] (The Hacker News)
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three […]
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacksby [email protected] (The Hacker News)
Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, […]
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installationby [email protected] (The Hacker News)
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running […]
- Google OAuth Vulnerability Exposes Millions via Failed Startup Domainsby [email protected] (The Hacker News)
New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain […]
Graham Cluley Blog
- The AI Fix #33: AI’s deliberate deceptions, and Elon’s “unhinged” modeby Graham Cluley
In episode 33 of The AI Fix, our hosts watch a robot fall over, ChatGPT demonstrates that it can't draw a watch face but it can fire a gun, a man […]
- Pastor’s “dream” crypto scheme alleged to be a multi-million dollar scamby Graham Cluley
Imagine trusting your pastor with your savings, only to find out he's running a crypto scam. Read more in my article on the Hot for Security blog.
- Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to youby Graham Cluley
A Canadian man lost a $100,000 cryptocurrency fortune - all because he did a careless Google search. Read more in my article on the Hot for […]
- Smashing Security podcast #399: Honey in hot water, and reset your devicesby Graham Cluley
Ever wonder how those "free" browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the […]
- Space Bears ransomware: what you need to knowby Graham Cluley
The Space Bears ransomware gang stands out from the crowd by presenting itself better than many legitimate companies, with corporate stock images and […]
- United Nations aviation agency hacked, recruitment database plunderedby Graham Cluley
The ICAO, the UN aviation agency tasked with keeping our skies safe, just got hacked... again. This time, a hacker is offering to sell the […]
- The AI Fix #32: Agentic AI, killer robot fridges, and the robosexual revolutionby Graham Cluley
In episode 32 of The AI Fix, our hosts learn the meaning of "poronkusema", Mark discovers his dream job, a school tries using AI instead of teachers, […]
- Fireside chat with Graham Cluley about risks of AI adoption in 2025by Graham Cluley
Join me, and the experts from Rubrik, on Weds January 15 2025, where we’ll be having a fireside chat with Dark Reading all about the known and […]
Infosecurity Magazine
- Chinese PlugX Malware Deleted in Global Law Enforcement Operation
The FBI deleted Chinese PlugX malware from thousands of devices in the US, using a technique developed by French cybersecurity firm Sekoia.io
- Multi-Cloud Adoption Surges Amid Rising Security Concerns
A new report from Fortinet reveals increased adoption of multi-cloud strategies and hybrid implementations combining on-premises and public cloud […]
- Illicit Crypto-Inflows Set to Top $51bn in a Year
Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024
- Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls
The security provider published mitigation measures to prevent exploitation
- Secureworks Exposes North Korean Links to Fraudulent Crowdfunding
Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group […]
- Microsoft Patches Eight Zero-Days to Start the Year
Patch Tuesday saw Microsoft fix eight zero-days, three of which are being actively exploited
- New AI Rule Aims to Prevent Misuse of US Technology
A new Interim Final Rule on Artificial Intelligence Diffusion issued in the US strengthens security, streamlines chip sales and prevents misuse of AI […]
- Browser-Based Cyber-Threats Surge as Email Malware Declines
Browser-based cyber-threats surged in 2024, with credential abuse and infostealers on the rise
Dark Reading News
- Extension Poisoning Campaign Highlights Gaps in Browser Securityby Elizabeth Montalbano, Contributing Writer
Evidence suggests that some of the payloads and extensions may date as far back as April 2023.
- North Korea's Lazarus APT Evolves Developer-Recruitment Attacksby Elizabeth Montalbano, Contributing Writer
"Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates […]
- OWASP's New LLM Top 10 Shows Emerging AI Threatsby Matias Madou
Ultimately, there is no replacement for an intuitive, security-focused developer working with the critical thinking required to drive down the risk […]
- As Tensions Mount With China, Taiwan Sees Surge in Cyberattacksby Robert Lemos, Contributing Writer
In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and […]
- Microsoft Rings in 2025 With Record Security Updateby Jai Vijayan, Contributing Writer
Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
- 1Password's Trelica Buy Part of Broader Shadow IT Playby Jeffrey Schwartz
The acquisition accelerates 1Password's ongoing efforts to expand the role of the password manager with secure SaaS management.
- Apple Bug Allows Root Protections Bypass Without Physical Accessby Becky Bracken, Senior Editor, Dark Reading
Emergent macOS vulnerability lets adversaries circumvent Apple's System Integrity Protection (SIP) by loading third-party kernels.
- FBI Wraps Up Eradication Effort of Chinese 'PlugX' Malwareby Kristina Beek, Associate Editor, Dark Reading
Two hacker groups were paid to develop malware targeting victims in the US, Europe, and Asia, as well as various Chinese dissident groups.