Data Security News
The Hacker News
- Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Schemeby [email protected] (The Hacker News)
Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in […]
- Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemesby [email protected] (The Hacker News)
Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. […]
- 5 BCDR Oversights That Leave You Exposed to Ransomwareby [email protected] (The Hacker News)
Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware […]
- TikTok Pixel Privacy Nightmare: A New Case Studyby [email protected] (The Hacker News)
Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, […]
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuseby [email protected] (The Hacker News)
Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. […]
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emailsby [email protected] (The Hacker News)
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber […]
- Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israelby [email protected] (The Hacker News)
A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively […]
- Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victimsby [email protected] (The Hacker News)
Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. […]
Graham Cluley Blog
- ShrinkLocker ransomware: what you need to knowby Graham Cluley
ShrinkLocker is a family of ransomware that encrypts an organisation's data and demands a ransom payment in order to restore access to their files. […]
- IT specialist Jack Teixeira jailed for 15 years after leaking classified military documents on Discordby Graham Cluley
Jack Teixeira, the 22-year-old former Air National Guardsman who leaked hundreds of classified documents online, has been sentenced to 15 years in […]
- Smashing Security podcast #393: Who needs a laptop to hack when you have a Firestick?by Graham Cluley
Arion Kurtaj, a teenager from the UK, amassed a fortune through audacious cybercrimes. From stealing Grand Theft Auto 6 secrets to erasing Brazil's […]
- The AI Fix #24: Where are the alien AIs, and are we being softened up for superintelligence?by Graham Cluley
In episode 24 of The AI Fix, Mark makes an unforgivable error about the Terminator franchise, our hosts wonder if a "seductive" government chatbot […]
- Winter Fuel Payment scam targets UK citizens via SMSby Graham Cluley
Scammers have leapt at the opportunity to exploit vulnerable UK residents by sending bogus messages telling them they need to take action to receive […]
- 200,000 SelectBlinds customers have their card details skimmed in malware attackby Graham Cluley
SelectBlinds, a popular online retailer of blinds and shades, has disclosed a security breach that has impacted 206,238 of its customers. Hackers […]
- Smashing Security podcast #392: Pasta spies and private eyes, and are you applying for a ghost job?by Graham Cluley
Mamma Mia! A major hacking scandal in Italy has expanded to include alleged involvement from Israel and the Vatican, and just why are companies […]
- The AI Fix #23: Murder most weird, and why 9.11 is bigger than 9.9by Graham Cluley
In episode 23 of The AI Fix, an AI finds a new way to make life difficult for women in STEM, Graham reveals his brilliant idea for treating any […]
Infosecurity Magazine
- Sitting Ducks DNS Attacks Put Global Domains at Risk
Over 1 million domains are vulnerable to “Sitting Ducks” attack, which exploits DNS misconfigurations
- Microsoft Power Pages Misconfiguration Leads to Data Exposure
Misconfigurations in Microsoft Power Pages granting excessive access permissions expose sensitive data, risking PII to unauthorized users
- Massive Telecom Hack Exposes US Officials to Chinese Espionage
The FBI and CISA have confirmed that US officials’ private communications have been compromised
- API Security in Peril as 83% of Firms Suffer Incidents
Over 80% of UK organizations suffered an API security incident in the past year, with each costing over £400,000
- Bank of England U-turns on Vulnerability Disclosure Rules
The UK’s financial regulators have discarded plans to force critical suppliers to disclose new vulnerabilities
- Hive0145 Targets Europe with Advanced Strela Stealer Campaigns
Hive0145 is targeting Spain, Germany, Ukraine with Strela Stealer malware in invoice phishing tactic
- AI Threat to Escalate in 2025, Google Cloud Warns
2025 could see our biggest AI fears materialize, according to a Google Cloud forecast report
- Lazarus Group Uses Extended Attributes for Code Smuggling in macOS
Lazarus APT has been found smuggling malware onto macOS devices using custom extended attributes, evading detection
Dark Reading News
- Idaho Man Gets 10 Years for Hacking, Cyber Extortionby Dark Reading Staff
In addition to his prison sentence, he will have to pay more than $1 million in restitution to his victims.
- The Vendor's Role in Combating Alert Fatigueby Supradeep Bokkasam
As alerts pile up, the complexity can overwhelm security professionals, allowing real threats to be missed. This is where vendors must step up.
- Cloud Ransomware Flexes Fresh Scripts Against Web Appsby Becky Bracken, Senior Editor, Dark Reading
Cloud service providers are getting better at protecting data, pushing adversaries to develop new cloud ransomware scripts to target PHP […]
- Washington's Cybersecurity Storm of Complacencyby Jeffrey Wells
If the government truly wants to protect the US's most vital assets, it must rethink its cybersecurity policies and prioritize proactive, […]
- Microsoft Power Pages Leak Millions of Private Recordsby Nate Nelson, Contributing Writer
Less-experienced users of Microsoft's website building platform may not understand all the implications of the access controls in its low- or no-code […]
- Hamas Hackers Spy on Mideast Gov'ts, Disrupt Israelby Nate Nelson, Contributing Writer
APT Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending on the target.
- OpenText Cybersecurity Unveils 2024's Nastiest Malware
- Toolkit Vastly Expands APT41's Surveillance Powersby Jai Vijayan, Contributing Writer
The China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia.
