Data Security News
The Hacker News
- HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theftby [email protected] (The Hacker News)
Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and […]
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detectedby [email protected] (The Hacker News)
Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code […]
- Not Your Old ActiveState: Introducing our End-to-End OS Platformby [email protected] (The Hacker News)
Having been at ActiveState for nearly eight years, I’ve seen many iterations of our product. However, one thing has stayed true over the years: Our […]
- APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDPby [email protected] (The Hacker News)
The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging […]
- ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluationby [email protected] (The Hacker News)
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments […]
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Productsby [email protected] (The Hacker News)
BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could […]
- INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourseby [email protected] (The Hacker News)
INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance […]
- Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accountsby [email protected] (The Hacker News)
Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data […]
Graham Cluley Blog
- It’s time to stop calling it “pig butchering”by Graham Cluley
Online romance and investment scams are painful enough without its victims being described as "pigs." Read more in my article on the Hot for […]
- The AI Fix #29: AI on OnlyFans, and the bot that wants to be a billionaireby Graham Cluley
In episode 29 of The AI Fix, an AI company makes the bold step of urging us to "stop hiring humans", Graham is wrong about GB AI, parents prepare […]
- Rydox cybercrime marketplace seized by law enforcement, suspected admins arrestedby Graham Cluley
Rydox, an online marketplace used by cybercriminals to sell hacked personal information and tools to commit fraud, has been seized in an […]
- Doughnut orders disrupted! Krispy Kreme suffers hack attackby Graham Cluley
Krispy Kreme, the dispenser of delectable doughnuts, says that it suffered a cyber attack at the end of last month which saw its IT systems […]
- 27 DDoS-for-hire services disrupted in run-up to holiday seasonby Graham Cluley
Operation PowerOFF has disrupted what was anticipated to be a surge of distributed denial-of-service (DDoS) attacks over the Christmas period by […]
- Smashing Security podcast #397: Snowflake hackers, and under the influenceby Graham Cluley
A Canadian man is arrested in relation to the Snowflake hacks from earlier this year - after a cybersecurity researcher managed to track his […]
- “CP3O” pleads guilty to multi-million dollar cryptomining schemeby Graham Cluley
A man faces up to 20 years in prison after pleading guilty to charges related to an illegal cryptomining operation that stole millions of dollars […]
- 3AM ransomware: what you need to knowby Graham Cluley
The 3AM ransomware first emerged in late 2023. Like other ransomware, 3AM exfiltrates victims' data (demanding a ransom is paid) and encrypts the […]
Infosecurity Magazine
- US Government Issues Cloud Security Requirements for Federal Agencies
A CISA Directive sets out actions all US federal agencies must take to identify and secure cloud tenants in their environments
- Phishing Attacks Double in 2024
SlashNext reports a 202% increase in overall phishing messages and a 703% surge in credential-based phishing attacks in 2024
- New Attacks Exploit VSCode Extensions and npm Packages
Malicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains
- Attacker Distributes DarkGate Using MS Teams Vishing Technique
Trend Micro highlighted a case where an attacker posed as a client on an MS Teams call to distribute DarkGate malware
- Nigeria Cracks Down on Cryptocurrency Investment Fraud and Romance Scams
The suspects were apprehended in a surprise operation at their hideout in Lagos following intelligence received by Nigeria's Economic and Financial […]
- Meta Hit with Massive $263m GDPR Fine
The Irish Data Protection Commission has fined Meta $263m for a 2018 data breach impacting 29 million Facebook accounts
- European Commission Opens TikTok Election Integrity Probe
The European Commission is investigating whether TikTok allowed foreign actors to influence voters during recent Romanian elections
- Sophisticated TA397 Malware Targets Turkish Defense Sector
Sophisticated phishing attack targeting Turkey’s defense sector revealed TA397’s advanced tactics
Dark Reading News
- Interpol: Can We Drop the Term 'Pig Butchering'?by Becky Bracken, Senior Editor, Dark Reading
The agency asks the cybersecurity community to adopt "romance baiting" in place of dehumanizing language.
- Recorded Future: Russia's 'Undesirable' Designation Is a Complimentby Tara Seals, Managing Editor, News, Dark Reading
The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin's regime.
- Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaignby Elizabeth Montalbano, Contributing Writer
Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing […]
- Manufacturers Lose Azure Creds to HubSpot Phishing Attackby Nate Nelson, Contributing Writer
Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe.
- Wallarm Releases API Honeypot Report Highlighting API Attack Trends
- The Importance of Empowering CFOs Against Cyber Threatsby Shai Gabay
Working closely with CISOs, chief financial officers can become key players in protecting their organizations' critical assets and ensuring long-term […]
- Midnight Blizzard Taps Phishing Emails, Rogue RDP Netsby Jai Vijayan, Contributing Writer
The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block […]
- Wald.ai Launches Data Loss Protection for AI Platformsby Fahmida Y. Rashid
The cybersecurity startup's data loss protection platform uses contextual redaction to help organizations safely use private business information […]