Category: CySecurity News – Latest Information Security and Hacking Incidents

Understanding and Combating Insider Threats in the Digital Age

Insider threats have emerged as a particularly insidious and costly problem. Organizations are experiencing a significant surge in cyberattacks originating from insider threats, with remediation costs soaring up to $2 million per incident. Gurucul’s research, which involved a survey of…

Healthcare Cybersecurity: Taking a Proactive Route

  Cyberattacks in healthcare are growing more common and can disrupt an organization’s operations. Healthcare organisations handle a lot of sensitive data, including financial information, patient health records, and identifying data, making them prime targets for cybercriminals.  This vulnerability is…

Google’s Latest Theft Protection for Android Devices

  Google is introducing new high-level theft protection features for Android 10 and above devices across Google Play services. The new technologies were announced at the I/O 2024 event, with the main idea being to protect users’ data and make…

DoT Introduces New System to Block Spoofed Calls

  There has been an increase in fraudulent telephone calls disguised as local numbers in recent years which has alarmed Indian citizens. Messages sent by cybercriminals operating internationally originate from Calling Line Identity (CLI) systems that allow them to mask…

MC2 Data Breach Exposes Millions: Stay Protected

  Cybernews reported on September 23 that background check company MC2 Data suffered a major data breach, exposing 2.2 terabytes of sensitive information. This breach potentially affects about 100 million Americans, raising serious concerns among cybersecurity experts about the risks…

Cryptomining and Proxyjacking: The Rise of Perfctl Malware

A new and highly sophisticated malware strain has emerged, posing a significant threat to millions of Linux servers worldwide. Dubbed “perfctl,” this fileless malware employs advanced evasion techniques and exploits a staggering 20,000 misconfigurations in Linux servers.  Its primary targets…

Inside the Dark Web: How Andariel Targets U.S. Organizations

The Andariel hacking group, a notorious entity linked to North Korea, has recently shifted its focus towards financially motivated attacks on U.S. organizations. This pivot, observed in August 2024, marks a significant change in the group’s operational strategy, raising concerns…

Phantom Domains: The New Threat to Enterprise Cybersecurity

  A recent study presented at the 2024 Web Conference has identified a rising cybersecurity risk known as “phantom domains.” These phantom domains result from unregistered or placeholder dot-com links that hackers can hijack, turning them into dangerous attack vectors. …

PyPI Hosts Malicious Tools Targeting Crypto Wallets

  During an investigation conducted recently, it was discovered that several malicious packages masquerading as services for recovering cryptocurrency wallets were found in the Python Package Index repository, revealing that they were spying on sensitive personal information and helping to…

Beware of These Email Warning Signs to Stay Safe Online

Email, the backbone of communications in today’s age, also serves as a common vector for cyberattacks, particularly phishing scams. Phishing emails are designed to trick recipients into revealing sensitive information or downloading malicious software. To protect yourself, it’s crucial to…

Cybersecurity Attacks Rise in Hong Kong, Scammers Steal Money

Hong Kong has experienced a rise in cybersecurity threats, scammers are targeting individuals and businesses. A recent survey highlighted by the South China Morning Post (SCMP) reveals that nearly two-thirds of victims have suffered financial losses or wasted valuable time…

The Rise of VPNs: A Tool for Privacy or a False Promise

  Today, Virtual Private Networks (VPNs) have become omnipresent. Millions around the world use VPNs, and they are often promoted by influencers as essential tools for privacy. Their rise in popularity stems from the idea that they offer online privacy…

Microsoft Warns of Storm-0501 Ransomware Attacks on U.S. Cloud Systems

  Microsoft has uncovered a multi-stage cyberattack by the financially motivated group Storm-0501, targeting sectors in the U.S., including government, manufacturing, transportation, and law enforcement.  The attackers compromised hybrid cloud environments, stealing credentials, tampering with data, and deploying ransomware. Storm-0501,…

UK and US Warn of Rising Iranian Spear Phishing Threat

  The UK’s National Cyber Security Centre (NCSC) collaborated with government agencies across the Atlantic to issue a new alert regarding Iranian cyber-threats last week.  The security advice, issued in collaboration with the FBI, US Cyber Command – Cyber National…

DCRat Malware Propagates via HTML Smuggling

  Russian-speaking customers have been targeted in a new campaign aimed at distributing a commodity trojan known as DCRat (aka DarkCrystal RAT) using HTML smuggling.  This is the first time the malware has been propagated via this technique, which differs…

Ransomware Gangs Targeting CEOs with Stolen Data

Ransomware gangs are now employing a terrifying tactic—using stolen data to coerce and threaten CEOs.  Understanding Ransomware Attacks Ransomware is a type of malicious software that encrypts the victim’s data, rendering it inaccessible until a ransom is paid. Over the…

Embargo Ransomware Shifts Focus to Cloud Platforms

  In a recent security advisory, Microsoft advised that the ransomware threat actor Storm-0501 has recently switched tactics, targeting hybrid cloud environments now to compromise the entire system of victimization. It is becoming increasingly apparent that cybercriminals are finding out…

Why SMBs Have Become Easy Prey for Cyber Criminals

  The global phenomenon of cybercrime is emerging. And the soft targets in this regard are the small and medium-sized business enterprises. Day after day, while a few cyberattacks on big corporations capture the headlines in the news, many SMBs…

Growing Focus on Data Privacy Among GenAI Professionals in 2024

  Recent reports published by Deloitte and Deloitte Consulting, highlighting the significance of data privacy as it pertains to Generative Artificial Intelligence (GenAI), have been widely cited. As the survey found, there has been a significant increase in professionals’ concerns…

Homeland Security Alerts on Increasing Risks for Schools

  Educators and other school professionals are playing an increasingly crucial role in providing a safe environment in which students can learn in an era where children are being targeted by increasing physical and online attacks, according to US Homeland…

Mozilla Privacy: Tracking Users Without Consent

The organization behind the privacy-centric Firefox browser, has come under fire for allegedly tracking users without their consent. This controversy centers around a feature called Privacy Preserving Attribution (PPA), which has sparked a heated debate about privacy, consent, and the…

Ethics and Tech: Data Privacy Concerns Around Generative AI

The tech industry is embracing Generative AI, but the conversation around data privacy has become increasingly important. The recent “State of Ethics and Trust in Technology” report by Deloitte highlights the pressing ethical considerations that accompany the rapid adoption of…

Microsoft Tightens Cloud Security After Major Breaches

  In its efforts to better its cloud security, Microsoft has done much to remove any potential vulnerabilities and tightened the process of authenticating individuals. This comes after the tech giant saw several security breaches within the past year. Under…

AI-Generated Malware Discovered in the Wild

  Researchers found malicious code that they suspect was developed with the aid of generative artificial intelligence services to deploy the AsyncRAT malware in an email campaign that was directed towards French users.  While threat actors have employed generative AI…

MoneyGram Faces Service Disruption Amid Cybersecurity Threat

  A cyberattack that began on September 20 impacted MoneyGram International Inc.’s services significantly, likely due to a ransomware attack, causing significant disruptions to its services. There were reports of outages affecting company networks, and by September 23, the company…

Here’s Why UltraAV Replaced Kaspersky Antivirus Software

  Late last week, cybersecurity firm Kaspersky began deleting its anti-malware software from PCs in the United States. As a replacement, the company downloaded antivirus software from UltraAV.  If you use Kaspersky antivirus software, you may be aware that the…

Doxing: Is Your Personal Information at Risk?

  Doxing is the online slang for “dropping documents,” which means revealing private information about a person or his identity to the public without his permission. It may be as simple as a person’s name, e-mail, or phone number, but…

Why Hackers Are Collecting Encrypted Data for Future Attacks

  The cybercrime world is ever-changing, and hackers are preparing for a future quantum computer that might make current encryption techniques useless. This is called “harvest now, decrypt later,” a rising phenomenon since cybercriminals steal encrypted data with hope for…

Microsoft Issues New Warnings For Windows Users

  As we approach the weekend, a new warning has been issued that a “global attack” is now targeting Windows users in multiple nations worldwide. The campaign is surprisingly basic, but it highlights the risk for the hundreds of millions…

IntelBroker Leak Claims Involve Deloitte Communications

  An anonymous threat actor named IntelBroker claimed to be responsible for the leak of internal messaging from Deloitte, one of the world’s leading auditing firms. According to reports, the breach occurred in September 2024 when an Apache Solr server…

Specops Unearths Millions of Compromised VPN Passwords

  The moment a password is discovered, a virtual private network (VPN) becomes public quickly. In a report published last week, password management provider Specops Software revealed 2,151,523 VPN credentials exposed by malware over the past year. One professional at…

Malvertising and Cybercrime in Online Advertising

  When it comes to cyber threats, judging the threat by its name can be an imaginary endeavour. As the term “malvertising”, a portmanteau of the term “malicious advertising”, is always presented with the implication that it overlaps with ads,…

Nearly Half of Security Experts Believe AI is Risky

  AI is viewed by 48% of security experts as a major security threat to their organisation, according to a new HackerOne security research platform survey of 500 security professionals.  Their main worries about AI include the following:  Leaked training…

AI Development Needs Global Oversight, UN Experts State

  In a time of increasing popularity for artificial intelligence (AI), the United Nations has warned that market forces should not be the sole determining factor as the technology becomes more widely used. United Nations experts called for creating tools…