REvil member allegedly behind Kaseya attack extradited to US
In October last year, it was reported that REvil accounted for a significant portion of Q2 2021 ransomware attacks, with government entities the biggest targets. Its best-known victim was Kaseya's VSA cloud-based system management platform—used for.....»»
Cybercriminals exploit file sharing services to advance phishing attacks
Threat actors use popular file-hosting or e-signature solutions as a disguise to manipulate their targets into revealing private information or downloading malware, according to Abnormal Security. A file-sharing phishing attack is a unique type of ph.....»»
Understanding of early life ecosystems sheds light on evolution of life on Earth
With a new understanding of past life on the planet through fossils, a Mississippi State biological sciences faculty member is helping researchers better predict Earth's future......»»
Group-IB partners with SecurityHQ to enhance SOC capabilities
Group-IB announced the signing of a global partnership agreement with SecurityHQ, a global independent Managed Security Service Provider (MSSP). With this partnership, SecurityHQ will leverage Group-IB’s Threat Intelligence, Attack Surface Mana.....»»
Banshee Stealer malware haunts browser extensions on macOS
Security researchers have discovered a new malware for macOS, which can be used to attack over 100 browser extensions that may be installed on the target Mac.Web browser extensions are the target of Banshee Stealer on macOSApple tries hard to make ma.....»»
How NoCode and LowCode free up resources for cybersecurity
In this Help Net Security video, Frederic Najman, Executive Member of the SFPN (French Union of NoCode Professionals), discusses how NoCode and LowCode technologies enable companies to free up development resources to tackle cybersecurity issues. In.....»»
DDoS attack volume rises, peak power reaches 1.7 Tbps
The total number of DDoS attacks during H1 2024 amounted to 830,000, an increase of 46% when compared to H1 2023, according to Gcore. Peak attack power rose from 1.6 terabits per second (Tbps) in H2 2023 to 1.7 Tbps. DDoS attacks hit Gaming, tech, fi.....»»
Texas sues GM for allegedly violating drivers" privacy
Texas Attorney General Ken Paxton said Tuesday's lawsuit arose from a probe announced in June into whether several automakers collected and sold mass amounts of data without drivers' knowledge......»»
Microsoft fixes 6 zero-days under active attack
August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memor.....»»
Australian gold mining company hit with ransomware
Australian gold mining firm Evolution Mining has announced on Monday that it became aware on 8 August 2024 of a ransomware attack impacting its IT systems, and has been working with its external cyber forensic experts to investigate the incident. .....»»
Browser backdoors: Securing the new frontline of shadow IT
Browser extensions are a prime target for cybercriminals. And this isn’t just a consumer problem – it’s a new frontier in enterprises’ battle against shadow IT. Ultimately, more extension permissions result in potentially bigger attack su.....»»
One of the worst data breaches in history just got even worse
One of the worst data breaches in history gets even worse with the intervention of another hacker that makes the information allegedly more accessible......»»
A major Sonos exploit was explained at Black Hat — but you needn’t worry
Researchers from NCC Group showed how a Sonos One could fall victim to an attack that would let someone listen in on the microphones......»»
Are Taylor Swift concerts still safe after terrorist threat? Experts explain why stadiums can be "soft targets"
Authorities in Austria say they've subverted a planned terrorist attack targeting several of Taylor Swift's Eras Tour concerts in Vienna, shows that would have drawn as many as 200,000 concertgoers to three stadiums......»»
NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise?
The Network and Information Security (NIS) 2 Directive is possibly one of the most significant pieces of cybersecurity regulation to ever hit Europe. The 27 EU Member States have until 17 October 2024 to adopt and publish the standards necessary to c.....»»
New infosec products of the week: August 9, 2024
Here’s a look at the most interesting products from the past week, featuring releases from: Rapid7, AppOmni, Contrast Security, Elastic, Cequence Security, Veza, ArmorCode, and EndorLabs. Rapid7 releases Command Platform, unified attack defense and.....»»
A critical security issue in 1Password for Mac left credentials vulnerable to attack
1Password has disclosed a now patched critical security flaw in its software that could give attackers access to users' unlock keys and credentials. Here's what to do to keep your data safe.1Password has disclosed a critical security flaw present in.....»»
In world first, Russian chess player poisons rival’s board with mercury
At least it wasn't novichok. Enlarge / Amina Abakarova allegedly spreading mercury on her rival's chess board. Russia is no stranger to unique poisonings. State agents have been known to use everything from polonium-lac.....»»
Paramedic accused of poisoning daughter, 11, with eyedrops years after allegedly killing wife with same substance
Paramedic accused of poisoning daughter, 11, with eyedrops years after allegedly killing wife with same substance.....»»
Prompt injection attack on Apple Intelligence reveals a flaw, but is easy to fix
A prompt injection attack on Apple Intelligence reveals that it is fairly well protected from misuse, but the current beta version does have one security flaw which can be exploited. However, the issue would be very easy for the company to fix, so.....»»
“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days
A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of Sa.....»»