0 Comments
Europe’s cybersecurity agency has warned that geopolitics is fueling a current increase in denial-of-service (DoS) attacks. ENISA analyzed 310 publicly reported DoS attacks between January 2022 and August 2023, to compile its ENISA Threat Landscape for DoS Attacks report. It claimed that two-thirds (66%) were motivated by political reasons or activist agendas, with half (50%)
0 Comments
Magnetic stripe cards were all the rage 20 or so years ago, but their security was fragile, and the requirement for signatures often added to the hassle of transactions – not to mention, they lacked data encryption, making them vulnerable to skimming and cloning by criminals.  Chip-based cards emerged as a successor, offering enhanced security
0 Comments
Dec 09, 2023NewsroomMalware / Cyberattack Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. “While GuLoader’s core functionality hasn’t changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process,” Elastic
0 Comments
The UK’s privacy regulator has warned of falling public trust in AI and said any use of the technology which breaks data protection law would be met with strong enforcement action. Speaking at techUK’s Digital Ethics Summit 2023 on Wednesday, information commissioner, John Edwards, pointed to organizations using AI for “nefarious purposes” in order to
0 Comments
Legal experts have warned that a “landmark” ruling by the European Court of Justice (ECJ) could have major financial ramifications for organizations that breach the GDPR. The judgement handed down yesterday involved German property company Deutsche Wohnen. The firm was originally hit with a €14.5m ($15.7m) fine by the Berlin Data Protection Commissioner back in
0 Comments
Since the beginning of 2023, ESET researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds. Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all
0 Comments
Dec 06, 2023NewsroomSoftware Security / Vulnerability Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below – CVE-2022-1471 (CVSS score: 9.8) – Deserialization vulnerability in SnakeYAML library that can lead to remote code execution in multiple
0 Comments
A prolific Russian state-sponsored APT group is actively exploiting a known vulnerability in Outlook to access email accounts in Exchange servers, Microsoft has warned. APT28 (aka Forest Blizzard, Strontium, Fancy Bear) is known to target government, energy, transportation and non-governmental organizations in the US, Europe and the Middle East, Microsoft Threat Intelligence claimed on X
0 Comments
Dec 05, 2023NewsroomSoftware Security / Supply Chain New research has found that over 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking. “More than 9,000 repositories are vulnerable to repojacking due to GitHub username changes,” Jacob Baines, chief technology officer at VulnCheck, said in a report shared with The Hacker News.
0 Comments
Staples is still suffering disruption after being hit by a cyber-attack late last week, the retailer has revealed. The office supplies giant apologized to customers for any inconvenience, in an updated service message on its main website. “We continue to experience disruption of our communications and our customer service lines. All other aspects of our
0 Comments
Dec 04, 2023NewsroomTechnology / Firmware Security The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, “can be used by threat actors to deliver a malicious payload
0 Comments
Apple has been forced to patch yet another pair of zero-day vulnerabilities, bringing the total for the year to 20. The tech giant said that the two bugs in its WebKit browser engine were being actively exploited in the wild. The first vulnerability, CVE-2023-42916, is found in a range of Apple products: iPhone XS and
0 Comments
The UK’s security agency has urged the nation’s water sector to apply best practice security measures after a US operator was breached via its industrial control systems. The US Cybersecurity and Infrastructure Security Agency (CISA) revealed earlier this week that an unnamed facility had been taken offline and switched to manual operation after its Unitronics
0 Comments
Digital Security The technology is both widely available and well developed, hence it’s also poised to proliferate – especially in the hands of those wishing ill Cameron Camp 29 Nov 2023  •  , 2 min. read Who would be to blame if your plane got tricked into flying into a war zone? If GPS gets
0 Comments
Dec 01, 2023NewsroomCyber Espionage / Cryptocurrency The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Thursday sanctioned the North Korea-linked adversarial collective known as Kimsuky as well as eight foreign-based agents who are alleged to have facilitated sanctions evasion. The agents, the Treasury said, helped in “revenue generation and missile-related technology
0 Comments
Nov 30, 2023NewsroomHacking / Cryptocurrency The U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. “Sinbad has processed millions of dollars’ worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie
0 Comments
Security experts have urged ownCloud customers to mitigate a critical zero-day vulnerability in its “graphapi” app announced last week, after observing mass exploitation by threat actors. Security vendor GreyNoise raised the alarm after file server and collaboration platform ownCloud revealed the CVSS 10.0-rated vulnerability on November 21. “The ‘graphapi’ app relies on a third-party library
0 Comments
Nov 29, 2023NewsroomCyber Attack / Data Breach Identity services provider Okta has disclosed that it detected “additional threat actor activity” in connection with the October 2023 breach of its support case management system. “The threat actor downloaded the names and email addresses of all Okta customer support system users,” the company said in a statement