Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 18, 2024, the City of Columbus, Ohio, suffered a cyber attack that impacted the City’s services. The city added that the attack was successfully thwarted, and no systems were encrypted.

Ransomware 117

Ransomware Identity Theft Data breaches Cyber threats 117

Malwarebytes

NOVEMBER 6, 2024

If your Android phone shows patch level 2024-11-05 or later then the issues discussed below have been fixed. The CVEs that look the most important are: CVE-2024-43047 : a high-severity use-after-free issue in closed-source Qualcomm components within the Android kernel that elevates privileges.

Encryption 137

Encryption Mobile Technology Software 137

Security Affairs

NOVEMBER 18, 2024

On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024. The experts believe that the attackers also copied some of those files.

Ransomware 127

Ransomware Insurance Encryption Healthcare 127

Security Affairs

JANUARY 3, 2025

Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. ShadowServer researchers reported that around 3.3 We see around 3.3M It's time to retire those! ” reported ShadowServer.

Encryption 74

Encryption Passwords Internet Internet 74

Thales Cloud Protection & Licensing

OCTOBER 24, 2024

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024 madhav Fri, 10/25/2024 - 06:09 The next major deadline for compliance with the updated cybersecurity rules from the New York State Department of Financial Services (NYDFS) is November 1, 2024.

Financial Services 62

Financial Services Cybersecurity CISO Backups 62

Security Affairs

OCTOBER 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) ” On September 24, 2024, cloud hosting provider Rackspace reported an issue with its ScienceLogic EM7 monitoring tool. CISA orders federal agencies to fix this vulnerability by November 11, 2024.

Encryption 125

Encryption Hacking Accountability Cybersecurity 125

Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. ShrinkLocker ransomware was first discovered in May 2024 by researchers from Kaspersky. Then, it re-encrypts the system using a randomly generated password.

Ransomware 125

Ransomware Encryption Passwords Backups 125

Tech Republic Security

FEBRUARY 7, 2025

As reported by The Washington Post, Apple received notice of a possible request in March 2024, but the official ask occurred in January 2025.

Encryption 193

Encryption Government Surveillance Cybersecurity 193

The Last Watchdog

AUGUST 12, 2024

LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. After strolling the exhibits floor at Black Hat USA 2024 and speaking with the solution providers, I jotted down two categories of cybersecurity advancements: ‘coding level’ and ‘operational level.’

Software 290

Software Technology Mobile Cybersecurity 290

Responsible Cyber

NOVEMBER 23, 2024

Overview of Vendor Breaches in 2024 In 2024, the cybersecurity landscape has faced an alarming rise in vendor-related breaches, underscoring the vulnerabilities associated with third-party service providers. A common characteristic among the vendor breaches reported in 2024 is the exploitation of weak security protocols.

Risk 81

Risk Healthcare Education Cybersecurity 81

Security Affairs

OCTOBER 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft SharePoint Deserialization Vulnerability CVE-2024-38094 (CVSS v4 score: 7.2) CISA orders federal agencies to fix this vulnerability by November 12, 2024. to its Known Exploited Vulnerabilities (KEV) catalog. ” reads the advisory published by Microsoft.

Encryption 124

Encryption Authentication Cybersecurity Accountability 124

Security Affairs

FEBRUARY 4, 2025

Researchers from Google disclosed an improper signature verification vulnerability, tracked asCVE-2024-56161 (CVSS score of 7.2), in AMD’s Secure Encrypted Virtualization (SEV). The vulnerability was reported by Google researchers Josh Eads, Kristoffer Janke, Eduardo, Vela, Tavis Ormandy, and Matteo Rizzo in September 2024.

Encryption 100

Encryption Firmware Hacking Information Security 100

The Last Watchdog

OCTOBER 23, 2024

22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. According to the Verizon 2024 Data Breach Investigations Report , 68% of cybersecurity breaches are caused by human error. Cary, NC, Oct. INE Security emphasizes the importance of regular training forall employees.

Small Business 162

Small Business Data breaches Backups Passwords 162

Security Affairs

OCTOBER 20, 2024

Expanding the Investigation: Deep Dive into Latest TrickMo Samples HijackLoader evolution: abusing genuine signing certificates FASTCash for Linux Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware Technical Analysis of DarkVision RAT Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service (..)

Malware 126

Malware Ransomware Encryption Phishing 126

Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. During the attack in late 2024, the attacker deployed a distinct toolset that had previously been used by a China-linked actor in classic espionage attacks.” ” reads the report published by Broadcom. .

Ransomware 121

Ransomware Software Cybercrime Encryption 121

Thales Cloud Protection & Licensing

JANUARY 21, 2025

Three Keys to Modernizing Data Security: DSPM, AI, and Encryption andrew.gertz@t Tue, 01/21/2025 - 14:56 Discover how DSPM, AI, and encryption are transforming data security strategies, reducing vulnerabilities, and improving compliance. A DSPM moves the needle with integrated capabilities and comprehensive encryption.

Encryption 62

Encryption Unstructured Data Cyber threats Data privacy 62

Security Affairs

DECEMBER 3, 2024

The threat actors had access to the company’s information technology systems and encrypted some of its data files. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. . “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident.

Ransomware 122

Ransomware Encryption Technology Cybersecurity 122

Thales Cloud Protection & Licensing

OCTOBER 14, 2024

2024 Thales Global Data Threat Report: Trends in Financial Services madhav Tue, 10/15/2024 - 05:17 Financial services (FinServ) firms are key players in the global economy. The report also noted that the percentage of businesses experiencing breaches in the last year has dropped significantly, from 29% in 2021 to 14% in 2024.

Financial Services 62

Financial Services Threat Reports Authentication Banking 62

The Hacker News

JANUARY 9, 2025

Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple's XProtect," Check Point Research said in a new analysis shared with The Hacker News. This development allows it to

Encryption 132

Encryption Antivirus Malware Cybersecurity 132

Security Affairs

MARCH 10, 2025

In May 2024, Microsoft observed the North Korea-linked group “Moonstone Sleet” (Previously tracked as Storm-1789) using known and novel techniques like fake companies, trojanized tools, a malicious game, and custom ransomware for financial gain and espionage. ” Microsoft wrote on X.

Ransomware 120

Ransomware VPN Healthcare Malware 120

Thales Cloud Protection & Licensing

OCTOBER 11, 2024

divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. Passwordless Authentication without Secrets! To learn more about how Thales OneWelcome and Badge, Inc.

Authentication 132

Authentication Retail Healthcare Manufacturing 132

Security Affairs

OCTOBER 20, 2024

CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical infrastructure organizations macOS HM Surf flaw in TCC allows bypass Safari privacy settings Two Sudanese (..)

Data breaches 120

Data breaches Cybercrime Cyber Insurance Marketing 120

Security Affairs

NOVEMBER 26, 2024

In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. The ZIP file is then XOR encrypted, base64 encoded, and sent via a POST request to a specified URL using the built-in cURL command. The code is now available on GitHub.

Malware 144

Malware Cryptocurrency Encryption Passwords 144

Security Affairs

FEBRUARY 20, 2025

NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features. locked extension to the filenames of encrypted files.

Healthcare 88

Healthcare Ransomware VPN Malware 88

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November.

Malware 123

Malware Advertising Antivirus Cybercrime 123

Tech Republic Security

FEBRUARY 26, 2025

Ransomware groups now steal, encrypt, and threaten to leak company data on the dark web, forcing victims to pay or risk exposing sensitive information.

Ransomware 203

Ransomware Encryption Risk Artificial Intelligence 203

Security Affairs

APRIL 13, 2025

Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. healthcare providers surged in 2024, with 98 attacks compromising 117 million records.

Data breaches 130

Data breaches Unstructured Data Identity Theft Healthcare 130

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. The researchers observed threat actors exploiting CVE-2024-36401 in attacks aimed at IT service providers in India, technology companies in the U.S., ” concludes the report.

Malware 137

Malware Telecommunications Encryption DDOS 137

Security Affairs

NOVEMBER 17, 2024

CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices China-linked threat actors compromised multiple telecos and spied on a limited number of U.S.

Cryptocurrency 113

Cryptocurrency Malware Hacking Ransomware 113

Centraleyes

DECEMBER 16, 2024

In 2024, human-centric security strategies will become increasingly important. Talent Shortage The cybersecurity talent shortage shows no signs of abating in 2024. Ransomware Still Reigns Supreme Ransomware attacks continue to plague organizations globally, and 2024 will be no different.

Cybersecurity 98

Cybersecurity Insurance Cyber Insurance Technology 98

Security Affairs

JULY 29, 2024

Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) in VMware ESXi flaw. ” warned Microsoft. .

Ransomware 137

Ransomware Engineering Encryption Authentication 137

Troy Hunt

NOVEMBER 13, 2024

Additionally, the threat actor with… pic.twitter.com/tqsyb8plPG — HackManac (@H4ckManac) February 28, 2024 When Jason found his email address and other info in this corpus, he had the same question so many others do when their data turns up in a place they've never heard of before - how?

Data breaches 327

Data breaches Passwords B2B Technology 327

Security Affairs

NOVEMBER 19, 2024

Ptitsyn reportedly sold the ransomware on darknet forums under aliases like “derxan” and “zimmermanx,” enabling other criminals to encrypt data and demand ransom. Affiliates paid fees to administrators like Ptitsyn for decryption keys, with payments routed via unique cryptocurrency wallets from 2021–2024.

Cybercrime 117

Cybercrime Ransomware Healthcare Education 117

Security Affairs

APRIL 5, 2025

Port of Seattle is notifying 90,000 people of a data breach after personal data was stolen in a ransomware attack in August 2024. In August 2024, a cyber attack hit the Port of Seattle , which also operates the Seattle-Tacoma International Airport. The attack impacted websites and phone systems. — Seattle-Tacoma Intl.

Data breaches 98

Data breaches Ransomware Cyber Attacks Manufacturing 98

SecureBlitz

MAY 13, 2025

Here, I will show you the top dangerous VPN providers and the top red flags to identify and avoid dangerous VPN providers in 2024. VPNs encrypt your internet traffic, masking your online activity and location from prying […] The post Top 11 Dangerous VPN Providers to Avoid in 2025 appeared first on SecureBlitz Cybersecurity.

VPN 72

VPN Internet Internet Encryption 72

Security Affairs

APRIL 17, 2025

In February 2024, Trend Micro researchers observed the group targeting Asian countries, including Taiwan, Vietnam, and Malaysia. Rolling XOR Key: Utilized for encrypting communications with the command-and-control (C2) server, with key sizes varying among variants. ” concludes the report.

Encryption 117

Encryption Government Malware Hacking 117

Security Affairs

MARCH 10, 2025

Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. healthcare providers surged in 2024, with 98 attacks compromising 117 million records. Victims include AMD and Keralty. They shame non-payers by leaking data. Backups are insufficient; IPS is recommended for protection.

Hacking 118

Hacking Healthcare Backups Ransomware 118