SecureList

MAY 8, 2024

With an increase in attacks in 2023 and nearly 500 identified samples, it continues to evolve with frequent updates and an active affiliate program as of 2024. Operating through both clearnet and TOR servers, Mallox targets internet-facing MS SQL and PostgreSQL servers and spreads through malicious attachments.

Ransomware 114

Ransomware Encryption Small Business Cybersecurity 114

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage.

Internet 106

Internet Internet Accountability Passwords 106

SecureList

JANUARY 25, 2024

Australia has also unveiled a national strategy for digital identity resilience, aiming for mainstream use in 2024. However, the internet continues to split, with certain resources being banned in certain countries, so the tracker landscape will most likely change in the near future. This is no longer adequate in 2024.

Passwords 89

Passwords Authentication Insurance Technology 89

SecureList

MAY 7, 2024

Additionally, we take a close look at several noteworthy vulnerabilities discovered in Q1 2024. The number of newly registered CVEs, 2019 — 2024. The decline in 2024 is due to data being available for Q1 only ( download ) As the chart illustrates, the number of new vulnerabilities has been steadily increasing year over year.

Software 85

Software Internet Internet Social Engineering 85

Security Affairs

APRIL 7, 2024

A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as , tracked as CVE-2024-3273 , that impacts multiple end-of-life D-Link Network Attached Storage (NAS) device models. This trick allows attackers to obtain bypass authentication.

Internet 130

Internet Internet DNS Hacking 130

IT Security Guru

DECEMBER 20, 2023

Many of the applications that historically integrated with the on-premise corporate directory for Single Sign-On will now require manual, password-based authentication, increasing the burden on users and also further extending the attack surface for malicious actors. AI will dominate the cyber landscape in 2024 in ways few people can imagine.

Cybersecurity 133

Cybersecurity Phishing Scams Cloud Migration 133

Malwarebytes

FEBRUARY 27, 2024

These are “Android banking trojans,” and, according to our 2024 ThreatDown State of Malware report , Malwarebytes detected an astonishing 88,500 of them last year alone. The introduction screen when opening “RecoverFiles” and the follow-on permissions it asks from users.

Banking 143

Banking Passwords Accountability Malware 143

Security Affairs

MAY 29, 2024

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively exploited in attacks in the wild. Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919 , which is actively being exploited in attacks in the wild.

VPN 95

VPN Authentication Passwords Accountability 95

The Last Watchdog

MAY 30, 2024

From MFA to biometrics, a lot has been done to reinforce user ID and password authentication — for human users. At RSAC 2024 , I sat down with Baber Amin , Head of Product at Anetac, Diana Nicholas , co-founder of Anetac, to learn more. I’ll keep watch and keep reporting. LW provides consulting services to the vendors we cover.)

Accountability 130

Accountability Small Business Insurance Authentication 130

Krebs on Security

APRIL 9, 2024

Ben McCarthy , lead cyber security engineer at Immersive Labs called attention to CVE-2024-20670 , an Outlook for Windows spoofing vulnerability described as being easy to exploit. ” For links to individual security advisories indexed by severity, check out ZDI’s blog and the Patch Tuesday post from the SANS Internet Storm Center.

DNS 250

DNS Social Engineering Malware Media 250

Identity IQ

JANUARY 11, 2024

New AI Scams to Look Out For in 2024 IdentityIQ Artificial intelligence (AI) has quickly reshaped many aspects of everyday life. Here are three new AI scams to look out for in 2024 as well as some tips to help protect yourself and stay prepared for the explosive development of AI.

Scams 92

Scams Artificial Intelligence Identity Theft Phishing 92

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Privacy Compliance: By 2024, 40% of privacy tools will rely on AI, highlighting its expanding role in ensuring data privacy and meeting regulations. RaaS usage is expected to increase by 25% in 2024.

Social Engineering 118

Social Engineering Cyber Attacks Cyber Insurance IoT 118

Malwarebytes

FEBRUARY 6, 2024

Released today, the Malwarebytes State of Malware 2024 report takes a deep dive into the latest developments in the world of cybercrime. It also acts as a reminder to be careful about what you share, even if you are under the impression that you are using the internet securely.

Malware 77

Malware Passwords Identity Theft Banking 77

Thales Cloud Protection & Licensing

DECEMBER 20, 2023

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business madhav Thu, 12/21/2023 - 05:15 People always want to comprehend what the future brings. 2024 promises to be a pivotal year, bringing transformative advancements and new challenges in tech and cybersecurity. The same is true for today’s business leaders.

Cybersecurity 83

Cybersecurity Technology Cyber threats Artificial Intelligence 83

Security Affairs

JANUARY 12, 2024

These findings coincide with the critical and fast-approaching Indonesian presidential election set to take place in February this year (2024). Just before the onset of 2024, an individual known as Kimbo disclosed details regarding a suspected breach of the General Elections Commission of Indonesia’s (KPU) information system.

Identity Theft 94

Identity Theft Cyber threats Marketing Risk 94

Krebs on Security

MAY 23, 2024

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. The homepage of Stark Industries Solutions.

DDOS 274

DDOS Internet Internet Government 274

Security Boulevard

JANUARY 11, 2024

The rapid proliferation of the Internet of Things (IoT) represents vast opportunities for the public sector. Today’s Internet of Things might as well be called the Internet of Threats. The post Securing Public Sector Against IoT Malware in 2024 appeared first on Security Boulevard.

IoT 75

IoT Malware Education Government 75

Security Affairs

JANUARY 24, 2024

The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset. in which user account password reset emails could be delivered to an unverified email address.” in which user account password reset emails could be delivered to an unverified email address.” prior to 16.1.6,

Accountability 126

Accountability Passwords Internet Internet 126

Security Boulevard

APRIL 1, 2024

Follow HYAS on LinkedIn Follow HYAS on X Summary of Top ASNs and Malware Origins AS9318 - SK Broadband Co Ltd (South Korea) AS9318, also known as SK Broadband Co Ltd, is a significant Internet Service Provider (ISP) based in South Korea. AS7684 - Sakura Internet Inc. Japan) AS7684, managed by Sakura Internet Inc.,

Malware 64

Malware Cybersecurity Risk Education 64

Malwarebytes

FEBRUARY 13, 2024

On February 9, 2024, the Justice Department announced that an international operation had seized internet domains that were selling information-stealing malware. On February 7, 2024, two suspects were arrested in Malta and Nigeria, accused of selling the malware and supporting cybercriminals who used it for malicious purposes.

Social Engineering 109

Social Engineering Internet Internet Malware 109

Google Security

MAY 15, 2024

Expanded Restricted Settings : To help protect more sensitive permissions that are commonly abused by fraudsters, we’re expanding Android 13’s restricted settings , which require additional user approval to enable permissions when installing an app from an Internet-sideloading source (web browsers, messaging apps or file managers).

Scams 98

Scams Threat Detection Social Engineering Surveillance 98

Security Affairs

MAY 8, 2024

A critical Remote Code Execution vulnerability in the Tinyproxy service potentially impacted 50,000 Internet-Exposing hosts. The vulnerability impacts over 90,000 hosts that expose a Tinyproxy service on the internet. and Tinyproxy 1.10.0. The issue is tracked as CVE-2023-49606 and received a CVSS score of 9.8.

Internet 104

Internet Internet Authentication Passwords 104

Security Affairs

MAY 2, 2024

They aim to exploit modular, internet-exposed Industrial Control Systems (ICS), targeting software components like human machine interfaces (HMIs). The threat actors were observed using methods such as exploiting virtual network computing (VNC) remote access software and default passwords. In early 2024, several U.S.-based

Passwords 87

Passwords Internet Internet Software 87

Krebs on Security

JANUARY 30, 2024

9, 2024, U.S. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. LastPass said criminal hackers had stolen encrypted copies of some password vaults, as well as other personal information. technology companies during the summer of 2022. According to an Aug.

Social Engineering 327

Social Engineering Mobile Cybercrime Passwords 327

Security Affairs

MARCH 24, 2024

surfaces in the threat landscape Pokemon Company resets some users’ passwords Ukraine cyber police arrested crooks selling 100 million compromised accounts New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Malware 96

Malware Cybercrime Hacking Cyber threats 96

eSecurity Planet

MAY 13, 2024

From the other end of the supply chain, many vendors build Cinterion Cellular Modems into their internet-of-things (IoT) or operations technology (OT) equipment such as sensors, meters, or even medical devices. May 5, 2024 Tinyproxy Vulnerability Potentially Exposes 50,000+ Hosts Type of vulnerability: Use after free.

Penetration Testing 64

Penetration Testing IoT Small Business Internet 64

Krebs on Security

APRIL 3, 2024

In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. 14, 2024, KrebsOnSecurity heard from the same bluebtcus@gmail.com address, apropos of nothing. Why you destroy our lifes? We never harm anyone. Please remove it.”

Phishing 228

Phishing Cybercrime Malware Advertising 228

eSecurity Planet

APRIL 15, 2024

Employ robust password management techniques, two-factor authentication (2FA), and regular backups of essential data. April 8, 2024 Multiple Vulnerabilities Discovered in LG WebOS Smart TVs Type of vulnerability: Authorization bypass, privilege escalation, command injection. Looking for an alternative method for secure remote access?

Firewall 107

Firewall VPN Software Risk 107

eSecurity Planet

JANUARY 29, 2024

January 19, 2024 Critical VMware vCenter Server Zero-Day Under Attack Since 2021 Type of vulnerability: Remote code execution (RCE) vulnerability. January 22, 2024 Apple Fixes 16 Vulnerabilities, Including Exploited Zero Days Type of vulnerability: A type confusion issue enables arbitrary code execution (ACE) attacks.

Software 111

Software Authentication CSO Accountability 111

SecureWorld News

MAY 7, 2024

According to a new joint cybersecurity alert , the hacktivists have been observed gaining remote access to small-scale industrial control systems used in water/wastewater, dams, energy, and food and agriculture by exploiting internet-exposed human-machine interfaces (HMIs) and using default or weak passwords.

Passwords 82

Passwords Manufacturing Technology Authentication 82

The Last Watchdog

APRIL 30, 2024

In this instance, hackers are suspected to have exploited simple cybersecurity loopholes, including the fact that the software shipped with easy-to-guess default passwords. Unitronics systems are exposed to the Internet and a single intrusion caused a ripple effect felt across organizations in multiple states.

Penetration Testing 182

Penetration Testing Unstructured Data CISO Technology 182

eSecurity Planet

MARCH 4, 2024

February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect. February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal.

IoT 114

IoT Internet Internet Ransomware 114

Security Affairs

FEBRUARY 4, 2024

Clorox estimates the costs of the August cyberattack will exceed $49 Million Mastodon fixed a flaw that can allow the takeover of any account Iranian hackers breached Albania’s Institute of Statistics (INSTAT) Operation Synergia led to the arrest of 31 individuals Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison Cloudflare breached (..)

Identity Theft 103

Identity Theft VPN Malware Ransomware 103

eSecurity Planet

APRIL 29, 2024

April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege. Federal agencies have until May 14, 2024, to apply patches or disable vulnerable software. Broadcom Patches Brocade SANnav Flaw 19 Months After Discovery Type of vulnerability: Password storage.

Firewall 110

Firewall Software Ransomware Penetration Testing 110

Security Affairs

MAY 22, 2024

billion and a GDP of over 3.417 trillion USD, has become a prime target for cyberattacks during its general elections scheduled between 19 April and 1 June 2024. The compromised credentials could have been obtained by intercepting login forms on popular Internet browsers or by accessing password storage on compromised devices.

Government 99

Government Internet Internet Healthcare 99

Krebs on Security

APRIL 4, 2024

Other Privnote phishing domains that also phoned home to the same Internet address as pirwnote[.]com com is currently selling security cameras made by the Chinese manufacturer Hikvision , via an Internet address based in Hong Kong. Searching DomainTools for domains that include both of these terms reveals pirwnote[.]com.

Phishing 223

Phishing Cryptocurrency DDOS Internet 223

Malwarebytes

JANUARY 31, 2024

On January 23, 2024, we reported on the discovery of billions of exposed records online, now commonly referred to as the “ mother of all breaches ” (MOAB). Since then, the source of the dataset has been identified as data breach search engine Leak-Lookup. And it’s not just cybercriminals that are buying this type of data.

Data breaches 123

Data breaches Identity Theft Passwords Internet 123