The US government has launched an investigation into TP-Link, a leading Chinese router manufacturer, following growing concerns over potential cybersecurity risks associated with their products. TP-Link routers, which comprise a significant portion of the US market, are under scrutiny due to vulnerabilities that could be exploited for cyberattacks, posing a threat to individual users and […]
Cybersecurity researchers have uncovered a sophisticated new investment scam targeting users through social media malvertising, AI-generated video testimonials, and fraudulent company-branded posts. The scam, known as Nomani, has already led to substantial financial and data losses, with experts warning that its reach is growing rapidly. In its latest H2 2024 Threat Report, cybersecurity company ESET […]
QAX’s XLab Uncovers Winnti Hacking Group’s New ‘Glutton’ PHP Backdoor December 15, 2024. The cybersecurity experts at QAX’s XLab have uncovered a new PHP backdoor, dubbed ‘Glutton,’ that is being leveraged by the notorious Winnti hacking group in attacks targeting organizations in China and the U.S. and other cybercriminal groups. According to QAX’s XLab, the […]
Security researchers have uncovered significant vulnerabilities in the Prometheus monitoring tool, revealing thousands of exposed servers and exporters leaking sensitive data and introducing risks such as denial of service (DoS) and repo jacking. Prometheus, a leading tool in observability for monitoring applications and cloud infrastructure, has long been favored for its robust features. However, its […]
After a recent cybersecurity attack disrupted its operations, Krispy Kreme, the beloved doughnut brand, faces significant challenges in meeting the growing demand for its delectable treats. The attack, first detected on November 29th, has continued to impact Krispy Kreme’s ability to fulfill online orders, leaving doughnut enthusiasts across the country disappointed and craving their favorite […]
In a groundbreaking move against cybercrime, Europol has announced the successful dismantling of 27 illegal Distributed Denial-of-Service (DDoS) attack platforms as part of a coordinated international operation known as PowerOFF. The global crackdown, which involved law enforcement from 15 countries, led to the closure of several illicit websites commonly used for launching cyberattacks, including zdstresser.net, […]
In a new advisory, IBM X-Force researchers have uncovered ongoing campaigns by the cybercriminal group Hive0145, deploying the advanced Strela Stealer malware to steal sensitive email credentials across Europe. According to the report, the attacks primarily target Spain, Germany, and Ukraine. They use authentic invoices in phishing emails to deceive recipients and boost the credibility […]
The Sysdig Threat Research Team (TRT) today announced the discovery of a global operation called “Emeraldwhale” that has stolen over 15,000 cloud service credentials from misconfigured Git configurations. According to the Sysdig TRT, the attackers used a blend of private tools to exploit misconfigured web services, gaining unauthorized access to cloud credentials, cloning private repositories, […]
A researcher called Bartek Nowotarski revealed a new Denial of Service (DoS) method called the “HTTP/2 Continuation Flood,” which is deemed to be a more serious threat than the Rapid Reset, which was a vulnerability that was exploited in 2023 to launch the biggest Distributed DoS (DDoS) attacks. The CERT Coordination Center (CERT/CC) at Carnegie […]
Hacker Trio Allegedly Leaks US Federal Employee Data
Alarming claims have surfaced regarding a purported breach targeting Acuity, a prominent tech consulting firm that collaborates with national and public safety authorities. According to reports, federal agents’ data and classified documents have been allegedly leaked, sending shockwaves through cybersecurity circles. The alleged breach announcement emerged on a notorious data leak forum, commonly frequented by […]
A court order was passed, allowing U.S. authorities to Mootbot Botnet, under the control of the Russia-linked cyberespionage group APT28. Russian state-sponsored hackers used the Botnet to carry out a wide range of attacks. A press release published by the DoJ states: “A January 2024 court-authorized operation has neutralized a network of hundreds of small […]
Microsoft threat hunters state that foreign APTs are interacting with OpenAI’s ChatGPT for the automation of malicious vulnerability research, target reconnaissance, and malware creation tasks. In a report published on Wednesday, Microsoft states that it joined forces with OpenAI to study the use of LLMs by malicious actors and found various known APTs that were […]
Microsoft recently released a large batch of security-themed software updates but called urgent attention to the fact that three vulnerabilities were exploited in live Malware attacks. The tech giant recorded at least 72 security vulnerabilities in the Windows ecosystem and warned users about the risks of remote code execution, information disclosure, security feature bypass, and […]
On Friday, the US Justice Department announced that the Warzone RAT cybercrime enterprise was destroyed due to an international law enforcement operation. US authorities have brought charges against two individuals who allegedly sold Malware and were offering support to users. Warzone is a remote access trojan that enables users to connect to infected devices and […]
Shim is a small application with certificates and code to verify the bootloader and is used by most Linux distributions during the boot process to support secure boot. However, Linux developers discovered a new security flaw, and the vulnerability poses a huge security risk by enabling the installation of Malware operating at the firmware level, […]
Google has agreed to pay $350 million to resolve a class action lawsuit with shareholders where the tech giant was accused of exposing users’ data in a data breach on its now-disbanded social media platform Google+. The lawsuit revolves around a data breach between 2015 and 2018, in which the personal data of more than […]
According to FICO’s new Fraud, Identity, and Digital Banking Report, thieves and fraudsters stole and used nearly two million Brits to open financial accounts in 2023. The firm discovered that around 4.3% of the respondents, roughly 1.9 million in the UK, had become victims of identity theft. This decreased compared to the 7.7% of respondents […]
Apple has recently released iOS 17.3 with a new feature called Stolen Device Protection, which enables you to protect your sensitive and confidential data in case a thief steals your iPhone and has gained access to your password. However, there’s a specific flaw in this feature that you should know about. The Stolen Device Protection […]
If you’re a Hulu or Disney+ user, we have some news. As of March 14th, you can no longer share your login information outside your household. An email was sent to subscribers from the Hulu Team, which stated that “we’re adding limitations on sharing your account outside of your household and explaining how we may […]
ESO Solutions, a leading provider of data and software for emergency responders and healthcare organizations, announced today that it suffered a ransomware attack impacting the sensitive data of up to 2.7 million individuals. In an incident notice published on its website, the Austin, Texas-based company stated that an unauthorized third party deployed ransomware to encrypt […]
In a recent data security breach, the personal information of more than 134,000 Massachusetts residents enrolled in specific state programs and services has been compromised. The incident, part of a global third-party data breach involving a file-transfer software program named MOVEit, raised concerns about sensitive data’s vulnerability across various sectors. What Happened? The University of […]
India’s Digital Personal Data Protection Bill of 2023 has been passed and will come into full effect once the President of India has approved it. This Data Protection Law completely changes how tech companies handle users’ data but raises concerns regarding government surveillance. Lawmakers have opposed the Bill, stating that the legislation would enable governments […]
On June 18th, 2023, Governor Abbott passed the Texas Data Privacy and Security Act (TDPSA). Texas joins the ranks of other states like Montana, Tennessee, Indiana, Iowa, and many more regarding implementing Data Protection Laws. The TDPSA will come into effect from July 1st, 2024. It gives businesses time to prepare for the changes that […]
As reported by the Guardian, TikTok Faces Potential Multi-Million Pound Fine for Violating Children’s Privacy, EU Data Protection Regulator Rules. In a surprising turn of events, TikTok, the Chinese-owned video-sharing platform, is being slammed with a fine, possibly amounting to millions of pounds, for infringing on children’s privacy. The decision comes as a ruling from […]
In a recent development, Montana became the first state in the U.S. to officially ban TikTok, effective immediately from January 1st, 2024. Over 150 million American users use TikTok, and there have been growing concerns from U.S. lawmakers to ban the app altogether because of the potential influence of the Chinese government on TikTok. While […]
The document, which first got leaked to WIRED, revealed that many EU countries favor monitoring encrypted messages to help prevent the spreading of CSAM (Child Sexual Abuse Material.) Spain is proposing to ban end-to-end encryption altogether. The document states that EU countries (including Ireland) propose to create new rules and regulations to help combat this […]
The social media blackout in Pakistan has reverberated across the nation, leaving citizens and international observers bewildered and concerned. Following the arrest of prominent political figure Imran Khan, the government has enforced sweeping restrictions on access to popular social media platforms, including Twitter, YouTube, Facebook, and Instagram. This unprecedented move has sparked controversy and political […]