Siemens urges updates for fire protection system vulnerabilities , posing remote attack risks. GitGuardian report reveals 12 million secrets exposed on GitHub, notably in IT and education . A breakthrough 3D nanoscale optical disk promises revolution in data storage. FortiGuard Labs unveils a complex Java-based RAT phishing campaign . Techniques discovered for bypassing AI restrictions , raising security concerns. EquiLend and Leicester City Council experience cyberattacks, while a WordPress plu...
Mar 13, 2024•6 min
Roku experienced a data breach affecting over 15,000 customer accounts , leading to fraudulent activities . The Cybersecurity and Infrastructure Security Agency (CISA) faced a breach from Ivanti product vulnerabilities . A counterfeit Leather wallet app was implicated in cryptocurrency theft and removed from the Apple App Store. QNAP addressed security flaws in NAS devices, and a banking trojan called CHAVECLOAK targeted Brazilian users, underscoring the urgency of robust cybersecurity measures....
Mar 12, 2024•4 min
The Magnet Goblin group exploits vulnerabilities to install malware on systems, urging the adoption of patches and security measures like network segmentation . A notable exploit involves a vulnerability in the Popup Builder plugin for WordPress , risking over 3,300 websites . The cryptocurrency sector faces attacks exploiting smart contract flaws , resulting in significant losses mitigated by token burns and bounties . Acuity Inc. suffered a data breach , leaking sensitive federal information f...
Mar 11, 2024•3 min
The Fortinet FortiOS vulnerability CVE-2024-21762 threatens 150,000 devices, requiring updates for mitigation. Microsoft strengthens security after Russian hackers exploit an old account. Hacker Ebrietas in the USA earns rewards for exposing T-Mobile flaws. South Korea's National Police Agency creates a tool to detect deepfakes with 80% accuracy, enhancing election security. Security vulnerabilities identified in video doorbells, QNAP NAS systems, and Canon printers necessitate firmware updates....
Mar 10, 2024•4 min
A malware campaign called Balada Injector exploits a vulnerability in the Popup Builder WordPress plugin, impacting over 3,300 sites, preventable by updating the plugin. HKCERT warns of increased phishing in Hong Kong. Magnet Goblin targets Ivanti VPN and Magento servers using NerbianRAT malware. Rhysida's ransomware attack on Lurie Children's Hospital in Chicago involved data theft. pgAdmin addressed a critical vulnerability in version 8.4. Midnight Blizzard, a Russian group, stole Microsoft's ...
Mar 09, 2024•5 min
Jared Folkins calls up Jack Rhysider. He asks him about his Dad, CactusCon, and if Jack has any advice for job seekers in this difficult job market.
Mar 08, 2024•12 min
In the news, the Xunlei Accelerator app , deemed a security threat, contains outdated elements leading to potential system breaches. TA4903 , disguising as U.S. agencies , uses QR codes in BEC attacks , while compromised WordPress sites spread bruteforcing scripts , indicating strategic shifts. Tycoon and Storm-1575 target U.S. schools with advanced phishing ; the Bifrost Trojan attacks Linux users through typosquatting . Cisco , Qualcomm , Microsoft , and Veritas address significant vulnerabili...
Mar 08, 2024•6 min
In the news, Chinese state-sponsored hackers executed the Volt Typhoon cyber intrusion , revealing significant U.S. infrastructure vulnerabilities . Fidelity Investments notified customers of a potential data breach due to a LockBit ransomware attack . The EU mandated Apple to fix two critical iOS vulnerabilities . Amidst escalating cyber threats, Canada's FINTRAC and Duvel Moortgat Brewery faced significant cyberattacks. Globally, companies and governments are being urged to enhance cyber defen...
Mar 07, 2024•5 min
Microsoft is engaging in archival storage research for cloud-scale data preservation, focusing on DNA and silica media. Dataplane.org reports a new DNS scanning technique called Destination-Adjacent Source Address Spoofing since August 2023, possibly originating from China. The BlackCat ransomware group appears to have conducted an exit scam. A retired US Army Lieutenant Colonel is charged for allegedly transmitting classified information on a dating app. The RA World ransomware group uses leake...
Mar 06, 2024•5 min
The ALPHV/BlackCat ransomware group's site disappeared after claiming an attack on Change Healthcare , which affected prescription services, while Russian operatives recorded a German military Webex conversation about Ukraine's missile strategies, leading to a German investigation. The European Commission fined Apple $1.95 billion for anti-competitive App Store practices, which Apple will contest. WordPress plugin users were alerted to a Godzilla Web Shell exploit, advised to update systems. Hik...
Mar 05, 2024•4 min
Recent discoveries reveal critical vulnerabilities in Eken and Tuck's doorbell cameras, leading to unauthorized access and resulting in some retailers offering refunds and discontinuing sales. Additionally, cybersecurity specialists have identified unconventional breach methods used by Red Teams and criminals, such as USB drops, mailed compromised devices, attacks on port authorities, drone-based strategies, insider schemes, and exploiting weak drivers for initial access. The 6th Edition of the ...
Mar 04, 2024•2 min
Phishing campaigns target FCC and crypto firm employees with CryptoChameleon , leading to over 100 breaches. An Indian content farm mimics news outlets to push gambling and crypto scams. Hikvision and Ivanti Pulse Secure address critical vulnerabilities. U.S. cybersecurity agencies alert on Phobos ransomware . NSO Group is compelled to share Pegasus source code with Meta . ConnectWise ScreenConnect and SolarWinds fix severe exploits. McAfee Labs highlights malware in PDFs, and Shodan scans for i...
Mar 04, 2024•4 min
In the news, the UnitedHealth Group and Change Healthcare reported cyberattacks by the ALPHV/Blackcat ransomware gang, affecting healthcare services. CutOut.Pro refutes a data breach claim despite evidence. Anurag Sen exposed a leak from YX International , risking two-factor codes . Fulton County and Houser LLP are addressing separate security incidents. The U.S. Commerce Department investigates auto cyber risks , while Golden Corral faces a breach lawsuit. CryptoChameleon targets crypto platfor...
Mar 02, 2024•5 min
And in the news, GitHub has introduced default push protection to enhance security against data leaks in public repositories. The ASIO director of Australia highlighted increasing cyber threats to infrastructure, notably from nation-state espionage. Infoblox exposed the Savvy Seahorse phishing campaign, leveraging social media for fraud. Cutout.Pro addressed a data breach impacting 20 million users. Citrix and Sophos encountered leap year bugs, disrupting services. Pepco Group lost $17 million d...
Mar 01, 2024•3 min
In the news , Microsoft warns of an exploited Windows Kernel issue (CVE-2024-21338) . The BlackCat/ALPHV ransomware group attacked Change Healthcare , stealing data. SpikedWine targeted EU diplomats with "WineLoader" malware . Epic Games denies server breach by Mogilevich group. Palo Alto Networks faces a lawsuit over forecasts. North Korea's Lazarus hackers exploited a patched Windows AppLocker flaw. The US restricts Sandvine and Chengdu Beizhan Electronics for surveillance and nuclear roles. C...
Feb 29, 2024•4 min
In the news , businesses are adopting automated AI fraud detection and real-time monitoring . Importance is given to phone number analysis and IRBIS People Search for security intelligence. ESPY Ltd emphasizes fraud prevention through telecom data and two-factor authentication . PCI DSS 4.0 standards will mandate web application firewalls by March 2025. Recent threats include Google OAuth2 exploits , UAC-0099 cyber attacks , and WinRAR vulnerabilities . Reports highlight increasing malware and p...
Feb 29, 2024•3 min
In cryptocurrency news there is upheaval with a gambling platform rug pull , significant financial losses from various attacks, and the revelation of an Australian's disappearance post-bank error. In cybersecurity , the BitForex platform is under scrutiny for a possible exit scam, while the Aleo blockchain and Tornado Cash encountered data and code breaches respectively. Additionally, the South African parliament suffered a data leak, and new malware, "Angel Drainer," targets cryptocurrency user...
Feb 27, 2024•4 min
In the news, research by Lab52 unveils efforts by the Turla group with a modified Kazuar trojan . PayPal targets stolen super-cookies threats. Axie Infinity's Jeff Zirlin and wallets face crypto-theft, highlighted by PeckShield . The LockBit group threatens with new FBI material leaks. A critical SQL Injection flaw in WordPress's Ultimate Member plugin demands updates. The RCMP combats a cyberattack aftermath, while ConnectWise ScreenConnect users must upgrade due to severe exploits ....
Feb 26, 2024•4 min
A Russian national is on trial for a cyberattack on a power grid that led to a blackout in 38 villages. North Korean hackers infiltrated the Russian Ministry of Foreign Affairs using KONNI malware . Sony's Insomniac Games alerts employees to a data breach by Rhysida ransomware group . The FTC sues H&R Block for deceptive free online filing ads. LAX airport 's database was compromised by IntelBroker , exposing 2.5 million records. The LockBit ransomware group has extorted over a billion dolla...
Feb 26, 2024•5 min
In the news, US companies face fines for not adhering to SEC 's cybersecurity disclosure rules, urging improved incident responses . Research indicates GPT-4 could autonomously execute website exploits , highlighting AI security risks . Avast is fined $16.5 million by the FTC for unsanctioned data sales, necessitating a new privacy framework . Law enforcement disrupts the LockBit ransomware group , seizing $110 million . A compromised Python package led to a supply chain attack , while Malawi's ...
Feb 25, 2024•26 sec
And in the news a critical vulnerability in the Spring Framework (CVE-2024-22243) could lead to serious security breaches, urging updates. Threat actors exploit flaws in VMware, Microsoft Exchange, and Cisco , with law enforcement targeting groups like LockBit . The 8220 Gang targets cloud infrastructure , and I-Soon , a Chinese firm, faces a data leak. Users should utilize tools like Tor.taxi for dark web safety and be wary of TeaBot trojan infections from the Google Play Store . Updates are cr...
Feb 24, 2024•3 min
Today in the news , critical security issues include an authentication bypass vulnerability in ConnectWise ScreenConnect, requiring immediate updates. Two individuals were convicted for mail fraud involving counterfeit iPhones . Apple enhances iMessage encryption with PQ3 to combat future quantum attacks. GDPR impacts lead to significant data storage and processing reductions in Europe. A scam with a fake Exodus cryptocurrency wallet resulted in substantial Bitcoin theft. North Korean group Laza...
Feb 22, 2024•3 min
I’m Gracie Folkins, today is February 21st, 2024, and you are listening to Hack News Daily. An employee at the Stratford-on-Avon District Council misused their access to steal 79,000 email addresses to promote a private business. This action resulted in a police caution and led the council to implement data breach resolution measures. A report highlights that up to 275 credit unions using CU Solutions Group's content management system were at risk. They were vulnerable to account takeover and cr...
Feb 21, 2024•6 min
I’m Gracie Folkins, today is February 20, 2024, and you are listening to Hack News Daily. First up, a big cyber incident in Romania: the Backmydata ransomware has hit multiple hospitals, locking up their systems. Security experts recommend using Check Point Harmony Endpoint and running the latest updates from Microsoft and Adobe to stay safe. And remember, with Valentine’s Day just past, cyber threats are on the rise, so stay vigilant. In the United States, Infosys McCamish Systems reported a br...
Feb 20, 2024•5 min
I’m Gracie Folkins, today is February 19, 2024, and you are listening to Hack News Daily. Cybersecurity updates are critical, and here's what's happening in the world of cyber safety: Cybersecurity firm ESET has released patches for a significant vulnerability, known as CVE-2024-0353, affecting various Windows security products. This is a high-severity local privilege escalation issue. It's important for users to update their systems immediately to avoid potential abuse by attackers. In other ne...
Feb 19, 2024•3 min
I’m Gracie Folkins, today is February 18, 2024, and you are listening to Hack News Daily. In our cybersecurity roundup today, Google Chrome is stepping up its game with a new feature called "Private Network Access protections". This is designed to keep your internal network devices safe from public website exploits by checking connectivity requests more thoroughly. For those interested in the technical details, the process involves CORS-preflight requests, which might block suspicious attempts. ...
Feb 18, 2024•4 min
I’m Gracie Folkins, today is February 17th, 2024, and you are listening to Hack News Daily. First up, an Enea report uncovers the 'MMS Fingerprint' attack by NSO Group, which sneaks into WhatsApp to gather information on your phone without you doing anything. It's like a reminder that even our messages need strong guards. In other news, Vyacheslav Igorevich Penchukov, a cybercriminal from Ukraine, could face up to 40 years in prison for his role in the Zeus and IcedID banking malware, causing lo...
Feb 17, 2024•5 min
I’m Gracie Folkins, today is February 16th, 2024, and you are listening to Hack News Daily. In today's update, the FBI has taken action against a group of hackers from Russia by stopping a harmful program on certain internet routers. They advise everyone with these routers to reset them and pick new passwords to stay safe online. The U.S. State Department is offering a reward of up to $15 million for information that helps catch members of a notorious hacking group responsible for stealing over ...
Feb 16, 2024•3 min
I’m Gracie Folkins, today is February 15th, 2024, and you are listening to Hack News Daily. In today's cyber news, the PlayDapp gaming platform experienced a major security issue when an unauthorized person created 1.79 billion PLA tokens. This happened because they got hold of a private key they shouldn't have. The company has stopped all transactions and asked exchanges to block the hacker's wallets to fix the problem. Meanwhile, Zenlayer, a company that handles lots of internet data, accident...
Feb 15, 2024•3 min
I’m Gracie Folkins, today is February 14th, 2024, and you are listening to Hack News Daily. First up, there's a new vulnerability that was used by hackers to sneak past Microsoft Defender SmartScreen. This vulnerability was exploited to distribute a harmful malware called DarkMe, targeting financial traders. But don't worry, this has been patched, and if you're using Trend Micro solutions, you're already protected against it. For Bank of America customers, there's an important update. A third-pa...
Feb 14, 2024•3 min
