53% of medical devices have a known critical vulnerability

After a year of unprecedented ransomware attacks on hospitals and healthcare systems – and with healthcare now the #1 target for cybercriminals – critical medical device risks in hospital environments continue to leave hospitals and their patients vulnerable to cyber attacks and data security issues.

Telegram: A Cybercriminal Hotspot – Compromised Financial Accounts

Cybercrime is thriving on Telegram, with more & more threat actors choosing the encrypted messaging app as a viable alternative to the secretive forums of the deep and dark web. In this four-part series, we will explore Telegram’s cybercriminal underbelly, starting with the illicit markets for compromised financial accounts.

Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer

Ever since the Bitcoin boom, crypto currencies have risen sharply in value year after year. Besides attracting more investment, this gain has also increasingly motivated malicious actors to develop stealer malware specialized in gaining access to cryptocurrency wallets.

Microsoft warns about this phishing attack that wants to read your emails

Attackers have targeted hundreds of organisations, says Microsoft security. Microsoft is warning that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a bogus app that then lets attackers read and write emails.

Cisco Patches Critical Vulnerability in Contact Center Products

Cisco on Wednesday announced patches for a critical vulnerability in Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited remotely to elevate privileges to administrator.

Latest web hacking tools – Q1 2022

After our recent end-of-year retrospectives, it’s time to look back again – this time at some of the most compelling open source hacking tools released during the final quarter of 2021.

Hackers use video player to steal credit cards from over 100 sites

Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms.

North Korean Hackers Start New Year with Attacks on Russian Foreign Ministry

A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Federation's Ministry of Foreign Affairs (MID) with New Year lures to compromise Windows systems with malware.

8 biggest IT disasters of 2021

From security flaws to software engineering fails, these high-profile IT disasters wreaked real-world havoc this year. Let them serve as cautionary tales.

ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks

The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea.

Panasonic discloses data breach after network hack

Japanese multinational conglomerate Panasonic disclosed a security breach after unknown threat actors gained access to servers on its network this month.

“Missed Voice Message,” the Latest Phishing Lure

Recently, the Phishing Defense Center (PDC) has observed a trend relative to a phishing tactic involving missed voicemail messages.

Scammers Are Using Fake Job Ads to Steal People’s Identities

From Facebook to LinkedIn to Indeed, ads are popping up that promise well-paying jobs — if applicants provide their Social Security numbers and other details up front. Scammers then use the information to apply for unemployment benefits.

New Gummy Browsers attack lets hackers spoof tracking profiles

University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers. They warn how easy the attack is to carry out and the severe implications it can have.

Malicious Firefox Add-ons Block Browser From Downloading Security Updates

Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser.

Big Title

The group behind a new ransomware variant threaten to go beyond encrypting data in their attempts to force victims to pay up.

Big Title

The social network's services, including Facebook, Facebook Messenger, Instagram and WhatsApp, were offline for about six hours on Monday.

Big Title

The social network's services, including Facebook, Facebook Messenger, Instagram and WhatsApp, were offline for about six hours on Monday.

Big Title

The social network's services, including Facebook, Facebook Messenger, Instagram and WhatsApp, were offline for about six hours on Monday.

Big Title

TangleBot users a keylogger to steal information entered into websites - and it can monitor the location of victims, as well as secretly recording audio and video.

Big Title

Law enforcement authorities managed to seize millions in cryptocurrency and luxury vehicles owned by the ransomware gang.

Big Title

Coalition announced today the acquisition of Attune—creating the world’s largest commercial insurtech provider. The combined company serves more than 130,000 policyholders, providing cyber and technology insurance along with the proactive risk management clients need to avoid filing insurance claims.

Big Title

Big Title

The cloud threat landscape is constantly evolving, with new operations under construction or already active. Cybercriminals are exploiting vulnerabilities, either directly, through ransom and extortion—or indirectly, by stealing resources.

Big Title

Here are the top three tactics attackers have been using to break into corporate and government networks: brute-forcing passwords, exploiting unpatched vulnerabilities, and social engineering via malicious emails.

Big Title

McAfee Mobile Malware Research Team has identified malware targeting Mexico. It poses as a security banking tool or as a bank application designed to report an out-of-service ATM.

Big Title

Mixed messaging around remote work has left me questioning whether tech companies are really invested in its future.

Big Title

A new version of the DirtyMoe botnet has been discovered with major modifications in the form of anti-forensic, anti-debugging, and anti-tracking capabilities. With the new release, actors boast of a threat profile that can’t be tracked or identified easily.

Big Title

Recently one of the big-three consumer credit bureaus fixed an issue that allowed an ordinary user to obtain the credit score of tens of millions of Americans just by providing their name and mailing address.

Big Title

T-Mobile’s CEO and an individual who claims to be behind the recent hacking of the mobile carrier’s systems have shared some information about how the attack was carried out.

Big Title

In a wide-ranging interview, Chris Inglis explained how he’s using his new White House office to better synchronize the government’s fight against hackers.

Big Title

Hackers are estimated to have stolen more than $29 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations.

Big Title

A mai világban a vállalkozások egyre nagyobb nyomás alatt vannak, hogy növeljék az informatikai hatékonyságot, rugalmasságot, hogy új innovatív technológiákat használjanak az ügyfelek igényeinek, a versenypiac elvárásainak való megfelelés végett. E célok elérése érdekében a vállalkozások különböző infrastruktúra-környezeteket választanak, döntenek a privát felhő vagy a nyilvános felhő között. Szerencsére ma már nem szükséges kizárólagosan eldönteni, van mód mindkét környezet előnyeit használni egy hibrid felhőben. Hibrid felhőkörnyezetben is komoly kihívást jelent a homogén vállalati működési modell fenntartása, a vállalati biztonsági irányelvek betartása és a hibrid környezetek szinkronizálása. Az alkalmazások fejlesztői továbbra is feszegetik az infrastruktúra határait az újítások ösztönzése érdekében. A Cisco Cloud Application Centric Infrastructure (Cisco Cloud ACI) egy átfogó megoldás, amely egyszerűsített műveleteket, következetes házirend-kezelést és láthatóságot biztosít több helyszíni adatközpontban, nyilvános felhőben vagy hibrid felhőkörnyezetben. A Cisco Cloud ACI lehetővé teszi, hogy a Cisco ACI ™ szolgáltatással a helyszíni adatközpontjaikban az ügyfelek kiterjesszék a Cisco ACI irányelveit a nyilvános felhőkre is. Az alábbi videóban látjuk, hogy a Cisco ACI és a Microsoft Azure integráció hogyan teszi lehetővé az ügyfelek számára a munkaterhelés zökkenőmentes telepítését a Microsoft Azure-ban úgy, hogy a nyilvános felhő a már meglévő helyszíni adatközpont puszta kiterjesztéseként jelenik meg.

Big Title

Not only is email the #1 attack vector, but regulatory compliance requirements across sectors make it difficult to know which data protection laws are for your industry.

Big Title

Lost productivity & mopping up after the costly attacks that follow phishing – BEC & ransomware in particular – eat up most costs, not payouts to crooks.

Big Title

The vulnerability would allow threat actors to remotely compromise a targeted ThroughTek IoT device and watch the real-time video feed, listen to audio, and compromise device credentials for additional attacks.

Big Title

The UK government has updated its code of practice on the use of surveillance cameras. Will it be enough to protect citizens' rights?

Big Title

For those new to the dark web, it is almost impossible to find a website on the Tor browser or how it works and that’s where dark web search engines help.

Big Title

Almost always in arm’s reach, rarely turned off and holding huge stores of personal and sensitive data, cellphones have become top targets for hackers.

Big Title

Cloud applications have proved useful to enabling remote work. But cloud computing brings its own security risks.

Big Title

The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research.

Big Title

That's creating some unexpected new risks The Bank of England has urged financial institutions to remain cautious when switching to the cloud. Here's why.

Big Title

The hacking tools seller reportedly used AWS as part of its spyware services to government clients.

Big Title

Cisco Secure Email Cloud Mailbox was built with one guiding principle – simplicity. Of course, it’s easy for us to talk about the benefits of our cloud-native email security product and how easy it is to use. But don’t just take it from us!

Big Title

Coop, one of Sweden’s largest supermarket store chains, has shut down nearly 800 stores across the country after one of its contractors was hit by ransomware in the aftermath of the Kaseya security incident on Friday.

Big Title

Security agencies in the United States and United Kingdom issued an advisory on Thursday to warn organizations about an ongoing global campaign involving brute force techniques.

Big Title

Experts are sounding the alarm about potential cyberattacks on the Tokyo Summer Olympics from those looking to create chaos at the already embattled event.

Big Title

Brits have lost over £1bn to fraud and cybercrime in the first six months of 2021

Big Title

It is estimated that an organization will fall victim to ransomware every 14 seconds in 2021. The last quarter of 2020 witnessed a 50 percent increase in DDoS attacks, and cryptojacking is an unseen threat that is rapidly evolving in real-time.

Big Title

Many movies and other media may have a bit of a warped idea of what hackers do, exactly. But one show that got it right is Mr. Robot, which shows that a company’s weakest spot is usually its people. The “human factor” they call it.

Big Title

Cisco Talos recently discovered two use-after-free vulnerabilities in Google’s Web Audio API that an adversary could exploit to execute remote code on the victim machine. Web Audio API is a high-level JavaScript API for processing and synthesizing audio in web applications. These vulnerabilities specifically exist in the Google Chrome web browser’s instance of this API.

Big Title

Self-Professed 'King of Fraud' Aleksandr Zhukov Ran Ads on Fake Sites

Big Title

Exabeam, a Silicon Valley startup that helps companies automate the analysis and monitoring of their cybersecurity data, on Tuesday said it raised $200 million in its latest round of funding which valued the company at $2.4 billion.

Big Title

Artificial intelligence holds great business promise, but it takes more than a working model to create scalable, transformative change

Big Title

IT leaders from Signet Jewelers, Workday, Turtle & Hughes, and One Call share lessons learned for effective leadership during the COVID-19 pandemic.

Big Title

Browsing If you’re like most people, you’re probably using Google Chrome as your default browser. It’s hard to fault Google’s record on security and patching but privacy is another matter for the online ad giant.

Big Title

Cyberattacks are always expensive to handle, and no one can predict cybersecurity threats accurately.

Big Title

News of ransomware attacks has become all too common in this modern age of cyberattacks. Some say it’s not a question of if you’ll be hit by a ransomware attack, but when.

Big Title

Privateers’ aren’t necessarily state-sponsored, but they have some form of government protection while promoting their own financially-motivated criminal agenda, according to Cisco Talos.

Big Title

Cisco Systems (CSCO) plans to acquire privately-held California-based Kenna Security in a bid to enhance its security offerings. The technology company develops and sells networking hardware, software, telecommunications equipment, and other high-technology services and products.

Big Title

As technology rises, fewer people are carrying cash and are opting instead for debit cards, credit cards, and smartphone payment apps. While it is convenient and becoming more popular to use virtual wallets like Venmo, PayPal, and Cash App, there is a risk of potentially being scammed by someone who doesn’t appear to be who they say they are.

Big Title

Browser push notifications can highly resemble Windows system notifications. As recently discussed, scammers are abusing push notifications to trick users into taking action. This recent example demonstrates the social engineering tactics used to trick users into installing a fake Windows Defender update. A toaster popup in the tray informs the user of a Windows Defender Update.

Big Title

In many situations, multicloud architectures make the most sense.But playing the field, baking in agility, and avoiding lock-in can expose your enterprise to hidden costs and issues.

Big Title

Enterprises of all sizes and industries face a dilemma. How do they justify an increased need for cybersecurity spending in the face of historic business disruption and revenue losses?

Big Title

Recommendations ranging from additional support for victims to regulating Bitcoin to prevent it being used to extort payment aim to help protect society as a whole from being plagued by ransomware attacks.

Big Title

A recently discovered phishing scam that convincingly impersonates the Microsoft Windows logo with an HTML table serves as a new reminder of how social engineers can abuse various elements in emails to fool both human recipients and certain security solutions.

Big Title

Darkside ransomware operators have changed their extortion tactics and are now targeting organizations listed on NASDAQ or other stock markets. They believe that the negative impact of having a traded organization’s name listed on their website would cause its stock price to fall, and the attackers are trying to make a profit out of this.

Big Title

Nem a Fedex nevével visszaélő SMS csalás az egyetlen, amely a felhasználók banki adatainak ellopására pályázik. Igaz, az ilyen visszaélések döntő többsége külföldön, zömmel angol nyelvterületen zajlik, de immár egyre többször fordul elő nálunk Magyarországon is.

Big Title

Research suggests “open and insecure gaps” are being exploited in financial organizations’ networks.

Big Title

Az oltóanyagok létfontosságú lépést jelentenek a világ koronavírus-járvány elleni küzdelmében, ugyanakkor mindez visszaélésekre is lehetőséget ad a csalók és álhírterjesztők számára. Emiatt most éppen a Bitcoinnal fizethető hamis koronavírus-oltásokra épülő csalásra figyelmeztetnek a nemzetközi hatóságok. A cikk összefoglalja a leggyakoribb, vakcinával kapcsolatos tipikus átveréseket, amelyekkel megpróbálnak hozzáférni a személyes adatainkhoz vagy a pénztárcánkhoz.

Big Title

Over the years, the number of attacks against ICS/SCADA systems used by industrial organizations worldwide has rapidly increased. Many security firms highlighted the risks related to attacks targeting OT networks used in utilities

Big Title

The cybersecurity industry is hiring. In November 2018, The New York Times reported that a total of 3.5 million cybersecurity jobs would be available but go unfilled by 2021. This employment gap increased in the year that followed. (ISC)2 estimated at the end of 2019 that it would take 4.07 million trained professionals to fill all available cybersecurity positions—a 62% increase of the global cybersecurity workforce. Things improved in 2020 when (ISC)2 learned that 700,000 professionals had joined the industry. Even so, 3.12 million cybersecurity positions remained open at the end of last year.

Big Title

A hacker appears to be selling sensitive data they claim to have stolen from an OTP-generating company. This particular company has some of the most popular tech and business giants on its list of customers including Google, Facebook, Amazon, Emirates, Apple, Microsoft, Signal, Telegram, and Twitter accounts, etc.

Big Title

We have to seriously look at catching up with China on technology. We may not be able to fully catch up with China therefore we are trying to develop a relationship with Western nations to see how best we can get support from them during peace time, at least, to overcome these deficiencies,” General Bipin Rawat said.

Big Title

Securiti announced participation from Cisco Investments in its latest round of funding. The company plans to work with Cisco and help their customers solve the challenge of multicloud and edge security, privacy and compliance.

Big Title

Microsoft is warning businesses to beware of cyber criminals using company website contact forms to deliver the IcedID info-stealing banking trojan in email with Google URLs to employees

Big Title

The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade.

Big Title

A practical cybersecurity guide from the National Institute of Standards and Technology (NIST) can help hotel owners reduce the risks to a highly vulnerable and attractive target for hackers: the hotel property management system (PMS), which stores guests’ personal information and credit card data.

Big Title

The findings of a Bolster report, along with real life examples, clearly correlate the rise in crypto scams to the value and popularity of cryptocurrencies as well as the increase in individuals seeking financial assistance during the COVID-19 pandemic.

Big Title

If you don’t already work in a “smart building,” chances are that you will soon. By 2025, more than 75% of new construction will fit this category—and that’s not counting existing buildings.

Big Title

A research engineer used basic exfiltration techniques to steal trade secrets from Coca-Cola, but wasn't caught until she attempted to steal similar data from another company.

Big Title

Big Title

What’s in a name? When it comes to the term ‘security platform,’ quite a lot, going by its overuse in the industry. This moniker is increasingly being deployed in the marketplace to describe varying types of solutions.

Big Title

As hackers find ways to unlock your phone with your face while you sleep or using a photo from social media to do the same, researchers have developed a way to strengthen security by adding facial features such as smiles and winks to the mix.

Big Title

A hackers find ways to unlock your phone with your face while you sleep or using a photo from social media to do the same, researchers have developed a way to strengthen security by adding facial features such as smiles and winks to the mix.

Big Title

Big Title

A wave of attacks targeting Remote Desktop Protocol has continued throughout the pandemic as more employees continue to work from home.

Big Title

Multicloud deployment is here to stay! According to Gartner, “the average enterprise now connects to more than 20 public cloud services, and these public cloud services frequently support performance-sensitive and business-critical applications like ERP and unified communications

Big Title

In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed Operation Diànxùn.

Big Title

Even before the drastic changes we saw as a result of 2020, manufacturers were under pressure to improve operational efficiency through digital transformation.

Big Title

Half of organizations are concerned that the shift to remote work is putting them a greater risk of cyber-attacks, according to a new study by LogMeIn in collaboration with IDG.

Big Title

Half of organizations are concerned that the shift to remote work is putting them a greater risk of cyber-attacks, according to a new study by LogMeIn in collaboration with IDG.

Big Title

Using a single laser, scientists have built a new system that generates random numbers fast and at scale.

Big Title

Threat actors are using Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on unsuspecting users' computers.

Big Title

Israeli-based cybersecurity firm Kela says more than 500,000 leaked credentials belonging to more than two dozen leading gaming companies were on sale on the dark web.

Big Title

Phishing and spam-based cyberattacks were prominent during 2020, with an added factor of the COVID-19 pandemic.

Big Title

Masslogger evolution rears its ugly head, $30 gets you three month license to cause carnage

Big Title

It's a bigger threat than ever, but don’t worry. There are plenty of ways to defend yourself.

Big Title

Phishers are trying to trick users into opening a “LinkedIn Private Shared Document” and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns.

Big Title

A tavalyi esztendőben a társkereséssel kapcsolatos csalások száma jelentős növekedést mutatott.

Big Title

Every day, we stop more than 100 million harmful emails from reaching Gmail users. Last year, during the peak of the pandemic crisis we saw 18 million daily malware and phishing emails related to COVID-19.

Big Title

North Korean attacks on crypto exchanges reportedly netted an estimated $316m in cryptocurrency in 2019 and 2020, according to a report by Japan’s Nikkei.

Big Title

Late last December we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere.

Big Title

We have heard it before. Securing your organization isn’t getting any easier. The remote workforce is expanding the attack surface. We need context from users and endpoints to control proper access, and IT teams need to ensure our data stores are resilient and always available to gain the telemetry they need to reduce risk.

Big Title

A surge in secret software used to spy on staff working from home during the pandemic has led to calls for new laws to be brought in against unscrupulous bosses.

Big Title

A Skót Környezetvédelmi Ügynökségtől (SEPA) 4000 dokumentumot loptak el zsarolóvírust terjesztő bűnözők. Itt is a ma már trendnek számító módszer zajlott, miszerint ha a megzsarolt áldozat nem fizet az elkódolt adatok visszaszerzéséért, akkor fizessen azért, hogy az elkövetők ne töltsék fel a lopott fájlokat publikus weboldalakra.

Big Title

Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video.

Big Title

Over 80% of British and American employees overshare on social media, potentially exposing themselves and their organization to online fraud, phishing and other cyber-threats, according to Tessian.

Big Title

The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks.

Big Title

A Canalys forecast predicts cybersecurity investments will increase 10% worldwide in the best-case scenario in 2021. Information security will remain a high priority this year, as the range of threats broadens and new vulnerabilities emerge, while the frequency of attacks is unlikely to subside.

Big Title

According to a recent report by Avira, the use of cryptomining malware has increased by 53% quarter-on-quarter in the final three months of 2020. The reason behind this increase could be the soaring value of Bitcoin.

Big Title

Cisco fixed multiple flaws in Cisco SD-WAN products that could allow an unauthenticated, remote attacker to execute attacks against its devices.

Big Title

Fraudsters are impersonating real HR employees in fictitious job offers sent on LinkedIn, in a dubious scheme to get targets to share banking data.

Big Title

Learn what you need to do to move beyond perfunctory awareness and training programs to change behavior and instill a security culture (the ABC of security).

Big Title

Malware authors have been widely adopting open source security tools for cybercrime operations. Recently, Recorded Future released a report on the use of malicious C&C infrastructure throughout 2020 by tracking more than 10,000 C&C servers across more than 80 malware strains.

Big Title

Coronavirus has obliged many organisations to force security teams to work remotely - and that's making the job of securing whole businesses against threats much harder.

Big Title

Enterprise use of biometrics for security may see an uptick by organizations looking to defend themselves from attacks, but they must weigh the concerns against the benefits.

Big Title

Tech giants including Microsoft and Google on Monday joined Facebook’s legal battle against hacking company NSO, filing an amicus brief in federal court that warned that the Israeli firm’s tools were “powerful, and dangerous.”

Big Title

Most successful cybercrimes leverage known human weaknesses. Isn't it time we stop getting psyched by the bad guys? Here are five steps cybersecurity pros can take now.

Big Title

After hacking masked credit and debit card data of crores of Juspay users, the same hacker possibly known as 'ShinyHunters' is now selling databases belonging to three more Indian companies on Dark Web, independent cyber security researcher Rajshekhar Rajaharia claimed on Wednesday.

Big Title

A security researcher has demonstrated that sensitive data could be exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel—surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems.

Big Title

Google has hired the first security boss for its cloud business in the form of British-born Phil Venables. A 25+ year veteran of the industry with experience in CISO roles in some of the world’s biggest banks, Venables officially joined Google Cloud this month, according to his LinkedIn profile.

Big Title

A WatchGuard report reveals how COVID-19 has impacted the security threat landscape, with evidence that attackers continue to target corporate networks despite the shift to remote work, and a rise in pandemic-related malicious domains and phishing campaigns.

Big Title

In September 2020, Cisco patched four Jabber vulnerabilities (including one wormable RCE flaw), but as it turns out, three of four have not been sufficiently mitigated.

Big Title

Cybercriminals are continuously attempting new and innovative ways to defeat security measures and controls to pilfer sensitive data.

Big Title

Efforts to secure the Border Gateway Protocol have picked up critical moments, including a big assist from Google.

Big Title

As the Covid pandemic has brought about a sea change in the operations of most companies with work from home becoming the trend over the past 8-10 months, cyber security experts are of the view that several companies still need to be more proactive in terms of strengthening their systems against cyber attacks.

Big Title

A private surveillance firm that exploits mobile network vulnerabilities to spy on calls, texts and location data is doing business with at least 25 governments around the globe, including some with histories of human rights abuses, concludes a report released Tuesday.

Big Title

A koronavírussal érkező krízishelyzetben az üzletmenet folytonossága és a kiberbiztonság is forró téma lett szinte minden iparágban, a sürgető elvárásoknak pedig szinte lehetetlen megfelelni

Big Title

73% of security and IT executives are concerned about new vulnerabilities and risks introduced by the distributed workforce, Skybox Security reveals.