Multiple local governments are dealing with cyberattacks, including ransomware incidents, this week, causing outages and problems for county hospitals, libraries and other local services. Bucks County, Pennsylvania — home to nearly 650,000 people — said on Wednesday that it is still grappling with a cybersecurity incident that has knocked out the Emergency Communications’ Department’s computer-aided […]
The code embedded inside devices that bridges interactions between hardware and software is frequently exposed to security vulnerabilities, but lawmakers and federal officials have not paid enough attention to them, a national security think tank analysis argues. The report, released Wednesday by the Foundation for Defense of Democracies, contends that firmware vulnerabilities remain largely unaddressed, […]
Jan 26, 2024NewsroomMalvertising / Phishing-as-a-service Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. “The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead,” Malwarebytes’ […]
Anti-Phishing, DMARC , Business Email Compromise (BEC) , Fraud Management & Cybercrime Tight-Lipped Agency’s Next Move in Wake of $7.5M Scam Could Be Telling Marianne Kolbasuk McGee (HealthInfoSec) • January 24, 2024 Image: Getty Even for the federal government, losing $7.5 million to cyberattacks is a big chunk of cash. Speculation is rampant […]
Geo Focus: The United Kingdom , Geo-Specific , Governance & Risk Management Voluntary Rules Will Set Baseline Security Requirement for Software Vendors, Users Akshaya Asokan (asokan_akshaya) • January 24, 2024 Image: Shutterstock The U.K. government is mulling the rollout of a voluntary set of rules urging software vendors to responsibly disclose vulnerabilities in […]
The Synacktiv Team earned $100,000 for chaining three zero-day bugs to gain root permissions on a Tesla Modem and an additional $120,000 for hacking other EV charging stations.
Jan 26, 2024NewsroomThreat Intelligence / Cyber Attack Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it’s currently beginning to notify them. The development comes a day after Hewlett Packard Enterprise (HPE) revealed that it had […]
Jan 26, 2024NewsroomCyber Crime / Malware 40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said. The development comes nearly two months after Dunaev pleaded guilty to committing computer fraud and identity […]
Jan 26, 2024NewsroomNetwork Security / Vulnerability Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper processing of user-provided data that […]