Cybersecurity
Category Added in a WPeMatico Campaign
Dive Brief: Two years after the historic disclosure of a critical zero-day vulnerability in the Apache Log4j library sent organizations racing to contain the damage, nearly 2 in 5 applications are still using vulnerable versions, according to a report released Thursday from Veracode. The report found nearly one-third of applications are running Log4j2 1.2.x, which […]
Dive Brief: Cyberattacks and data breaches are exposing personal data at an ever-growing rate, according to an Apple-commissioned study conducted by Stuart Madnick, professor of IT at Massachusetts Institute of Technology, published Thursday. More than 2.6 billion personal records were compromised in 2021 and 2022, and the number of records breached jumped 36% in 2022 […]
Law enforcement is suspected to be behind the recent outage of ALPHV ransomware gang’s websites. The negotiation and data leak sites, as well as the Tor negotiation URLs, have been down for over 30 hours.
Two vulnerabilities affecting a popular data analytics tool were added to the Cybersecurity and Infrastructure Security Agency’s (CISA) list of exploited bugs this week. On Thursday, CISA added CVE-2023-41265 and CVE-2023-41266 to its catalog, giving federal civilian agencies until December 28 to patch the issues. Both bugs were found this summer in Qlik Sense — […]
Dec 08, 2023NewsroomCyber Espionage / Cryptocurrency The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems. “The threat actor ultimately uses a backdoor to steal information and execute commands,” the AhnLab Security […]
A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps. The vulnerability, dubbed “AutoSpill,” can expose users’ saved credentials from mobile password managers by circumventing Android’s secure autofill mechanism, according to university researchers at the IIIT Hyderabad, who discovered the vulnerability and […]
The notorious Akira ransomware group has claimed two more victims, adding them to its list of Akira ransomware attacks. The claims were posted on a dark web forum where the threat actor boldly claimed the attack. However, upon inspection of both victim websites, it was evident that the ransomware attack had not impacted the front […]
Concept paper highlights ongoing and planned steps to improve cyber resiliency and protect patient safety. WASHINGTON – The U.S. Department of Health and Human Services (HHS) today released a concept paper that outlines the Department’s cybersecurity strategy for the health care sector. The concept paper builds on the National Cybersecurity Strategy that President Biden released […]
Dec 11, 2023NewsroomEndpoint Security / Malware A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems. SafeBreach researcher Alon Leviev said the methods are “capable of working across all processes without any limitations, making them more […]