News
Star loses $500,000 NFT after crooks exploit Rarible market
Miscreants exploited a now-fixed design flaw in the Rarible NFT marketplace to steal a non-fungible token from Taiwanese singer and actor Jay Chou and sell it for about $500,000.…
Cybercriminals are doing their homework in latest banking scam
A new social engineering scam is making the rounds, and this one is particularly insidious: It tricks users into sending money to what they think is their own account to reverse a fraudulent charge. …
Google issues third emergency fix for Chrome this year
Google is issuing fixes for two vulnerabilities in its Chrome web browser, including one flaw that is already being exploited in the wild.…
North Korea's Lazarus cyber-gang caught 'spying' on chemical sector companies
North Korea's Lazarus cybercrime gang is now breaking into chemical sector companies' networks to spy on them, according to Symantec's threat intel team.…
Cisco's Webex app phoned home audio telemetry even when muted
Boffins at two US universities have found that muting popular native video-conferencing apps fails to disable device microphones – and that these apps have the ability to access audio data when muted, or actually do so.…
Microsoft-led move takes down ZLoader botnet domains
Microsoft has announced a months-long effort to take control of 65 domains that the ZLoader criminal botnet gang has been using as command-and-control servers.…
Threat group builds custom malware to attack industrial systems
Hackers have created custom tools to control a range of industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices, marking the latest threat to a range of critical infrastructure in the United States, according to several government agencies.…
Microsoft details how China-linked crew's malware hides scheduled Windows tasks
The China-linked Hafnium cyber-gang is using a strain of malware to maintain a persistent presence in compromised Windows systems by creating hidden tasks that maintain backdoor access even after reboots.…
Don't let ransomware crooks spend months in your network – like this govt agency did
Lockbit ransomware operators spent nearly six months in a government agency's network, deleting logs and using Chrome to download hacking tools, before eventually deploying extortionware, according to Sophos threat researchers.…
Apache says Struts 2 security bug wasn't fully fixed in 2020
Apache has taken another shot at fixing a critical remote code execution vulnerability in its Struts 2 framework for Java applications – because the first patch, issued in 2020, didn't fully do the trick.…
Taiwan, China square off over chip tech espionage laws
Trouble is brewing over moves by Taiwan to prevent China from gaining access to its chip technology, as the island nation proposes tougher laws to deter the leaking of trade secrets outside the country.…
Enemybot botnet uses Gafgyt source code with a sprinkling of Mirai
A prolific threat group known for deploying distributed denial-of-service (DDoS) and cryptomining attacks is running a new botnet that is built using the Linux-based Gafgyt source code along with some code from the Mirai botnet malware.…
Git for Windows issues update to fix running-someone-else’s-code vuln
After a hefty Patch Tuesday comes news of an update for Git to deal with a vulnerability for the source shack when run on Microsoft's Windows.…
Investment firm KKR buys Barracuda Networks
Investment firm KKR has acquired Barracuda Networks from private equity firm Thoma Bravo.…
Huawei reportedly furloughs Russian staff and stops taking orders
Chinese telecom giant Huawei has issued a mandatory month-long furlough to some of its Russia-based staff and suspended new orders, according to Russian media.…
Microsoft's huge Patch Tuesday includes fix for bug under attack
Microsoft's massive April Patch Tuesday includes one bug that has already been exploited in the wild and a second that has been publicly disclosed.…
Stolen-data market RaidForums taken down in domain seizure
After at least six years of peddling pilfered personal information, the infamous stolen-data market RaidForums has been shut down following the arrest of suspected founder and admin Diogo Santos Coelho in the UK earlier this year.…
AWS fixes local file vuln on internal credential access for Relational Database Service
A local file read vulnerability in Amazon's Relational Database Service (RDS) could be exploited to allow an attacker to gain access to internal AWS credentials, the cloud behemoth has confirmed.…
Hardware-assisted security poised for growth, says Intel
An Intel study finds that businesses are eager for cybersecurity and are keen to see how security can be baked into devices.…
Can we solve the zero-day threat once and for all? No, but here’s what we can do
Webinar Last December’s Log4j crisis brought the danger of zero day vulnerabilities to the front pages. But while one key flaw has been put under the microscope, does that mean the problem is over?…
Pages
