Internet users in Romania are finding their social media posts and online news articles bombarded with comments promoting blatant propaganda, inciting hatred towards the EU and NATO, and support for Vladimir Putin’s Russia.
Read more in my article on the Hot for Security blog.
Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild.
The two high-severity vulnerabilities are listed below –
CVE-2024-53150 (CVSS score: 7.8) – An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure
CVE-2024-53197 (CVSS score: 7.8) – A privilege escalation flaw in the USB sub-component of Kernel
Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control (C2) channel.
“‘Fast flux’ is a technique used to obfuscate the locations of malicious servers through rapidly changing Domain Name System (DNS)
A Florida man, linked to the notorious Scattered Spider hacking gang, has pleaded guilty to charges related to cryptocurrency thefts which have netted hundreds of thousands of dollars.
Read more in my article on the Hot for Security blog.
Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps — but in job offers, hardware, and cloud services we rely on every day.
Hackers don’t need sophisticated exploits anymore. Sometimes, your credentials and a little social engineering are enough.
This week,
After more than 25 years of mitigating risks, ensuring compliance, and building robust security programs for Fortune 500 companies, I’ve learned that looking busy isn’t the same as being secure.
It’s an easy trap for busy cybersecurity leaders to fall into. We rely on metrics that tell a story of the tremendous efforts we’re expending – how many vulnerabilities we patched, how fast we
A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims’ digital wallets.
“Recipients of the bulk spam are targeted with a cryptocurrency seed phrase poisoning attack,” Silent Push said in an
A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a “conflicted” individual straddling a legitimate career in cybersecurity and pursuing cybercrime.
In a new extensive analysis published by Outpost24 KrakenLabs, the Swedish security company unmasked the up-and-coming
The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader.
“These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation
Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information.
Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package discovered by Socket, disgrasya, contained a