Recent Security News

  • KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers

    February 14, 2024 at 08:03AM A new DNS vulnerability, named KeyTrap or CVE-2023-50387, has been discovered by researchers. The flaw in DNSSEC could potentially allow attackers to disrupt large parts of the internet using a single specially crafted DNS packet. While patches are being released, prevention may require changes to the underlying DNSSEC design. The…

    Read More

  • Southern Water cyberattack expected to hit hundreds of thousands of customers

    February 14, 2024 at 07:41AM Southern Water confirms data breach affecting 5-10% of customers and undisclosed staff members due to January cyberattack. Black Basta ransomware group claimed responsibility. Data, including personal and financial details, was leaked online. Customers being notified and offered Experian Identity Plus membership. No evidence of further data publication found. Critical infrastructure…

    Read More

  • CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day

    February 14, 2024 at 07:29AM The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in campaigns targeting financial market traders. The vulnerability has been patched by Microsoft, and it was discovered and disclosed by the Trend Micro Zero Day Initiative. Water Hydra has used sophisticated methods to bypass SmartScreen and…

    Read More

  • Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

    February 14, 2024 at 07:15AM Summary: The financial services sector faces escalating cybersecurity challenges as cybercriminals employ advanced tactics, AI, and deep fake technology. Recent trends reveal a surge in cyberattacks, data breaches, and state-sponsored threats. Community banks are particularly vulnerable and must address cloud security, ransomware, vendor risk, regulatory compliance, and talent shortages. Proactive…

    Read More

  • Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

    February 14, 2024 at 07:15AM Infamous malware loader Bumblebee resurfaces in a new phishing campaign targeting organizations in the U.S. Proofpoint warned about voicemail-themed lures leading to Word files with VBA macros launching PowerShell commands to execute Bumblebee. The attack chain relies on macro-enabled documents, coinciding with reappearance of new variants of QakBot, ZLoader, and…

    Read More