September 13, 2024 at 02:20PM The FBI and CISA warn of high disinformation spread claiming cyberattacks on US voter registration databases, instigated by malicious actors to manipulate public opinion and undermine trust in democracy. Access to voter registration information does not indicate compromise, and there’s no evidence of cyberattacks preventing elections or altering voter data. … Read more
September 11, 2024 at 05:12PM North Korean hacker group Lazarus is using a phishing campaign to target Python developers, posing as recruiters and luring them with coding test projects for password management products containing malware. The VMConnect campaign was detected in 2023, and ReversingLabs reports that the malicious projects are hosted on GitHub. Job candidates … Read more
August 29, 2024 at 08:06AM European cybersecurity startup Uniqkey has secured €5.35 million in a funding round led by Swedish VC BackingMinds, bringing its total funding to €15.35 million. Founded in 2017, the Danish-based company specializes in secure employee access to resources using encryption and aims to scale its technology to support more organizations, particularly … Read more
August 28, 2024 at 01:06PM Fortra has issued a warning about a serious hardcoded password vulnerability in FileCatalyst Workflow. This flaw has the potential to enable unauthorized access to an internal database, leading to data theft and the acquisition of administrator privileges. Based on the meeting notes, it seems that Fortra is alerting about a … Read more
August 28, 2024 at 06:05AM Open source large language model (LLM) servers and vector databases are unknowingly leaking sensitive data online. Legit security researcher Naphtali Deutsch discovered numerous vulnerable open source AI services, including unpatched Flowise servers and unprotected vector databases. The exposed data poses serious security risks, requiring organizations to implement strict access controls … Read more
August 13, 2024 at 02:17PM The FBI has dismantled the global cyber infrastructure of Radar/Dispossessor, a ransomware gang originally linked to LockBit. The group targeted small-to-mid-sized businesses across diverse sectors and utilized double extortion tactics. While this takedown is a significant win, arrests and public exposure of the gang’s leaders are needed. Organizations are urged … Read more
August 8, 2024 at 06:40AM A recent survey by Arlington Research and Kaspersky revealed that many Brits are cautious about webcam privacy but willingly share personal information through online games. Conducted on 10,000 consumers, including 1,000 in the UK, aged between 18 and 40 interested in new technology, the survey highlighted the need for increased … Read more
August 6, 2024 at 10:19AM Increased incidents of stolen credentials have been giving rise to a thriving market for brokering initial access. Stolen credentials are commonly obtained through social engineering and malware, leading to a 24% increase in breaches. Various methods including brute force attacks are used to steal credentials, posing a major threat. Cybersecurity … Read more
July 24, 2024 at 01:36PM KnowBe4 hired a North Korean state actor posing as a Principal Software Engineer. The company stopped the attempted installation of information-stealing software. The actor evaded background checks and used AI tools to create a fake identity. KnowBe4 detected the threat through its security product and now recommends isolating new hires’ … Read more
July 11, 2024 at 03:28PM Over 2.3 million people are to receive letters due to a data breach at Advance Auto Parts. The breach compromised personal information of job applicants and employees, including names, Social Security numbers, and more. Unauthorized access to the company’s cloud environment was discovered and reported to law enforcement. Credit monitoring … Read more