Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

September 16, 2024 at 01:21AM Cybersecurity researchers have identified ongoing phishing campaigns using HTTP header refresh entries to deliver fake email login pages, targeting large corporations in South Korea, U.S. government agencies, and schools. These attacks encompass various sectors and are part of a growing trend of sophisticated tactics to trick recipients and steal sensitive … Read more

Over a Third of Cyberattacks Result in Job Losses

September 13, 2024 at 02:20PM In the past year, over half of organizations experienced cyber threats, with larger companies being more susceptible. These incidents led to job losses, as reported by 37% of surveyed UK IT professionals. Databarracks’ Data Health Check highlighted the impact of cyber-attacks on downtime and data loss, particularly for larger businesses. … Read more

NFL Teams Block & Tackle Cyberattacks in a Digital World

September 13, 2024 at 01:51PM The 2024 NFL season has brought new technological advancements and increased cyber threats. Sports teams face significant risks with their digital assets, including real-time player data, fan information, and critical infrastructure. The Cleveland Browns’ IT and security groups work year-round to safeguard data and protect against cyberattacks, aiming to preserve … Read more

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

September 13, 2024 at 08:15AM Despite increasing cyber threats, phished credentials remain the primary access vector for unauthorized entry, constituting over 80% of corporate risk. Traditional defenses are inadequate, prompting Beyond Identity to provide deterministic defenses by eliminating phishing, password usage, and push bombing attacks. Their platform authenticator also integrates diverse risk signals for adaptive … Read more

UK Data Centers Gain Critical Infrastructure Status, Raising Green Belt Controversy

September 13, 2024 at 08:03AM UK Technology Secretary Peter Kyle announced that data centers in the UK are now classified as part of the country’s Critical National Infrastructure. The designation aims to enhance cybersecurity and facilitate government support. However, concerns have arisen over plans for a new data center in a protected Green Belt region. … Read more

Fortinet confirms data breach after hacker claims to steal 440GB of files

September 12, 2024 at 02:03PM Fortinet, a cybersecurity company, has confirmed a data breach after a threat actor claimed to have stolen 440GB of files from its Microsoft Sharepoint server. Based on the meeting notes, it appears that cybersecurity company Fortinet has confirmed a data breach after a threat actor claimed to have stolen 440GB … Read more

Mind your header! There’s nothing refreshing about phishers’ latest tactic

September 12, 2024 at 05:24AM Palo Alto’s Unit 42 threat intel team warns of a rising tactic used by phishers to steal victims’ credentials. They identified over 2,000 large-scale phishing campaigns abusing HTTP header refresh entries to redirect visitors to malicious websites. The phishing attacks primarily target business and economy sectors, highlighting the need for … Read more

Dark Reading Expands Its Coverage to the Asia-Pacific Region

September 11, 2024 at 09:05PM Dark Reading is launching a new Asia-Pacific section within DR Global to cater to cybersecurity professionals in the region. The expansion follows gradual reporting on Asia-Pacific news and aims to provide comprehensive cybersecurity information and trends. This initiative aligns with Dark Reading’s mission to deliver trusted news and analysis worldwide, … Read more

Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

September 11, 2024 at 03:45AM Ivanti has released software updates addressing multiple critical vulnerabilities in their Endpoint Manager (EPM), with potential for remote code execution. Flaws affect EPM versions 2024 and 2022 SU5 and earlier, now resolved in versions 2024 SU1 and 2022 SU6. Additionally, high-severity issues in Ivanti Workspace Control and Cloud Service Appliance … Read more

Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens

September 10, 2024 at 04:52PM A new method called “Pixhell” can breach air gaps by using sound waves to transmit data via LCD screens. This covert channel attack works by manipulating screen pixels to create sound waves that encode stolen data. High-level security organizations are at risk, though some have built elaborate air gaps to … Read more