The Golden Corral American restaurant chain disclosed a data breach after attackers behind an August cyberattack stole the personal information of over 180,000 people. [...] | Continue reading
A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware. [...] | Continue reading
Brave Software is the next company to jump into AI, announcing a new privacy-preserving AI assistant called "Leo" is rolling out on the Android version of its browser through the latest release, version 1.63. [...] | Continue reading
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who breached Ivanti appliances using one of multiple actively exploited vulnerabilities can maintain root persistence even after performing factory resets. [...] | Continue reading
Microsoft has released the optional KB5034843 Preview cumulative update for Windows 10 22H2 with an updated sharing experience and eight other fixes or changes. [...] | Continue reading
Microsoft has released the optional KB5034848 Preview cumulative update for Windows 11 23H2 and 22H2, which brings new features, including USB 80Gbps and nineteen other changes and fixes. [...] | Continue reading
GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code. [...] | Continue reading
Citrix and Sophos products have been impacted by leap year flaws, leading to unexpected problems in their products. [...] | Continue reading
Microsoft has released the Windows 11 'Moment 5' update for versions 23H2 and 22H2, starting the rollout of new features, such as Windows Copilot skills and plugins, Voice Access, AI enhancements for ClipChamp and Photos, and Narrator improvements. [...] | Continue reading
Microsoft says that systems running Windows 11 22H2 will continue to receive non-security preview updates after initially stating they would no longer receive them after February 2024. [...] | Continue reading
AI service Cutout.Pro has suffered a data breach exposing the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names. [...] | Continue reading
According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks. [...] | Continue reading
At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor. [...] | Continue reading
U.S. President Joe Biden has signed an executive order that aims to ban the bulk sale and transfer of Americans' private data to "countries of concern" such as China, Russia, Iran, North Korea, Cuba, and Venezuela. [...] | Continue reading
The Rhysida ransomware gang has claimed the cyberattack on Lurie Children's Hospital in Chicago at the start of the month. [...] | Continue reading
Kali Linux has released version 2024.1, the first version of 2024, with four new tools, a theme refresh, and desktop changes. [...] | Continue reading
The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform. [...] | Continue reading
The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption. [...] | Continue reading
North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques. [...] | Continue reading
Epic Games said they found zero evidence of a cyberattack or data theft after the Mogilevich extortion group claimed to have breached the company's servers. [...] | Continue reading
Japan's Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware. [...] | Continue reading
This article takes a look at some lessons from recent phishing attacks and highlights actionable tips to limit the risks of phishing affecting your company. [...] | Continue reading
A threat actor named Savvy Seahorse is abusing CNAME DNS records Domain Name System to create a traffic distribution system that powers financial scam campaigns. [...] | Continue reading
Registrars can now block people from registering tens of thousands of domain names that look like, are spelling variations of, or otherwise infringe on brand names. [...] | Continue reading
Pharmaceutical giant Cencora says they suffered a cyberattack where threat actors stole data from corporate IT systems. [...] | Continue reading
Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. [...] | Continue reading
The Phishing as a Service (PhaaS) platform 'LabHost' has been helping cybercriminals target North American banks, particularly financial institutes in Canada, causing a notable increase in activity. [...] | Continue reading
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability. [...] | Continue reading
Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. [...] | Continue reading
The German state of Hessen (Hesse) has been hit with a ransomware attack, causing the government to shut down IT systems and disrupting the availability of its consumer advice center. [...] | Continue reading
Malicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months. [...] | Continue reading
Microsoft says the February 2024 updates fail to install on Windows 11 22H2 and 23H2 systems, with 0x800F0922 errors and downloads stopping at 96%. [...] | Continue reading
A cyberattack on UnitedHealth Group subsidiary Optum that led to an ongoing outage impacting the Change Healthcare payment exchange platform was linked to the BlackCat ransomware group by sources familiar with the investigation. [...] | Continue reading
A hacking group tracked as 'UAC-0184' was observed utilizing steganographic image files to deliver the Remcos remote access trojan (RAT) onto the systems of a Ukrainian entity operating in Finland. [...] | Continue reading
If you ever wanted to play DOOM on a lawnmower, you will soon have your chance with a new software update coming to Husqvarna's robotic line of lawnmowers this spring. [...] | Continue reading
The White House Office of the National Cyber Director (ONCD) urged tech companies today to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities. [...] | Continue reading
Threat actors are exploiting a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams. [...] | Continue reading
Members of the Five Eyes (FVEY) intelligence alliance warned today that Russian Foreign Intelligence Service (SVR) hackers tracked as APT29 are now increasingly targeting their victims' cloud services. [...] | Continue reading
Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort. [...] | Continue reading
While security training can help create a culture of cybersecurity awareness, it can't be relied upon to consistently change behavior. Learn more from Specops Software about the limitations of training and five ways you can increase password security. [...] | Continue reading
A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising. [...] | Continue reading
The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector. [...] | Continue reading
PayPal has filed a patent application for a novel method that can identify when "super-cookie" is stolen, which could improve the cookie-based authentication mechanism and limit account takeover attacks. [...] | Continue reading
The Royal Canadian Mounted Police (RCMP), Canada's national police force has disclosed that it recently faced a cyber attack targeting its networks. The federal body has started its criminal investigation into the matter as it works to determine the scope of the security breach. … | Continue reading
Apple is adding to the iMessage instant messaging service a new post-quantum cryptographic protocol named PQ3, designed to defend encryption from quantum attacks. [...] | Continue reading
The U.S. Federal Trade Commission (FTC) sued tax preparation giant H&R Block over the company's deceptive "free" online filing advertising and for pressuring people into overpaying for its services. [...] | Continue reading
Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November. [...] | Continue reading
Google is retiring the standalone Pay app in the United States. Users have until June 4 to transfer the balance to bank accounts. [...] | Continue reading