Items tagged with cybersecurity

In case you weren't aware, VMware operates a security arm called Carbon Black. On Halloween, Carbon Black's Threat Analysis Unit (TAU) announced that it had found 34 different vulnerable Windows drivers that had firmware access. To be clear, that's 34 unique filenames; the actual number of different driver files is... Read more...
Building supply and home improvement company Ace Hardware has seemingly suffered a severe cybersecurity attack and is dealing with the fallout. After an email notice surfaced on Reddit, online sales have gone down, and outbound shipments are on hold while the breach is dealt with. While there has been no direct... Read more...
Ransomware has become one of the most prevalent means by which threat actors generate revenue, creating a billion-dollar underground industry. Given this financial reality, ransomware gangs are working constantly to outsmart the authorities trying to stop them, though that has not seemed to work. Now, the Biden... Read more...
With a purported userbase of over 500 million, WinRAR is one of the world’s most popular file compression tools thanks in part to its never-ending free trial. However, with such prevalence, WinRAR is also a juicy target for hackers to gain a foothold or escalation on a device. Google’s Threat Analysis Group (TAG) has... Read more...
' Discord is a great voice, text, and video platform that allows friends, family, and communities of all types to connect in a common space. However, it’s been known that Discord has been used for some terrible things, such as the massive leak of intelligence from the U.S. Pentagon. Now, threat actors are leveraging... Read more...
Cloud gaming has many advantages, such as lowering the barrier to entry to triple-A titles that require beefier and beefier hardware these days. However, one downside to this ecosystem is that there is a vast centralized dataset that could make for a rather juicy target for hackers. This is exactly what ShadowPC, a... Read more...
Threat actors and malicious hackers have been targeting gamers with malware for quite some time, as they can be easy targets who download and run strange things from the internet all the time. Such was the case with a trojanized Super Mario game earlier this year that could have stolen information, run ransomware, or... Read more...
If Marvin the Martian makes it onto your computer and does privilege escalation to take it over, we might now know just how they did it. A new Linux local privilege escalation vulnerability, dubbed Looney Tunables. that can bump basic users to root was discovered, affecting a plethora of Linux installations. Glibc... Read more...
Phishing emails traditionally come from threat actors looking to make a quick buck or steal some data for nefarious purposes. Things get confusing, however, when phishing-style emails come directly from an organization like Amazon. That is exactly what happened over the weekend, leaving many customers baffled... Read more...
Chinese threat actors are upping their game in the cybersecurity realm, as indicated by new Linux backdoors and other advanced tactics, techniques, and procedures (TTPs). With this, an international multi-agency team led by the National Security Agency (NSA) has discovered a People’s Republic of China-linked group... Read more...
Side channel attacks are always fascinating to see how they are executed, such as the recent discovery that encryption keys could be stolen by recording power LEDs on various devices. Researchers have found that malicious websites might be able to see usernames and other sensitive information by leaking it from... Read more...
Nonprofit NGO National Student Clearinghouse handles student data reporting and exchange, serving 3,600 universities and 22,000 high schools around the United States. However, being “the leading provider of educational reporting, data exchange, verification, and research services” would make the organization a rather... Read more...
As it turns out, hotels, and by extension, the hospitality industry, are not the most secure organizations around despite handling personal information and credit card details. This is evident in the recent MGM Hotel breach or even further back with the 2022 social engineering of Marriott. Now, an infostealer campaign... Read more...
Trend Micro has been tracking a threat-actor group since early 2021, dubbed Earth Lusca, which is purportedly based out of China. Since that initial discovery, researchers have found the group has utilized increasingly sophisticated infrastructure, tools, techniques, and procedures to advance its goals in... Read more...
While Windows is nearly ubiquitous, great for convenience and it offers a familiar end-user experience, some things are more easily done on Linux. Given this odd juxtaposition of popularity versus utility, threat actors targeting Linux are finding a target-rich environment that can still fly under the radar for the... Read more...
As it turns out, it does not take a team of highly specialized criminals led by one Danny Ocean to disrupt a massive casino network these days. It only realistically takes a team of hackers to bring things to a grinding halt and potentially get away with personal data or money in the era of the digital heist. From... Read more...
This month, the Associated Press is warning that the personal information of AP Stylebook customers was compromised in a data security incident over the summer. What tipped the AP off was a series of phishing emails being sent to AP Stylebook customers asking them to provide updated credit card information. The AP... Read more...
As we await the next generation of iPhone, Apple is engaged with other issues at the current moment, such as two new vulnerabilities discovered in iOS, iPadOS, watchOS, and MacOS. As such, Apple device owners should update their devices as soon as possible with the released security patch to prevent the infection... Read more...
Grassroots online items exchange forum Freecycle has been the focus of a massive data breach affecting more than 7 million of its users. Here's what you need to know. Non-profit organization Freecycle announced that it detected a data breach three months after stolen data from the site was put on sale on a hacking... Read more...
This year, international fashion brand Forever 21, which has over 540 store locations, suffered a data breach affecting over 500,000 persons. As of late, a breach notice has been shared with the Office of the Maine Attorney General, and notices to affected parties will likely be delivered shortly. On March 20th... Read more...
Earlier this month, researchers at the National Science Foundation’s NOIRLab detected and responded to an unknown cybersecurity incident on its network. While security teams were reportedly quick to isolate the incursion, it shuttered the lab’s astronomical observatory operations and shines a spotlight on the... Read more...
The FBI and Justice Department recently announced a “multinational operation to disrupt and dismantle the malware and botnet known as Qakbot.” In what the authorities are calling one of the largest U.S.-led disruption operations, Qakbot infrastructure was accessed to tear down the network from the inside. Qakbot... Read more...
First ... Prev 2 3 4 5 6 Next