Category: Uncategorized
-
9 Steps to Get CTEM on Your 2025 Budgetary Radar [email protected] (The Hacker News)
Budget season is upon us, and everyone in your organization is vying for their slice of the pie. Every year, every department has a pet project that they present as absolutely essential to profitability, business continuity, and quite possibly the future of humanity itself. And no doubt that some of these actually may be mission…
-
INTERPOL Disrupts Over 22,000 Malicious Servers in Global Crackdown on Cybercrime [email protected] (The Hacker News)
INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation. Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure. “Of the approximately 30,000 suspicious IP addresses identified, 76 per…
-
South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers [email protected] (The Hacker News)
Meta has been fined 21.62 billion won ($15.67 million) by South Korea’s data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent. The country’s Personal Information Protection Commission (PIPC) said Meta gathered information such asRead More
-
Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users [email protected] (The Hacker News)
Google’s cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security. “We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025,” Mayank Upadhyay,…
-
FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions [email protected] (The Hacker News)
The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. “An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designedRead…
-
Google Cloud to roll out mandatory MFA for all users
Post ContentRead More
-
New Android Banking Malware ‘ToxicPanda’ Targets Users with Fraudulent Money Transfers [email protected] (The Hacker News)
Over 1,500 Android devices have been infected by a new strain of Android banking malware called ToxicPanda that allows threat actors to conduct fraudulent banking transactions. “ToxicPanda’s main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called on-device fraud (ODF),” Cleafy researchers Michele Roviello, Alessandro StrinoRead…
-
Leveraging Wazuh for Zero Trust security [email protected] (The Hacker News)
Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection afterRead More
-
Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices [email protected] (The Hacker News)
Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISK:STATION is an “Read…
-
Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages [email protected] (The Hacker News)
An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past fewRead…