Search the Portal

Recent Articles

DEC2
Over 100 Organizations Hit by Cuba Ransomware: CISA, FBI

Cuba ransomware attacks on critical infrastructure have continued in 2022, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn. read more

Security Week by Ionut Arghire
DEC2
Mitsubishi Electric PLCs Exposed to Attacks by Engineering Software Flaws

Researchers at industrial cybersecurity firm Nozomi Networks have discovered three vulnerabilities in Mitsubishi Electric’s GX Works3 engineering workstation software that could be exploited to hack safety systems. read more

Security Week by Eduard Kovacs
DEC2
Google Migrating Android to Memory-Safe Programming Languages

Google is seeing a significant decrease in memory safety issues in Android due to the progressive migration to memory-safe programming languages, such as Rust. read more

Security Week by Ionut Arghire
DEC2
Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities

The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of...

The Hacker News by noreply@blogger.com (Ravie Lakshmanan)
DEC1
ConnectWise Quietly Patches Flaw That Helps Phishers

ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when...

Krebs on Security by BrianKrebs
DEC1
Wipers Are Widening: Here's Why That Matters

In the first half of this year, researchers saw a rising trend of wiper malware being deployed in parallel with the Russia-Ukraine war. However, those wipers haven’t stayed in one place – they’re emerging globally, which underscores the fact that cybercrime knows no borders. read more

Security Week by Derek Manky
DEC1
'Schoolyard Bully' Android Trojan Targeted Facebook Credentials of 300,000 Users

Mobile security firm Zimperium is warning of an Android trojan that may have stolen Facebook credentials from a large number of users. read more

Security Week by Eduard Kovacs
DEC1
Investors Double Down on Pangea Cyber API Security Bet

Pangea Cyber, an early stage startup working on technology in the API security services space, has banked $26 million in a new funding round led by Google Ventures. read more

Security Week by Ryan Naraine
DEC1
Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days

A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vu...

The Hacker News by noreply@blogger.com (Ravie Lakshmanan)
DEC1
Albanian IT Staff Charged With Negligence Over Cyberattack

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers. read more

Security Week by Associated Press
DEC1
Hackers Leak Another Set of Medibank Customer Data on the Dark Web

Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. "We are in the process of analyzing the data, but the data released appears to be the data we believe...

The Hacker News by noreply@blogger.com (Ravie Lakshmanan)
DEC1
Several Car Brands Exposed to Hacking by Flaw in Sirius XM Connected Vehicle Service

[Sirius XM car hacking project] read more

Security Week by Eduard Kovacs
DEC1
GoTo, LastPass Notify Customers of New Data Breach Related to Previous Incident

LastPass, the company known for its popular password manager, and its affiliate, GoTo, are informing customers about a new data breach that appears to be related to a cybersecurity incident disclosed a few months ago. read more

Security Week by Eduard Kovacs
DEC1
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 (CVSS score: 9.8), the shortcoming could be trivially abused by a malicious actor without any privile...

The Hacker News by noreply@blogger.com (Ravie Lakshmanan)
DEC1
What Developers Need to Fight the Battle Against Common Vulnerabilities

Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and compli...

The Hacker News by noreply@blogger.com (The Hacker News)