Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Over 3.1 million fake “stars” on GitHub projects used to boost rankings
GitHub has a problem with inauthentic “stars” used to artificially inflate the popularity of scam and malware distribution repositories, helping them reach more unsuspecting users. Stars are similar to “Like” buttons on social media sites, allowing GitHub users to favorite a repository. GitHub uses the stars as part of a global ranking system and to show you […]
Massive healthcare breaches prompt US cybersecurity rules overhaul
The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to secure patients’ health data following a surge in massive healthcare data leaks. These stricter cybersecurity rules, proposed by the HHS’ Office for Civil Rights (OCR) and expected to be published as […]
US Treasury Department breached through remote support platform
Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency. In a letter sent to lawmakers and seen by the New York Times, the Treasury Department warned lawmakers it was first notified of the breach on December 8th by its vendor BeyondTrust. BeyondTrust is a privileged […]
Hackers exploit Four-Faith router flaw to open reverse shells
Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. The malicious activity was discovered by VulnCheck, who informed Four-Faith about the active exploitation on December 20, 2024. However, it is unclear if security updates for the vulnerability are currently available. […]
AT&T and Verizon say networks secure after Salt Typhoon breach
AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks. “We have not detected threat actor activity in Verizon’s network for some time, and after considerable work addressing this incident, we can report that Verizon has contained the activities […]
Malware botnets exploit outdated D-Link routers in recent attacks
Two botnets tracked as ‘Ficora’ and ‘Capsaicin’ have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. The list of targets includes popular D-Link devices used by individuals and organizations such as DIR-645, DIR-806, GO-RT-AC750, and DIR-845L. For initial access, the two pieces of malware […]
Hackers steal ZAGG customer’s credit cards in third-party breach
ZAGG Inc. is informing customers that their credit card data has been exposed to unauthorized individuals after hackers compromised a third-party application provided by the company’s e-commerce provider, BigCommerce. ZAGG is a consumer electronics accessories maker known for its mobile accessories, such as screen protectors, phone cases, keyboards, and power banks. The Utah-based company has an […]
Volkswagen’s software company exposes data of 800,000 electric cars
Volkswagen’s automotive software company, Cariad, exposed data collected from around 800,000 electric cars. The info could be linked to drivers’ names and reveal precise vehicle locations. Terabytes of Volkswagen customer details in Amazon cloud storage remained unprotected for months, allowing anyone with little technical knowledge to track drivers’ movement or gather personal information. The exposed […]
White House links ninth telecom breach to Chinese hackers
A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries. The Salt Typhoon Chinese cyber-espionage group who orchestrated these attacks (also tracked as Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286) is known for breaching government entities and telecom companies […]
Hackers exploit DoS flaw to disable Palo Alto Networks firewalls
Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. Leveraging the security issue repeatedly, however, causes the device to enter maintenance mode and manual intervention is required to restore it to normal operations. “A Denial of Service vulnerability in the DNS […]