Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Halliburton cyberattack linked to RansomHub ransomware gang
The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company’s IT systems and business operations. The attack caused widespread disruption, and GeekFeed was told that customers couldn’t generate invoices or purchase orders because the required systems were down. Halliburton disclosed the attack last Friday in an SEC […]
New Voldemort malware abuses Google Sheets to store stolen data
A new malware campaign is spreading a previously undocumented backdoor named “Voldemort” to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia. As per a Proofpoint report, the campaign started on August 5, 2024, and has disseminated over 20,000 emails to over 70 targeted organizations, reaching 6,000 in a single day at the […]
Researchers find SQL injection to bypass airport TSA security checks
Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits. Researchers Ian Carroll and Sam Curry discovered the vulnerability in FlyCASS, a third-party web-based service that some airlines use to manage the Known Crewmember (KCM) program and the Cockpit Access […]
Malware exploits 5-year-old zero-day to infect end-of-life IP cameras
The Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which have been discontinued for years and will not receive a patch. The flaw, discovered by Akamai’s Aline Eliovich, is tracked as CVE-2024-7029 and is a high-severity (CVSS v4 score: 8.7) issue in the “brightness” function […]
BlackSuit ransomware stole data of 950,000 from software vendor
Young Consulting is sending data breach notifications to 954,177 people who had their information exposed in a BlackSuit ransomware attack on April 10, 2024. Young Consulting (now Connexure) is an Atlanta-based software solutions provider specializing in the employer stop-loss marketplace, assisting insurance carriers, brokers, and third-party administrators in managing, marketing, underwriting, and administering stop-loss insurance […]
US Marshals Service disputes ransomware gang’s breach claims
The U.S. Marshals Service (USMS) denies its systems were breached by the Hunters International ransomware gang after being listed as a new victim on the cybercrime group’s leak site on Monday. “USMS is aware of the allegations and has evaluated the materials posted by individuals on the dark web, which do not appear to derive […]
Malware infiltrates Pidgin messenger’s official plugin repository
The Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware commonly used to gain initial access to corporate networks. The plugin was promoted as a screen-sharing tool for secure Off-The-Record (OTR) protocol and was available for […]
Windows Downdate tool lets you ‘unpatch’ Windows systems
SafeBreach security researcher Alon Leviev has released his Windows Downdate tool, which can be used for downgrade attacks that reintroduce old vulnerabilities in up-to-date Windows 10, Windows 11, and Windows Server systems. In such attacks, threat actors force up-to-date targeted devices to revert to older software versions, thus reintroducing security vulnerabilities that can be exploited to compromise […]
Park’N Fly notifies 1 million customers of data breach
Park’N Fly is warning that a data breach exposed the personal and account information of 1 million customers in Canada after hackers breached its network. The threat actors breached the Park’N Fly networks through stolen VPN credentials in mid-July and stole data from the company. On August 1, the company determined that customer information was also […]
Microsoft Sway abused in massive QR code phishing campaign
A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials. The attacks were spotted by Netskope Threat Labs in July 2024 after detecting a dramatic 2,000-fold increase in attacks exploiting Microsoft Sway to host phishing […]