22 Dec, 2024

Hackers Downloaded Call Logs from Cloud Platform in AT&T Breach

Telecommunications giant AT&T has revealed that customer data has been illegally downloaded by threat actors. Hackers have downloaded the data from AT&T’s its workspace on a third-party cloud platform, the company confirmed in a statement published on July 12. According to a filing with the US Securities and Exchange Commission (SEC), the company first learned […]

5 mins read

NATO Set to Build New Cyber Defense Center

NATO’s members have agreed to the construction of a new cyber-defense facility designed to help the military alliance build resilience and better respond to digital threats. As the alliance celebrated its 75th anniversary with a summit in Washington DC from 9 to 11 July, it revealed plans for a new NATO Integrated Cyber Defence Centre […]

2 mins read

Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability

Security researchers have uncovered a critical vulnerability, CVE-2024-38021, affecting most Microsoft Outlook applications. This zero-click remote code execution (RCE) vulnerability, now patched by Microsoft, did not require any authentication, setting it apart from the previously discovered CVE-2024-30103, which required at least an NTLM token. If exploited, CVE-2024-38021 could lead to data breaches, unauthorized access and […]

1 min read

BlastRADIUS bug puts most networking devices at risk

A newly discovered flaw in the RADIUS networking protocol has the industry recognizing that a standard set in 1997 is now in need of an upgrade — even while researchers warn that well-funded state-sponsored attackers can exploit the flaw to bypass multi-factor authentication (MFA) and gain network access. In a July 9 blog post, researchers […]

3 mins read

Victims of cyber extortion and ransomware increase in 2024

More than 4,000 new victims of ransomware were recorded over the past 12 months. According to research by Orange Cyberdefense, there was a 77% year-on-year growth from 2023 with 4,374 new victims detected in 75% of countries monitored. In the first quarter of 2024, there were 1,046 victims hit by 43 different threat actors. Speaking […]

3 mins read

PHP bug executes RCEs, cryptominers and DDoS attacks

Not long after a new PHP bug was disclosed in the late spring, Akamai researchers observed numerous attempts to exploit the vulnerability, which they said indicates high exploitability and quick adoption by threat actors. Because PHP is one of the most popular server-side scripting languages used to create dynamic web pages on more than 75% […]

2 mins read

Internet Explorer still used as a malware vehicle by threat actors

Microsoft’s notorious Internet Explorer has been brought out of retirement by threat actors using its security holes to serve malware. The team at Check Point Research said it spotted a new attack in the wild which uses the ancient web browser as the delivery vehicle for malware infections. The process involves the use of a […]

2 mins read

How AI can make security more proactive and less reactive

In November 2022, the wider world suddenly became aware of the power and potential of artificial intelligence as ChatGPT was made available to the general public. Yet information-security practitioners were already familiar with automation and machine learning, which they had been using for many years in the forms of security orchestration, automation and response (SOAR) […]

6 mins read

Russia Blocks VPN Services in Information Crackdown

In a new move to restrict access to information, the Russian government has requested the removal of several virtual private access (VPN) products as well as the ban of voice over IP (VoIP) services. The London-based independent Russian media outlet MediaZona reported on July 4 that Apple removed 25 VPN apps from its App Store following a request from Roskomnadzor, […]

3 mins read

New APT CloudSorcerer Malware Hits Russian Target

Cybersecurity researchers have uncovered a new advanced persistent threat (APT) targeting Russian government entities, dubbed CloudSorcerer.  This sophisticated cyberespionage tool, discovered by Kaspersky in May 2024 and discussed in an advisory published by the firm on June 8, is designed for stealth monitoring, data collection and exfiltration, utilizing Microsoft Graph, Yandex Cloud and Dropbox for […]

3 mins read