Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Crypto exchange Gemini discloses third-party data breach
Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed. The American crypto exchange began sending notices to impacted individuals a month ago, on June 26, 2024 but submitted a sample of the letters yesterday to the Attorney General’s […]
FBCS data breach impact now reaches 4.2 million people
Debt collection agency Financial Business and Consumer Solutions (FBCS) has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. FBCS is a US debt collection agency that collects unpaid debts from consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities. […]
July Windows Server updates break Remote Desktop connections
Microsoft has confirmed that July’s security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. “Windows Servers might affect Remote Desktop Connectivity across an organization if legacy protocol (Remote Procedure Call over HTTP) is used in Remote Desktop Gateway. […]
PKfail Secure Boot bypass lets attackers install UEFI malware
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. As the Binarly Research Team found, affected devices use a test Secure Boot “master key”—also known as Platform Key (PK)—generated by American Megatrends International […]
Critical ServiceNow RCE flaws actively exploited to steal credentials
Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. This malicious activity was reported by Resecurity, which, after monitoring it for a week, identified multiple victims, including government agencies, data centers, energy providers, and software development firms. Although the vendor released security updates […]
Google Chrome now warns about risky password-protected archives
Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. These new, more detailed warning messages help users quickly learn the nature of the danger presented by each file downloaded from the Internet. For this, Google introduced a two-tier download warning system that uses AI-powered […]
Over 3,000 GitHub accounts used by malware distribution service
Threat actors known as ‘Stargazer Goblin’ have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. The malware delivery service is called Stargazers Ghost Network and it utilizes GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain malware. In most cases, the malware are infostealers, such […]
Google Criticized for Abandoning Cookie Phase-Out
Google has been criticized for its decision to abandon plans to phase out third-party cookies in the Chrome browser, with privacy experts accusing the firm of prioritizing advertising revenue over user privacy. On July 22, Anthony Chavez, VP of the Privacy Sandbox initiative at Google, revealed the tech giant will no longer be deprecating third-party […]
Spain arrests three in pro-Russian DDoS crew takedown
Officials in Spain arrested three people as part of a takedown of a pro-Russia hacktivist group. The nation’s Ministry of Interior announced that three residents from different parts of the country were taken into custody for their alleged involvement in hacktivist crew NoName057(16). The three were not named and charges were not announced. The ministry […]
Verizon to pay $16 million in TracFone data breach settlement
Verizon Communications has agreed to pay a $16,000,000 settlement with the Federal Communications Commission (FCC) in the U.S. concerning three data breach incidents at its wholly-owned subsidiary, TracFone Wireless, suffered after its acquisition in 2021. TracFone is a telecommunications service provider offering services through Total by Verizon Wireless, Straight Talk, and Walmart Family Mobile, among […]