An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims’ data for financial gain. It’s…

Read More

Online Privacy and Overfishing Microsoft recently caught state-backed hackers using its generative AI tools to help with their attacks. In the security community, the immediate questions weren’t about how hackers were using the tools (that was utterly predictable), but about how Microsoft figured it out. The natural conclusion was that Microsoft was spying on its…

Read More

Jun 05, 2024NewsroomVulnerability / Data Security Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status. Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating system (OS) commands and arbitrary code on affected installations.…

Read More

Jun 05, 2024NewsroomCyber Attack / Online Security Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform. The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows malware propagated via direct messages…

Read More

Nearly 83% of all legal documents shared with AI tools go through non-corporate accounts, the report adds, while about half of all source code, R&D materials, and HR and employee records go into unauthorized AIs. The amount of data put into all AI tools saw nearly a five-fold increase between March 2023 and March 2024,…

Read More

MS-ISAC ADVISORY NUMBER: 2024-066 DATE(S) ISSUED: 06/04/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Progress Telerik Report Server, which could allow for remote code execution. Telerik Report Server provides centralized management for Progress’ business intelligence reporting suite through a web application. Successful chain exploitation of these vulnerabilities could allow for remote code execution in the…

Read More

During a call with analysts, CrowdStrike CEO George Kurtz pointed toward the cybersecurity vendor’s emergence as a growing player in SIEM, with many partners and customers ‘dissatisfied with the current vendors.’ CrowdStrike beat expectations during its latest quarter even amid challenging conditions with the help of channel partners, CrowdStrike Co-founder and CEO George Kurtz said…

Read More

Northern Minerals issued an announcement earlier today warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web. Northern Minerals is an Australian company focused on the exploration and development of heavy rare earth elements (HRE), specifically dysprosium and terbium, used in electronics, batteries, and aircraft. It…

Read More

Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media’s direct messages feature. Zero-day vulnerabilities are security flaws with no official patch or public information detailing the underlying weakness. After being compromised, user accounts belonging to Sony, CNN, and Paris Hilton…

Read More

In opening-day keynotes at the Sapphire conference Tuesday SAP executives unveiled new and extended alliances with AI tech leaders, including Nvidia, AWS and Microsoft, and detailed plans to expand integrations of the company’s Joule generative AI copilot with more SAP products. Application software giant SAP is vowing to infuse AI technology and capabilities across a…

Read More