Tag: network security
Apr 16, 2024NewsroomPrivacy Breach / Regulatory Compliance The U.S. Federal Trade Commission (FTC) has ordered the mental telehealth company Cerebral from using or disclosing personal data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users’ sensitive personal health information and other data to third parties for…
Read More
Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware “gave the malware purchasers control over victim computers and enabled them to access victims’ private communications, their login…
Read More
Apr 15, 2024NewsroomFirmware Security / Vulnerability A security flaw impacting the Lighttpd web server used in baseboard management controllers (BMCs) has remained unpatched by device vendors like Intel and Lenovo, new findings from Binarly reveal. While the original shortcoming was discovered and patched by the Lighttpd maintainers way back in August 2018 with version 1.4.51,…
Read More
Apr 15, 2024NewsroomCloud Security /SaaS Security The threat actor known as Muddled Libra has been observed actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments in a bid to exfiltrate sensitive data. “Organizations often store a variety of data in SaaS applications and use services from CSPs,” Palo Alto Networks Unit 42 said…
Read More
Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn’t a plot from the latest cyber-thriller; it’s actually been a reality for years now. How this will change – in…
Read More
Apr 15, 2024The Hacker NewsActive Directory / Attack Surface To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access. This approach to privileged identity management aims to mitigate the risks associated with prolonged high-level access by granting privileges temporarily and only when…
Read More
Apr 15, 2024NewsroomSpyware / Mobile Security Cybersecurity researchers have discovered a “renewed” cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy. “The latest iteration of LightSpy, dubbed ‘F_Warehouse,’ boasts a modular framework with extensive spying features,” the BlackBerry Threat Research and Intelligence Team said…
Read More
Apr 15, 2024NewsroomFirewall Security / Vulnerability Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize…
Read More
Apr 13, 2024NewsroomCyber influence / Warfare The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Friday announced sanctions against an official associated with Hamas for his involvement in cyber influence operations. Hudhayfa Samir ‘Abdallah al-Kahlut, 39, also known as Abu Ubaida, has served as the public spokesperson of Izz al-Din al-Qassam Brigades, the…
Read More
Apr 13, 2024NewsroomCryptocurrency / Regulatory Compliance A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023…
Read More