Threat actors from the Democratic People’s Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country. “Even though movement in and out of and within the country is heavily restricted, and its general population is isolated from […]
Cybersecurity researchers have detailed a “severe design flaw” in Google Workspace’s domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges. “Such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized […]
With the holiday online shopping blitz just days away, a study examining how online merchants handle customer personal and financial data suggests shoppers need to add a dollop of caution to their shopping list. An examination of web application security practices by online retailers revealed a mix of privacy red flags for Black Friday and […]
The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center (GMC), in June 2021 to boost his company’s business. Vikas Singla, who worked for Securolytics, a network security company that provided services to the healthcare industry, pleaded guilty to hacking into the systems […]
The UK’s cyber chief has today signalled that the threat to the nation’s most critical infrastructure is ‘enduring and significant’, amid a rise of state-aligned groups, an increase in aggressive cyber activity, and ongoing geopolitical challenges. In its latest Annual Review, published today, the National Cyber Security Centre (NCSC) – which is a part of GCHQ […]
SAN FRANCISCO/WASHINGTON, Nov 14 (Reuters) – The U.S. Federal Bureau of Investigation (FBI) has struggled to stop a hyper-aggressive cybercrime gang that’s been tormenting corporate America over the last two years, according to nine cybersecurity responders, digital crime experts and victims. For more than six months, the FBI has known the identities of at least […]
While intended for convenience and efficient communication, email auto-forwarding rules can inadvertently lead to the unauthorized dissemination of sensitive information to external entities, putting confidential data at risk of exposure to unauthorized parties. Wing Security (Wing), a SaaS security company, announced yesterday that their SaaS shadow IT discovery methods now include a solution that solves […]
As businesses deal with the fallout of massive ransomware waves, from Lapsus$ to Cl0p/MOVEit, an unlikely new entity is joining the regulatory bodies to raise the bar for cybersecurity: the cyber insurer. These experts do more than just process claims in the aftermath of an attack. Their coverage requirements and metrics-driven approach to risk put […]
The unexpected drop in malicious activity connected with the Mozi botnet in August 2023 was due to a kill switch that was distributed to the bots. “First, the drop manifested in India on August 8,” ESET said in an analysis published this week. “A week later, on August 16, the same thing happened in China. […]
1. Biggest-ever DDoS attack threatens companies worldwide Companies including Google and Amazon say they have fought off the world’s biggest distributed denial of service (DDoS) attack, but are warning internet users that these types of attacks could cause widespread disruption unless cybersecurity measures are stepped up. A DDoS attack aims to make a website unreachable […]