Security
Despite patches, Windows can still be downgraded to vulnerable versions
Microsoft made significant strides to strengthen its Windows kernel against compromise. Yet, hackers with administrator privileges can still replace the kernel itself, making the whole system vulnerable.
Read more about Despite patches, Windows can still be downgraded to vulnerable versions
China hacks Verizon to target Trump/Vance communications, new report says
US officials on Friday said Chinese-affiliated hackers were able to infiltrate the nation’s commercial telecommunications infrastructure – and now several media outlets are reporting the bad actors may have gotten their hands on the phone records of Trump, running mate JD Vance, and possibly Harris campaign staffers.
Read more about China hacks Verizon to target Trump/Vance communications, new report says
Easterseals reports breach as Rhysida ransom gang demands $1.3M
The Rhysida cybercriminal outfit has proven once again it has no conscience – claiming an attack on Easterseals – an organization dedicated to helping the disabled – along with a $1,350,000 ransom tag.
Read more about Easterseals reports breach as Rhysida ransom gang demands $1.3M
Hackers put 350M Hot Topic customers’ records for sale: “largest retail breach in history”
A massive database, allegedly containing 350 million Hot Topic customers’ personal and payment data, appeared on an illicit forum, the Israeli cybersecurity firm Hudson Rock has discovered.
Read more about Hackers put 350M Hot Topic customers’ records for sale: “largest retail breach in history”
Apple announces Bug Bounty Program for its AI
Days before the launch of Apple Intelligence, the company is giving access to researchers to test out the security of its Private Cloud Compute.
Read more about Apple announces Bug Bounty Program for its AI
DDoS attacks surge to unprecedented levels, bombarding servers with 4.2Tbps
Each month now brings a new record-breaking hyper-volumetric distributed denial of service (DDoS) attack.
Read more about DDoS attacks surge to unprecedented levels, bombarding servers with 4.2Tbps
First credible ransomware variant detected for Macs: creeping evolution spells danger
Researchers from two cybersecurity firms are analyzing a new macOS malware sample that appeared in the wild. Its the first variant that demonstrates ‘credible file locking and data exfiltration capabilities.’
Read more about First credible ransomware variant detected for Macs: creeping evolution spells danger
AI honeypot hit 800K times and managed to trap six AI-powered hacking agents
A new study highlights the risk of AI-powered hack attacks on the open internet.
Read more about AI honeypot hit 800K times and managed to trap six AI-powered hacking agents
Brace yourself for the 48 hours before election day: Russia, China, and Iran ramping up attacks
Microsoft observes ‘sustained influence efforts’ from state-sponsored actors aimed at corrupting US democratic processes and warns that the last days before elections will be key. Fake videos already garner millions of views in fewer than 24 hours.
Read more about Brace yourself for the 48 hours before election day: Russia, China, and Iran ramping up attacks
Vendors responsible for almost half of breaches in the energy sector, study finds
Critical US energy infrastructure might be unprepared for cyber risks in the current threat landscape, with nearly 1 in 5 companies rated as having poor cybersecurity evaluations, according to a new SecurityScorecard and KPMG study.
Read more about Vendors responsible for almost half of breaches in the energy sector, study finds
Confessions of a company infiltrator: "I was the last person you’d ever suspect"
Put simply, I was an insider threat and the last person you’d ever suspect of criminal mischief. This was my lifestyle.
Read more about Confessions of a company infiltrator: "I was the last person you’d ever suspect"
Users raise alarm bells after Samsung Health makes medical records accessible on the app
Samsung wants users to easily access their medical records. But at what cost?
Read more about Users raise alarm bells after Samsung Health makes medical records accessible on the app
Prove you’re not a robot by running malware: crooks delivering stealers with fake CAPTCHAs
Would you fall for a CAPTCHA that asks you to go and delete the System32 folder? Threat actors are successfully using malicious bot detection prompts to drop the notorious infostealer Lumma.
Read more about Prove you’re not a robot by running malware: crooks delivering stealers with fake CAPTCHAs
Flaw crashes Apple devices with a single click, Tesla also vulnerable
Visit a website, and your Apple device blacks out. Newer iPhones and Macs with M-series processors are affected by a resource exhaustion vulnerability that instantly crashes the system, Imperva researchers have discovered. You’re probably safe, though, as the issue was addressed in an update.
Read more about Flaw crashes Apple devices with a single click, Tesla also vulnerable
SEC hits security companies with massive fines for misdirection over SolarWinds Orion hack
The US Securities and Exchange Commission (US) is charging four cybersecurity companies for providing misleading disclosures related to the SolarWinds Orion hack. Unisys, Avaya, CheckPoint, and Mimecast allegedly failed to inform investors they had also been breached.
Read more about SEC hits security companies with massive fines for misdirection over SolarWinds Orion hack
Massive data leak hits Mexican healthcare sector with over 5 million at risk
Over five million patients in Mexico are at risk following a data leak from the hospital's information systems. The leak was caused by a missing password.
Read more about Massive data leak hits Mexican healthcare sector with over 5 million at risk
Threat actors prepare at least 1,000 new malicious domains ahead of US presidential elections
As the US election approaches, scammers and fraudsters are focusing on targeting voters. FortiGuard Labs researchers have observed phishing kits for sale on the dark web and more than 1,000 new domains incorporating election-related potentially malicious content.
Read more about Threat actors prepare at least 1,000 new malicious domains ahead of US presidential elections
High-risk vulnerability affecting UniFi Network Server
Ubiquiti’s Unifi Network Server, part of the UniFi platform, is currently affected by an 8.8 out of 10 vulnerability, which attackers can exploit to elevate their privileges.
Read more about High-risk vulnerability affecting UniFi Network Server
New macOS vulnerability discovered: get the patch before attackers get access
Microsoft researchers have unveiled a new macOS vulnerability that attackers can exploit to gain unauthorized access to protected data. A patch has been available since September 16th.
Read more about New macOS vulnerability discovered: get the patch before attackers get access
Talos warns of Russian-speaking hackers attacking Ukrainian and Polish companies
A new RomCom malware variant has been attacking targets in Ukraine and Poland. Behind it is a Russian-speaking actor with multiple motivations, including both ransomware and espionage, researchers at Cisco Talos warn.
Read more about Talos warns of Russian-speaking hackers attacking Ukrainian and Polish companies
