Avast, the cybersecurity software company, is facing a $16.5 million fine from the FTC after its privacy extensions and antivirus software harvested and sold user data.
In a report going over the state of malware in 2024, device management firm Jamf says that 9% of mobile users were caught by phishing, while 20% of companies were at risk because of bad smartphone configurations.
Joomla maintainers have addressed multiple flaws in the popular content management system (CMS) that can lead to execute arbitrary code
Discover the techniques, tactics (TTPs) used by Scattered Spider intrusion set, including social engineering and targeted phishing campaigns.
An analysis of the recent ConnectWise ScreenConnect authentication bypass vulnerability, root cause, and indicators of compromise.
Data from a Chinese cybersecurity vendor that works for the Chinese government exposed a range of hacking tools and services.
Useful quantum computers aren’t a reality—yet. But in one of the biggest deployments of post-quantum encryption so far, Apple is bringing the technology to iMessage.
#apple #computing #encryption #privacy #quantum #security
Officials handling security and defense issues were the target of phone hacking, internal email says.
ThreatFabric said the campaign has evolved since last year, employing sophisticated methods and mainly targeting Samsung devices
Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation.
LockBit is widely recognised as the world’s most prolific and harmful ransomware, causing billions of euros worth of damage.This international sweep follows a complex investigation led by the UK National Crime Agency in the framework of an international taskforce known as ‘Operation Cronos’, coordinated at European level by Europol and Eurojust.The months-long operation has resulted in the compromise of LockBit’s...
The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month.
As the damage caused by ransomware and profits flowing to attackers reaches record levels, a panel of cybersecurity and policy experts reviewed what it might take
LockBit — the most prolific ransomware group in the world — had its website seized Monday as part of an international law enforcement operation that involved the U.K.’s National Crime Agency, the FBI, Europol and several international police agencies.
Russian hackers attacked several popular Ukrainian media outlets over the weekend, posting fake news related to the war.
I began my search for opportunities and stumbled upon a list of eligible websites for bug hunting at https://gist.github.com/R0X4R/81e6c50c091a20b060afe5c259b58cfa. This list became my starting…
Law enforcement agencies from 11 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ''Operation Cronos.
Lockbit, a notorious cybercrime gang that holds its victims' data to ransom, has been disrupted in a rare international law enforcement operation by Britain’s National Crime Agency and the U.S. Federal Bureau of Investigation, according to a post on the gang’s extortion website on Monday.
The leaked documents supposedly discuss spyware developed by I-Soon, a Chinese infosec company, that’s targeting social media platforms, telecommunications companies, and other organizations worldwide. Researchers suspect the operations are orchestrated by the Chinese government.
Unknown individuals allegedly leaked a trove of Chinese government documents on GitHub. The documents reveal how China conducts offensive cyber operations with spyware developed by I-Soon, Taiwanese threat intelligence researcher Azaka Sekai claims.
he National Research Center for Applied Cybersecurity ATHENE has uncovered a critical flaw in the design of DNSSEC, the Security Extensions of DNS (Domain Name System). DNS is one of the fundamental building blocks of the Internet. The design flaw has devastating consequences for essentially all DNSSEC-validating DNS implementations and public DNS providers, such as Google and Cloudflare. The ATHENE team, led by Prof. Dr. Haya Schulmann from Goethe University Frankfurt, developed “KeyTrap”, a new class of attacks: with just a single DNS packet hackers could stall all widely used DNS implementations and public DNS providers. Exploitation of this attack would have severe consequences for any application using the Internet including unavailability of technologies such as web-browsing, e-mail, and instant messaging. With KeyTrap, an attacker could completely disable large parts of the worldwide Internet. The researchers worked with all relevant vendors and major public DNS providers over several months, resulting in a number of vendor-specific patches, the last ones published on Tuesday, February 13. It is highly recommended for all providers of DNS services to apply these patches immediately to mitigate this critical vulnerability.
