A Chinese search engine optimization operation hacked more than 35 web servers and stole credentials in a campaign to boost the online rankings of malicious porn sites. Researchers from Cisco Talos dubbed the threat cluster DragonRank.
Welcome to Information Security Media Group's Black Hat and DEF CON 2024 Compendium featuring latest insights from the industry's top cybersecurity researchers and ethical hackers, as well as perspectives from CEOs, CISOs and government officials on the latest trends in cybersecurity and AI.
Android malware first seen in the wild in late 2023 has been targeting users' bank and online payment accounts, bolstered by its ability to steal one-time access codes sent via SMS. The banking Trojan, which security researchers call Ajina, appears to be a joint endeavor with affiliates.
Singapore police arrested five Chinese nationals and seized cryptocurrency assets. It said the group led an international crime organization that used hacking tools and credentials for internet servers to carry out cyberattacks. A Singapore national faces charges related to helping the group.
This week, cyberthreats rising in Mexico; FBI warned of BEC scams; U.K. police arrested hacking suspect; Avis, Slim CD, Medicare and Fortinet disclosed breaches; Highline public schools reopened after cyberattack; a critical flaw was found in WHOIS; and Konni upped attacks on Russia, South Korea.
Healthcare organizations often face obstacles in sharing cybersecurity information. Phil Englert and Errol Weiss from Health-ISAC advocate for shifting the focus from legal risks to business risks, improving incident response and building resilience through collaboration and transparency.
Federal authorities are alerting healthcare entities of vulnerabilities - including older flaws - that put Apache Tomcat at risk for attacks if left unmitigated. The open-source web server is heavily used in healthcare for hosting electronic health record and other systems and applications.
Cybercriminals are using a critical remote code execution vulnerability in an open-source geospatial data platform to spread malware globally across several industries. GeoServer Project maintainers released a patch on July 1. The vulnerability has a CVSS score of 9.8 out of 10.
In the latest weekly update, ISMG editors discussed the implications of the recent arrest of Telegram's CEO in Paris for encrypted messaging services, the transformative impact of artificial intelligence in cybersecurity, and the latest regulations designed to curb fraud in electronic payments.
Malicious actors have been using an open-source, data-stealing remote access Trojan called Babylon to spy on and steal data from three Malaysian government entities since July 2023, according to security firm Cyble in a report Wednesday. Cyble could not link the attackers to any state or group.
This week, YubiKey 5 has a flaw, an Ohio city sued a researcher, the Irish regulator ended its GrokAI case, open-source AI tools exposed data, Starlink blocked X in Brazil, FCC banned Kaspersky, Intel addressed a researcher's claim, and Transport for London is still affected by a cyber incident.
The transit authority serving metro London experienced a cyberattack that has led to subway riders experiencing problems with contactless payments for at least a second day. Transport for London said late Monday that is it "currently dealing with an ongoing cyber security incident."
A vendor that provides information systems and transcription services to radiology practices is alerting 411,037 people of a hack discovered last December involving the theft of sensitive data. The firm already faces at least four proposed federal class action lawsuits related to the hack.
Three men have pleaded guilty to running OTPAgency, a subscription service for fraudsters designed to automatically phone targets and trick them into sharing the one-time codes criminals need to log into their bank accounts. The service targeted more than 12,500 individuals over its 18-month run.
A hacking group tied to North Korea exploited a zero-day vulnerability in the open source Google Chromium web browser to try and steal cryptocurrency, Microsoft said. The attack campaign is the latest to involve a sophisticated North Korean rootkit called FudModule. Google has fixed the flaw.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.