Ransomware 2024: A year of tricks, traps, wins and losses
Ransomware criminals in 2024 stooped to new lows and high-level black hat trade craft. Targets included critical industries such as…
Month: December 2024
New details reveal how hackers hijacked 35 Google Chrome extensions
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at…
Post-ALPHV, LockBit takedown surge of RansomHub examined
Hundreds of organizations — including Rite Aid, Frontier Communications, Christie’s, and Planned Parenthood of Montana — have already been compromised…
Over 3.1 million fake “stars” on GitHub projects used to boost rankings
GitHub has a problem with inauthentic “stars” used to artificially inflate the popularity of scam and malware distribution repositories to appear more…
New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy
Dec 31, 2024Ravie LakshmananData Security / Privacy The U.S. Department of Justice (DoJ) has issued a final rule carrying out…
Massive healthcare breaches prompt US cybersecurity rules overhaul
The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act…
US Treasury Department breached through remote support platform
Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency. In…
Hackers exploit Four-Faith router flaw to open reverse shells
Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells…
Italian websites subjected to pro-Russian DDoS attack campaign
Security Affairs reports that numerous Italian websites — including those of the country’s Ministry of Foreign Affairs, the Turin Transport Group,…
Microsoft issues urgent dev warning to update .NET installer link
Microsoft is forcing .NET developers to quickly update their apps and developer pipelines so they do not use ‘azureedge.net’ domains…