In the second quarter of 2024, ransomware and business email compromise (BEC) attacks constituted 60% of all cyber incidents, as reported by Cisco Talos. Technology was the most targeted sector, accounting for 24% of incidents, reflecting a 30% increase from the previous quarter. Attackers are focusing on tech firms as …
Experienced cybercriminals are moving away from large ransomware-as-a-service (RaaS) platforms due to increased law enforcement actions and internal scams like the AlphV/BlackCat gang’s exit scam. These criminals are now creating their own ransomware using leaked tools. Despite the change, experts warn that ransomware and extortion incidents are unlikely to decrease. …
The Department of Health and Human Services (HHS) faces significant cloud security vulnerabilities, as highlighted in a recent audit by the Office of Inspector General (OIG). The report reveals weaknesses in a dozen security controls and inadequacies in HHS’ cloud inventory processes. Critical issues include a lack of multifactor authentication …
CrowdStrike warns of a new malware campaign that exploits the recent Falcon update bug, leading to widespread IT outages. Cybercriminals are distributing the Daolpu information-stealing malware through phishing emails disguised as recovery instructions. Once active, Daolpu harvests account credentials, browser history, and cookies from popular web browsers, posing a significant …
Security researchers at PayPal have uncovered three new SMTP smuggling attack techniques that exploit misconfigurations and design flaws in at least 50 email-hosting providers. These techniques allow attackers to spoof emails from over 20 million trusted domains, bypassing essential security protocols like SPF, DKIM, and DMARC. As a result, malicious …
Los Angeles County Superior Court, the largest trial court in America, shut down all 36 courthouses following a severe ransomware attack. The attack, which occurred on Friday, rendered every electronic platform containing court data and all internet-connected devices inoperable. Since the attack, court employees and cybersecurity experts have been tirelessly …
Clay County, Indiana, has declared a local disaster following a ransomware attack that disrupted critical services at the county courthouse, Community Corrections, and Probation offices. The attack, discovered around midnight on July 9, prevented officials from accessing data or connecting with state partners, leading to the closure of the courthouse …
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These include a critical template injection flaw in the Rejetto HTTP File Server (CVE-2024-23692), a privilege escalation issue in Windows Hyper-V (CVE-2024-38080), and a spoofing vulnerability in the Windows MSHTML …
Cybersecurity experts from leading universities and tech companies have identified a critical vulnerability in the RADIUS networking protocol. Dubbed “Blast RADIUS,” the flaw allows attackers to bypass user authentication via man-in-the-middle (MITM) attacks and hash cracking. With a CVSS severity score of 7.5 out of 10, the vulnerability (CVE-2024-3596) poses …
As cloud usage becomes vital for organizations, it has also become a target for cyberattacks. A recent report by Thales highlights that 47% of corporate data stored in the cloud is sensitive, making cloud security a top priority. SaaS applications, cloud storage, and cloud management infrastructure are the leading attack …
