Breaking News

FIND INFORMATION ABOUT THE LATEST ADVANCES IN TECHNOLOGY & NEWS RELATED TO CYBERSECURITY & ARTIFICIAL INTELLIGENCE (AI)

Microsoft Hacking Warning Among 450 Million Windows Users

On Tuesday, ESET published a report into a previously unknown Windows vulnerability that was chained with a similarly unknown browser vulnerability to successfully attack PCs. Both threats have now been patched, and Windows users need to ensure their PCs are now updated.There are still 850 million Windows 10 users—plus another 50 million on even older versions of the OS.

Blue Yonder hit by ransomware attack affecting services to US and UK grocery stores

Blue Yonder is a major software supply-chain company that provides software to US and UK grocery stores and Fortune 500 firms. A attacker hit the Arizona-based software firm affecting a private cloud computing service the company provides some customers, but not the company’s public cloud environment.

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

Five local privilege escalation vulnerabilities were discovered in the needrestart utility used by default in Ubuntu Linux since version 21.04, introduced over 10 years ago. The flaws Qualys discovered allow attackers with local access to a vulnerable Linux system to escalate their privilege to root without user interaction.

Pixel Phones Will Be Able to Detect and Report Malicious Apps in Real Time

Google has introduced a new Live Threat Detection feature in Google Play Protect, now rolling out to Pixel 6 and newer models. This feature uses on-device AI to identify and alert users in real-time about malicious apps that collect personal data without consent. Initially focusing on apps that collect personal data without user consent, Google plans to expand its detection capabilities to other types of harmful apps in the future. This could be very beneficial to help users protect their information and to improve cybersecurity on mobile devices.

New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus

The CRON#TRAP malware campaign, discovered by Securonix researchers, targets Windows systems through phishing emails disguised as surveys from OneAmerica. The attack involves a 285MB ZIP file containing a Windows shortcut and a custom QEMU virtual machine (VM). When executed, this VM installs a backdoor for remote access, allowing cybercriminals to maintain a stealthy presence on compromised machines. The use of a Linux VM helps the malware evade traditional antivirus defenses, making it a sophisticated and stealthy threat.

Massive data breach exposes 800,000 insurance customers’ personal information

Over the past couple of months, there has been a massive amount of data breaches that have occurred. As of October 30th, 2024, the insurance administrative services company Landmark Admin has warned that a data breach from a May cyberattack impacted over 800,000 individuals. Millions of policyholders and their sensitive information, such as names, Social Security numbers, driver’s license numbers and passport numbers, could be at risk of exposure, further amplifying the potential impact of this breach.

UnitedHealth Says Change Healthcare Hack Affects Over 100 Million, the Largest-Ever US Healthcare Data Breach

A recent ransomware attack on UnitedHealth’s network, Change Healthcare, has resulted in one of the largest data breaches of U.S. health records in history. The hackers stole millions of health records and demanded a ransom from UnitedHealth. Despite efforts to secure the data, the attackers set up a new extortion scheme called RansomHub, continuing to leverage the stolen information for further ransom demands.

New Cybersecurity Warning As 1,000 Elite Hackers Embrace AI

A new cybersecurity warning reveals a group of 1,000 elite hackers now using AI to enhance their attacks. This development significantly increases the sophistication and frequency of cyber threats, making it harder for traditional security measures to keep up. The integration of AI by these hackers allows for more efficient exploitation of vulnerabilities and evasion of detection, posing a substantial risk to global cybersecurity. This highlights the urgent need for advanced defensive strategies to counteract these AI-driven threats.

Firm Hacked After Accidentally Hiring North Korean Cyber Criminal

The article reports on a company that was hacked after unknowingly hiring a North Korean cyber criminal as a remote IT worker. The hacker, who faked his employment history and personal details, gained access to the company’s network, downloaded sensitive data, and issued a ransom demand. This incident highlights the growing threat of North Korean cyber operatives infiltrating Western companies to steal data and extort money.

Cybersecurity Awareness Month

As technology becomes more advanced, cybersecurity becomes a bigger concern, not just for large businesses but also for individuals. October is National Cybersecurity Month, and raising awareness and learning how to protect yourself from cyber threats becomes more and more important. Learn more about how to protect yourself or your business this month and raise awareness. Photo Credit: GCS Network
Cyber
security
Awareness Month

New Gmail Security Alert For 2.5 Billion Users As AI Hack Confirmed

A new security alert for Gmail users, highlighting a sophisticated AI-driven hacking campaign, can compromise accounts within seven days. This attack uses advanced AI techniques to bypass traditional security measures, posing a significant threat to billions of users worldwide. Google is urging users to enable two-factor authentication and stay vigilant against suspicious activities to protect their accounts.

Internet Archive data breach impacts 31 million users

A threat actor has compromised the Internet Archive and stolen a user authentication database containing 31 million unique records. The data will soon be added to Have I Been Pwned, allowing users to enter their email and confirm if their data was exposed in this breach.

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries

A new botnet named “Gorilla” has launched over 300,000 Distributed Denial-of-Service (DDoS) attacks globally. It is derived from the leaked Mirai botnet source code. Using techniques like UDP floods to conduct the DDoS attacks, and exploiting a security flaw in Apache Hadoop YARN RPC to get remote access, this botnet is particularly dangerous. The attacks have targeted various sectors, including finance, healthcare, and government, causing significant disruptions. Security experts are urging organizations to strengthen their defenses and update their systems to mitigate the impact of these attacks.

Nation-State Attack: China’s Salt Typhoon Breaches AT&T and Verizon, Report Reveals

The China-linked group Salt Typhoon has breached major U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, possibly compromising sensitive wiretap systems. This raises significant national security concerns. Security firms, including Microsoft, are investigating the incident, which involves a group known for targeting various sectors globally.

Hackers Could Remotely Control Kia Cars by Exploiting License Plates

Hackers have discovered a way to control Kia cars by exploiting vulnerabilities in the license plate recognition system. This security flaw allows them to remotely access and manipulate vehicle functions, posing significant risks to car owners. The issue highlights the growing concerns around cybersecurity in modern vehicles and the need for manufacturers to address these vulnerabilities promptly.