The National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) says it has identified two major cyber espionage campaigns undertaken by the US cyber spies that hacked Chinese technology companies with the aim to steal trade secrets. In a statement, CNCERT/CC said that advanced materials design and research unit and a large-scale high-tech company focused on intelligent energy and digital information were "suspected of being attacked by a US intelligence
All Articles (2535)
Sort by
Businesses are more likely to face a costly cyber-crime attack than a robbery or fire this year as hackers continue to employ devious social-engineering skills to lure unsuspecting victims. This reality has been highlighted in several reports by global cybersecurity experts who have analyzed cybercrimes, such as ransomware (where hackers encrypt and steal data), smishing (SMS link scams) and phishing (email link/attachment scams) in recent years and have warned that Artificial Intelligence (AI)
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has taken decisive action against Integrity Technology Group, Incorporated (Integrity Tech), a Beijing-based cybersecurity company, for its alleged involvement in malicious cyber activities targeting U.S. critical infrastructure. Announced on January 3, 2025, this move represents a significant escalation in the U.S. government's efforts to combat state-sponsored cyber threats.
Integrity Tech is accused of providing inf
The National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity warned Japanese organizations of a sophisticated Chinese state-backed cyber-espionage effort called "MirrorFace" to steal technology and national security secrets. Japanese authorities said the advanced persistent threat group (APT) MirrorFace has been operating since 2019.
"By publicizing the modus operandi of 'MirrorFace' cyberattacks, the purpose of this alert is to make targeted organizat
The Green Bay Packers American football team notified fans that a threat actor hacked its official online retail store in October 2024 and injected a card skimmer script to steal customers' personal and payment information. The National Football League team says it immediately disabled all checkout and payment capabilities after discovering on 23 October 2024 that the packersproshop.com website was breached.
"On October 23, 2024, we were alerted to malicious code inserted on the Pro Shop website
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool to steal sensitive data from developer systems. "By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, and configuration details," the Socket research team said in an analysis.
Hardhat is a development environment for
Google has informed companies that use its advertising products that it will soon allow them to use fingerprinting techniques. This will allow them to track users across multiple devices including Smart TVs and game consoles.
The announcement has huge raised privacy concerns, and the move has been called “irresponsible” by Stephen Almond, the executive director of regulatory risk at the UK Information Commissioner’s Office (ICO). It is also a reversal of Google’s previous position on fingerprint
Taiwanese government networks experienced a daily average of 2.4 million cyber-attacks in 2024, most attributed to Chinese state-backed hackers. This represents double the daily average from 2023, which saw 1.2 million daily attacks targeting government networks, Taiwan’s National Security Bureau said in a new report. “Although many of those attacks have been effectively detected and blocked, the growing numbers of attacks pinpoint the increasingly severe nature of China’s hacking activities,” t
The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau (PIB) said in a statement released 05 January 2025. "Citizens are empowered with rights to demand data erasure, appoint digital nominees, and access user-friendly mechanisms to manage their data."
The rules,
From the boardroom to the cyber combat zone, the past 12 months will go down as a year that society came under attack from an unprecedented wave of digital threats. The new battlefield. Sophisticated ransomware, deepfake phishing scams and state-sponsored cyber-attacks highlighted just how pervasive the danger has become. At the same time, businesses and governments accelerated efforts to develop new defenses– actions which, while vital, sparked debates around privacy and the ethics of cyberse
The Philippines Department of Information and Communications Technology (DICT) earlier this week flagged the growing cyber-attacks against Philippine government websites, including those of the Executive branch and some lawmakers, ahead of the midterm elections. “We are constantly under attack from different sectors, from hackers, from scammers,” DICT Secretary Ivan John E. Uy told a news briefing at the presidential palace. “These are persistent threat actors. We have detected a significant
An Android malware called FireScam tricks people into thinking they are downloading a Telegram Premium application that clandestinely monitors victims' notifications, text messages, and app activity while stealing sensitive information via Firebase services.
Cyfirma researchers spotted the new infostealer with spyware capabilities. They said the malware is distributed through a GitHub.io-hosted phishing website miming RuStore, a popular Russian Federation app store.
The phishing site delivers a
Ransomware gang, Brain Cipher, has begun leaking sensitive data stolen from Rhode Island’s RIBridges social services platform earlier in December 2024. The integrated system, which managed healthcare, social services, and food assistance programs, served some 650,000 citizens including minors, before being taken offline. Exposed information was confirmed by Governor McKee to contain names, addresses, birthdates, social security numbers, and banking details. Screenshots also suggest that the st
A superseding criminal complaint filed in the US District of New Jersey was unsealed on 30 December 2024, charging a dual Russian and Israeli national for being a developer of the LockBit ransomware group. In August 2024, Rostislav Panev, 51, a dual Russian and Israeli national, was arrested in Israel under a US provisional arrest request to extradition to the United States. Panev is currently in custody in Israel pending extradition on the charges in the superseding complaint. [1]
See: https://
While you always want to be careful where you click online, a new variation on the classic clickjacking attack should give you pause when a site asks you to double-click on something. As reported by Cybernews, Amazon security engineer Paulos Yibelo has shed light on a new version of this attack that can be used to disable security settings, delete an account or even take over your existing accounts. As the name suggests, clickjacking is an attack method where hackers, scammers or other cybercr
If incidents this year are any indication, deepfakes and “harvest now, decrypt later” attacks increased by the growing adoption of quantum computing projects are among the many concerns organizations in the Asia-Pacific (APAC) region must address in 2025. Over the past year, cybercriminals operating in the APAC region have increasingly leveraged AI to launch sophisticated campaigns such as AI-generated phishing emails, adaptive malware, and deepfakes. The attacks have undermined trust in critica
Cloud environments are constantly under attack, with sophisticated threat actors employing various techniques to gain unauthorized access. One such actor, called EC2 Grouper, has become a notable adversary for security teams.
According to the latest research from Fortinet’s FortiGuard Labs Threat Research team, this group is characterized by its consistent use of AWS tools and a unique security group naming convention in its attacks. Researchers tracked this actor in several dozen customer env
Krispy Kreme has acknowledged that the December 2024 disruption to its online ordering system resulted from a cyber attack. Krispy Kreme operates four bakeries known as “Doughnut Factories,” 1,521 retail shops, and over 15,000 delivery locations in the United States. It also partnered with McDonald’s to avail its crispy doughnuts to the restaurant chain’s customers across the country. “We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online or
The Iran-linked APT group Charming Kitten has been observed using a C++ variant of the BellaCiao malware, named BellaCPP. BellaCiao, a .NET-based malware, combines webshell persistence with covert tunneling. The malicious code was first spotted in April 2023 by Bitdefender, its PDB paths reveal valuable insights, including a versioning scheme. Recently investigators discovered a BellaCiao malware sample on a computer in Asia, along with a related C++ reimplementation of an older BellaCiao vers
Emerging technologies have made CISOs strategic in their company’s growth. CISOs are now expected to be key decision-makers, influencing corporate strategy and guiding their organizations through the complexities of the current age. They are slowly transitioning from technical experts in security architecture, security operations, infrastructure security, and network security to visionaries in strategic cybersecurity and business growth. As they make this transition, it is increasingly vital for
