China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the US and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, accused the US federal government, intelligence agencies, and Five Eyes countries of conducting cyber espionage activities against China, France, Germany, Japan, and internet users globally. Remember, t
All Articles (2743)
Sort by
Qualcomm has historically been quiet about its automotive aspirations, preferring to focus attention on its Snapdragon mobile and laptop processor offerings. That might be changing. The company flew TechCrunch to its Qualcomm Snapdragon Summit on Maui to see its latest Snapdragon Elite chips. This year it is all about automotive. The Snapdragon Digital Chassis has been powering cars for a couple of years, but now Qualcomm is touting its Elite horn with Snapdragon Ride Elite and Snapdragon Co
A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by using obfuscated JavaScript to slip past security defenses. The campaign's impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected. Malicious emails often impersonate official tax documents, using the urgency of personal income tax filings to trick users into downloading the malware.
See: https://r
With everything turning digital, Cyber Security threats have been growing each day as the attack surface is massive and continuing to grow and evolve rapidly. In response to this unprecedented challenge, Artificial Intelligence (AI) based tools for cyber security have emerged to help information security teams reduce breach risk and improve their security posture efficiently and effectively.
See: https://redskyalliance.org/xindustry/ai-s-impact-on-cyber
AI is helping firms to become more resil
What did the robot vacuum say to its homeowner? You suck. In a bizarre turn of events, owners of robot vacuums across the US have reported that their devices have been hacked. One particularly alarming case involved a man whose Ecovacs Deebot X2 began yelling racial slurs at him. The incidents appear to be linked to a security vulnerability in the Chinese-made Ecovacs Deebot X2 model, according to a report by the Australian Broadcast Corporation. The flaw has exposed widely distributed smar
Researchers at Microsoft discovered a new macOS vulnerability, “HM Surf” (CVE-2024-44133), which bypasses TCC protections, allowing unauthorized access to sensitive data like the camera and microphone. Patch now to stay protected. A vulnerability discovered by cybersecurity researchers at Microsoft Threat Intelligence in macOS allows attackers to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, granting unauthorized access to sensitive user data.
Researchers ca
Recently, cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. "Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape," Checkmarx researchers Yehuda Gelb and Elad Rapaport said in a report.[1]
The software supply chain security company noted
According to cybersecurity provider Cyble, a new sophisticated malicious campaign is using an undetected Cerberus Android banking Trojan payload. In a new report published on 14 October 2024, Cyble Research and Intelligence Labs (CRIL) https://cyble.com identified 15 malicious samples posing as Chrome and Play Store apps from mid-September through the end of October. These samples use a multi-stage dropper to deploy a banking trojan payload, which was found to be leveraging the Cerberus banking
China’s Computer Virus Emergency Response Center has released part three of a running series claiming that the US government is actually behind Volt Typhoon activity, rather than China. The latest CVERC report, whose front page includes an oddly edited photo with the text “Lie to Me,” provides no new evidence of these claims and rehashes old, leaked US intelligence documents. However, this CVERC report is not useless. The CVERC report tells us more about China’s intentions than it does convin
A European Commission-funded biometric “gait recognition” program to study how to more easily identify people crossing the European Union’s external borders by examining their unique walking styles began last week. The initiative, called the PopEye Project, is supported by a €3.2 million (USD $3.5 million) grant that covers a three-year pilot testing the technology, according to TechTransfer, a program at the Vrije Universiteit Brussels and a partner on the effort. Horizon Europe, a European U
The US Department of Justice (DoJ) has announced arrests and charges against several individuals and entities for allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action, codenamed Operation Token Mirrors, is the result of the US Federal Bureau of Investigation (FBI) taking the "unprecedented step" of creating its own cryptocurrency token and company, NexFundAI.
NexFundAI, as per information on the website, was marketed as redefining the "
Iranian hackers are acting as Initial Access Brokers (IAB), selling access to critical infrastructure organizations in the West to the highest bidder. A joint security advisory recently published by the US Cybersecurity and Infrastructure Agency (CISA), together with the FBI, NSA, the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ASCS), claims Iranian threat actors are activel
Kroger’s plans to roll out facial recognition tools at its grocery stores is attracting increased criticism from lawmakers, who warn that it could be exploited to increase the prices certain individuals pay for food and put customers’ personal data at risk. In a letter this week to Kroger CEO Rodney McMullen, Congresswoman Rashida Tlaib (D-MI) said the plans, which involve using facial recognition tools in digital displays to target advertising to customers and collect information on them, pote
Threat Type: Foreign Adversarial Technological, Physical, and Cyber Influence
Geographic Area: Worldwide
This advisory supersedes and cancels US Maritime Advisory 2024-002
- Issue: This Advisory seeks to alert maritime stakeholders of potential vulnerabilities to maritime port equipment, networks, operating systems, software, and infrastructure. Foreign companies manufacture, install, and maintain port equipment that creates vulnerabilities to global maritime infrastructure information technology
Recently, the Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the disclosure reported. The marketplace discontinued its operations in late 2023 following reports of service disruptions and exit
The Internet Archive has come back online, in slightly degraded mode, after repelling an 9 October DDoS attack and then succumbing to a raid on users' data. For several days after the attack, the Archive loaded into the basic page depicted below.
Currently, it is seen that the site sometimes load that page, but sometimes load another that's closer to the Archive's usual busy home page, but omits many items. It is unclear why the site is switching between the two (and yes, we cleared caches and
In today’s interconnected world, safeguarding critical infrastructure from cyber threats is more important than ever. The continuous evolution of technology and the adoption of the Connected Worker have created unprecedented opportunities for growth and innovation. However, they have also created a vast and complex digital landscape where vulnerabilities can be easily exploited. The cybersecurity challenges facing critical infrastructure are not hypothetical; they are stark realities that can
A new attack technique that relies on radio signals from memory buses to exfiltrate data from air-gapped systems has been identified. The exploit is a novel side-channel attack that has been found to leverage radio signals emanated by a device's Random Access Memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. Air-gapped systems, typically used in mission-critical environments with exceptionally high-security requirements, such as governments, weapon systems,
The US election cycle is here, and it is becoming more important for voters not to be fooled by Deepfakes. According to recent research, just over half of Britons surveyed (53%) either have not heard of the term Deepfake or have misunderstood its meaning, with only 17% feeling confident in their ability to spot them. Meanwhile, two in five have encountered at least one deepfake in the past six months, as recent reports reveal that over 4k celebrities have fallen victim to Deepfakes, and 400 di
Some television stations and websites in Russia are offline for the second day in a row following what Moscow called an “unprecedented” attack on its digital infrastructure. The disruption began on October 7, Russian President Vladimir Putin’s birthday. Last week, Russian state-owned broadcaster VGTRK’s website and digital streaming services went off the air. The affected outlets included radio stations and TV channels such as Russia-1 and Russia-24. “Our state media holding, one of the larg
