Skip to content

Blog Category: News

News related articles
Alt Ten Selects NewPush to Host Its Ground Breaking Social Business Software

Social Business Software powered by NewPush Alt Ten, a Littleton, Colorado based Social Business Software startup selects NewPush to run its ground breaking software, TurboStack. TurboStack aims at filling the gap between traditional Email, CRM, ERP and other productivity tools and the power of Social Media. NewPush has the infrastructure and know-how to scale applications […]

Cisco Bug Triggers Outage in our Denver Data-Center

Today Cisco BGP memory leak (bug ID CSCsw63003) during routine BGP updates caused a 22 minute outage in our downtown Denver facility. An after action report can be found here: Cisco BGP Bug After Action Report. We extend our deepest apologies to all of our customers who were impacted by this outage. We clearly recognize […]

Windows 7 Privacy for Internet Connection Checking

Windows 7 has an interesting feature to determine if there is a working Internet connection. By default, it sends information to Microsoft to about the connection location. The following article explains how this works, and how to reconfigure the setting to regain privacy while maintaining that useful feature: http://blog.superuser.com/2011/05/16/windows-7-network-awareness/

Newsletter – November 2016

NewPush newsletter – November 2016 edition I would like to welcome you to our newsletter of November 2016. Did you know that NewPush has been in business since 1999 providing stable and reliable service to our customers in both North America and Europe? Our cloud vision was implemented many years prior to the time the […]

Advice in the Wake of Security Breaches

By Mark Nyquist ‐ Information Systems Director, Epicor HCM In the wake of the recent security breaches (see links below), I’d like to take just a quick moment to remind everyone that extra vigilance and scrutiny are becoming vital for the security of work and home environments. I’m sure that many of you have already […]

SPAM Filter Upgrade

Thoughout the week of October 25th, 2010, we will be upgrading our customers from the Postini/Google SPAM filter to the Red Condor SPAM and Virus filter. As a result of the upgrade, former Postini/Google customers will have more flexibility and more ease of use to access automatically their quarantine. If you have any questions, please […]

IPPAY NON-INTRUSIVE MAINTENANCE NOTIFICATION

***IPPAY NON-INTRUSIVE MAINTENANCE NOTIFICATION*** Duration of Maintenance: 60 minutes Start Time of Maintenance: 10:00pm CST, Thursday, July 2, 2015  Stop Time of Maintenance: 11:00pm CST, Thursday, July 2, 2015 Scope of Maintenance: To ensure the most reliable environment is maintained for our customers, IPpay Technical Services will be performing planned system updates. We expect the […]

Testing – Best Kept Secret in Software Development

The majority of projects in IT are over budget and miss their deadline.  We often notice that IT staff works hard just to stay in one place.  While there are many causes, one of the key factors to mitigate the problem is testing.  In this article, we will define show what happens if you: let testing […]

NewPush Petabyte Storage Solutions Featured in InfoStore

I had a chance to chat with Dave Simpson recently about our partnership with Zerowait to deliver great value on high end and high quality storage to our customers. Here is the article mentioning our Petabyte Storage Solutions.

Moves towards Crypto Legislation

This debate over what the future of cryptocurrencies should look like is just heating up, as central banks around the world are developing their own currencies, and legislation is being passed to begin to define the crypto sector.

Tracking Unauthorized Access to Okta's Support System

Okta Security detected unauthorized access to their support system due to a compromised credential, allowing the viewing of certain customer files.

Neuberger: New global initiatives will include information sharing, ransomware payment tracking

A global coalition of government cybersecurity leaders will announce efforts to boost information sharing about digital threats and take on nefarious cryptocurrency payments when they convene in Washington.

Bracing for AI-enabled ransomware and cyber extortion attacks

As businesses scramble to take the lead in operationalizing AI-enabled interfaces, ransomware actors will use it to scale their operations, widen their profit margins, and increase their likelihood of pulling off successful attacks.

Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO

In a development sparking chatter and debate through the cybersecurity world, the lawsuit filed by the U.S. Securities and Exchange Commission (SEC) against the Chief Information Security Officer (CISO) of SolarWinds is leaving CISOs across the industry spooked and reevaluating their roles.

28 Countries Sign Bletchley Declaration on Responsible Development of AI

The UK government called it a “landmark” decision for the future of artificial intelligence (AI). The Bletchley Declaration, has been signed by 28 countries, including the US, the UK, China, six EU member states, Brazil, Nigeria, Israel and Saudi Arabia. 

How global password practices are changing

The average Password Health Score ranges from 70.9 in Northern America to 78.2 in Eastern Europe, indicating a need for improvement across all regions, according to a report. However, the scores improved by nearly two points in the past year, thanks to fewer weak, reused, and compromised passwords.

FBI Warns of Emerging Ransomware Initial Access Techniques

The FBI has warned that ransomware attackers are targeting third party vendors and services to compromise businesses.

ChatGPT: OpenAI Attributes Regular Outages to DDoS Attacks

The popular generative AI application ChatGPT experienced recurring outages this week on both the ChatGPT interface and the associated API, according to its own status page.

File-Transfer services, rich with sensitive data, are under attack

The spree of attacks against MOVEit environments in May, which are still cascading to downstream victims five months later, capped a concentrated period of damaging attacks against file-transfer services. Progress Software’s MOVEit, Fortra’s GoAnywhere and IBM Aspera Faspex were hit by supply-chain attacks over a three-month span starting in March this year.

Retailers brace for cyberthreat feast ahead of Thanksgiving shopping weekend

Threat groups are finding sophisticated new technologies to target retailers and their customers, as consumers turn to e-commerce channels to find the best discounts.

Info Stealers Thrive in Hot Market for Stolen Data

In the dubious race for popularity among cybercriminals, Redline Stealer appears to be far and away attackers' top choice for malware built to steal lucrative and sensitive data, including cryptocurrency wallet and remote access credentials. 

Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks

A security vendor’s 11-month long review of non-public data obtained by investigative journalists at Reuters has corroborated previous reports tying an Indian hack-for-hire group to numerous — sometimes disruptive — incidents of cyber espionage and surveillance against individuals and entities worldwide.

MOVEit victim count latest: 2.6K+ orgs hit, 77M+ people's data stolen

According to security shop Emsisoft, 2,620 organizations and more than 77 million individuals have been impacted to date, with millions in the past weeks alone have received notifications that their info was either accessed, leaked, or both after the Russian ransomware gang Clop exploited a security hole in MOVEit back in May to steal files from compromised instances.

AI Boosts Malware Detection Rates by 70%

Threat intelligence-sharing platform VirusTotal has unveiled new research showing how AI can be used by cyber defenders to enhance malware analysis.

WhatsApp’s New Secret Code Feature Lets Users Protect Private Chats with Password

Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform.

One Year of ChatGPT: The Impact of Generative AI on Cybersecurity​

OpenAI launched ChatGPT a year ago on November 30, 2022. The public release of the large language model (LLM) chatbot quickly sparked discussion about the societal impact generative AI will have – both good and bad.

Apple Sets Trap to Catch iMessage Impersonators

The company activated a new feature called iMessage Contact Key Verification in another attempt to block impersonators and sophisticated threat actors abusing its iMessage server infrastructure.

New cybercrime market 'OLVX' gains popularity among hackers​

A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks.

More Than 26,000 Vulnerabilities Discovered in 2023​

A total of 26,447 vulnerabilities were disclosed in 2023, surpassing the previous year by over 1500 CVEs. The figures come from the latest report by the Qualys Threat Research Unit (TRU), published today.

Top 10 Cyber-Attacks of 2023

There has been a wide range of major cybersecurity incidents in 2023, from nation-state espionage campaigns to attackers gaining a gateway to thousands of enterprises through software supply chain vulnerability exploitations.

FBI Takes Down BlackCat Ransomware, Release Free Decryption Tool

The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked by the malware. Court documents show that the U.S.

Zerocopter Debuts First Hacker-Led Cybersecurity Marketplace​

With cybercrime projected to cost $8 trillion in 2023 and businesses, particularly smaller ones, often lacking the resources and expertise to keep up, the digital sector is fast becoming the most vulnerable one.

2023 Rewind: The year in cybersecurity

The year 2023 saw three significant events that raised the stakes for cybersecurity professionals.

5 Wackiest Cybersecurity Stories of 2023​

The world of information security covers a range of topics, and in such a rapidly evolving field, we sometimes come across unique, unusual and even downright whacky stories. These include bizarre attack methods and cybercriminals getting their comeuppance.

GitHub warns users to enable 2FA before upcoming deadline​

GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication (2FA) on their accounts.

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data​

On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Over 50 million records containing PII of consumers from around the world have been leaked.

A tale of 2 casino ransomware attacks: One paid out, one did not​

The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains.

Unveiling Zeppelin2 Ransomware: A New Threat Emerges on Dark Web​

In a recent development on an underground forum, a user is actively promoting the sale of Zeppelin2 ransomware, offering both its source code and a cracked version of its builder tool. This malicious software, known for its destructive capabilities, has caught the attention of cybersecurity experts and law enforcement agencies worldwide.

DDoS attack traffic surged in 2023, Cloudflare finds​

Distributed denial of service attacks hit an all-time high in 2023, more than doubling year over year in the fourth quarter, Cloudflare said Tuesday in a threat report. The record high year for DDoS attacks coincided with mass exploits of the novel zero-day vulnerability HTTP/2 Rapid Reset, which threat actors used to launch DDoS attacks that broke records during the third quarter of 2023.

China claims it cracked Apple's AirDrop to find numbers, email addresses​

A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. China has a long history of censoring its people, requesting Apple block access to mobile apps, blocking encrypted messaging apps, such as Signal, and creating the Great Firewall of China to control what sites can be visited in the country.

New Tool Identifies Pegasus and Other iOS Spyware​

Kaspersky’s Global Research and Analysis Team (GReAT) has unveiled a new, lightweight method to detect sophisticated iOS spyware, including notorious threats like Pegasus, Reign and Predator.

OpenAI Announces Plans to Combat Misinformation Amid 2024 Elections​

With elections expected to occur in over 50 countries in 2024, the misinformation threat will be top of mind. OpenAI, the developer of the AI chatbot ChatGPT and the image generator DALL-E, has announced new measures to prevent abuse and misinformation ahead of big elections this year.

Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023​

Email security remained top of mind for cybersecurity professionals in 2023 as over nine in ten (94%) cyber decision-makers had to deal with a phishing attack, according to email security provider Egress. This is up 2% from the previous year, Egress’ Email Security Risk Report 2024 found.

Apple's Anti-Theft Security Slows Down iPhone Crooks​

Apple pushed out a security update for iPhone this week featuring a brand-new Stolen Device Protection for iPhone feature. Stolen Device Protection restricts the user's ability to make critical changes to the device settings when the device is not in a familiar location such as the user's home.

Mother of all breaches – a historic data leak reveals 26 billion records: check what’s exposed​

The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak is almost certainly the largest ever discovered. The supermassive MOAB (Mother of all breaches) does not appear to be made up of newly stolen data only and is most likely the largest compilation of multiple breaches (COMB).

Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.

Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware

Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230.

US data compromises surged to record high in 2023

Data compromises were more abundant and organizations were less forthright about the root cause of cyberattacks throughout 2023, according to the Identity Theft Resource Center’s annual data breach report. The number of data compromises reported in the U.S. last year jumped 78% to a record high of 3,205 incidents, the non-profit organization said Thursday. These compromises ultimately impacted more than 353 million victims, including individuals affected multiple times.

Online ransomware decryptor helps recover partially encrypted files

CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption.

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses.

Ransomware payments reached record $1.1 billion in 2023​

Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs. The previous record-high figure was set in 2021, with ransomware payments amounting to $983 million, surpassing the preceding record of $905 million in 2020 by approximately 10%.

Ethical Hackers Reported 835 Vulnerabilities, Earned $450K in 2023

A study by Surfshark, a VPN service provider, has revealed that ethical hackers, or white hat hackers, played a vital role in improving cybersecurity in 2023 by identifying 835 vulnerabilities across 105 websites.

Ransomware actors hit zero-day exploits hard in 2023

Ransomware operators were especially successful targeting critical zero-day vulnerabilities in widely used IT products.

QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security

Email attacks relying on QR codes surged in the last quarter, with attackers specifically targeting corporate executives and managers, reinforcing recommendations that companies place additional digital protections around their business leadership.

Apple Adds Post-Quantum Encryption to iMessage

Apple on Wednesday unveiled PQ3, a new post-quantum cryptographic protocol for iMessage that is designed to protect encrypted communications even against future quantum computing attacks.

'KeyTrap' DNS Bug Threatens Widespread Internet Outages

Although it's been sitting there since 2000, researchers were just recently able to suss out a fundamental design flaw in a Domain Name System (DNS) security extension, which under certain circumstances could be exploited to take down wide expanses of the Internet.

New Google Chrome feature blocks attacks against home networks

Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks. More simply, Google plans to prevent bad websites on the internet from attacking a visitor's devices (like printers or routers) in your home or on your computer.

NIST Cybersecurity Framework 2.0 Officially Released

NIST on Feb 26th announced the official release of version 2.0 of its Cybersecurity Framework (CSF), the first major update since its creation a decade ago.

LockBit Ransomware Gang Returns, Taunts FBI and Vows Data Leaks

Despite arrests, infrastructure seizure and international law enforcement efforts, LockBit ransomware has resurfaced, promising robust security and threatening aggressive cyber attacks on UK and USA government sectors.

BlackCat ransomware shuts down in exit scam, blames the "feds"

The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates’ money by pretending the FBI seized their site and infrastructure.

CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack

Lookout recently discovered an advanced phishing kit exhibiting novel tactics to target cryptocurrency platforms as well as the Federal Communications Commission (FCC) via mobile devices.

Google’s Security Command Center Enterprise fills gaps across cloud security lifecycle

Google’s new Security Command Center Enterprise (SCC Enterprise) could streamline cloud risk management through AI automation, saving security teams time, experts say. Enhanced with Mandiant threat intelligence and generative AI, SCC Enterprise aims to offer comprehensive insights across the cloud security lifecycle.

An Overview of the NIST Cybersecurity Framework 2.0

The NIST Cybersecurity Framework (CSF) 2.0, an evolution of its predecessor, is a comprehensive guide designed to assist organizations across various sectors in managing and mitigating cybersecurity risks effectively.

Financial services sees sharp increase in DDoS attacks as geopolitical tensions rise

DDoS attacks against the financial services sector historically accounted for about 10-15% of all attacks, however that trend began to rise in 2021, the FS-ISAC and Akamai found.

A third of web attacks targeted APIs in 2023, threatening the expanding API economy

APIs were the target of 29% of web attacks in 2023, with cybercriminals exploiting the swiftly growing API economy for new avenues of attack, according to a report from Akamai.

How companies describe cyber incidents in SEC filings

It’s been three months since the Securities and Exchange Commission’s cyber disclosure rules took effect and rather than creating a deluge of incident revelations, only a trickle has emerged.

Google Updates Chrome to Patch Zero-Day Flaw Exposed at Pwn2Own

In a proactive measure to enhance user security, Google has announced an update to its Chrome browser, effectively patching a series of vulnerabilities, including the zero-day flaw CVE-2024-3159, unveiled at the Pwn2Own hacking contest in March 2024.

Cybercriminals Weigh Options for Using LLMs: Buy, Build, or Break?

Cybercriminals are looking for ways to integrate large language models (LLMs) into their attacks, and they have three main options: trying to bypass the safeguards on existing LLMs, building their own LLMs, or using uncensored open-source models.

Tesla, OS, Software Exploits Earn Hackers $1.1 Million at Pwn2Own 2024

A hacking competition called Pwn2Own 2024 in Vancouver awarded over $1.1 million to participants who discovered vulnerabilities in various software and devices. This security competition incentivizes hackers to discover and report vulnerabilities in widely used software and devices.

This LinkedIn Scam Got Me (Almost)...and It Should Scare You Too

Even though the cybersecurity pros I work with haven't fallen for the latest LinkedIn scam, seeing it hit my inbox made me realize just how dangerous and believable these attacks are. The sophistication of this one surprised even me, and that's concerning.

91,000 Smart LG TV Devices Vulnerable to Remote Takeover

A security vulnerability impacting a significant number of LG smart TVs was recently disclosed. This flaw could allow attackers to remotely seize control of susceptible devices. Researchers at Bitdefender discovered two critical vulnerabilities (CVE-2023-6317 and CVE-2023-6318) that, when combined, could grant unauthorized users complete control over a targeted LG smart TV.

Hotel check-in terminal bug spews out access codes for guest rooms

A security researcher discovered a major flaw in self-service check-in terminals used by Ibis Budget hotels in Europe. The terminals were programmed to display room keycodes when a guest entered a series of dashes instead of a booking reference number.

Google Meet opens client-side encrypted calls to non Google users

Google Meet is taking a giant leap towards universal online privacy with the expansion of its end-to-end encryption capabilities. Previously exclusive to Google Workspace users, this advanced security feature is now available for calls with individuals outside the Google ecosystem, breaking down barriers and fostering secure communication for everyone.

KnowBe4 Plans to Acquire Egress for Email Security Tech

KnowBe4, a renowned name in cybersecurity awareness training, has announced its strategic acquisition of Egress, a UK-based leader in cloud email security solutions. This move signifies a significant step towards building a comprehensive platform that addresses the ever-growing challenge of human error in cybersecurity.

Millions of Docker repos found pushing malware, phishing sites

Millions of Docker repositories were found to be harboring malicious content, raising concerns about software supply chain security. Researchers identified roughly 4.6 million repositories containing no legitimate Docker images and linked nearly 3 million of them to large-scale malware and phishing campaigns.

Researchers unveil novel attack methods targeting Intel’s conditional branch predictor

Researchers revealed two novel attack methods exploiting a critical feature in Intel's high-end processors, the conditional branch predictor. This vulnerability casts a shadow over billions of processors in use worldwide.

Most people still rely on memory or pen and paper for password management

A recent survey found that many people still rely on unsafe methods to manage their passwords, both at work and at home. Over half (54%) admitted to using their memory, and a third (33%) said they use pen and paper to store passwords

Google fixes fifth Chrome zero-day exploited in attacks this year

Google addressed a critical security vulnerability (CVE-2024-4671) in Chrome, the fifth zero-day exploit found this year. This flaw, which resides in the browser's visual rendering component, could grant attackers unauthorized access to data or even control of your computer.

Vast Network of Fake Web Shops Defrauds 850,000 & Counting

Researchers have uncovered a large network of fake online stores operated by a China-based cybercriminal group called BogusBazaar. This group has defrauded over 850,000 victims so far by creating tens of thousands of deceptive websites.

Google Debuts New Security Products, Hyping AI and Mandiant Expertise

Google is entering the booming cybersecurity market with a fresh set of security products that leverage both threat intelligence and security operations expertise acquired through Mandiant, a company Google purchased in 2023.

Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS

Apple recently released urgent security updates for iPhones, iPads, and macOS to combat various vulnerabilities, including a critical zero-day exploit actively used by attackers. This zero-day flaw, CVE-2024-23296, resides within Apple RTKit, a core operating system component present on most Apple devices.

Scammers Fake DocuSign Templates to Blackmail & Steal From Companies

Scammers are capitalizing on DocuSign's popularity to launch phishing attacks against businesses. A black market thrives for fake DocuSign templates and login credentials, making it easier for attackers to build convincing scams. Phishing emails disguised as DocuSign requests are on the rise.

Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android

Apple and Google are joining forces to combat unwanted Bluetooth tracking. A new feature, "Detecting Unwanted Location Trackers," has begun rolling out on iOS 17.5 and Android 6.0+ devices.

Beware – Your Customer Chatbot is Almost Certainly Insecure: Report

There's a rising security risk with customer chatbots, especially those built on readily available general-purpose AI engines. While these chatbots are convenient to develop, securing them is a challenge, as a recent incident demonstrates. In January 2024, a researcher managed to manipulate a chatbot into bad-mouthing its own company.

High-severity GitLab flaw lets attackers take over accounts

GitLab recently addressed two critical security vulnerabilities. The first, patched in May 2024 (CVE-2024-4835), is a high-severity flaw in the VS code editor that allows attackers to steal sensitive information through malicious web pages.

BlackSuit Claims Dozens of Victims With Carefully Curated Ransomware

The BlackSuit ransomware gang has leaked stolen data from attacks against 53 organizations spanning a year, particularly in the education and industrial goods sectors. This targeted approach suggests they're aiming to maximize profits by hitting businesses more likely to pay high ransoms. Their success is linked, in part, to exploiting weak security measures.

59% of public sector apps carry long-standing security flaws

A new report reveals a concerning issue within the public sector: a growing security debt. This term refers to the backlog of unpatched vulnerabilities and outdated systems plaguing government agencies and critical infrastructure.

New ATM Malware family emerged in the threat landscape

European banks are facing a significant rise in ATM malware attacks. This malicious software targets ATMs, allowing criminals to steal cash directly from the machines. Security researchers have identified a specific strain called "DispenserSpitter" capable of manipulating the ATM's cash dispensing mechanism.

New Fog ransomware targets US education sector via breached VPNs

Fog, a new ransomware operation, has been targeting educational organizations in the US since early May 2024.  This ransomware gains access to victim networks through compromised VPN credentials, highlighting the importance of strong VPN security. 

Apple Says iPhones Will Get Security Updates for at Least 5 Years

According to a recent report, Apple has pledged to deliver security updates to iPhones for a minimum of five years after their release. This commitment strengthens Apple's reputation for providing long-lasting software support for its devices.

Why Hackers Love Logs

System logs, which record every action within a computer system, are a double-edged sword. While valuable for security teams to identify suspicious activity, they also provide attackers with a blueprint to your defenses. Hackers can exploit vulnerabilities in logs to discover weak passwords, outdated software, and potential pathways to access sensitive data.

Apple enters AI arms race with new Apple Intelligence feature

Apple announced a new feature called "Apple Intelligence" at their recent developer conference, marking their entry into the competitive world of artificial intelligence. This feature will personalize user experiences on Apple devices by leveraging generative AI technology.

AI’s role in accelerating vulnerability management

Traditional methods struggle to keep pace with the growing number and complexity of cyber threats. AI could offer significant advantages by automating tasks, analyzing vast amounts of data, and predicting potential risks.

Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira

Atlassian addressed high-risk vulnerabilities in Confluence, Crucible, and Jira through recent security updates. These updates are crucial for mitigating various security weaknesses that could potentially allow attackers to gain unauthorized access to sensitive data, manipulate servers, and cause significant disruptions.

VMware fixes critical vCenter RCE vulnerability

VMware released critical security patches to address remote code execution (RCE) vulnerabilities in vCenter Server. These vulnerabilities could allow attackers to gain full control over affected systems.

Fake Google Chrome errors trick you into running malicious PowerShell scripts

A cunning malware campaign is targeting users with fake Google Chrome errors, Microsoft Word errors, and even fake OneDrive errors. These deceptive messages aim to trick people into running malicious PowerShell scripts that can infect their devices with malware.

Google Introduces Project Naptime for AI-Powered Vulnerability Research

Google's Project Naptime tackles cybersecurity through a novel method: AI-powered vulnerability research. Unlike traditional manual code audits, Project Naptime employs a large language model (LLM) to mimic a security researcher.

Google Unveils New Chrome Enterprise Core Features for IT, Security Teams

Google recently enhanced Chrome Enterprise Core, a free browser management tool for organizations. These improvements aim to streamline browser control for IT and security teams. While a paid version, Chrome Enterprise Premium, offers advanced security features, Chrome Enterprise Core focuses on configuration and policy management.

Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack

A recently discovered vulnerability in OpenSSH servers, designated CVE-2024-6387 and named regreSSHion, poses a significant security risk. This flaw could allow unauthorized actors to remotely execute code on vulnerable systems.

Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program

Google is upping the ante on virtual machine security with the launch of kvmCTF, a new bug bounty program. This program specifically targets vulnerabilities within the KVM hypervisor, a technology fundamental to running virtual machines.

Infostealer malware logs used to identify child abuse website members

Law enforcement has a powerful new tool in the fight against child sexual abuse material (CSAM). Researchers identified thousands of CSAM website users by analyzing information stolen by malware. This innovative approach involves cross-referencing stolen login credentials with known CSAM domains. Combined with publicly available information gathering (OSINT), researchers were able to link stolen credentials to real users.

CrowdStrike update crashes Windows systems, causes outages worldwide

A recent update to CrowdStrike Falcon caused significant disruptions globally by crashing Windows systems. The update's faulty component led to numerous systems encountering boot loops or the Blue Screen of Death (BSOD).

Cybercriminals Exploit CrowdStrike Falcon Update with Fake Fixes and Malware

After the Falcon update caused widespread IT outages, attackers quickly crafted phishing campaigns, posing as CrowdStrike support, to deliver malicious payloads. One notable campaign involves a fraudulent CrowdStrike recovery manual that installs the Daolpu info-stealer.

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

Researchers have discovered a significant privilege escalation vulnerability in Google Cloud Platform's Cloud Functions, known as "ConfusedFunction." This flaw allows attackers to misuse the Default Cloud Build Service Account to access sensitive Google services such as Cloud Build, storage, and various registries.

Cloudflare Tunnels Abused for Malware Delivery

Cybersecurity researchers have discovered that threat actors are exploiting Cloudflare's tunnel service, TryCloudflare, to deliver malware. This service, designed to create secure, private connections, is being misused to conceal command-and-control (C&C) infrastructures, evading traditional security measures.

Company Paid Record-Breaking $75 Million to Ransomware Group: Report

A company has reportedly paid a record-breaking $75 million ransom to the Dark Angels ransomware group, as disclosed in Zscaler's ThreatLabz 2024 Ransomware Report. This ransom, paid in early 2024, is nearly double the highest previously known payment.

AI-generated emails make up 40% of BEC lures, security firm says

A recent study by cybersecurity firm Ironscales reveals that 40% of business email compromise (BEC) lures are now generated using artificial intelligence (AI), highlighting a significant shift in phishing tactics.

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Device

A critical security flaw, known as "0.0.0.0 Day," has been discovered in popular web browsers including Chrome, Firefox, and Safari, impacting MacOS and Linux systems. This vulnerability, which has been present for 18 years, allows malicious websites to exploit the 0.0.0.0 IP address to access local services and execute arbitrary code on a user's device.

Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide

A significant security vulnerability has been discovered in a widely used RFID system, revealing the presence of a hardware backdoor that could allow attackers to gain unauthorized access to secured facilities and systems.

FBI: RansomHub ransomware breached 210 victims since February

The FBI has disclosed that the Ransomhub ransomware group has successfully breached 210 victims since February 2024, targeting a wide array of sectors and causing severe disruptions. This group encrypts victims' data and demands significant ransom payments in exchange for decryption keys.

Crypto Vulnerability Allows Cloning of YubiKey Security Keys

A vulnerability known as "Eucleak" has been discovered in YubiKey security keys, often used for MFA authentication, which allows attackers to clone the keys by exploiting a flaw in a cryptographic library.