- “Highly capable” hackers root corporate networks by exploiting Palo Alto Networks firewall 0-day
April 12, 2024
Highly capable hackers are rooting multiple corporate networks by exploiting a maximum-severity zero-day vulnerability in a firewall product from Palo Alto Networks, researchers said Friday. The vulnerability, which has been under active exploitation for at least two weeks now, allows the hackers with no authentication to execute malicious code with root privileges, the highest possible level ...
- Dutch chipmaker Nexperia hacked by cyber criminals
April 12, 2024
Dutch-headquartered chipmaker Nexperia was victim of a hacking attack by cyber criminals last month, the Chinese-owned company said on Friday, and was investigating the incident with the help of outside specialists. The company did not say if it had suffered any damage or losses as a result of the hack, but RTL said the cyber criminals ...
- Roku says more than 500,000 accounts impacted in cyberattack
April 12, 2024
Streaming service provider Roku said on Friday it identified a second cyberattack that impacted about 576,000 additional accounts while investigating a breach that affected 15,000 user accounts earlier this year. The company, which had more than 80 million active accounts, said the hackers did not gain access to any sensitive information such as full credit card ...
- Hackable Intel and Lenovo hardware that went undetected for 5 years won’t ever be fixed
April 11, 2024
Hardware sold for years by the likes of Intel and Lenovo contains a remotely exploitable vulnerability that will never be fixed. The cause: a supply chain snafu involving an open source software package and hardware from multiple manufacturers that directly or indirectly incorporated it into their products. Researchers from security firm Binarly have confirmed that the ...
- Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities
April 11, 2024
The April 2024 Patch Tuesday update includes patches for 149 Microsoft vulnerabilities and republishes 6 non-Microsoft CVEs. Three of those 149 vulnerabilities are listed as critical, and one is listed as actively exploited by Microsoft. Another vulnerability is claimed to be a zero-day by researchers that have found it to be used in the wild. Let’s ...
- Northern Ireland: No disciplinary action over multimillion-pound PSNI data breach
April 11, 2024
Jon Boutcher said the error that is set to cost hundreds of millions of pounds was due to a systems failure, as he insisted he not would preside over a “blame culture” within the PSNI. In August last year the details of almost 9,500 PSNI officers and staff were mistakenly published in response to a Freedom ...
- Apple alerts users in 92 nations to mercenary spyware attacks
April 11, 2024
Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that may have been targeted by mercenary spyware attacks. The company sent the alerts to individuals in 92 nations at 12pm Pacific Time Wednesday. It did not disclose the attackers’ identities or the countries where users received notifications. “Apple detected that you ...
- Russia slaps sanctions on UK IT sector
April 10, 2024
Moscow has blacklisted 22 British government officials, members of the IT sector and legal service market as a measure of retaliation, the Russian Foreign Ministry said in a statement. Those blacklisted particularly include employees of British companies, namely Micro Focus, providing Ukrainian forces with “software and cyber protection services necessary in the process of data collection ...
- Government Consulting Firm GMA Reports a Massive Data Breach That Revealed 341,650 Social Security Numbers
April 10, 2024
In the ever-evolving digital landscape, where data breaches seem to be more of a certainty than a possibility, the recent revelation by Greylock McKinnon Associates (GMA) marks a significant moment of concern for privacy advocates, cybersecurity professionals, and individuals alike. The breach, exposing a staggering 341,650 Social Security numbers, has cast a spotlight on the urgent ...
- Russian businesses targeted by novel ransomware gang
April 10, 2024
Attacks with a Conti ransomware code-based backdoor have been deployed by the new Muliaka ransomware operation against businesses across Russia since at least December, according to The Record, a news site by cybersecurity firm Recorded Future. Windows systems and VMware ESXi infrastructure of one Russian company had been compromised with the malware after Muliaka had infiltrated ...
- IMF: Rising Cyber Threats Pose Serious Concerns for Financial Stability
April 9, 2024
Cyberattacks have more than doubled since the pandemic. While companies have historically suffered relatively modest direct losses from cyberattacks, some have experienced a much heavier toll. US credit reporting agency Equifax, for example, paid more than $1 billion in penalties after a major data breach in 2017 that affected about 150 million consumers. As we show ...