The lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025, we explored the different factors shaping the cyber-physical future. In an insightful conversation with industry … [Read more...] about Protecting Tomorrow’s World: Shaping the Cyber-Physical Future
cyber updates
Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP
Nov 28, 2024Ravie LakshmananIoT Security / Vulnerability Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing unauthenticated remote code … [Read more...] about Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP
Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers
Nov 27, 2024Ravie LakshmananVulnerability / Software Security A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made … [Read more...] about Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Nov 26, 2024Ravie LakshmananVulnerability / Website Security Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, … [Read more...] about Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Google’s New Restore Credentials Tool Simplifies App Login After Android Migration
Nov 25, 2024Ravie LakshmananMobile Security / Privacy Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android's Credential Manager API, the feature aims to reduce the hassle of re-entering the login credentials for every app during the … [Read more...] about Google’s New Restore Credentials Tool Simplifies App Login After Android Migration
A Pro-China Influence Network of Fake News Sites
Nov 23, 2024Ravie LakshmananCloud Security / Threat Intelligence Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077. The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, … [Read more...] about A Pro-China Influence Network of Fake News Sites
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
Nov 23, 2024Ravie LakshmananArtificial Intelligence / Cryptocurrency The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties … [Read more...] about North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
Nov 22, 2024Ravie LakshmananCyber Attack / Malware The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an … [Read more...] about APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign
Nov 21, 2024Ravie LakshmananVulnerability / Cyber Attack As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under active exploitation in the wild. According to statistics shared by the Shadowserver Foundation, a majority of the infections have been reported in the … [Read more...] about Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign
Hackers Exploiting NFCGate to Steal Funds via Mobile Payments
Nov 20, 2024Ravie LakshmananPayment Security / Cybercrime Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple … [Read more...] about Hackers Exploiting NFCGate to Steal Funds via Mobile Payments