98Articles
9Categories
2024-05-24Date
🚨 CISA KEV 1[−]
24 May KEVThree-Year-Old Apache Flink Flaw Now Under Active AttackAn improper access control bug in Apache Flink that was fixed in January 2021 has been added to the US government's Known Exploited Vulnerabilities Catalog, meaning criminals are right now abusing the flaw in the wild to compromise targets.THEREGISTER.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
24 May KEVGoogle Patches Fourth Chrome Zero-Day in Two WeeksExploited in the wild, Chrome vulnerability CVE-2024-5274 is a high-severity flaw described as a type confusion in the V8 JavaScript and WebAssembly engine. The post Google Patches Fourth Chrome Zero-Day in Two Weeks appeared first on SecurityWeek .SECURITYWEEK.COM
24 MayCourtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain AttackMalicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that's associated with a known backdoor called RustDoor. The software supply chain attack, tracked as CVE-2024-4978, …THEHACKERNEWS.COM
24 May KEVGoogle Detects 4th Chrome Zero-Day in May Actively Under Attack - Update ASAPGoogle on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and Web…THEHACKERNEWS.COM
24 MayKroll cyber threat landscape report: AI assists attackersIn its frontline threat intelligence report for the first quarter of 2024, risk and financial advisory firm Kroll revealed that, as in virtually every other industry, cyber criminals are using artificial intelligence (AI) to further their goals. Well-known tactics such as those u…CSOONLINE.COM
24 May KEVGoogle Fixes Eighth Actively Exploited Chrome Zero-Day This YearThe security issue was discovered internally by Google's Clément Lecigne and is tracked as CVE-2024-5274. It is a high-severity 'type confusion' in V8, Chrome's JavaScript engine responsible for executing JS code.BLEEPINGCOMPUTER.COM
24 MayHigh-Severity GitLab Flaw Lets Attackers Take Over AccountsThe security flaw (tracked as CVE-2024-4835) is an XSS weakness in the VS code editor (Web IDE) that lets threat actors steal restricted information using maliciously crafted pages.BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 19[−]
24 MayOperation SpecTor: Authorities Seized Dark Markets Offering Illicit GoodsLaw enforcement agencies have successfully dismantled several dark web marketplaces offering illicit goods. Dubbed “Operation SpecTor,” this coordinated crackdown marks a significant victory in the ongoing battle against cybercrime and illegal online activities. This …GBHACKERS.COM
24 MayEmerging ransomware groups on the rise: Who they are, how they operateThe shutdown of BlackCat (ALPHV) in March and the law enforcement disruption of LockBit infrastructure in February have created a void in the ransomware ecosystem that’s quickly being filled by less experienced groups. So far this year, researchers from security firm Cyberint hav…CSOONLINE.COM
24 MayBeware Of HTML That Masquerade As PDF Viewer Login PagesPhishing attacks have evolved into increasingly sophisticated schemes to trick users into revealing their personal information. One such method that has gained prominence involves phishing emails masquerading as PDF viewer login pages. These deceptive emails lure unsuspecting use…GBHACKERS.COM
24 May KEVGoogle fixes eighth actively exploited Chrome zero-day this yearGoogle has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. [...]BLEEPINGCOMPUTER.COM
24 MayWhat is spear phishing? Examples, tactics, and techniquesSpear phishing definition Spear phishing is a direct, targeted email attack aimed at specific individuals that appears to come from a trusted sender. In spear phishing, attackers often use information gleaned from research to put the recipient at ease. The ultimate aim is to eith…CSOONLINE.COM
24 MayOn the Zero-Day MarketNew paper: “ Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market “: Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens a…SCHNEIER.COM
24 MayChinese State-Backed Hackers Turn to Massive ORB Proxy Networks to Evade DetectionOne of them called ORB3/SPACEHOP is described as “a very active network leveraged by multiple China-nexus threat actors, including APT5 and APT15” for reconnaissance and vulnerability exploitationlBLEEPINGCOMPUTER.COM
24 MayDNSBomb : A New DoS Attack That Exploits DNS QueriesA new practical and powerful Denial of service attack has been discovered that exploits DNS queries and responses. This new attack has been termed “DNSBomb,” which transforms different security mechanisms employed by DNS, including reliability enhancement, security pr…GBHACKERS.COM
24 MayKinsing Malware Attacking Apache Tomcat Server With VulnerabilitiesThe scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining attacks in the cloud. Unlike on-premises infrastructure, whereby it is difficult to scale up resources, cloud environments enable attackers to deploy resources for cryptomining …GBHACKERS.COM
24 MayCyber Force Provision Gets House Committee’s ApprovalA requirement for the Pentagon to commission an independent study on the creation of a U.S. Cyber Force was added late Wednesday to the House version of the defense policy bill.THERECORD.MEDIA
24 MayCisco Releases May 2024 Cisco ASA, FMC, and FTD Software Security PublicationCisco released a bundled publication for security advisories that address vulnerabilities in Cisco Adaptive Security Appliance (ASA), Firepower Management Center (FMC), and Firepower Threat Defense (FTD) software. A cyber threat actor could exploit one of these vulnerabilities to…CISA.GOV
24 MayCencora data breach exposes US patient info from 8 drug companiesSome of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. [...]BLEEPINGCOMPUTER.COM
24 MayHackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber AttackThe MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment. "The advers…THEHACKERNEWS.COM
24 MayShrinkLocker Ransomware Exploits Microsoft's BitLockerMalicious Script Targets Users in Mexico, Indonesia, Jordan Why bother building a crypto-locker when Microsoft has perfectly acceptable encryption software preloaded on desktops? Many ransomware hackers agree with that statement - and they're learning to make such attacks even ha…DATABREACHTODAY.CO.UK
24 MayCISA Releases Cybersecurity Resources for High-Risk CommunitiesWorking to ensure all communities within the United States are educated and prepared, the Cybersecurity and Infrastructure Security Agency (CISA) has released a set of tools, services and assistance to level the playing field.KNOWBE4.COM
24 MayAI-as-a-Service Platform Patches Critical RCE VulnerabilityHackers Could Exploit Bug on Replicate to Steal Data, Manipulate AI Models Attackers could have exploited a now-mitigated critical vulnerability in the Replicate artificial intelligence platform to access private AI models and sensitive data, including proprietary knowledge and p…DATABREACHTODAY.CO.UK
24 MayHacker defaces spyware app’s site, dumps database and source code​​A hacker has defaced the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaked over a dozen archives containing database and source code data. [...]BLEEPINGCOMPUTER.COM
24 MayCencora data breach exposes US patient info from 11 drug companiesSome of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 5[−]
24 MayThree-year-old Apache Flink flaw under active attacksubmitted by 0nekoneko7 to securitynews 1 points | 1 comments https://www.theregister.com/2024/05/24/apache_flink_flaw_cisa/THEREGISTER.COM
24 MayChinese Cyberespionage Campaign Targets Governmental Entities in the Middle East, Africa, and AsiaThe threat actor searches for sensitive information related to diplomatic and economic missions, embassies, military operations, political meetings, ministries of targeted countries, and high-ranking officials.UNIT42.PALOALTONETWORKS.COM
24 MayWhite House Seeks Critical Cyber Assistance for Water Utilities, HealthcareNational Cyber Director Harry Coker Jr. said the administration is taking actions to strengthen key critical infrastructure sectors, including healthcare and water utilities, and will pursue additional steps to fight ransomware and boost resilience.CYBERSECURITYDIVE.COM
24 MayEU Commission and Microsoft Appeal EDPS Office 365 DecisionMarch Decision Mandated Commission to Stem Data Flows From Its Office 365 Use The European Commission is appealing a March decision by a continental data regulator that found the commission's use of Microsoft Office apps violated Regulation (EU) 2018/1725. A commission spokespers…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 20[−]
24 MayMicrosoft President Set to Testify Before Congress on ‘Security Shortcomings’A top Microsoft executive will testify next month before the House Committee on Homeland Security on recent cyberattacks that impacted the company and its customers, and Microsoft’s revitalized security strategy.CYBERSECURITYDIVE.COM
24 MayHacktivists Turn to Ransomware in Attacks on Philippines GovernmentHacktivist operations are using leaked ransomware builders to launch attacks on critical infrastructure in the Philippines — part of a trend among politically motivated groups who are increasingly trying to disrupt life in the Southeast Asian nation.THERECORD.MEDIA
24 MayCyber Security Today, May 24, 2024 - A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and moreThis episode reports on unwanted data your WiFi router may be giving out and moreCYBERSECURITYTODAY.LIBSYN.COM
24 MayCyberattacks are Good for Security Vendors, and Business is BoomingThe cybersecurity business is booming, and cyberattacks are fueling its growth. Global spending on security and risk management is on pace to reach $215 billion this year, up 30% from almost $165 billion in 2022, according to Gartner.CYBERSECURITYDIVE.COM
24 MayDevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Offic…THEHACKERNEWS.COM
24 MayNew ransomware group abusing BitLockersubmitted by kid to cybersecurity 1 points | 0 comments https://securelist.com/ransomware-abuses-bitlocker/112643/SECURELIST.COM
24 MayIreland Police Facing Nearly a Million-Dollar Fine After Data Breach Exposes Officers’ DetailsThe Police Service of Northern Ireland (PSNI) is bracing for a hefty £750,000 (~$952k) fine following last year’s data breach. The PSNI data breach saw the exposure of the personal information of approximately 10,000 officers and staff.THECYBEREXPRESS.COM
24 MayCourtroom Recording Software Compromised With Backdoor Installer“Through ongoing monitoring and collaboration with cyber authorities, we identified attempts to replace our Viewer 8.3.7 software with a compromised file,” the company said in a statement on Thursday.THERECORD.MEDIA
24 MayHackers Weaponizing Microsoft Access Documents To Execute Malicious ProgramIn multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing ZIP and RAR attachments to distribute SMOKELOADER malware. The most recent attacks involve emails that carry Microsoft Access files and ZIP archives that,…GBHACKERS.COM
24 MayMicrosoft Warns Of Storm-0539’s Aggressive Gift Card TheftGift cards are attractive to hackers since they provide quick monetization for stolen data or compromised systems. Reselling gift cards is simple, and they can also be converted into money, which makes them a comparatively risk-free means of ensuring threat actors benefit greatly…GBHACKERS.COM
24 MayAlmost all citizens of city of Eindhoven have their personal data exposedA data breach involving the Dutch city of Eindhoven left the personal information related to almost all of its citizens exposed. And then they chose not to tell the affected 221,511 people about it. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
24 MayAverlon Emerges From Stealth Mode With $8 Million in FundingAverson secures seed funding to build technology that uses AI to identify cloud security weaknesses and counter cyberattacks. The post Averlon Emerges From Stealth Mode With $8 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
24 MayUS drug maker Cencora says Americans’ health information stolen in data breachAbout half a million patients have been notified so far, but the number of affected individuals is likely far higher. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
24 MayLondon Drugs Waiting On LockBit's Next MovePACKETSTORMSECURITY.COM
24 MayNew ShrinkLocker ransomware uses BitLocker to encrypt your filesA new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker. [...]BLEEPINGCOMPUTER.COM
24 MayAustralian Telecom Watchdog Sues Optus Over 2022 Data BreachTelecom Company Also Faces OAIC Investigation and Potentially Millions in Fines The Australian Communications and Media Authority says it has filed proceedings against Optus in a federal court as the company failed to protect sensitive customer data during a data breach in Septem…DATABREACHTODAY.CO.UK
24 MayLockBit Publishes Data Stolen in London Drugs AttackCanadian Retail Pharmacy Chain Says It's Reviewing Exposed Data on Gang's Leak Site LockBit has begun to leak on its dark web site files of data the Russian-speaking cybercriminal gang claims to have stolen in an April attack on London Drugs. The group had threatened to publish t…DATABREACHTODAY.CO.UK
24 May KEVISMG Editors: UnitedHealth Group's HIPAA Breach FalloutAlso: The End of an Era at Mandiant and Privacy and Ethics Concerns Related to LLMs In the latest weekly update, ISMG editors discussed the implications of Kevin Mandia stepping down as Mandiant CEO; UnitedHealth Group's responsibility for a massive HIPAA breach at its subsidiary…DATABREACHTODAY.CO.UK
24 MayMandatory reporting for ransomware attacks? – Week in security with Tony AnscombeAs the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond?WELIVESECURITY.COM
🕵️ THREAT INTELLIGENCE 27[−]
24 MayISC Stormcast For Friday, May 24th, 2024 https://isc.sans.edu/podcastdetail/8996, (Fri, May 24th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
24 MayPakistani-Aligned APT36 Targets Indian Defense OrganizationsA politically motivated hacking group aligned with Pakistani interests is matching the Indian military's shift away from the Windows operating system with a heavy focus on malware encoded for Linux.BANKINFOSECURITY.COM
24 MayJapanese Experts Warn of BLOODALCHEMY Malware Targeting Government AgenciesCybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. "…THEHACKERNEWS.COM
24 MayAPT41 Deploys KeyPlug Backdoor Against Italian IndustriesThe KeyPlug backdoor has been developed to target both Windows and Linux operative systems and use different protocols to communicate which depend on the configuration of the malware sample itself.SECURITYAFFAIRS.COM
24 MayMalicious PyPI & NPM Packages Attacking MacOS UsersCybersecurity researchers have identified a series of malicious software packages targeting MacOS users. These packages, found on the Python Package Index (PyPI) and NPM, have been meticulously analyzed to uncover their malicious intent and sophisticated attack mechanisms. GuardD…GBHACKERS.COM
24 MayDeep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Seasubmitted by kid to cybersecurity 1 points | 0 comments https://www.bitdefender.com/blog/businessinsights/deep-dive-into-unfading-sea-haze-a-new-threat-actor-in-the-south-china-sea/BITDEFENDER.COM
24 MayIOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenderssubmitted by kid to cybersecurity 1 points | 0 comments https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks/CLOUD.GOOGLE.COM
24 MayOperation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asiasubmitted by kid to cybersecurity 3 points | 0 comments https://unit42.paloaltonetworks.com/operation-diplomatic-specter/UNIT42.PALOALTONETWORKS.COM
24 MayA root-server at the Internet’s core lost touch with its peers. We still don’t know why.submitted by kid to cybersecurity 6 points | 1 comments https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/ARSTECHNICA.COM
24 MayWindows Recall — a ‘privacy nightmare’?Windows Recall, the new feature that records a user’s screen at regular intervals , has been labelled a “privacy nightmare” due to potential data privacy and security risks. Microsoft announced the generative AI-based tool on Monday; it records “snapshots” of a user’s screen ever…COMPUTERWORLD.COM
24 MayIn Other News: China’s Undersea Spying, Hotel Spyware, Iran’s Disruptive AttacksNoteworthy stories that might have slipped under the radar: Chinese repair ships might be spying on undersea communications, spyware found at hotel check-ins, UK not ready for China threat. The post In Other News: China’s Undersea Spying, Hotel Spyware, Iran’s Disrupt…SECURITYWEEK.COM
24 MayNSA Releases Guidance On Zero Trust Maturity To Secure Application From AttackersZero Trust Maturity measures the extent to which an organization has adopted and implemented the Zero Trust security model. It calculates how fully a company has adopted Zero Trust’s foundational concepts, such as stringent authentication of each user, device, and application. Re…GBHACKERS.COM
24 MayChinese Hackers Stay Hidden On Military And Government Networks For Six YearsHackers target military and government networks for varied reasons, primarily related to spying, which involves interference in the functioning of critical infrastructure.  This is mainly because these networks hold sensitive data and command systems that if tampered with ca…GBHACKERS.COM
24 MayJAVS Courtroom Audio-Visual Software Installer Serves BackdoorBackdoored JAVS courtroom recording and management software installer puts thousands at risk of complete takeover. The post JAVS Courtroom Audio-Visual Software Installer Serves Backdoor appeared first on SecurityWeek .SECURITYWEEK.COM
24 MayFake Antivirus Websites Deliver Malware to Android and Windows DevicesThreat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software throu…THEHACKERNEWS.COM
24 MayOff-Topic Fridaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
24 MayCISOs Pursuing AI Readiness Should Start by Updating Their Email Security PolicyEffective, updated policies are foundational to an organization's cybersecurity strategy in this new era of AI-driven attacks. CISOs must proactively adapt their email security approach to protect against the latest social engineering threats.HELPNETSECURITY.COM
24 MayHow Major Acquisitions Are Transforming Security OperationsForrester's Allie Mellen on How Palo-QRadar and LogRhythm-Exabeam Will Reshape SIEM With LogRhythm and Exabeam merging and Palo Alto Networks purchasing IBM's QRadar SaaS assets, the security operations market is undergoing rapid transformation. Forrester Principal Analyst Allie …DATABREACHTODAY.CO.UK
24 MayThe /c/cybersecurity community on Infosec.pub has new icon and banner artwork courtesy of @bolo ! It already makes the space look nicer if you ask me 🎨 😄submitted by shellsharks to cybersecurity 3 points | 0 comments The /c/cybersecurity community on Infosec.pub has new icon and banner artwork courtesy of @bolo ! It already makes the space look nicer if you ask me 🎨 😄 Go check it out and if you haven’t already, join the community…INFOSEC.PUB
24 MayCourtroom Recording Software Hit by Supply Chain AttackBackdoored Installer Facilitates Full, Remote Takeover, Justice AV Solutions Warns Attackers backdoored versions of widely used audiovisual recording software being distributed by Justice AV Solutions via its official download site. Experts say users should "immediately" update t…DATABREACHTODAY.CO.UK
24 MayAttempts to Regulate AI’s Hidden Hand in Americans’ Lives Flounder in US StatehousesOnly one of seven bills aimed at preventing AI’s penchant to discriminate when making consequential decisions — including who gets hired, money for a home or medical care — has passed. The post Attempts to Regulate AI’s Hidden Hand in Americans’ Lives Flounder in US Statehouses a…SECURITYWEEK.COM
24 MayGold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More - SWN #389Gold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-389YOUTUBE.COM
24 MayWhich OS/Distro?submitted by OnePhoenix to cybersecurity 2 points | 2 comments I’m new to the cyber-security/privacy space. I am interested in teaching myself about it, as well as dabbling in OSINT and general linux-type-stuff too. ATM this is all a hobby so while it is not crucial to have every…SH.ITJUST.WORKS
24 MayAs Many as 1 in 7 Emails Make it Past Your Email FiltersFluctuations in consecutive quarterly reports demonstrates that organizations should be worried that their cyber defenses may not be strong enough to stop phishing attacks.KNOWBE4.COM
24 MayCyberRiskTV Live Coverage from Identiverse 2024 - Day 2CyberRisk Alliance broadcasting live from the CyberRiskTV Studio, Aria Resort & Casino, at Identiverse 2024! Full Show Notes & Schedule: https://securityweekly.com/idv242 Find all of our Identiverse coverage at https://securityweekly.com/idv Visit our website: https://www.securit…YOUTUBE.COM
24 MayCyberRiskTV Live Coverage from Identiverse 2024 - Day 1CyberRisk Alliance broadcasting live from the CyberRiskTV Studio, Aria Resort & Casino at Identiverse 2024! Full Show Notes & Schedule: https://securityweekly.com/idv241 Find all of our Identiverse coverage at https://securityweekly.com/idv Visit our website: https://www.security…YOUTUBE.COM
24 MayFriday Squid Blogging: Dana Squid Attacking CameraFantastic footage of a Dana squid attacking a camera at a depth of about a kilometer. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .SCHNEIER.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
24 MayHow Do Hackers Blend In So Well? Learn Their Tricks in This Expert WebinarDon't be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they're getting smarter every day. Join our FREE webinar "Navigating the SMB Threat Landscape: Key Insi…THEHACKERNEWS.COM
24 MayBloodAlchemy Malware Used to Target Government Agencies in Southern and Southeastern AsiaBLOODALCHEMY is an updated version of Deed RAT, which is believed to be a successor to ShadowPad malware. It has been used in attacks targeting government organizations in Southern and Southeastern Asia.BLOG-EN.ITOCHUCI.CO.JP
🎙️ PODCASTS 1[−]
24 MayCyber Security Today, Week in Review for week ending May 24, 2024This episode features an interview with Treasury Board President Anita Anand, who announced the first cyber security strategy for the Canadian government's IT departments and agenciesCYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 16[−]
24 MaySOCRadar raises $25.2 million to accelerate investments in key areasSOCRadar announced the successful completion of its Series B funding round, raising $25.2 million. The round was led by PeakSpan Capital, with participation from Oxx, reflecting investor confidence in SOCRadar’s innovative approach to cybersecurity.HELPNETSECURITY.COM
24 MayReport Reveals 341% Rise in Advanced Phishing AttacksSecurity experts from SlashNext have reported a 341% increase in malicious phishing links, business email compromise (BEC), QR code, and attachment-based threats in the past six months.INFOSECURITY-MAGAZINE.COM
24 MayWhy Shareable SBOMs are Essential for Software SecurityDevelopment teams need to plan ahead and create shareable SBOMs that are standardized in a format that's readily consumable while also establishing scalable systems for attestation, access management, and data verification, among other factors.REVERSINGLABS.COM
24 MayUK Government in $10.8m Bid to Tackle AI Cyber-ThreatsThe research program will be led by researcher Shahar Avin at the government’s AI Safety Institute and delivered in partnership with UK Research and Innovation and The Alan Turing Institute.INFOSECURITY-MAGAZINE.COM
24 MayUS Man Gets 10 Years for Laundering Cash From Online FraudGeorgia resident Malachi Mullings received a decade-long sentence for laundering money scored in scams against healthcare providers, private companies, and individuals to the tune of $4.5 million.THEREGISTER.COM
24 MayHow Microsoft secures Generative AIEnabling Safety in the Age of Generative AI Discover how Generative AI can be used securely and responsibly, transforming possibilities into safe realities.DATABREACHTODAY.CO.UK
24 MayBolster Raises $14M Led by Microsoft's M12Bolster, an AI startup, has raised $14 million in funding led by Microsoft's M12 to combat malicious phishing emails. Their flagship product, CheckPhish, offers brand and URL verification services to businesses.TECHCRUNCH.COM
24 MayMachine Identities Lack Essential Security Controls, Pose Major ThreatSiloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems, according to a new report by CyberArk.HELPNETSECURITY.COM
24 MayMorocco-based Cybercriminals Cashing in on Bold Gift Card Scams“Rather than scam or phish everyday people directly for gift card-based payments, Storm-0539 infiltrates large retailers and fraudulently issues gift card codes to themselves, virtually printing their own money,” Microsoft’s Vasu Jakkal explained.THERECORD.MEDIA
24 MayBugcrowd Buys Informer to Enhance Attack Surface ManagementBugcrowd CEO Dave Gerry said their acquisition of Brighton, England-based Informer will fuel the adoption of Bugcrowd's penetration testing technology and prompt clients to expand the scope of their bug bounty programs.BANKINFOSECURITY.COM
24 MayA Strategic Approach to Stopping SIM Swap FraudThe UAE No Longer Has Cases of SIM Swap Fraud - Here's Why SIM swap fraud continues to cause substantial financial losses for both consumers and financial institutions, undermining the integrity of the financial ecosystem. In the UAE, the banking industry has incurred considerabl…DATABREACHTODAY.CO.UK
24 MayMicrosoft Copilot fixed worldwide after 24 hour outageAfter over a 24-hour outage, Microsoft's Bing, Copilot, and Copilot in Windows services are back online worldwide, with no information released as to what caused the problem. [...]BLEEPINGCOMPUTER.COM
24 MayMicrosoft: Windows 24H2 will remove Cortana and WordPad appsMicrosoft says the Cortana, Tips, and WordPad applications will be automatically removed on systems upgraded to the upcoming Windows 11 24H2 release. [...]BLEEPINGCOMPUTER.COM
24 MayICQ messenger shuts down after almost 28 yearsThe ICQ messaging app is shutting down on June 26th, marking the end of a much-beloved communication application. [...]BLEEPINGCOMPUTER.COM