Collecting Cyber-News from over 60 sources

Tag: computer

The Zoom attack you didn’t see coming

Apr 18, 2025 4:28 PM

Tags: attack, computer, control

Did you know that when participating in a Zoom call, you can grant permission to other participants to control your computer remotely? While this feature may come in handy … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/18/zoom-remote-control-attack/
Your Network Is Showing Time to Go Stealth

Apr 17, 2025 6:28 PM

Tags: access, ai, attack, authentication, backdoor, breach, china, cisco, cloud, computer, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, exploit, firewall, firmware, fortinet, group, Hardware, infrastructure, mfa, network, software, theft, threat, tool, update, vpn, vulnerability, zero-day
CISOs no closer to containing shadow AI’s skyrocketing data risks

Apr 17, 2025 10:28 AM

Tags: access, ai, authentication, awareness, best-practice, breach, business, ceo, chatgpt, ciso, compliance, computer, control, cybersecurity, data, data-breach, detection, finance, framework, github, google, governance, group, jobs, law, leak, LLM, mitigation, monitoring, privacy, RedTeam, regulation, risk, risk-management, service, software, technology, theft, tool, training, unauthorized, vulnerability

While most organizations (90%) offer sanctioned generative AI apps and even more (98%) offer their users apps that incorporate gen AI features, unauthorized use of AI services is skyrocketing in business, according to a study by Netskope.Most gen AI use in the enterprise (72%) is shadow IT, driven by individuals using personal accounts to access…
Frequently Asked Questions About the MITRE CVE Program Expiration and Renewal

Apr 16, 2025 11:28 PM

Tags: advisory, attack, cisa, computer, cve, cybersecurity, data, exploit, government, incident response, infrastructure, mitre, nvd, open-source, risk, tactics, update, vulnerability, vulnerability-management

Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation. Background The Tenable Security Response Team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding changes around the MITRE CVE Program. As…
CVE program averts swift end after CISA executes 11-month contract extension

Apr 16, 2025 6:28 PM

Tags: china, cisa, computer, cve, cyber, cybersecurity, data, defense, detection, endpoint, flaw, framework, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, software, technology, threat, update, vulnerability, vulnerability-management

Important update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure…
Whistleblower Accuses DOGE of Data-Harvesting Cover Up

Apr 16, 2025 1:28 AM

Tags: access, computer, data, government, russia

Complaint Says Russia-Based IP Address Attempted to Gain Access as DOGE Took Data. A whistleblower has accused staffers from the Department of Government Efficiency of attempting to cover their tracks while collecting troves of sensitive data from the independent labor agency’s computer systems, raising significant security concerns. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/whistleblower-accuses-doge-data-harvesting-cover-up-a-28013
Morocco Investigation Major Data Breach Allegedly Claimed by Algerian Hackers

Apr 14, 2025 4:33 PM

Tags: attack, breach, computer, cyber, data, data-breach, hacker

The National Social Security Fund (CNSS) of Morocco has confirmed that initial checks on leaked documents circulating on social media have revealed that much of the information is false, inaccurate, or incomplete. Officials state these documents originated from a cyber attack targeting the organization’s computer systems. The CNSS has activated security protocols, launched an internal…
Frequently Asked Questions About Model Context Protocol (MCP) and Integrating with AI for Agentic Applications

Apr 11, 2025 5:05 AM

Tags: access, advisory, ai, api, attack, authentication, computer, control, cybersecurity, data, email, endpoint, injection, jobs, LLM, malicious, monitoring, network, open-source, risk, saas, service, software, tool, training, update

The emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates are good news for AI developers, they raise some security concerns. In this blog we address FAQs about MCP. Background Tenable Research has compiled this blog…
Russian Shuckworm APT is back with updated GammaSteel malware

Apr 11, 2025 12:05 AM

Tags: apt, attack, computer, control, data, defense, detection, group, infrastructure, malware, powershell, russia, service, software, threat, tool, ukraine, windows

files.lnk, launched from an external drive. This was recorded under the UserAssist key in the Registry, which stores a record of files, links, applications, and objects accessed by the current user through Windows Explorer.After that file was executed, it launched mshta.exe, a Windows binary that can be used to execute VBScript and JScript locally on…
Why Codefinger represents a new stage in the evolution of ransomware

Apr 10, 2025 3:06 PM

Tags: access, advisory, attack, backup, best-practice, breach, business, cisco, cloud, computer, credentials, cybersecurity, data, defense, exploit, malicious, network, password, ransom, ransomware, risk, strategy, technology, threat, vmware

A new type of ransomware attack: The fundamentals of the Codefinger attack are the same as those in most ransomware attacks: The bad guys encrypted victims’ data and demanded payment to restore it.However, several aspects of the breach make it stand out from most other ransomware incidents:Attack vector: In traditional ransomware attacks, the attack vector…
Post-Quantum Cryptography: Preparing for a Quantum Future

Apr 9, 2025 5:55 PM

Tags: computer, computing, cryptography, infrastructure, threat

As quantum computing continues to evolve, the security of our digital infrastructure is under increasing scrutiny. While quantum computers promise groundbreaking advancements, they also pose a significant threat to the cryptographic algorithms that protect sensitive information across the internet. Enter Post-Quantum Cryptography (PQC) which is our path to quantum safe security. In this blog, we’ll……
Spionage-Ring Sednit greift isolierte Netzwerke an

Apr 9, 2025 5:55 PM

Tags: computer, cyberattack

Der Spionage-Ring Sednit, auch bekannt als Sofacy-Gruppe, APT28 oder ‘Fancy Bear”, treibt schon seit einiger Zeit sein Unwesen und hat bereits eine Vielzahl an Institutionen angegriffen. Vor kurzem haben wir einen Angriff entdeckt, im Zuge dessen die Gruppe physikalisch isolierte Computer-Netzwerke angreift, um mithilfe von Wechseldatenträgern sensible Dateien abzugreifen. First seen on welivesecurity.com Jump to…
WK Kellogg informiert über Datendiebstahl

Apr 9, 2025 5:55 PM

Tags: computer, cve, cyberattack, ransomware, service, vulnerability, zero-day

Der für seine Cornflakes bekannte Lebensmittelkonzern WK Kellogg wurde um Daten beraubt.WK Kellogg, bekannt für seine Frühstücksprodukte wie Cornflakes und Frosties, teilte kürzlich mit, dass bei einem Angriff im Jahr 2024 Unternehmensdaten gestohlen wurden. In einer Mitteilung an die zuständigen Behörden heißt es, dass zu den offengelegten Daten auch Namen und Sozialversicherungsnummern gehören. Nach eigenen…
Botnet-Malware: Was steckt dahinter und wie schütze ich mich?

Apr 9, 2025 5:55 PM

Tags: botnet, computer, malware

Malware oder schadhafter Code ist schon seit mehr als 40 Jahren in irgendeiner Form im Umlauf. Aber ein Einsatz von Malware zur Fernsteuerung verschiedener Computer, die als ein sogenanntes Botnet organisiert sind, ist ein Phänomen des 21. Jahrhunderts. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2014/10/24/botnet-malware-was-steckt-dahinter-wie-schutze-ich-mich/
Millionen Computer durch BIOS-Schwachstelle gefährdet

Apr 9, 2025 5:55 PM

Tags: computer, cyberattack, vulnerability

Auf der CanSecWest-Konferenz in Vancouver, Kanada, haben zwei Sicherheitsforscher in ihrem Vortrag ‘How Many Million BIOSes Would You Like To Infect?” vor Schwachstellen im BIOS vieler Computer gewarnt. Die gefundenen Sicherheitslücken ermöglichen Hackern offenabr relativ leicht, Angriffe auszuführen. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/03/24/millionen-computer-durch-bios-schwachstelle-gefaehrdet/
Windows-Gefahren: Vergangenheit, Gegenwart und Zukunft

Apr 9, 2025 5:55 PM

Tags: computer, malware, mobile, windows

Mobile Malware befindet sich auf dem Vormarsch, doch die fragmentierte Marktsituation erschwert den Cyberkriminellen ihre Arbeit ganz im Gegensatz zu der Welt der Desktops und Laptops: Laut Net Marketshare laufen seit letztem Monat 90 Prozent der Computer unter einer Windows-Version. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/05/19/windows-gefahren-vergangenheit-gegenwart-und-zukunft/
Infografik: Alternativen zu Passwörtern

Apr 9, 2025 5:55 PM

Tags: computer, hacker, password

Das Passwort ist ein stetiger Begleiter in unserem Computer-Alltag. Ob bei der Anmeldung zu unserem Benutzerkonto auf dem PC, beim Onlinebanking oder im Unternehmen überall erhalten wir den Zugang über ein Passwort. Doch seit einigen Jahren gerät diese Authentifizierungsmethode mehr und mehr in Verruf, ein Einfallstor für böswillige Hacker zu sein. First seen on welivesecurity.com…
Tech experts recommend full steam ahead on US export controls for AI

Apr 8, 2025 11:51 PM

Tags: ai, china, computer, control

While the efficiency of newer Chinese models like DeepSeek have rumbled U.S. AI markets, experts say previous restrictions on the sale of computer chips and other important components are having an impact. First seen on cyberscoop.com Jump to article: cyberscoop.com/china-deepseek-export-controls-congress-i/
Lawsuit: Hospital Pharmacist Spied on Coworkers for a Decade

Apr 8, 2025 11:51 PM

Tags: computer, healthcare, software, spy

University of Maryland Medical Center Said FBI Is Also Investigating Case. An academic medical center is facing a class action lawsuit alleging one of its pharmacists installed keylogging software on 400 computers over a decade to spy on the personal lives and intimate moments of coworkers. The pharmacist is also facing a criminal investigation, the…
Fake Microsoft Office add-in tools push malware via SourceForge

Apr 8, 2025 11:51 PM

Tags: computer, malware, microsoft, office, threat, tool

Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims’ computers to both mine and steal cryptocurrency. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-microsoft-office-add-in-tools-push-malware-via-sourceforge/
Pharmacist accused of compromising computers to spy on colleagues

Apr 8, 2025 10:43 PM

Tags: computer, spy

First seen on scworld.com Jump to article: www.scworld.com/news/pharmacist-accused-of-compromising-computers-to-spy-on-colleagues
Beyond Bits and Bytes: How Quantum AI Could Solve Humanity’s Biggest Problems

Apr 8, 2025 7:42 PM

Tags: ai, computer, supply-chain, tool

1. The Dead Weight of Classical Thinking Classical computers were never built to understand the world”, they were built to count. And they’ve done it well. Transistors, logic gates, memory”, all sharp-edged tools in a tidy box. But humanity’s problems aren’t tidy. Climate chaos, drug discovery, supply chains knotted like pub brawls”, all a bit…
Ransomware-Attacke auf Europcar

Apr 8, 2025 3:42 PM

Tags: access, android, backup, cloud, computer, cyberattack, dark-web, gitlab, hacker, infrastructure, mail, ransomware

Europcar hat einen Cyberangriff mit Datendiebstahl erlitten.Im Darknet sind kürzlich Hinweise auf einen Cyberangriff bei Europcar aufgetaucht, bei dem Kundendaten und andere vertrauliche Informationen entwendet wurden. Wie aus einem Bericht von Bleeping Computer hervorgeht, ist der Angreifer in die Gitlab-Repositories des Fahrzeugvermieters eingedrungen und hat Daten von 200.000 Kunden und den Quellcode für Android- und…
Arguing Against CALEA

Apr 8, 2025 3:42 PM

Tags: breach, computer, cybersecurity, data, data-breach, infrastructure, jobs, law, phone, threat, unauthorized

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that…
UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine

Apr 8, 2025 1:42 PM

Tags: attack, computer, cyber, email, government, law, malicious, military, phishing, ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware.The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine’s eastern border, the agency said.The attacks involve distributing phishing emails First seen on thehackernews.com Jump…
Credential Dumping: GMSA

Apr 6, 2025 2:42 PM

Tags: attack, computer, credentials, group, service

ReadGMSAPassword Attack is a technique where attackers abuse misconfigured Group Managed Service Accounts (gMSA) to retrieve their passwords. In Active Directory, only specific computers or First seen on hackingarticles.in Jump to article: www.hackingarticles.in/credential-dumping-gmsa/
Maryland pharmacist used keyloggers to spy on coworkers for a decade, victim alleges

Apr 5, 2025 5:45 AM

Tags: computer, healthcare, spy, spyware

A Maryland pharmacist installed spyware on hundreds of computers at a major teaching hospital and recorded videos of staff over the course of a decade, a class-action lawsuit alleges. First seen on therecord.media Jump to article: therecord.media/maryland-pharmacist-keylogger-spying-lawsuit
Cybersecurity Snapshot: SANS Recommends Six Controls To Secure AI Systems, While NCSC Warns About Outdated API Security Methods

Apr 4, 2025 5:42 PM

Tags: access, advisory, ai, api, attack, authentication, best-practice, botnet, business, cisa, cloud, compliance, computer, control, credentials, cryptography, cyber, cyberattack, cybersecurity, data, detection, dns, endpoint, framework, governance, government, incident response, infrastructure, injection, intelligence, Internet, least-privilege, malicious, mitigation, monitoring, network, phishing, privacy, programming, regulation, resilience, risk, risk-management, sans, service, strategy, supply-chain, threat, training, unauthorized, update, zero-trust

Check out the security controls that SANS Institute says are essential for protecting your AI systems. Plus, the U.K. NCSC urges organizations to adopt newer API security techniques. In addition, CISA and other cyber agencies warn that attackers are using “fast flux” techniques to conceal their actions. And much more! Dive into five things that…
Royal Mail untersucht Datenleck

Apr 4, 2025 3:42 PM

Tags: computer, cyberattack, dark-web, data-breach, germany, hacker, mail, ransomware, software

Der britische Postdienst Royal Mail untersucht Hinweise auf ein Datenleck. Hintergrund könnte der gleiche wie bei dem Fall von Samsung Deutschland sein.Rund zwei Jahre nach der massiven Ransomware-Attacke auf Royal Mail kursieren aktuell Hinweise auf einen neuen Cybervorfall. Am 31. März behauptete ein Hacker namens ‘GHNA” in einem Darknet-Forum, dass er 144 Gigabyte Daten bei…
CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware

Apr 4, 2025 11:42 AM

Tags: attack, computer, cyberattack, government, infrastructure, malware, ukraine

CERT-UA reported three cyberattacks targeting Ukraine’s state agencies and critical infrastructure to steal sensitive data. The Computer Emergency Response Team of Ukraine (CERT-UA) reported three cyberattacks in March 2025 targeting Ukrainian agencies and infrastructure to steal sensitive data. This activity is tracked under the identifier UAC-0219. >>The Ukrainian government’s computer emergency response team, CERT-UA, is…