New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. […]
Monthly Archives: December 2024
GitHub has a problem with inauthentic “stars” used to artificially inflate the popularity of scam and malware distribution repositories to appear more popular, helping them reach more unsuspecting users. […]
The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens’ personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. “This final rule is a crucial step forward in addressing the […]
The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to secure patients’ health data following a surge in massive healthcare data leaks. […]
The United States Treasury Department said it suffered a “major cybersecurity incident” that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. “On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to […]
Cybersecurity researchers have uncovered three security weaknesses in Microsoft’s Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. “Exploiting these flaws could allow attackers to gain persistent access as shadow administrators
30
Dec
Dec
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South […]
Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency. […]
Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. […]
Microsoft is forcing .NET developers to quickly update their apps and developer pipelines so they do not use ‘azureedge.net’ domains to install .NET components, as the domain will soon be unavailable due to the bankruptcy and imminent shutdown of CDN provider Edgio. […]