The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one…
Mobile users in the US should swiftly move away from using unencrypted SMS and adopt phishing-resistant multifactor authentication (MFA), the latest guidance from the US Cybersecurity and Infrastructure Security Agency (CISA) has urged. The guidance was prompted by the threat…
Dec 20, 2024Ravie LakshmananMalware / Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions…
Dec 20, 2024Ravie LakshmananVulnerability / Cyber Attack A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability…
Dec 20, 2024Ravie LakshmananCISA / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing…
Interpol has called on industry commentators to rethink their use of the term “pig butchering,” arguing that it unnecessarily stigmatizes victims and potentially discourages incident reporting. The cybercrime to which the term refers was recently called out in the policing…
The Russian Federation has labeled cybersecurity firm Recorded Future as “undesirable,” a designation that CEO Christopher Ahlberg considers a compliment. “Some things in life are rare compliments. This being one,” he said in a post on X that included a…
Dec 19, 2024Ravie LakshmananDisinformation / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised…
Using personal data without consent to train AI models will not necessarily infringe the EU’s General Data Protection Regulation (GDPR), according to a new opinion by the European Data Protection Board (EDPB). However, this is on the condition that the…
Dec 19, 2024Ravie LakshmananPrivacy / Data Protection The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and…
All Rights Reserved. Kowatek Blog by IWUCHI
Home | About Us | Disclaimer | Privacy Policy | Contact Us
