Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A widespread malvertising campaign is attempting to trick users into paying phony utility bills, according to researchers at Malwarebytes. “We discovered a prolific campaign of fraudulent ads shown to users via Google searches,” the researchers write. “To give an idea of scale, the number of ads we found exceeds what we have found in previous malvertising cases....The scam begins when a user searches for keywords related to their energy bill.

With the idea in mind to “audio-jack” a live call-based banking transaction, security researchers were successful in inserting cybercriminal-controlled account details. Deepfake audio is nothing new… but it is getting very advanced. So much so, that security researchers at IBM Threat Intelligence were able to test out a hypothesis as to whether it’s possible to perform an audio-based “Man in the Middle” attack.

In the rapidly evolving landscape of artificial intelligence (AI), the launch of Sora by OpenAI marks an unnerving milestone in video synthesis. The unveiling of such revolutionary technology is simultaneously exciting and raises red flags to the broader implications of AI's role in digital content creation and cybersecurity. The potential of Sora to generate up to one-minute video clips from mere text input is staggering.

Patients with cardiovascular issues may appear in one of the Chattanooga Heart Institute (CHI) facilities in Tennessee and Georgia. The network features a substantial team of surgeons, specialists, and cardiologists. CHI provides a comprehensive approach to cardiac care, offering patients exceptional services when needed.

As reliance on software systems continues to grow, so does the emergence of numerous security threats. One notable threat for developers, especially those working with Node.js, is SQL injection. SQL injection is a malicious attack where nefarious SQL code is injected into a system, exposing sensitive information, corrupting or deleting data, and sometimes, granting unauthorized access to attackers.

The internet cookie has been around since the late 1990s and, in its original state, we remember it relatively fondly. Its core aim was to identify users and their website preferences, helping keep track of everything from shopping baskets to user dashboards.

Earlier this month, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning that the hacking group known as “Volt Typhoon” has been lurking in US critical infrastructure systems for at least five years.

Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team is tracking another PaaS called Tycoon Group. The team found Tycoon Group during a regular investigation into a phishing incident, and its distinctive method of communication to its phishing server convinced the team to further explore this active PaaS operation.

Oops… Atlassian already ended support for its server products on February 15, 2024. Yet not all Atlassian users have already switched to Atlassian Cloud or Data Center versions. If you still haven’t migrated to the Cloud or upgraded to a Data Center, it’s high time to think over and take action. Why?

To effectively protect themselves from major threats and minimize cyber risks, organisations must fully understand their digital assets and systems. These could be targeted by unauthorised users looking to exploit weaknesses. However, gaining comprehensive visibility into all potential entry points in an attack surface is a significant challenge in today’s dynamic and distributed IT environments.