Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk https://firewall.firm.in/wp-content/uploads/2024/09/chip-hacking.png Sep 23, 2024Ravie LakshmananIoT Security / Vulnerability A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum ...

Why ‘Never Expire’ Passwords Can Be a Risky Decision https://firewall.firm.in/wp-content/uploads/2024/09/password.png Sep 23, 2024The Hacker NewsPassword Management / Data Breach Password resets can be frustrating for end users. Nobody likes being interrupted by the ‘time to change your password’ notification – and they like it even less when the new passwords they create are rejected by their organization’s password policy. IT ...

THN Cybersecurity Recap: Last Week’s Top Threats and Trends (September 16-22) https://firewall.firm.in/wp-content/uploads/2024/09/recap.png Sep 23, 2024Ravie LakshmananCybersecurity / Cyber Threat Hold on tight, folks, because last week’s cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling “dream jobs” to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly ...

Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks https://firewall.firm.in/wp-content/uploads/2024/09/malware.png A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber attacks against Russian targets. “Rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims’ data and then destroy their infrastructure with a wiper to prevent recovery,” ...

Disney to stop using Salesforce-owned Slack after hack exposed company data – ET CISO https://etimg.etb2bimg.com/thumb/msid-113513284,imgsize-19502,width-1200,height=765,overlay-etciso/data-breaches/disney-to-stop-using-salesforce-owned-slack-after-hack-exposed-company-data.jpg Walt Disney plans to transition away from its use of Slack as a companywide workplace collaboration system, after a hacking entity leaked online more than a terabyte of company data, according to a report in the Status media newsletter. Disney’s CFO Hugh Johnston said most ...

Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials https://firewall.firm.in/wp-content/uploads/2024/09/cybercrime.png Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The phishing-as-a-service (PhaaS) platform, called iServer, is estimated to have claimed more than 483,000 victims globally, led by Chile (77,000), Colombia (70,000), Ecuador (42,000), Peru ...

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails https://firewall.firm.in/wp-content/uploads/2024/09/CYBERATTAC.png A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor. “Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on just one country,” Kaspersky said in ...

Wherever There’s Ransomware, There’s Service Account Compromise. Are You Protected? https://firewall.firm.in/wp-content/uploads/2024/09/ransomware.png Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities (NHI) accounts have become one of the most targeted and compromised attack surfaces. Assessments report that compromised service accounts play a key role in ...

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms https://firewall.firm.in/wp-content/uploads/2024/09/hacking.png Sep 19, 2024Ravie LakshmananCyber Attack / Hacking Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software, according to new findings from Huntress. “Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product’s default credentials,” the ...

Dozens of websites offering targeted marketing leads – ET CISO https://etimg.etb2bimg.com/thumb/msid-113247284,imgsize-213250,width-1200,height=765,overlay-etciso/data-breaches/dozens-of-websites-offering-targeted-marketing-leads.jpg The flight you took recently, the broadband connection you requested, the car insurance that is expiring soon, the apartment you sold, or even the mutual fund you invested in, are all turning into a fair game for data collectors. Such information can be exchanged for as little as Rs ...