European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China The Hacker [email protected] (The Hacker News)
January 16, 2025

Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union …


Chinese Innovations Spawn Wave of Toll Phishing Via SMS Krebs on SecurityBrianKrebs
January 16, 2025

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee …


Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting The Hacker [email protected] (The Hacker News)
January 16, 2025

The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims' WhatsApp accounts, signaling a departure from its longstanding tradecraft in a …


Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action The Hacker [email protected] (The Hacker News)
January 16, 2025

The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up …


The $10 Cyber Threat Responsible for the Biggest Breaches of 2024 The Hacker [email protected] (The Hacker News)
January 16, 2025

You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% …


New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits The Hacker [email protected] (The Hacker News)
January 16, 2025

Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier …


Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions The Hacker [email protected] (The Hacker News)
January 16, 2025

Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. "A simple misconfiguration in …


Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer The Hacker [email protected] (The Hacker News)
January 16, 2025

Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious …


Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws The Hacker [email protected] (The Hacker News)
January 15, 2025

Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the …


Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager The Hacker [email protected] (The Hacker News)
January 15, 2025

Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. All …