2024

  • Amazon Web Services (AWS) is pleased to announce the issuance of the Criteria to Assess the Information Security of Cloud Services (PiTuKri) Type II attestation report with 179 services in scope. The Finnish Transport and Communications Agency (Traficom) Cyber Security Centre published PiTuKri, which consists of 52 criteria that provide guidance across 11 domains for…

    Read More

  • Amazon Web Services (AWS) is pleased to announce the issuance of the Swiss Financial Market Supervisory Authority (FINMA) Type II attestation report with 179 services in scope. The Swiss Financial Market Supervisory Authority (FINMA) has published several requirements and guidelines about engaging with outsourced services for the regulated financial services customers in Switzerland. An independent…

    Read More

  • Attacks Hit Hospitals, Clinics in California, Alabama and ColoradoThree healthcare entities – including a California hospital and outpatient care provider, an Alabama cardiology practice, and a Colorado community health system, are notifying a total of more than 1.2 million individuals that their sensitive information was compromised in 2024 hacks.

    Read More

  • Attacks Hit Hospitals, Clinics in California, Alabama and ColoradoThree healthcare entities – including a California hospital and outpatient care provider, an Alabama cardiology practice, and a Colorado community health system, are notifying a total of more than 1.2 million individuals that their sensitive information was compromised in 2024 hacks.

    Read More

  • In 2024, authorities took aim at ransomware gangs, malware developers, cybercriminal infrastructure and cryptocurrency thieves. Here’s a look at the effects of these operations.

    Read More

  • A supply-chain attack can totally thwart all a targeted company’s efforts to protect its infrastructure. Preventing such attacks is extremely difficult because a significant portion of an attack occurs in infrastructure that’s not within the security team’s control. This makes supply-chain attacks one of the most dangerous threats in recent years, and today we’ll look…

    Read More

  • A total of 768 CVE-listed vulnerabilities exploited in the wild, a 20% increase from 2023.

    Read More

  • Delta County Memorial Hospital District (Delta Health) in Colorado was the victim of a cyberattack at the end of May 2024. Whatever happened — and the details still haven’t been disclosed — resulted in the provider notifying HHS on July 29 that it had suffered a breach, but the number was not yet known. The…

    Read More

  • Andrew Shikiar, CEO and Executive Director of the FIDO Alliance has been a vocal advocate for passkeys. PC Mag notes that Shikiar didn’t mince words about the current state of password security.Read Entire Article

    Read More

  • You may have noticed a slight drop in the amount of coverage of ransomware on our Kaspersky Daily blog in recent years. Sadly, it’s not that ransomware attacks have stopped. Far from it — such incidents are now so commonplace that they’ve become part of the cyber-furniture. Nevertheless, some ransomware attacks still have the power…

    Read More

  • Google blocked 2.3 million Android app submissions to the Play Store in 2024 due to violations of its policies that made them potentially risky for users. […]

    Read More

  • Threat actors increasingly deployed web shells against vulnerable web applications and primarily exploited vulnerable or unpatched public-facing applications to gain initial access in Q4, a notable shift from previous quarters. The functionality of the web shells and targeted web applications varied across incidents, highlighting the multitude of ways threat actors can leverage vulnerable web servers…

    Read More

  • Threat actors increasingly deployed web shells against vulnerable web applications and primarily exploited vulnerable or unpatched public-facing applications to gain initial access in Q4, a notable shift from previous quarters. The functionality of the web shells and targeted web applications varied across incidents, highlighting the multitude of ways threat actors can leverage vulnerable web servers…

    Read More

  • Posted by Bethel Otuteye and Khawaja Shams (Android Security and Privacy Team), and Ron Aquino (Play Trust and Safety) Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your…

    Read More

  • Bambu Labs have been in the news lately. Not because of the machines themselves, but because they are proposing a firmware change that many in our community find restricts their freedom to use their own devices. What can be done? [Joshua Wise] gave a standout talk on the Design Lab stage at the 2024 Hackaday…

    Read More

  • Top 10 Exploited Vulnerabilities of 2024 Organizations face a relentless battle against vulnerabilities that threaten their critical assets, and 2024 has proven to be no exception. Cybersecurity teams constantly juggle priorities, racing to patch gaps before attackers exploit them. But what happens when resources are stretched thin or when the exploitation of a vulnerability takes…

    Read More

  • 2024 Annual Report

    ·

    Explore our 2024 Threat Analysis and 2024 PredictionsIn 2024, two key trends defined the cybersecurity landscape: the resilience of cybercriminal networks despite law enforcement actions and the growing complexity of enterprise attack surfaces. In addition, state-sponsored threat actors, primarily linked to China and Russia, intensified their focus on critical infrastructure and leveraged generative AI to…

    Read More

  • With an increasing number of cyberattacks, rising costs, and escalating geopolitical tensions around the world, cybersecurity will continue to be top of mind for organizations in 2025. In our new threat report roundup, we look back at 900 million attacks observed in the threat landscape of 2024. This is up 114% from last year’s 420…

    Read More

  • Let’s talk about last year’s perspective research. Researchers have gathered a wealth of interesting material. Let’s go through the reports to see what can be applied in practice and what is worth deeper exploration.Attacking the developer: vulnerability in WinDBGLet me start with some research conducted by our Advanced Research Team. We discovered an interesting feature in…

    Read More

  • … collaboration with the FBI and Interpol, launched campaigns aimed at sabotaging …

    Read More

Post
Filter
Apply Filters