Security News > 2024 > February

Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in...

SolarWinds has released updates for Access Rights Manager and Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. The company whose Orion IT administration platform has been infamously compromised in 2020 to deploy backdoors on select agencies' and companies' systems, has patched five vulnerabilities affecting its Access Rights Manager solution.

The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar...

70% of businesses report that fraud losses have increased in recent years and over half of consumers feel they're more of a fraud target than a year ago, according to Experian. Experian predicts fraudsters will use generative AI to accelerate "Do-it-yourself" fraud with a wide range of deepfake content, such as emails, voice and video as well as code creation to set up scam websites and perpetuate online attacks.

Unlike conventional systems that often rely on perimeter defenses, zero trust adopts a more discerning philosophy, treating every user, device, and transaction as untrusted by default. In this Help Net Security round-up, we present segments from previously recorded videos in which cybersecurity experts emphasize the importance of zero trust in the context of cybersecurity, underscoring its crucial role in mitigating the risks posed by cyber threats and evolving attack vectors.

The Department of State announced last week that it was offering $10 million for information identifying key leaders in the ALPHV ransomware gang or their locations, and $5 million for information leading to the arrest or conviction of anyone "Participating in or conspiring or attempting" to use the gang's notorious ransomware. ALPHV has made a habit of going after critical infrastructure targets, and last week claimed responsibility for an attack on the company operator of the Canadian Trans-Northern Pipelines, allegedly stealing around 190GB of data.

State and county officials have been urged to use paper ballots wherever possible over electronic ones, and ensure all election offices have procedures in place to handle potentially lethal substances, specifically fentanyl, anthrax, and ricin. On election threats, "We anticipate AI being leveraged for deception campaigns," said Michelle Alvarez, strategic threat analysis manager for IBM X-Force.

Ukraine's cyber police arrested a 31-year-old for running a cybercrime operation that gained access to bank accounts of American and Canadian users and sold it on the dark web. "To distribute his virus, the hacker created and administered several websites, offering users to download various software for free," reads the police's announcement.

The future of cybersecurity: Anticipating changes with data analytics and automationIn this Help Net Security interview, Mick Baccio, Staff Security Strategist at Splunk SURGe, discusses the future of cybersecurity, emphasizing the importance of data analytics and automation in addressing evolving threats. Rise in cyberwarfare tactics fueled by geopolitical tensionsIn this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies in 2024.

A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka...