Security News > 2024

Email-based attacks have evolved beyond traditional spam and phishing attempts. Email attacks can result in financial losses, reputational damage, and the compromise of sensitive information.

U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans.LoanDepot is one of the largest nonbank retail mortgage lenders in the USA, employing approximately 6,000 people and servicing loans of over $140 billion.

A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains. Microsoft security researcher Igal Lytzki spotted the attacks delivered over hijacked email threads last summer but couldn't retrieve the final payload. In September, AT&T's Alien Labs team of researchers noticed "a spike in phishing emails, targeting specific individuals in certain companies" and started to investigate.

A credit card or PayPal account is required for purchase. You will be billed the total shown above and you will receive a receipt via email once your payment is processed.

Some popular projects using implementations of Kyber are Mullvad VPN and Signal messenger. The KyberSlash flaws are timing-based attacks arising from how Kyber performs certain division operations in the decapsulation process, allowing attackers to analyze the execution time and derive secrets that could compromise the encryption.

January 2024 Patch Tuesday forecast: A Focus on PrintingThis article aims to provide a quick summary of some of the latest trends, announcements, and changes associated with IT patch operations while looking at the upcoming Patch Tuesday and what software updates to expect. Emerging cybersecurity trends and expectations for 2024In this Help Net Security video, John Dwyer, Head of Research at IBM X-Force, discusses how 2024 is poised to be an incredibly impactful year for cyber attacks, driven by world events and access to advanced technologies like AI. 15 open-source cybersecurity tools you'll wish you'd known earlierIn this article, you will find a list of open-source cybersecurity tools that you should definitely check out.

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. Last week, cybersecurity firm CloudSEK revealed that these information-stealing malware operations are abusing a Google OAuth "MultiLogin" API endpoint to generate new, working authentication cookies when a victim's original stolen Google cookies expire.

Those who frequent the space are now bombarded by what appears to be an endless stream of malicious ads. "Im not lying when I say EVERY single ad I am seeing on X is a scam link targeted at crypto to drain peoples wallets," reads a post on X. While attackers have been abusing X's ad platform for some time, the sheer volume of malicious ads has increased rapidly over the past month, causing security researcher MalwareHunterTeam to track them.

Opinion A general ban on ransomware payments, as was floated by some this week, sounds like a good idea. Such a ban would need to be universal or else ransomware crews will simply focus on victims in other geographic regions that don't prohibit payments.

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands have been targeted as part of a new cyber...