Year: 2024

Video communications giant Zoom announced on Tuesday that post-quantum end-to-end encryption (E2EE) has been added to Zoom Workplace. The feature, which leverages the Kyber 768 key encapsulation method, is currently available worldwide in Zoom Meetings, with Zoom Phone and Zoom Rooms coming soon. Zoom claims it is the first unified communications-as-a-service company to offer a post-quantum E2EE […]

A critical vulnerability discovered recently in a Python package used by AI application developers can allow arbitrary code execution, putting systems and data at risk. The issue, discovered by researcher Patrick Peng (aka retr0reg), is tracked as CVE-2024-34359 and it has been dubbed Llama Drama. Cybersecurity firm Checkmarx on Thursday published a blog post describing the vulnerability and […]

Cybercriminals who have been using the Black Basta ransomware have been observed abusing the remote management tool Quick Assist in vishing (voice phishing) attacks, Microsoft reports. Active since 2022 and believed to have hit over 500 organizations globally, Black Basta is a ransomware-as-a-service (RaaS) that likely received over $100 million in ransom payments from its victims. Last […]

When is a ‘Thank you’ not a ‘Thank you’? When it’s a sneaky bit of code that’s been hidden inside a ‘Thank You’ image that somebody posted in the comments section of a product page! The guilty secret hidden inside this particular piece of code was designed to let hackers bypass security controls and steal […]

The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors’ attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department […]

A newly identified Android trojan can steal user information and provide attackers with the ability to take control of infected devices, threat detection company ThreatFabric reports. Dubbed Brokewell, the trojan includes all the capabilities of mobile banking malware, while also providing attackers with remote access to devices. Brokewell is being distributed via fake application updates, such […]

As of December 18, 2023, publicly traded organizations must comply with the Security and Exchange Commission (SEC) incident disclosure regulations, which were originally unveiled in July 2023. Under the new rules, publicly traded companies will be required to report cyber incidents within four business days of determining that the incident is “material,” meaning it would potentially impact a […]

United States officials say they dismantled a China-backed hacking operation targeting civilian infrastructure, but the Federal Bureau of Investigation (FBI) warned of future threats if the two superpowers ever go to war. The Chinese state-sponsored hacking group Volt Typhoon allegedly sought to damage public sector facilities such as water treatment plants, the electric grid, oil and natural […]