In a troubling development for the cybersecurity landscape, Visa has alerted the public to a JavaScript web skimmer called Baka. Concurrently, a group of researchers from ETH Zurich has identified a critical authentication vulnerability in Visa’s EMV-enabled payment cards, which could be exploited by cybercriminals to unlawfully extract funds from…
New Timing Vulnerability Discovered in TLS: Raccoon Attack A recent study has revealed a significant timing vulnerability affecting the Transport Layer Security (TLS) protocol, potentially allowing attackers to compromise encryption and access sensitive communications under specific scenarios. Researchers have labeled this exploit the “Raccoon Attack,” targeting server-side operations in TLS…
A significant security incident has impacted 700Credit, a Fintech and data services entity based in Michigan, USA, which facilitates consumer financing options for dealerships in sectors such as auto, RV, powersports, and marine. According to the company’s breach notification, an “unauthorized access” event resulted in the copying of specific customer…
Major Cyber Breach Hits European Cryptocurrency Exchange Eterbase In a significant cybersecurity incident, Eterbase, a cryptocurrency exchange operating out of Bratislava, Slovakia, has reported a breach that has resulted in the theft of cryptocurrencies valued at $5.4 million. This breach, attributed to an unidentified hacker group, highlights ongoing vulnerabilities within…
New Linux Malware Targets VoIP Systems to Steal Call Metadata Cybersecurity experts have identified a novel strain of Linux malware named “CDRThief,” specifically engineered to exploit vulnerabilities in voice over IP (VoIP) softswitches. This malware aims to extract sensitive phone call metadata from compromised systems, raising significant concerns for businesses…
Microsoft has disclosed its ongoing efforts to phase out the RC4 cryptographic algorithm, a challenge that has persisted for over a decade. According to Steve Syfuhs, who leads the Windows Authentication team at Microsoft, eliminating an algorithm that has been a part of operating systems for the last 25 years…
Cybersecurity professionals have been well aware that cybercriminals would exploit the uncertainty surrounding the COVID-19 pandemic to enhance their cyberattacks. Malicious communications have frequently incorporated COVID-19 themes, leveraging public fear to increase their effectiveness. Though anecdotal evidence has suggested various forms of pandemic-related cyberattacks, concrete data regarding their true impact…
In a significant cyber assault following the assassination of Iranian Major General Qasem Soleimani, the U.S. Department of Justice has indicted two hackers for defacing multiple websites within the United States. The defendants, Behzad Mohammadzadeh, also known as Mrb3hz4d, aged 19, and Marwan Abusrour, known as Mrwn007, aged 25, face…
In a significant move today, the United States government filed charges against five individuals linked to a state-sponsored Chinese hacking group known as APT41, as well as two Malaysian hackers. This group is believed to have compromised over one hundred businesses globally, showcasing a sophisticated range of cyber-espionage and financially…
