Security News Bundle

"Telegram Marketplaces fuel phishing attacks with easy-to-use-kits and malware."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 31 January 2024, 1555 UTC.

Content and Source: ("Security News Bundle").

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (

Security News Bundle



Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. "This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and
Today, password security pros, Keeper Security have released the key findings from its latest survey about the state of cybersecurity and the burgeoning threats that are keeping cyber professionals up at night. The survey of more than 800 IT security leaders around the globe finds that the vast majority (95%) believe cyberattacks are more sophisticated than they have ever been. AI-powered attacks


Ivanti warns of two new vulnerabilities in its Connect Secure and Policy Secure products, one of which is actively exploited in the wild. Ivanti is warning of two new high-severity vulnerabilities in its Connect Secure and Policy Secure solutions respectively tracked as CVE-2024-21888 (CVSS score: 8.8) and CVE-2024-21893 (CVSS score: 8.2). The software company also warned that one of these two vu
Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. Researchers f
The SEC isn’t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps connected to them. The new cybersecurity mandates make no distinction between data exposed in a breach that was stored on-premise, in the
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics. "UNC4990 operations generally involve widespread USB infection followed by the deployment of the
Nick Graham, Chief Technology Officer at information security software business Hicomply discusses the recent surge in interest around artificial intelligence. He explains why his company is focused on developing AI tools that deliver benefits over media buzz. There’s been a distinct pattern to the way that tech trends manifest over the last 20 years or so. Whether it’s The Internet of Things, bl


Popular posts from this blog

SecurityWeek Briefing.

SecurityWeek Briefing.

Cyber War News Wire.