Biztonsági szemle

Hamas spokesperson Hudhayfa Samir Abdallah al-Kahlut, also known as "Abu Ubaida," has been sanctioned by the U.S. Treasury Department for his leadership of the group's cyber influence operations, reports The Record, a news site by cybersecurity firm...

The FBI and Australian Federal Police have partnered to arrest and indict an unnamed Australian who developed Firebird/Hive remote access trojan and California-based Edmond Chakhmakchyan, also known as Corruption, who allegedly marketed the RAT...

StateScoop reports that new legislation that would establish the Water Risk and Resilience Organization to strengthen cybersecurity in water and wastewater systems across the U.S. was unveiled by Reps. John Duarte, R-Calif., and Rick Crawford, R-Ariz...

Bipartisan approval of legislation that would reauthorize Section 702 of the Foreign Intelligence Surveillance Act has been achieved by the House a week before the surveillance tool's expiration on Apr. 19, reports The Associated Press.

Major Canadian retail chain Giant Tiger had a database containing information from more than 2.8 million customers exposed by a threat actor who claimed responsibility for targeting the discount store chain last month, BleepingComputer reports.

TechCrunch reports that U.S. conservative think tank The Heritage Foundation was working on addressing a cyberattack against its systems last week, but investigation into whether any of its data was compromised is still underway.

Nexperia had some of its servers confirmed to be compromised in a cyberattack last month following a report from Dutch broadcast firm RTL detailing attackers' claims of having exfiltrated hundreds of gigabytes of data from the Chinese-owned Dutch...

Iranian state-backed threat operation MuddyWater, also known as TA450, Mango Sandstorm, and Boggy Sandstorm, has leveraged the novel DarkBeatC2 command-and-control infrastructure tool as part of its latest attack campaign, The Hacker News reports.

Several states are looking to pass laws making ransom payments illegal – only time will tell if the new statues work.

The max severity (CVSS 10) bug enables command injection through the GlobalProtect feature.

A PowerShell script used to deploy the infostealer contains unusually specific comments, researchers say.

Organizations must protect their backups as if their business survivability depended on it.