CISA Warns of Critical Exploited Vulnerability in SolarWinds Web Help Desk Software
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation.
Online Fraud Losses to Skyrocket 141% by 2029 as AI-Driven Attacks Escalate
A new study from Juniper Research reveals that online fraud losses are projected to surge from $44 billion in 2024 to $107 billion by 2029, marking a 141% increase. The report, titled Global Merchant Fraud Prevention Market 2024-2029, attributes this significant rise to the growing sophistication of attacks driven by advancements in AI technology. One major concern highlighted is the use of deepfakes to bypass verification systems, which the report identifies as a critical threat to the ecommerce landscape.
MoneyGram Hack Exposes Customer Data, Sparks Security Concerns
In a recent cyberattack, MoneyGram, the global money transfer service, fell victim to a data breach that exposed sensitive customer information. The hack, which was discovered earlier this month, compromised a significant portion of MoneyGram's transaction database, raising concerns about the safety of financial data within the company’s infrastructure. The breach has alarmed customers and regulators alike, with early investigations suggesting that the attackers accessed payment records, personal information, and potentially financial data belonging to thousands of MoneyGram users.
API Vulnerabilities and Bot Attacks Cost Businesses up to $186 Billion Annually, Report Reveals
Organizations are facing increasing financial losses, estimated between $94 billion to $186 billion annually, due to vulnerable APIs (Application Programming Interfaces) and automated bot attacks, according to The Economic Impact of API and Bot Attacks report by Imperva, a Thales company.
North Korean APT Group Stonefly Escalates Cyber Attacks on U.S. Companies Despite Indictment
Despite the indictment of one of its alleged members, the North Korean APT group known as Stonefly (aka APT45) continues to target U.S. companies, according to warnings from Symantec threat analysts. Stonefly, also referred to as Andariel and OnyxFleet, is linked to the Reconnaissance General Bureau (RGB), a North Korean military intelligence agency.
U.S. and Microsoft Seize 107 Russian-Linked Domains in Major Cyber Fraud Crackdown
Microsoft and the U.S. Department of Justice (DoJ) announced the seizure of 107 internet domains linked to Russian state-sponsored threat actors, used to carry out computer fraud and abuse.
State-Sponsored Cyberattack Exposes Personal Data of 63,000 Dutch Police Officers
A foreign government is believed to have orchestrated a cyberattack on the Dutch police force, exposing the contact details of nearly 63,000 officers. The breach, which occurred on September 26, 2024, was a sophisticated operation targeting a specific police account.
Protecting Active Directory: Key Vulnerabilities, Attack Techniques, and Mitigation Strategies
Active Directory (AD), Microsoft’s widely used directory service for Windows domain networks, has become a common target in cyber intrusions due to its complex structure and permissive default settings.
