Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video...
News
North Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack
A North Korean state-sponsored threat actor tracked as Diamond Sleet is distributing a trojanized version of a legitimate application developed...
Open-source Blender project battling DDoS attacks since Saturday
Blender has confirmed that recent site outages have been caused by ongoing DDoS (distributed denial of service) attacks that started...
The Black Friday 2023 Security, IT, VPN, & Antivirus Deals
Black Friday 2023 is here, and great deals are live in computer security, software, online courses, system admin services, antivirus,...
Malware dev says they can revive expired Google auth cookies
The Lumma information-stealer malware (aka 'LummaC2') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies,...
Kansas courts confirm data theft, ransom demand after cyberattack
The Kansas Judicial Branch has published an update on a cybersecurity incident it suffered last month, confirming that hackers stole...
Welltok data breach exposes data of 8.5 million US patients
Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in...
Windows Hello auth bypassed on Microsoft, Dell, Lenovo laptops
Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks...
New botnet malware exploits two zero-days to infect NVRs and routers
A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers...
Microsoft: Lazarus hackers breach CyberLink in supply chain attack
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers...
Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities
Security researchers have detected a Russian-language Word document carrying a malicious macro in the ongoing Konni campaign. Despite its September 2023...
Cybersecurity Executive Pleads Guilty to Hacking Hospitals
The chief operating officer (COO) of a US network security firm has pleaded guilty to compromising the IT systems of...
Black Friday: Significant Security Gaps in E-Commerce Web Apps
The personally identifiable information (PII) of millions of online shoppers could be at risk as a result of significant security...
DarkGate and PikaBot Activity Surge in the Wake of QakBot Takedown
Successors to the QakBot malware have emerged despite the disruption to QakBot infrastructure by an international law enforcement operation led...
India Faces Surge in IM App Attacks With Trojan Campaigns
Microsoft has detected a notable increase in mobile banking Trojan campaigns directed at users in India, primarily through instant messaging...
Regulator Issues Privacy Ultimatum to UK’s Top Websites
The UK’s privacy regulator has warned website owners operating in the country that they face enforcement action if they don’t...
Europol Launches OSINT Taskforce to Hunt For Russian War Crimes
Europol has announced a new unit whose job it will be to find and analyze publicly available information indicating Russian...
Microsoft Launches Defender Bug Bounty Program
Microsoft has launched another bug bounty program, this time with the goal of making its Microsoft Defender-branded products and services...
Why Ensuring Supply Chain Security in the Space Sector is Critical
The space sector is facing a growing threat from nation-state cyberattacks, making it critical for organizations to know who has...
Flaw in Apache ActiveMQ Exposes Linux Systems to Kinsing Malware
A critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604, has been exposed, revealing an active exploitation scenario by the notorious...
Employee Policy Violations Cause 26% of Cyber Incidents
A substantial 26% of cyber incidents in businesses over the last two years have been found to be the result...
LockBit Affiliates are Exploiting Citrix Bleed, Government Agencies Warn
Several government agencies and cybersecurity organizations have raised the alarm in response to multiple threat actor groups exploiting Citrix Bleed,...
US-CERT Vulnerability Summary for the Week of November 13, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocheckpoint -- endpoint_securityLocal attacker can escalate privileges on affected installations of Check...
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login
A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15,...
