ToddyCat hackers use ‘disposable’ malware to target Asian telecoms
A newly discovered campaign dubbed "Stayin' Alive" has been targeting government organizations and telecommunication service providers across Asia since 2021,...
News
Shadow PC warns of data breach as hacker tries to sell gamers’ info
Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that exposed customers' private...
Hyped up curl vulnerability falls short of expectations
curl 8.4.0 has been released to patch and release details on a hyped up high-severity security vulnerability (CVE-2023-38545), easing week-long...
Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT
Malicious NuGet packages appearing to have over 2 million downloads impersonate crypto wallets, crypto exchange, and Discord libraries to infect developers...
New Microsoft bug bounty program focuses on AI-powered Bing
Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000. With the AI-powered...
Apple fixes iOS Kernel zero-day vulnerability on older iPhones
Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities...
FBI shares AvosLocker ransomware technical details, defense tips
The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along...
Ransomware attacks now target unpatched WS_FTP servers
Internet-exposed WS_FTP servers unpatched against a maximum severity vulnerability are now targeted in ransomware attacks. As recently observed by Sophos...
US-CERT Vulnerability Summary for the Week of October 2, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacronis -- agentLocal privilege escalation due to improper soft link handling. The...
Ransomware review: October 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on...
Simpson Manufacturing shuts down IT systems after cyberattack
Simpson Manufacturing disclosed via a SEC 8-K filing a cybersecurity incident that has caused disruptions in its operations, which are...
LinkedIn Smart Links attacks return to target Microsoft accounts
Hackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts...
Generative AI Security: Preventing Microsoft Copilot Data Exposure
This article is written by Rob Sobers, Varonis. Microsoft Copilot has been called one of the most powerful productivity tools...
New WordPress backdoor creates rogue admin to hijack websites
A new malware has been posing as a legitimate caching plugin to target WordPress sites, allowing threat actors to create...
Microsoft: State hackers exploiting Confluence zero-day since September
Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation...
Microsoft Defender now auto-isolates compromised accounts
Microsoft Defender for Endpoint now uses automatic attack disruption to isolate compromised user accounts and block lateral movement in hands-on-keyboard...
BianLian extortion group claims recent Air Canada breach
The BianLian extortion group claims to have stolen 210GB of data after breaching the network of Air Canada, the country's...
Half of CISOs Now Report to CEO as Influence Grows
Nearly half (47%) of global CISOs now report to their CEO, and the vast majority (78%) are backed by a...
Flagstar Bank MOVEit Breach Affects 800K Customer Records
Flagstar Bank, a prominent Michigan-based financial services provider, has warned 837,390 of its US customers about a data breach that...
New Threat Actor “Grayling” Blamed For Espionage Campaign
Security researchers have shared evidence of a new APT group that targeted mainly Taiwanese organizations in a cyber-espionage campaign lasting...
October Patch Tuesday Addresses Three Zero-Days
Microsoft has fixed three zero-day vulnerabilities in its latest security update round this month, all of which are being actively...
Tech Giants Reveal Record-Breaking “Rapid Reset” DDoS Bug
Threat actors have been exploiting a zero-day vulnerability in the HTTP/2 protocol since August to launch the largest DDoS attacks...
IZ1H9 Botnet Targets IoT Devices With New Exploits
FortiGuard Labs, the research arm of security firm Fortinet, has uncovered a significant evolution in the IZ1H9 Mirai-based DDoS campaign. Discovered...
Air Europa Asks Customers to Cancel Cards After Breach
A leading Spanish airline has told some of its customers to cancel their payment cards after revealing their details were...
