US and UK sanction 11 TrickBot and Conti cybercrime gang members
The USA and the United Kingdom have sanctioned eleven Russian nationals associated with the TrickBot and Conti ransomware cybercrime operations. The...
News
Microsoft: North Korean hackers target Russian govt, defense orgs
Microsoft says North Korean hacking groups have breached multiple Russian government and defense targets since the start of the year....
Windows cryptomining attacks target graphic designer’s high-powered GPUs
Image: Midjourney Cybercriminals are leveraging a legitimate Windows tool called 'Advanced Installer' to infect the computers of graphic designers with...
Johnson & Johnson discloses IBM data breach impacting patients
Johnson & Johnson Health Care Systems ("Janssen") has informed its CarePath customers that their sensitive information has been compromised in...
Google: State hackers attack security researchers with new zero-day
Google's Threat Analysis Group (TAG) says North Korean state hackers are again targeting security researchers in attacks using at least...
Cisco BroadWorks impacted by critical authentication bypass flaw
A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers...
Iranian hackers breach US aviation org via Zoho, Fortinet bugs
Image: Midjourney State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a...
Google Looker Studio abused in cryptocurrency phishing attacks
Cybercriminals are abusing Google Looker Studio to create counterfeit cryptocurrency phishing websites that phish digital asset holders, leading to account...
Apple zero-click iMessage exploit used to infect iPhones with spyware
Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a...
CISA warns of critical Apache RocketMQ bug exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added to its catalog of known exploited vulnerabilities (KEV) a critical–severity...
Apple Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of...
High-Severity Vulnerability Discovered in Popular CMS
A high-severity vulnerability has been discovered in PHPFusion, an open-source content management system (CMS) used by over 15 million websites...
Russia-Backed APT28 Tried to Attack a Ukrainian Critical Power Facility
Ukraine’s Computer Emergency Response Team (CERT-UA) issued an alert on September 5, 2023, about a cyber-attack attempted by Russian threat...
MITRE and CISA Release OT Attack Emulation Tool
A new open source tool designed to emulate cyber-attacks against operational technology (OT) has been released by MITRE and the...
IBM Reports Patient Data Breach at Johnson & Johnson Subsidiary
Sensitive patient data may have been accessed following a breach of the Janssen CarePath platform, a subsidiary of pharmaceutical giant...
Chinese Hacker Steals Microsoft Signing Key, Spies on US Government
A China-based threat actor gained access to a Microsoft account (MSA) cryptographic key, as early as 2021, and used it...
UK Government Backs Down on Anti-Encryption Stance
The UK government appears to have pulled back on a controversial clause in its forthcoming Online Safety Bill that would...
Hundreds of Scam Pages Uncovered in Major Investment Fraud Campaign
Researchers are warning of a major global investment fraud campaign that uses social media advertising to lure unwitting victims into...
API Vulnerabilities: 74% of Organizations Report Multiple Breaches
API security company Traceable has unveiled its 2023 State of API Security Report. In collaboration with the Ponemon Institute, the...
Zero-Day Flaw Exposes Atlas VPN User IPs
A Reddit user known as “Educational-Map-8145” has exposed a critical zero-day flaw affecting the Linux client of Atlas VPN, a popular...
UK and US Sanction 11 Russians Tied to Trickbot/Conti Ransomware
The US and the UK have sanctioned 11 individuals accused of being linked with the Trickbot malware and the Conti...
DGA Behavior Shifts Raise Cybersecurity Concerns
Researchers at Akamai have unearthed a concerning shift in the behavior of dynamically seeded Domain Generation Algorithm (DGA) families within...
US-CERT Vulnerability Summary for the Week of August 28, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoearcms -- ear_appAn issue found in Earcms Ear App v.20181124 allows a...
Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware
A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or...