API Security Trends 2023 – Have Organizations Improved their Security Posture?
APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data...
News
US-CERT Vulnerability Summary for the Week of September 25, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaccusoft -- imagegearAn out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of...
Motel One discloses data breach following ransomware attack
The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer...
Arm warns of Mali GPU flaws likely exploited in targeted attacks
Arm in a security advisory today is warning of an actively exploited vulnerability affecting the widely-used Mali GPU drivers. The...
FBI warns of surge in ‘phantom hacker’ scams impacting elderly
The FBI issued a public service announcement warning of a significant increase in 'phantom hacker' scams targeting senior citizens across...
Microsoft Defender no longer flags Tor Browser as malware
Recent versions of the TorBrowser, specifically because of the updated tor.exe file it contained, were being incorrectly flagged as potential...
Exim patches three of six zero-day bugs disclosed last week
Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro's Zero Day Initiative (ZDI),...
Ransomware gangs now exploiting critical TeamCity RCE flaw
Ransomware gangs are now targeting a recently patched critical vulnerability in JetBrains' TeamCity continuous integration and deployment server. The flaw...
Exploit available for critical WS_FTP bug exploited in attacks
Over the weekend, security researchers released a proof-of-concept (PoC) exploit for a maximum severity remote code execution vulnerability in Progress...
New BunnyLoader threat emerges as a feature-rich malware-as-a-service
Security researchers discovered a new malware-as-a-service (MaaS) named 'BunnyLoader' advertised on multiple hacker forums as a fileless loader that can...
Microsoft Edge Multiple Vulnerabilities
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of...
Exim Multiple Vulnerabilities
Multiple vulnerabilities were identified in Exim. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution...
Mozilla Products Remote Code Execution Vulnerability
A vulnerability was identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to denial of service...
Cybersecurity Awareness Month Celebrates 20 Years
Cybersecurity Awareness Month was founded in 2004 and this year sees the initiative celebrate 20 years of raising awareness of...
Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers
Data theft is a primary concern for IT decision makers, ahead of ransomware attacks, according to a survey conducted by...
Cigna Agrees $172m Payment to Settle Fraud Allegations
A leading health insurer has agreed to pay over $172m to resolve charges it seriously violated the False Claims Act...
Royal Family Website Downed by DDoS Attack
The official website of the UK’s royal family was taken offline by a distributed denial of service (DDoS) attack on...
AI-Generated Phishing Emails Almost Impossible to Detect, Report Finds
The potential for cybercriminals to use AI chatbots to create phishing campaigns has been cause for concern and now it...
FBI Warns of Dual Ransomware Attacks and Data Destruction Trends
The US Federal Bureau of Investigation (FBI) has issued a Private Industry Notification highlighting two concerning trends in the world...
BunnyLoader Malware Targets Browsers and Cryptocurrency
Zscaler ThreatLabz has identified a newly emerging Malware-as-a-Service (MaaS) threat known as "BunnyLoader," available on underground forums. The tool, priced...
Nearly 100,000 Industrial Control Systems Exposed to the Internet
Thousands of organizations around the world are using industrial control systems (ICS) exposed to the public internet, new analysis from...
US-CERT Vulnerability Summary for the Week of September 25, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaccusoft -- imagegearAn out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of...
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang
The LostTrust ransomware operation is believed to be a rebrand of MetaEncryptor, utilizing almost identical data leak sites and encryptors....
Amazon sends Mastercard, Google Play gift card order emails by mistake
10/1/23 update adds Amazon statement below. Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift...
