Windows cryptomining attacks target graphic designer’s high-powered GPUs
Image: Midjourney Cybercriminals are leveraging a legitimate Windows tool called 'Advanced Installer' to infect the computers of graphic designers with...
News
Johnson & Johnson discloses IBM data breach impacting patients
Johnson & Johnson Health Care Systems ("Janssen") has informed its CarePath customers that their sensitive information has been compromised in...
Google: State hackers attack security researchers with new zero-day
Google's Threat Analysis Group (TAG) says North Korean state hackers are again targeting security researchers in attacks using at least...
CISA warns of critical Apache RocketMQ bug exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added to its catalog of known exploited vulnerabilities (KEV) a critical–severity...
Cisco BroadWorks impacted by critical authentication bypass flaw
A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers...
Iranian hackers breach US aviation org via Zoho, Fortinet bugs
Image: Midjourney State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a...
Google Looker Studio abused in cryptocurrency phishing attacks
Cybercriminals are abusing Google Looker Studio to create counterfeit cryptocurrency phishing websites that phish digital asset holders, leading to account...
Apple zero-click iMessage exploit used to infect iPhones with spyware
Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a...
Apple Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of...
High-Severity Vulnerability Discovered in Popular CMS
A high-severity vulnerability has been discovered in PHPFusion, an open-source content management system (CMS) used by over 15 million websites...
Russia-Backed APT28 Tried to Attack a Ukrainian Critical Power Facility
Ukraine’s Computer Emergency Response Team (CERT-UA) issued an alert on September 5, 2023, about a cyber-attack attempted by Russian threat...
MITRE and CISA Release OT Attack Emulation Tool
A new open source tool designed to emulate cyber-attacks against operational technology (OT) has been released by MITRE and the...
Hundreds of Scam Pages Uncovered in Major Investment Fraud Campaign
Researchers are warning of a major global investment fraud campaign that uses social media advertising to lure unwitting victims into...
IBM Reports Patient Data Breach at Johnson & Johnson Subsidiary
Sensitive patient data may have been accessed following a breach of the Janssen CarePath platform, a subsidiary of pharmaceutical giant...
Chinese Hacker Steals Microsoft Signing Key, Spies on US Government
A China-based threat actor gained access to a Microsoft account (MSA) cryptographic key, as early as 2021, and used it...
UK Government Backs Down on Anti-Encryption Stance
The UK government appears to have pulled back on a controversial clause in its forthcoming Online Safety Bill that would...
API Vulnerabilities: 74% of Organizations Report Multiple Breaches
API security company Traceable has unveiled its 2023 State of API Security Report. In collaboration with the Ponemon Institute, the...
Zero-Day Flaw Exposes Atlas VPN User IPs
A Reddit user known as “Educational-Map-8145” has exposed a critical zero-day flaw affecting the Linux client of Atlas VPN, a popular...
UK and US Sanction 11 Russians Tied to Trickbot/Conti Ransomware
The US and the UK have sanctioned 11 individuals accused of being linked with the Trickbot malware and the Conti...
DGA Behavior Shifts Raise Cybersecurity Concerns
Researchers at Akamai have unearthed a concerning shift in the behavior of dynamically seeded Domain Generation Algorithm (DGA) families within...
US-CERT Vulnerability Summary for the Week of August 28, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoearcms -- ear_appAn issue found in Earcms Ear App v.20181124 allows a...
Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware
A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or...
Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge...
Outlook Breach: Microsoft Reveals How a Crash Dump Led to a Major Security Breach
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge...
