JumpCloud breach traced back to North Korean state hackers
US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne, CrowdStrike,...
News
Estee Lauder Breached by Two Ransomware Groups
Estee Lauder has become the latest big name to suffer an apparently serious ransomware breach, after two groups claimed to...
Half of AI Open Source Projects Reference Buggy Packages
Open source is playing a growing role across the AI technology stack, but most (52%) projects reference known vulnerable dependencies...
CNI Firms: Climate Tech is Increasing Cyber Risk
Over eight in 10 (83%) of the UK’s critical national infrastructure (CNI) firms believe new technologies designed to enhance sustainability...
Old Roblox Data Leak Resurfaces, 4000 Users’ Personal Information Exposed
A data breach affecting the online game platform Roblox has exposed sensitive information from thousands of users.Troy Hunt, founder of...
Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems
Distributed Denial of Service (DDoS) botnets have been used to actively exploit a critical vulnerability found in Zyxel firewall models.The...
New Study Highlights Critical Infrastructure’s Resilience
Security behavior change firm Hoxhunt has published its latest research highlighting employees' resilience in critical infrastructure, showing a higher engagement level...
Microsoft Strengthens Cloud Logging Against Nation-State Threats
Microsoft has announced intentions to enhance cloud logging and improve security visibility for its customers in response to the growing...
US-CERT Vulnerability Summary for the Week of July 10, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoelra -- parkmatikImproper Neutralization of Special Elements used in an SQL Command...
FBI: Tech support scams now use shipping companies to collect cash
FBI warns of a surge in tech support scams targeting the elderly across the United States and urging victims to...
US govt bans European spyware vendors Intellexa and Cytrox
The U.S. government has banned European commercial spyware manufacturers Intellexa and Cytrox, citing risks to U.S. national security and foreign...
Ukraine takes down massive bot farm, seizes 150,000 SIM cards
The Cyber Police Department of the National Police of Ukraine dismantled another massive bot farm linked to more than 100...
OpenAI credentials stolen by the thousands for sale on the dark web
Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for...
Adobe emergency patch fixes new ColdFusion zero-day used in attacks
Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in...
Microsoft: Hackers turn Exchange servers into malware control centers
Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry...
Estée Lauder beauty giant breached by two ransomware gangs
Two ransomware actors, ALPHV/BlackCat and Clop, have listed beauty company Estée Lauder on their data leak sites as a victim...
Adobe ColdFusion Multiple Vulnerabilities
Multiple vulnerabilities were identified in Adobe ColdFusion. A remote attacker could exploit some of these vulnerabilities to trigger remote code...
Adobe ColdFusion Multiple Vulnerabilities
Multiple vulnerabilities were identified in Adobe ColdFusion. A remote attacker could exploit some of these vulnerabilities to trigger remote code...
NCA: Nation States Using Cybercrime Groups as Proxies
The new chief of the UK’s National Crime Agency (NCA) has warned that hostile states are increasingly teaming up with...
Norwegian Giant Tomra Suffers “Extensive” Attack
Norwegian recycling and mining multinational Tomra has revealed that an “extensive” cyber-attack has directly affected some of its “data systems.”The...
Industry Experts Urge CISA to Update Secure by Design Guidance
A group of industry experts have published a letter to the US Cybersecurity and Infrastructure Security Agency (CISA) in response...
Scam Job Offers Target Uni Students
University students have been warned to be on their guard after researchers discovered a new scam campaign based around fake...
Biden-Harris Administration Unveils Smart Device Cyber Program
In a move to bolster cybersecurity protections for American consumers, the Biden-Harris Administration announced on July 18, 2023 it was...
Chinese APT41 Linked to WyrmSpy and DragonEgg Surveillanceware
The Chinese espionage group APT41 (AKA Double Dragon, BARIUM and Winnti) has been linked to the sophisticated Android surveillanceware known...