Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands
A U.S. national has pleaded guilty in a Missouri court to operating a darknet carding site and selling financial information...
News
Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks
Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could...
Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions
Apple has announced that it prevented over $2 billion in potentially fraudulent transactions and rejected roughly 1.7 million app submissions...
Cisco warns of critical switch bugs with public exploit code
Cisco warned customers today of four critical remote code execution vulnerabilities with public exploit code affecting multiple Small Business Series...
FBI confirms BianLian ransomware switch to extortion only attacks
A joint Cybersecurity Advisory from government agencies in the U.S. and Australia, and published by the Cybersecurity and Infrastructure Security...
ScanSource says ransomware attack behind multi-day outages
Technology provider ScanSource has announced it has fallen victim to a ransomware attack impacting some of its systems, business operations, and...
Malicious Microsoft VSCode extensions steal passwords, open remote shells
Cybercriminals are starting to target Microsoft's VSCode Marketplace, uploading three malicious Visual Studio extensions that Windows developers downloaded 46,600 times....
MalasLocker ransomware targets Zimbra servers, demands charity donation
Image: Bing Create A new ransomware operation is hacking Zimbra servers to steal emails and encrypt files. However, instead of...
US-CERT Vulnerability Summary for the Week of May 8, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
OilAlpha: Emerging Houthi-linked Cyber Threat Targets Arabian Android Users
A hacking group dubbed OilAlpha with suspected ties to Yemen's Houthi movement has been linked to a cyber espionage campaign...
Identifying a Patch Management Solution: Overview of Key Criteria
Software is rarely a one-and-done proposition. In fact, any application available today will likely need to be updated – or...
Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs
The second generation version of Belkin's Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that...
State-Sponsored Sidewinder Hacker Group’s Covert Attack Infrastructure Uncovered
Cybersecurity researchers have unearthed previously undocumented attack infrastructure used by the prolific state-sponsored group SideWinder to strike entities located in...
Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover
A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines (VMs) to install third-party...
U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator
A Russian national has been charged and indicted by the U.S. Department of Justice (DoJ) for launching ransomware attacks against...
Parental control app with 5 million downloads vulnerable to attacks
Image: Gaelle Marcel Kiddowares 'Parental Control – Kids Place' app for Android is impacted by multiple vulnerabilities that could enable attackers...
Open-source Cobalt Strike port ‘Geacon’ used in macOS attacks
Geacon, a Go-based implementation of the beacon from the widely abused penetration testing suite Cobalt Strike, is being used more and more...
Hackers use Azure Serial Console for stealthy access to VMs
A financially motivated cybergang tracked by Mandiant as 'UNC3944' is using phishing and SIM swapping attacks to hijack Microsoft Azure...
New ZIP domains spark debate among cybersecurity experts
Cybersecurity researchers and IT admins have raised concerns over Google's new ZIP and MOV Internet domains, warning that threat actors...
Ransomware Prevention – Are Meeting Password Security Requirements Enough
As ransomware attacks continue to wreak havoc on organizations worldwide, many official standards and regulations have been established to address...
Russian ransomware affiliate charged with attacks on critical infrastructure
The U.S. Justice Department has filed charges against a Russian citizen named Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x,...
Hackers infect TP-Link router firmware to attack EU entities
A Chinese state-sponsored hacking group named "Camaro Dragon" infects residential TP-Link routers with a custom "Horse Shell" malware used to...
US-CERT Vulnerability Summary for the Week of May 8, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
China’s Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks
The Chinese nation-state actor known as Mustang Panda has been linked to a new set of sophisticated and targeted attacks...
