How to boost Security with Self-Service Password Resets
What happens when an employee at your organization forgets their password? If your workplace is like many, a forgotten password...
cybersecurity
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise...
Tor Project removes relays because of for-profit, risky activity
The Tor Project has explained its recent decision to remove multiple network relays that represented a threat to the safety and...
Cybersecurity firm executive pleads guilty to hacking hospitals
The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett...
Canadian government discloses data breach after contractor hacks
The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed number of...
Gamaredon’s LittleDrifter USB malware spreads beyond Ukraine
A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as...
VX-Underground malware collective framed by Phobos ransomware
A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor....
Researchers extract RSA keys from SSH server signing errors
A team of academic researchers from universities in California and Massachusetts demonstrated that it’s possible under certain conditions for passive network...
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in...
Exploit for CrushFTP RCE chain released, patch now
A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated...
FCC adopts new rules to protect consumers from SIM-swapping attacks
The Federal Communications Commission (FCC) has revealed new rules to shield consumers from criminals who hijack their phone numbers in...
British Library: Ongoing outage caused by ransomware attack
The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several...
Bloomberg Crypto X account snafu leads to Discord phishing attack
Image: Bloomberg Crypto The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive...
Google: Hackers exploited Zimbra zero-day in attacks on govt orgs
Google's Threat Analysis Group (TAG) has discovered that threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive...
Yamaha Motor confirms ransomware attack on Philippines subsidiary
Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak...
CISA warns of actively exploited Windows, Sophos, and Oracle bugs
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues...
The Week in Ransomware – November 17th 2023 – Citrix in the Crosshairs
Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt...
Black Friday: Scammers Exploit Luxury Brands to Lure Victims
involving the spoofing of luxury brands, including Louis Vuitton, Rolex, and Ray-Ban.The hackers craft enticing emails promising heavy discounts on...
New Samsung data breach impacts UK store customers
Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized...
How DDoS attacks are taking down even the largest tech companies
Distributed Denial of Service (DDoS) attacks certainly come to mind when considering cyberattacks that can cause widespread outages and service...
Toyota confirms breach after Medusa ransomware threatens to leak data
Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa...
Fortinet warns of critical command injection bug in FortiSIEM
Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by...
Long Beach, California turns off IT systems after cyberattack
The Californian City of Long Beach is warning that they suffered a cyberattack on Tuesday that has led them to...
MySQL servers targeted by ‘Ddostf’ DDoS-as-a-Service botnet
MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is...
