Nearly 100,000 Industrial Control Systems Exposed to the Internet
Thousands of organizations around the world are using industrial control systems (ICS) exposed to the public internet, new analysis from...
cybersecurity
Amazon sends Mastercard, Google Play gift card order emails by mistake
10/1/23 update adds Amazon statement below. Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift...
New Marvin attack revives 25-year-old decryption flaw in RSA
A flaw related to the PKCS #1 v1.5 padding in SSL servers discovered in 1998 and believed to have been...
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang
The LostTrust ransomware operation is believed to be a rebrand of MetaEncryptor, utilizing almost identical data leak sites and encryptors....
Cloudflare DDoS protections ironically bypassed using Cloudflare
Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security...
Lazarus hackers breach aerospace firm with new LightlessCan malware
The North Korean 'Lazarus' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to...
ShinyHunters member pleads guilty to $6 million in data theft damages
Sebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit...
Discord is investigating cause of ‘You have been blocked’ errors
Many Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a...
The Week in Ransomware – September 29th 2023 – Dark Angels
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout...
Millions of Exim mail servers exposed to zero-day RCE attacks
A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code...
Exploit released for Microsoft SharePoint Server auth bypass flaw
Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. Tracked...
Cisco Catalyst SD-WAN Manager flaw allows remote server access
Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to...
Budworm hackers target telcos and govt orgs with custom malware
A Chinese cyber-espionage hacking group tracked as Budworm has been observed targeting a telecommunication firm in the Middle East and...
Security researcher stopped at US border for investigating crypto scam
Security researcher Sam Curry describes a stressful situation he encountered upon his return to the U.S. when border officials and...
Progress warns of maximum severity WS_FTP Server vulnerability
Progress Software, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to...
Cisco urges admins to fix IOS software zero-day exploited in attacks
Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the...
Bing Chat responses infiltrated by ads pushing malware
Malicious advertisements are now being injected into Microsoft's AI-powered Bing Chat responses, promoting fake download sites that distribute malware. Bing...
Microsoft breach led to theft of 60,000 US State Dept emails
Chinese hackers stole tens of thousands of emails from U.S. State Department accounts after breaching Microsoft's cloud-based Exchange email platform...
FBI: Dual ransomware attack victims now get hit within 48 hours
The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims' networks to encrypt...
Booking.com Customers Targeted in Major Phishing Campaign
Booking.com users have become the focus of a new, large-scale phishing campaign. Discovered by Perception Point and discussed in an...
GitHub repos bombarded by info-stealing commits masked as Dependabot
Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from...
Modern GPUs vulnerable to new GPU.zip side-channel attack
Researchers from four American universities have developed a new GPU side-channel attack that leverages data compression to leak sensitive visual...
Fake Bitwarden sites push new ZenRAT password-stealing malware
Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security...
Building automation giant Johnson Controls hit by ransomware attack
Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices,...
