Fake VMware vConnector package on PyPI targets IT pros
A malicious package that mimics the VMware vSphere connector module ‘vConnector’ was uploaded on the Python Package Index (PyPI) under...
cybersecurity
New PaperCut critical bug exposes unpatched servers to RCE attacks
PaperCut recently fixed a critical security vulnerability in its NG/MF print management software that allows unauthenticated attackers to gain remote...
Extended warranty robocallers fined $300 million after 5 billion scam calls
The Federal Communications Commission (FCC) has announced a record-breaking $299,997,000 fine imposed on an international network of companies for placing...
The Week in Ransomware – August 4th 2023 – Targeting VMware ESXi
Ransomware gangs continue to prioritize targeting VMware ESXi servers, with almost every active ransomware gang creating custom Linux encryptors for...
FBI warns of scammers posing as NFT devs to steal your crypto
The FBI warned today of fraudsters posing as Non-Fungible Token (NFT) developers to prey upon NFT enthusiasts and steal their...
Google explains how Android malware slips onto Google Play Store
The Google Cloud security team acknowledged a common tactic known as versioning used by malicious actors to slip malware on...
Chrome malware Rilide targets enterprise users via PowerPoint guides
The malicious Rilide Stealer Chrome browser extension has returned in new campaigns targeting crypto users and enterprise employees to steal...
FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022
In collaboration with CISA, the NSA, and the FBI, Five Eyes cybersecurity authorities have issued today a list of the...
US govt contractor Serco discloses data breach after MoveIT attacks
Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers stole the...
New Microsoft Azure AD CTS feature can be abused for lateral movement
Microsoft's new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface...
Hacktivists fund their operations using common cybercrime tactics
Hacktivist groups that operate for political or ideological motives employ a broad range of funding methods to support their operations....
Brave Search adds private image and video search capability
The privacy-focused search engine Brave Search has finally introduced its own, independent image and video search capabilities, breaking free from...
Hackers can abuse Microsoft Office executables to download malware
The list of LOLBAS files - legitimate binaries and scripts present in Windows that can be abused for malicious purposes,...
Hackers exploited Salesforce zero-day in Facebook phishing attack
Hackers exploited a zero-day vulnerability in Salesforce's email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable...
Amazon’s AWS SSM agent can be used as post-exploitation RAT malware
Researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows hackers to use the platform's System...
Why Every Security Practitioner Should Attend mWISE
What’s in store for mWISE 2023? 80+ curated sessions. 90+ hand-picked speakers. 7 session tracks. All the hottest topics in...
Over 640 Citrix servers backdoored with web shells in ongoing attacks
Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting...
New Collide+Power side-channel attack impacts almost all CPUs
A new software-based power side-channel attack called 'Collide+Power' was discovered, impacting almost all CPUs and potentially allowing data to leak....
Fake FlipperZero sites promise free devices after completing offer
A site impersonating Flipper Devices promises a free Flipper Zero after completing an offer but only leads to shady browser...
Ivanti discloses new critical auth bypass bug in MobileIron Core
IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software. Tracked...
Russian hackers target govt orgs in Microsoft Teams phishing attacks
Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service (SVR) targeted dozens of organizations...
How to manage a mass password reset due to a ransomware attack
Interrupted classes, disrupted planning, and postponed events – IT outages have a big impact on modern university life. But as...
Hackers use new malware to breach air-gapped devices in Eastern Europe
Chinese state-sponsored hackers have been targeting industrial organizations with new malware that can steal data from air-gapped systems. Air-gapped systems...
CISA issues new warning on actively exploited Ivanti MobileIron bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of state hackers exploiting two flaws in Ivanti's Endpoint Manager...
