Google Chrome emergency update fixes first zero-day of 2023
Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year. "Google...
cybersecurity
Vice Society ransomware uses new PowerShell data theft tool in attacks
The Vice Society ransomware gang is deploying a new, rather sophisticated PowerShell script to automate data theft from compromised networks....
The Week in Ransomware – April 14th 2023 – A Focus on Stolen Data
It has been mostly a quiet week regarding ransomware, with only a few bits of info released on older attacks...
Russia accuses NATO of launching 5,000 cyberattacks since 2022
The Federal Security Service of the Russian Federation (FSB) has accused the United States and other NATO countries of launching...
Legion: New hacktool steals credentials from misconfigured sites
A new Python-based credential harvester and SMTP hijacking tool named ‘Legion’ is being sold on Telegram that targets online email...
Russian hackers linked to widespread attacks targeting NATO and EU
Poland's Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government's...
Dutch Police mails RaidForums members to warn they’re being watched
Dutch Police is sending emails to former RaidForums members, asking them to delete stolen data and stop illegal cyber activities...
Five arrested after 33,000 victims lose $98M to online investment fraud
Europol and Eurojust announced today the arrest of five individuals believed to be part of a massive online investment fraud ring...
Microsoft: Phishing attack targets accountants as Tax Day approaches
Microsoft is warning of a phishing campaign targeting accounting firms and tax preparers with remote access malware allowing initial access...
WhatsApp boosts defense against account takeover via malware
WhatsApp announced today the introduction of several new security features, one of them dubbed "Device Verification" and designed to provide...
Kyocera Android app with 1M installs can be abused to drop malware
A Kyocera Android printing app is vulnerable to improper intent handling, allowing other malicious applications to abuse the flaw to download...
DDoS attacks shifting to VPS infrastructure for increased power
Hyper-volumetric DDoS (distributed denial of service) attacks in the first quarter of 2023 have shifted from relying on compromised IoT...
Windows admins warned to patch critical MSMQ QueueJumper bug
Security researchers and experts warn of a critical vulnerability in the Windows Message Queuing (MSMQ) middleware service patched by Microsoft...
Hyundai data breach exposes owner details in France and Italy
Hyundai has disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning...
Microsoft shares guidance to detect BlackLotus UEFI bootkit attacks
Microsoft has shared guidance to help organizations check if hackers targeted or compromised machines with the BlackLotus UEFI bootkit by...
Cybercriminals charge $5K to add Android malware to Google Play
Malware developers have created a thriving market promising to add malicious Android apps to Google Play for $2,000 to $20,000,...
3CX confirms North Korean hackers behind supply chain attack
VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month's supply chain attack. "Based...
Kodi discloses data breach after forum database for sale online
The Kodi Foundation has disclosed a data breach after hackers stole the organization's MyBB forum database containing user data and...
SAP releases security updates for two critical-severity flaws
Enterprise software vendor SAP has released its April 2023 security updates for several of its products, which includes fixes for...
OpenAI launches bug bounty program with rewards up to $20K
AI research company OpenAI announced today the launch of a new bug bounty program to allow registered security researchers to...
Hacked sites caught spreading malware via fake Chrome updates
Hackers are compromising websites to inject scripts that display fake Google Chrome automatic update errors that distribute malware to unaware...
Windows zero-day vulnerability exploited in ransomware attacks
Microsoft has patched a zero-day vulnerability in the Windows Common Log File System (CLFS), actively exploited by cybercriminals to escalate...
iPhones hacked via invisible calendar invites to drop QuaDream spyware
Microsoft and Citizen Lab discovered commercial spyware made by an Israel-based company QuaDream used to compromise the iPhones of high-risk...
CISA orders govt agencies to update iPhones, Macs by May 1st
The Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch two security vulnerabilities actively exploited in the wild...
