Trojanized Tor browsers target Russians with crypto-stealing malware
A surge of trojanized Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users' cryptocurrency...
cybersecurity
Crown Resorts confirms ransom demand after GoAnywhere breach
Crown Resorts, Australia's largest gambling and entertainment company, has confirmed that it suffered a data breach after its GoAnywhere secure...
Newly exposed APT43 hacking group targeting US orgs since 2018
A new North Korean hacking group has been revealed to be targeting government organizations, academics, and think tanks in the...
The End-User Password Mistakes Putting Your Organization at Risk
Businesses rely on their end-users, but those same users often don't follow the best security practices. Without the right password...
WiFi protocol flaw allows attackers to hijack network traffic
Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to...
Twitter takes down source code leaked online, hunts for downloaders
Twitter has taken down internal source code for its platform and tools that was leaked on GitHub for months. Now it's...
Exchange Online to block emails from vulnerable on-prem servers
Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent...
New MacStealer macOS malware steals passwords from iCloud Keychain
A new info-stealing malware named MacStealer is targeting Mac users, stealing their credentials stored in the iCloud KeyChain and web browsers,...
New IcedID variants shift from bank fraud to malware delivery
New IcedID variants have been found without the usual online banking fraud functionality and instead focus on installing further malware...
Hackers earn $1,035,000 for 27 zero-days exploited at Pwn2Own Vancouver
Pwn2Own Vancouver 2023 has ended with contestants earning $1,035,000 and a Tesla Model 3 car for 27 zero-day (and several...
FBI: Business email compromise tactics used to defraud U.S. vendors
The Federal Bureau of Investigation is warning companies in the U.S. of threat actors using tactics similar to business email...
Emotet malware distributed as fake W-9 tax forms from the IRS
A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue...
New Dark Power ransomware claims 10 victims in its first month
A new ransomware operation named 'Dark Power' has appeared, and it has already listed its first victims on a dark...
Inaudible ultrasound attack can stealthily control your phone, smart speaker
American university researchers have developed a novel attack called "Near-Ultrasound Inaudible Trojan" (NUIT) that can launch silent attacks against devices...
Russia’s Rostec allegedly can de-anonymize Telegram users
Russia's Rostec has reportedly bought a platform that allows it to uncover the identities of anonymous Telegram users, likely to...
GitHub.com rotates its exposed private SSH key
GitHub has rotated its private SSH key for GitHub.com after the secret was was accidentally published in a public GitHub repository. The software...
UK creates fake DDoS-for-hire sites to identify cybercriminals
The U.K.'s National Crime Agency (NCA) revealed today that they created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize...
OpenAI: ChatGPT payment data leak caused by open-source bug
OpenAI says a Redis client open-source library bug was behind Monday's ChatGPT outage and data leak, where users saw other...
‘Bitter’ espionage hackers target Chinese nuclear energy orgs
A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails...
Procter & Gamble confirms data theft via GoAnywhere zero-day
Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere...
Australian police arrest four BEC actors who stole $1.7 million
The Australian Federal Police (AFP) has arrested four members of a cybercriminal syndicate that has laundered $1.7 million stolen from...
Windows, Ubuntu, and VMWare Workstation hacked on last day of Pwn2Own
On the third day of the Pwn2Own hacking contest, security researchers were awarded $185,000 after demonstrating 5 zero-day exploits targeting...
The Week in Ransomware – March 24th 2023 – Clop overload
This week's news has been dominated by the Clop ransomware gang extorting companies whose GoAnywhere services were breached using a...
Microsoft shares tips on detecting Outlook zero-day exploitation
Microsoft today published a detailed guide aiming to help customers discover signs of compromise via exploitation of a recently patched...
