Restaurant reservation platform OpenTable says that all reviews on the platform will no longer be fully anonymous starting May 22nd and will now show members' profile pictures and first names. [...] | Continue reading
A recent cyberattack on Hoya Corporation was conducted by the 'Hunters International' ransomware operation, which demanded a $10 million ransom for a file decryptor and not to release files stolen during the attack. [...] | Continue reading
CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. [...] | Continue reading
Apple has been notifying iPhone users in 92 countries about a "mercenary spyware attack" attempting to remotely compromise their device. [...] | Continue reading
Employee offboarding isn't anybody's favorite task—but it's a critical IT process that needs to be executed diligently and efficiently. Learn more from Nudge Security on automating offboarding of users in a secure manner. [...] | Continue reading
DuckDuckGo has launched a new paid-for 3-in-1 subscription service called 'Privacy Pro,' which includes a virtual private network (VPN), a personal data removal service, and an identity theft restoration solution. [...] | Continue reading
AT&T is sending data breach notifications to 51 million former and current customers, warning them that their personal data was exposed in a hacking forum. However, the company has still not disclosed how the data was obtained. [...] | Continue reading
Password reuse might seem like a small problem — but it can have far-reaching consequences for an organization's cybersecurity. Learn more from Specops Software about what IT teams can do to combat the problem. [...] | Continue reading
Threat actors are abusing GitHub automation features and malicious Visual Studio projects to push a new variant of the "Keyzetsu" clipboard-hijacking malware and steal cryptocurrency payments. [...] | Continue reading
Microsoft has released the KB5036892 cumulative update for Windows 10 21H2 and Windows 10 22H2 with twenty-three changes and two new features. [...] | Continue reading
A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain. [...] | Continue reading
Maintaining visibility into container hosts, ensuring best practices, and conducting vulnerability assessments are necessary to ensure effective security. In this article Wazuh explores how its software can help implement best security practices for containerized environments. [. … | Continue reading
Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. [...] | Continue reading
Researchers have discovered two techniques that could enable attackers to bypass audit logs or generate less severe entries when downloading files from SharePoint. [...] | Continue reading
Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds. [...] | Continue reading
The Notepad++ project is seeking the public's help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project. There is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam s … | Continue reading
Windows 11 24H2 is set to arrive on existing devices this fall with several new features, mostly Copilot-related improvements. [...] | Continue reading
Microsoft is now using a Windows driver to prevent users from changing the Windows 10 and Windows 11 default browser manually or through software. [...] | Continue reading
Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) flaw the vendor addressed earlier this week. [...] | Continue reading
Microsoft has fixed a known issue causing 0x80073cf2 errors when using the System Preparation (Sysprep) tool after installing November Windows 10 updates. [...] | Continue reading
A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023. [...] | Continue reading
Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers. [...] | Continue reading
Cancer treatment and research center City of Hope is warning that a data breach exposed the sensitive information of over 820,000 patients. [...] | Continue reading
Recent high-profile malware attacks teach us lessons on limiting malware risks at organizations. Learn more from Blink Ops about what these attacks taught us. [...] | Continue reading
Data breach alerting service Have I Been Pwned (HIBP) warns that SurveyLama suffered a data breach in February 2024, which exposed the sensitive data of 4.4 million users. [...] | Continue reading
Omni Hotels & Resorts has confirmed a cyberattack caused a nationwide IT outage that is still affecting its locations. [...] | Continue reading
Jackson County, Missouri, is in a state of emergency after a ransomware attack took down some county services on Tuesday. [...] | Continue reading
The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor. [...] | Continue reading
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin. [...] | Continue reading
Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month. [...] | Continue reading
AT&T is facing multiple class-action lawsuits following the company's admission to a massive data breach that exposed the sensitive data of 73 million current and former customers. [...] | Continue reading
Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them. [...] | Continue reading
Microsoft Copilot is a powerful asset for companies, but with it comes an increased risk of data exposure. In this article, Varonis demonstrates prompt-hacking examples that can expose sensitive data. [...] | Continue reading
Microsoft has confirmed that some Outlook.com users are experiencing issues with emails being blocked and marked as spam when trying to email Gmail accounts. [...] | Continue reading
The Chinese 'Winnti' hacking group was found using a previously undocumented malware called UNAPIMON to let malicous processes run without being detected. [...] | Continue reading
Google announced a new Chrome security feature that ties cookies to a specific device, blocking hackers from stealing and using them to hijack users' accounts. [...] | Continue reading
Google has agreed to delete billions of data records collected from 136 million Chrome users in the United States, as part of a lawsuit settlement regarding alleged undisclosed browser data collection while in Incognito mode. [...] | Continue reading
Russia's Prosecutor General's Office has announced the indictment of six suspected "hacking group" members for using malware to steal credit card and payment information from foreign online stores. [...] | Continue reading
Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. [...] | Continue reading
The Indian government says it rescued and repatriated 250 citizens who sought jobs in Cambodia, only to be forced into conducting cybercrime once they arrived. [...] | Continue reading
Google has started automatically blocking emails sent by bulk senders who don't meet stricter spam thresholds and authenticate their messages as required by new guidelines to strengthen defenses against spam and phishing attacks. [...] | Continue reading
The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server. [...] | Continue reading
MarineMax, self-described as one of the world's largest recreational boat and yacht retailers, says attackers stole employee and customer data after breaching its systems in a March cyberattack. [...] | Continue reading
Impersonation scams in the U.S. exceeded $1.1 billion in losses last year, according to statistics collected by the Federal Trade Commission (FTC), a figure that is three times higher than in 2020. [...] | Continue reading
Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems. [...] | Continue reading
Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022. [...] | Continue reading
Generative AI services like Midjourney and OpenAI's DALL-E can deliver the unimaginable when it comes to stunning artifacts produced from simple text prompts. Sketching complex art imagery may be AI's specialty, yet some of the simplest tasks are evidently what AI struggles with … | Continue reading
AT&T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them. [...] | Continue reading