OpenAI has removed accounts used by state-sponsored threat groups from Iran, North Korea, China, and Russia, that were abusing its artificial intelligence chatbot, ChatGPT. [...] | Continue reading
Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched. [...] | Continue reading
In this article, Outpost24 explains three key limitations of automated vulnerability scanners, emphasizing the significance of manual pen testing in enhancing security. [...] | Continue reading
Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data. [...] | Continue reading
The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December. [...] | Continue reading
A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. [...] | Continue reading
Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. [...] | Continue reading
The LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "confidential" documents if a ransom is not paid. [...] | Continue reading
The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network. [...] | Continue reading
Microsoft updated a security advisory today to warn that a critical Outlook bug was exploited in attacks as a zero-day before being fixed during this month's Patch Tuesday. [...] | Continue reading
Microsoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update (aka CU14). [...] | Continue reading
Battery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants. [...] | Continue reading
A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. [...] | Continue reading
Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang. [...] | Continue reading
The DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices. [...] | Continue reading
Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. [...] | Continue reading
Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT). [...] | Continue reading
Microsoft has released the KB5034763 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes a small number of changes, including the continued rollout of changes to comply with Europe's Digital Markets Act (DMA). [...] | Continue reading
A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users. [...] | Continue reading
Integris Health has reported to U.S. authorities that the data breach it suffered last November exposed personal information belonging to almost 2.4 million people. [...] | Continue reading
Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 74 flaws and two actively exploited zero-days. [...] | Continue reading
Microsoft has released the KB5034765 cumulative update for Windows versions 23H2 and 22H2 to fix several bugs in the OS, including an issue that causes problems with the Start menu. [...] | Continue reading
Hackers are believed to have used a stolen private key to mint and steal over $290 million in PLA tokens, a cryptocurrency used within the PlayDapp ecosystem. [...] | Continue reading
The Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns. [...] | Continue reading
Microsoft Teams is susceptible to a growing number of cybersecurity threats as its massive user base is an attractive target for cybercriminals. Learn more from Adaptive Shield on how to increase your Microsoft Teams security posture. [...] | Continue reading
Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year. [...] | Continue reading
The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation. [...] | Continue reading
Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. [...] | Continue reading
Microsoft is testing a new "Automatic Super Resolution" AI-assisted upscaling feature that increases the video and image quality of supported games while also making them run more smoothly. [...] | Continue reading
A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives. [...] | Continue reading
CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks. [...] | Continue reading
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. [...] | Continue reading
South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free. [...] | Continue reading
At least 18 hospitals in Romania were knocked offline after a ransomware attack took down their healthcare management system. [...] | Continue reading
ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. [...] | Continue reading
Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. [...] | Continue reading
By 2025, Britain is set to ditch physical immigration documents like Biometric Residence Permits (BRPs) and Biometric Residence Cards (BRCs) in a bid to make its borders digital, in-line with developed countries like Australia. Understand what these Home Office changes mean for e … | Continue reading
CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday. [...] | Continue reading
The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars. [...] | Continue reading
Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. [...] | Continue reading
A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang. [...] | Continue reading
The U.S. Federal Trade Commission (FTC) says Americans over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year. [...] | Continue reading
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. [...] | Continue reading
Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. [...] | Continue reading
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. [...] | Continue reading
Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. [...] | Continue reading
Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals. [...] | Continue reading
A new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch. [...] | Continue reading