A vulnerability in an open-source library that is common across the Web3 space impacts the security of pre-built smart contracts, affecting multiple NFT collections, including Coinbase. [...] | Continue reading
Kali Linux 2023.4, the fourth and final version of 2023, is now available for download, with fifteen new tools and the GNOME 45 desktop environment. [...] | Continue reading
Microsoft says that all Windows 10 customers (including home users) will be able to pay for three extra years of security updates through the company's Extended Security Updates (ESU) program after the end of support (EOS) date. [...] | Continue reading
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. [...] | Continue reading
Consumer traffic rises sharply during the holidays, as do the scope and severity of cyberattacks. Learn more from Specops Software on how to protect your service or help desk from social engineering attacks during the holiday season. [...] | Continue reading
More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious websites. [...] | Continue reading
Microsoft has confirmed an issue causing the HP Smart app to automatically install on Windows systems after all printers are renamed to HP LaserJet M101-M106. [...] | Continue reading
Microsoft has released the KB5032288 November 2023 Windows 11 preview update with improvements for the Copilot AI assistant and almost a dozen bug fixes. [...] | Continue reading
Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. [...] | Continue reading
The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices. [...] | Continue reading
Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka "Fancybear" or "Strontium") actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. [...] | Continue reading
Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug. [...] | Continue reading
Tipalti says they are investigating claims that the ALPHV ransomware gang breached its network and stole 256 GB of data, including data for Roblox and Twitch. [...] | Continue reading
WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. [...] | Continue reading
A previously unknown cyber espionage hacking group named 'AeroBlade' was discovered targeting organizations in the United States aerospace sector. [...] | Continue reading
A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date. [...] | Continue reading
North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. [...] | Continue reading
Google has announced significant changes to its Search Ads publisher products, including AdSense for Search (AFS), AdSense for Shopping (AFSh), and Programmable Search Engine (ProSE). [...] | Continue reading
Cybercriminals are targeting Mac users with a new proxy trojan malware bundled with popular, copyrighted macOS software being offered on warez sites. [...] | Continue reading
Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. [...] | Continue reading
Google is introducing a significant change to Chrome's Back/Forward Cache (BFCache) behavior, allowing web pages to be stored in the cache, even if a webmaster specifies not to store a page in the browser's cache. [...] | Continue reading
The U.S. Department of Health and Human Services (HHS) warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks. [...] | Continue reading
An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. [...] | Continue reading
On Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the Trickbot malware, which was used in attacks against hospitals, companies, and individuals in the United States and worldwide. [...] | Continue reading
A novel malware named 'Agent Raccoon' (or Agent Racoon) is being used in cyberattacks against organizations in the United States, the Middle East, and Africa. [...] | Continue reading
Prime Minister of France Élisabeth Borne signed a circular last week requesting all government employees to uninstall foreign communication apps such as Signal, WhatsApp, and Telegram by December 8, 2023, in favor of a French messaging app named 'Olvid.' [...] | Continue reading
VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. [...] | Continue reading
Microsoft has started rolling out its Copilot AI assistant to Windows 10 with the KB5032278 November 2023 non-security preview update for systems running Windows 10, version 22H2. [...] | Continue reading
Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits. [...] | Continue reading
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. [...] | Continue reading
WhatsApp has introduced a new Secret Code feature that allows users to hide their locked chats by setting a custom password. [...] | Continue reading
Emsisoft is having a holiday deal where you can get 20% off 1-year licenses of the Emsisoft Enterprise Security EDR solution through December 17th, 2023, with no license limits. [...] | Continue reading
Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. [...] | Continue reading
Capital Health hospitals and physician offices across New Jersey are experiencing IT outages after a cyberattack hit the non-profit organization's network earlier this week. [...] | Continue reading
Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks. [...] | Continue reading
American office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach's impact and protect customer data. [...] | Continue reading
Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage (NAS) devices. [...] | Continue reading
A new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade detection. [...] | Continue reading
Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 customers after the hack of service provider Zeroed-In Technologies. [...] | Continue reading
Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to pay $1.2 million in restitution for crimes involving SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency theft. [...] | Continue reading
Microsoft has started testing a new Windows 11 Energy Saver feature that helps customers extend their portable computers' battery life. [...] | Continue reading
Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. [...] | Continue reading
CISA (Cybersecurity & Infrastructure Security Agency) is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers (PLCs) exposed online. [...] | Continue reading
The Japan Aerospace Exploration Agency (JAXA) was hacked in a cyberattack over the summer, potentially compromising sensitive space-related technology and data. [...] | Continue reading
The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. [...] | Continue reading
The nature and ubiquity of modern web apps make them rife for targeting by hackers. Learn more from Outpost24 about the value of continuous monitoring to secure modern web apps. [...] | Continue reading
Okta's investigation into the breach of its Help Center environment last month revealed that the hackers obtained data belonging to all customer support system users. [...] | Continue reading
Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle (MitM) attacks. [...] | Continue reading