Hackers are conducting a large-scale campaign to exploit the recent CVE-2023-3519 flaw in Citrix NetScaler Gateways to steal user credentials. [...] | Continue reading
A threat actor has leaked the complete source code for the first version of the HelloKitty ransomware on a Russian-speaking hacking forum, claiming to be developing a new, more powerful encryptor. [...] | Continue reading
In a bid to upgrade user experience, the Chrome team is developing an "Organise Tabs" feature, soon to be seen at the top left corner of the browser, adjacent to the tab search function. This new addition would be a natural extension of Tab Groups functionality. [...] | Continue reading
Microsoft urged Microsoft 365 email senders this week to authenticate outbound messages following new anti-spam rules for bulk senders announced earlier this week by Google. [...] | Continue reading
Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. [...] | Continue reading
A bounty of $12,288 has been announced for the first person to crack the NIST elliptic curves seeds and discover the original phrases that were hashed to generate them. [...] | Continue reading
The District of Columbia Board of Elections (DCBOE) is currently probing a data leak involving an unknown number of voter records following breach claims from a threat actor known as RansomedVC. [...] | Continue reading
Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state investigation of a May 2020 ransomware attack and the resulting data breach. [...] | Continue reading
The Federal Trade Commission says Americans have lost at least $2.7 billion to social media scams since 2021, with the real number likely many times larger due to unreported incidents. [...] | Continue reading
23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack. [...] | Continue reading
MGM Resorts reveals that last month's cyberattack cost the company $100 million and allowed the hackers to steal customers' personal information. [...] | Continue reading
Microsoft finally removed the Cortana standalone app from Windows 11 in the latest preview build for Insiders in the Canary Channel. [...] | Continue reading
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions. [...] | Continue reading
Hackers engaging in cyber espionage have targeted Chinese-speaking semiconductor companies with TSMC-themed lures that infect them with Cobalt Strike beacons. [...] | Continue reading
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations. [...] | Continue reading
Amazon will require all privileged AWS (Amazon Web Services) accounts to use multi-factor authentication (MFA) for stronger protection against account hijacks leading to data breaches, starting in mid-2024. [...] | Continue reading
A new, redesigned, and faster Microsoft Teams application is generally available for all Windows and macOS users starting today. [...] | Continue reading
Lyca Mobile has released a statement about an unexpected disruption on its network caused by a cyberattack that may have also compromised customer data. [...] | Continue reading
A malicious campaign that researchers observed growing more complex over the past half year, has been planting on open-source platforms hundreds of info-stealing packages that counted about 75,000 downloads. [...] | Continue reading
Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users. [...] | Continue reading
Australian software company Atlassian released emergency security updates to fix a maximum severity zero-day vulnerability in its Confluence Data Center and Server software, which has been exploited in attacks. [...] | Continue reading
About 100,000 industrial control systems (ICS) were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorized access. Among them are power grids, traffic light systems, security and water systems. [...] | Continue reading
Cisco released security updates to fix a Cisco Emergency Responder (CER) vulnerability that let attackers log into unpatched systems using hard-coded credentials. [...] | Continue reading
Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection. [...] | Continue reading
Pen Testing as a Service and Traditional web application pen testing offers two different approaches to securing your applications. Learn more from Outpost24 on which approach may be best for your business. [...] | Continue reading
Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information. [...] | Continue reading
The U.S. Federal Emergency Management Agency (FEMA) and the Federal Communications Commission (FCC) will run an emergency alert test today to check Emergency Alert System (EAS) and Wireless Emergency Alerts (WEA) capabilities nationwide. [...] | Continue reading
A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.so dynamic loader. [...] | Continue reading
Microsoft has introduced a new twist to the Windows 11 installation and update process, transforming it from a mundane task into an enjoyable experience. [...] | Continue reading
Google will introduce new sender guidelines in February to bolster email security against phishing and malware delivery by mandating bulk senders to authenticate their emails and adhere to stricter spam thresholds [...] | Continue reading
Google has released the October 2023 security updates for Android, addressing 54 unique vulnerabilities, including two known to be actively exploited. [...] | Continue reading
A set of critical vulnerabilities dubbed 'ShellTorch' in the open-source TorchServe AI model-serving tool impact tens of thousands of internet-exposed servers, some of which belong to large organizations. [...] | Continue reading
Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks. [...] | Continue reading
Microsoft released emergency security updates for Edge, Teams, and Skype to patch two zero-day vulnerabilities in open-source libraries used by the three products. [...] | Continue reading
A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for job listings. [...] | Continue reading
For Windows users who frequently use the TorBrowser, there's been a pressing concern. Recent versions of the TorBrowser, specifically because of the tor.exe file it contained, were being flagged as potential threats by Windows Defender. [...] | Continue reading
Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro's Zero Day Initiative (ZDI), one of them allowing unauthenticated attackers to gain remote code execution. [...] | Continue reading
Security researchers discovered a new malware-as-a-service (MaaS) named 'BunnyLoader' advertised on multiple hacker forums as a fileless loader that can steal and replace the contents of the system clipboard. [...] | Continue reading
Ransomware gangs are now targeting a recently patched critical vulnerability in JetBrains' TeamCity continuous integration and deployment server. [...] | Continue reading
Over the weekend, security researchers released a proof-of-concept (PoC) exploit for a maximum severity vulnerability in Progress Software's WS_FTP Server file sharing solution. [...] | Continue reading
Arm in a security advisory today is warning of an actively exploited vulnerability affecting the widely-used Mali GPU drivers. [...] | Continue reading
The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards. [...] | Continue reading
The FBI issued a public service announcement warning of a significant increase in 'phantom hacker' scams targeting senior citizens across the United States. [...] | Continue reading
Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift cards to customers, making many worried their accounts were compromised. [...] | Continue reading
The LostTrust ransomware operation is believed to be a rebrand of MetaEncryptor, utilizing almost identical data leak sites and encryptors. [...] | Continue reading
A flaw related to the PKCS #1 v1.5 padding in SSL servers discovered in 1998 and believed to have been resolved still impacts several widely-used projects today. [...] | Continue reading
Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls. [...] | Continue reading
Microsoft has resolved a known issue that caused Outlook Desktop to unexpectedly prompt users to reopen previously closed windows. [...] | Continue reading