Criminal IP, a cyber threat intelligence search engine, has achieved PCI DSS Level 1 certification. Learn more from Criminal IP about their cyber threat intelligence search engine. [...] | Continue reading
Threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the BatLoader malware. [...] | Continue reading
Software bug-tracking company Rollbar disclosed a data breach after unknown attackers hacked its systems in early August and gained access to customer access tokens. [...] | Continue reading
Microsoft added a new security feature to Windows 11 that lets admins block NTLM over SMB to prevent pass-the-hash, NTLM relay, or password-cracking attacks. [...] | Continue reading
The Agence Nationale des Fréquences (ANFR) has asked Apple to withdraw iPhone 12 smartphones from the French market because the device emits radiofrequency energy that is beyond the limit permitted to be absorbed by the human body. [...] | Continue reading
Microsoft is investigating an ongoing outage preventing customers from sending or receiving messages using the company's Microsoft Teams communication platform. [...] | Continue reading
Global cryptocurrency exchange CoinEX announced that someone hacked its hot wallets and stole large amounts of digital assets that were used to support the platform's operations. [...] | Continue reading
Training end-users to spot phishing has its benefits, but it's clear to see organizations as a whole have failed to make a dent in phishing attacks. Learn more from Specops Software on how phishers use social engineering to exploit human psychology. [...] | Continue reading
A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network. [...] | Continue reading
Mozilla released emergency security updates today to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client. [...] | Continue reading
A new information stealer malware named 'MetaStealer' has appeared in the wild, stealing a wide variety of sensitive information from Intel-based macOS computers. [...] | Continue reading
Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. [...] | Continue reading
Today is Microsoft's September 2023 Patch Tuesday, with security updates for 59 flaws, including two actively exploited zero-day vulnerabilities. [...] | Continue reading
Microsoft has released Windows 10 KB5030211 and KB5030214 cumulative updates for versions 22H2, 21H2, and 1809 to fix problems with the operating system. [...] | Continue reading
Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks. [...] | Continue reading
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has announced it is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect these crucial units from hacker attacks. [...] | Continue reading
A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware. [...] | Continue reading
Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware. [...] | Continue reading
Smart devices offer numerous benefits to both homes and small businesses, but they also pose unique security risks that can fly under the radar. Learn from Firewalla on how consumers and small business owners can effectively secure their smart homes and workplaces with the help o … | Continue reading
An espionage threat group tracked as 'Redfly' hacked a national electricity grid organization in Asia and quietly maintained access to the breached network for six months. [...] | Continue reading
A new attack dubbed 'WiKI-Eve' can intercept the cleartext transmissions of smartphones connected to modern WiFi routers and deduce individual numeric keystrokes at an accuracy rate of up to 90%, allowing numerical passwords to be stolen. [...] | Continue reading
Google released emergency security updates to fix the fourth Chrome zero-day vulnerability exploited in attacks since the start of the year. [...] | Continue reading
Microsoft will block third-party printer driver delivery in Windows Update as part of a substantial and gradual shift in its printer driver strategy over the next 4 years. [...] | Continue reading
MGM Resorts International disclosed today that it is dealing with a cybersecurity issue that impacted some of its systems, including its main website and online reservations. [...] | Continue reading
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies today to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware. [...] | Continue reading
A nation-state threat actor known as 'Charming Kitten' (Phosphorus, TA453, APT35/42) has been observed deploying a previously unknown backdoor malware named 'Sponsor' against 34 companies around the globe. [...] | Continue reading
Payment processing firm Square says a widespread outage that took down a large part of the company's infrastructure last week was caused by a DNS issue. [...] | Continue reading
Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware. [...] | Continue reading
The Associated Press is warning of a data breach impacting AP Stylebook customers where the attackers used the stolen data to conduct targeted phishing attacks. [...] | Continue reading
Several malicious Telegram clones for Android on Google Play were installed over 60,000 times, infecting people with spyware that steals user messages, contacts lists, and other data. [...] | Continue reading
Google has started to roll out its new interest-based advertising platform called the Privacy Sandbox, shifting the tracking of user's interests from third-party cookies to the Chrome browser. [...] | Continue reading
A new phishing campaign is abusing Microsoft Teams messages to send malicious attachments that install the DarkGate Loader malware. [...] | Continue reading
It started as a slow ransomware news week but slowly picked up pace with the Department of Justice announcing indictments on TrickBot and Conti operations members. [...] | Continue reading
Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files. [...] | Continue reading
The Ragnar Locker ransomware gang has claimed responsibility for an attack on Israel's Mayanei Hayeshua hospital, threatening to leak 1 TB of data allegedly stolen during the cyberattack. [...] | Continue reading
Dymocks Booksellers is warning customers their personal information was exposed in a data breach after the company's database was shared on hacking forums. [...] | Continue reading
Cisco is warning of a zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks. [...] | Continue reading
Microsoft is rolling out a new version of the Paint application on Windows 11 Insider builds that can remove the background from any picture with the click of a button. [...] | Continue reading
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added to its catalog of known exploited vulnerabilities (KEV) a critical-severity issue tracked as CVE-2023-33246 that affects Apache's RocketMQ distributed messaging and streaming platform. [...] | Continue reading
State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a joint advisory published by CISA, the FBI, and the United States Cyber Command (USCYBERCOM) revealed on Thursday. [...] | Continue reading
Google announced today that it is deprecating the Google Chrome Safe Browsing feature and moving everyone to its Enhanced Safe Browsing feature in the coming weeks, bringing real-time phishing protection to all users while browsing the web. [...] | Continue reading
Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain to deploy NSO Group's Pegasus commercial spyware onto fully patched iPhones. [...] | Continue reading
A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers to forge credentials and bypass authentication. [...] | Continue reading
Cybercriminals are abusing Google Looker Studio to create counterfeit cryptocurrency phishing websites that phish digital asset holders, leading to account takeovers and financial losses. [...] | Continue reading
Microsoft says North Korean hacking groups have breached multiple Russian government and defense targets since the start of the year. [...] | Continue reading
Apple released emergency security updates to fix two new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 13 exploited zero-days patched since the start of the year. [...] | Continue reading
Google's Threat Analysis Group (TAG) says North Korean state hackers are again targeting security researchers in attacks using at least one zero-day in an undisclosed popular software. [...] | Continue reading
Cybercriminals are leveraging a legitimate Windows tool called 'Advanced Installer' to infect the computers of graphic designers with cryptocurrency miners. [...] | Continue reading