Threat actors have breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week. [...] | Continue reading
The U.S. Justice Department and the Federal Trade Commission (FTC) announced that Amazon has agreed to pay a $25 million fine to settle alleged children's privacy laws violations related to the company's Alexa voice assistant service. [...] | Continue reading
VirusTotal apologized on Friday for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file containing their info to the platform last month. [...] | Continue reading
GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware. [...] | Continue reading
Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller (BMC) software made by hardware and software company American Megatrends International. [...] | Continue reading
Google's browser, Chrome, in its 115th version, has unveiled a feature that allows users to use Windows Mica material, a design element that enhances user personalization. To access this function, users are required to go to the Chrome flags menu and activate it manually. [...] | Continue reading
Orgs must take proactive measures to safeguard their web applications and eliminate weak points. Learn more from Outpost24 on these threats, attack strategies, and the steps you can take to protect your web applications. [...] | Continue reading
US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne and CrowdStrike. [...] | Continue reading
Earlier this month, security researchers discovered a new peer-to-peer (P2P) malware with self-spreading capabilities that targets Redis instances running on Internet-exposed Windows and Linux systems. [...] | Continue reading
The Chinese state-backed APT41 hacking group is targeting Android devices with two newly discovered spyware strains dubbed WyrmSpy and DragonEgg by Lookout security researchers. [...] | Continue reading
Two ransomware actors, ALPHV/BlackCat and Clop, have listed beauty company Estée Lauder on their data leak sites as a victim of separate attacks. [...] | Continue reading
Bing Chat continues to enrich its user experience by rolling out a new feature - Visual Search in Chat. This function combines the power of OpenAI's GPT-4 model with image search abilities to offer a more interactive way of browsing the web. [...] | Continue reading
WhatsApp, the globally renowned messaging app, unexpectedly went offline today, leaving its vast user base unable to send or receive messages. [...] | Continue reading
Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks. [...] | Continue reading
Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for sale on the dark web and access to a malicious alternative for ChatGPT. [...] | Continue reading
Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry and Microsoft Exchange servers with a new 'DeliveryCheck' malware backdoor. [...] | Continue reading
Microsoft is expanding access to additional cloud logging data for customers worldwide at no additional cost, allowing easier detection of breached networks and accounts. [...] | Continue reading
The Norwegian Data Protection Authority (DPA), the country's data privacy watchdog, has banned behavioral advertising on Meta's Facebook and Instagram social networks. [...] | Continue reading
Cyber Police Department of the National Police of Ukraine dismantled another massive bot farm linked to more than 100 individuals after searches at almost two dozen locations. [...] | Continue reading
The U.S. government has banned European commercial spyware manufacturers Intellexa and Cytrox, citing risks to U.S. national security and foreign policy interests. [...] | Continue reading
FBI warns of a surge in tech support scams targeting the elderly across the United States and urging victims to dispatch cash concealed within magazines or similar items through shipping firms. [...] | Continue reading
A new cybersecurity certification and labeling program called U.S. Cyber Trust Mark is being shaped to help U.S. consumers choose connected devices that are more secure and resilient to hacker attacks. [...] | Continue reading
Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation. [...] | Continue reading
Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and "strongly urges" to install updated versions without delay. [...] | Continue reading
When insurers assess an organization's cybersecurity posture, password security is a key element considered. Learn more from Specops Software on how password security can affect your insurance premiums. [...] | Continue reading
A financially motivated cybercrime gang has been observed deploying BlackCat ransomware payloads on networks backdoored using a revamped Sardonic malware version. [...] | Continue reading
A critical design flaw in the Google Cloud Build service discovered by cloud security firm Orca Security can let attackers escalate privileges, providing them with almost nearly-full and unauthorized access to Google Artifact Registry code repositories. [...] | Continue reading
Microsoft is investigating an ongoing Exchange Online outage preventing customers from sending emails and triggering 503 errors on affected systems. [...] | Continue reading
CISA ordered federal agencies to mitigate remote code execution zero-days affecting Windows and Office products that were exploited by the Russian-based RomCom cybercriminal group in NATO phishing attacks. [...] | Continue reading
Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation. [...] | Continue reading
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shared a factsheet providing details on free tools and guidance for securing digital assets after switching to the cloud from on-premises environments. [...] | Continue reading
Adobe warns that a critical ColdFusion pre-authentication remote code execution vulnerability tracked as CVE-2023-29300 is actively exploited in attacks. [...] | Continue reading
The Spanish National Police has apprehended a Ukrainian national wanted internationally for his involvement in a scareware operation spanning from 2006 to 2011. [...] | Continue reading
28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. [...] | Continue reading
The new NoEscape ransomware operation is believed to be a rebrand of Avaddon, a ransomware gang that shut down and released its decryption keys in 2021. [...] | Continue reading
Organizers at mWISE, the anticipated cybersecurity conference from Mandiant, now part of Google Cloud, have released this year's session catalog. Learn more from Mandiant about the upcoming mWise sessions. [...] | Continue reading
US-based enterprise software firm JumpCloud says a state-backed hacking group breached its systems almost one month ago as part of a highly targeted attack focused on a limited set of customers. [...] | Continue reading
Windows 11 23H2 is taking a step further into the world of artificial intelligence with the introduction of Windows Copilot, its centralized AI assistant. [...] | Continue reading
Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface. [...] | Continue reading
Ukraine's Computer Emergency Response Team (CERT-UA) is warning that the Gamaredon hacking operates in rapid attacks, stealing data from breached systems in under an hour. [...] | Continue reading
The administrators of the Genesis Market for stolen credentials announced on a hacker forum that they sold the store and a new owner would get the reins "next month." [...] | Continue reading
Microsoft says it still doesn't know how Chinese hackers stole an inactive Microsoft account (MSA) consumer signing key used to breach the Exchange Online and Azure AD accounts of two dozen organizations, including government agencies. [...] | Continue reading
Rockwell Automation says a new remote code execution (RCE) exploit linked to an unnamed Advanced Persistent Threat (APT) group could be used to target unpatched ControlLogix communications modules commonly used in manufacturing, electric, oil and gas, and liquified natural gas in … | Continue reading
In what is shaping up to be a widespread privacy controversy, Spotify has come under scrutiny following allegations by users that the music streaming service made their private playlists public without their consent. [...] | Continue reading
The All-In-One Security (AIOS) WordPress security plugin, used by over a million WordPress sites, was found to be logging plaintext passwords from user login attempts to the site's database, putting account security at risk. [...] | Continue reading
20-year-old Conor Brian Fitzpatrick aka Pompompurin, the owner of the notorious BreachForums (aka Breached) hacking forum, has pleaded guilty to charges of hacking and possession of child pornography. [...] | Continue reading
Colorado State University (CSU) has confirmed that the Clop ransomware operation stole sensitive personal information of current and former students and employees during the recent MOVEit Transfer data-theft attacks. [...] | Continue reading
Criminal IP, a leading Cyber Threat Intelligence search engine, has formed a powerful alliance with Tines, a renowned provider of no-code automation solutions. [...] | Continue reading