Business Email Compromise (BEC) poses a growing threat to businesses of all sizes. Learn more from Specops Software about the types of BEC attacks and how to avoid them. [...] | Continue reading
Microsoft is investigating an ongoing outage blocking customers from accessing and using the Microsoft Teams communication platform via web and desktop clients. [...] | Continue reading
A 8Base ransomware gang is targeting organizations worldwide in double-extortion attacks, with a steady stream of new victims since the beginning of June. [...] | Continue reading
Microsoft has released the optional KB5027293 Preview cumulative update for Windows 10 22H2 with three new features and 11 additional fixes or changes. [...] | Continue reading
Microsoft has released the June 2023 optional cumulative update for Windows 11, version 22H2, which enables the recently announced new Moment 3 fixes, improvements, and new features. [...] | Continue reading
Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform. [...] | Continue reading
Censys researchers have discovered hundreds of Internet-exposed devices on the networks of U.S. federal agencies that have to be secured according to a recently issued CISA Binding Operational Directive. [...] | Continue reading
Europol announced today that the takedown of the EncroChat encrypted mobile communications platform has led to the arrest of over 6,600 people and the seizure of $979 million in illicit funds. [...] | Continue reading
Microsoft is investigating an ongoing issue preventing some customers from accessing their Exchange Online mailbox through Outlook on the web. [...] | Continue reading
There are just a few days left to get the lowest price available for the mWISE cybersecurity conference. It runs from September 18 - 20, 2023 in Washington, DC. If you register now, you'll get 45% off the standard conference rate. [...] | Continue reading
A new process injection technique named 'Mockingjay' could allow threat actors to bypass EDR (Endpoint Detection and Response) and other security products to stealthily execute malicious code on compromised systems. [...] | Continue reading
Microsoft is expanding support for passkeys in Windows 11 to make it more secure to log into websites and apps using biometric authentication. [...] | Continue reading
A new mobile malware campaign since March 2023 pushes the Android banking trojan 'Anatsa' to online banking customers in the U.S., the U.K., Germany, Austria, and Switzerland. [...] | Continue reading
Security researchers discovered a new malicious tool they named PindOS that delivers the Bumblebee and IcedID malware typically associated with ransomware attacks. [...] | Continue reading
The New York City Department of Education (NYC DOE) says hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server. [...] | Continue reading
In this article, @flaresystems explores threat actors and their activities on dark web forums versus illicit Telegram communities. [...] | Continue reading
A 33-year-old man from Serbia has been extradited from Austria to the United States to face charges of running a criminal darknet narcotics marketplace called "Monopoly Market." [...] | Continue reading
Petro-Canada gas stations across Canada are impacted by technical problems preventing customers from paying with credit card or rewards points as its parent company, Suncor Energy, discloses they suffered a cyberattack. [...] | Continue reading
A trojanized installer for a popular Super Mario Bros game has been infecting unsuspecting players with multiple Windows malware families. [...] | Continue reading
Grafana has released security fixes for multiple versions of its application, addressing a vulnerability that enables attackers to bypass authentication and take over any Grafana account that uses Azure Active Directory for authentication. [...] | Continue reading
LastPass password manager users have been experiencing significant login issues starting early May after being prompted to reset their authenticator apps. [...] | Continue reading
American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines' pilot applications and recruitment portals. [...] | Continue reading
It was a relatively quiet week regarding ransomware news, with the BlackCat ransomware gang extorting Reddit and the ongoing MOVEit Transfer data breaches being the main focus. [...] | Continue reading
The University of Manchester finally confirmed that attackers behind a cyberattack disclosed in early June had stolen data belonging to alumni and current students. [...] | Continue reading
Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits. [...] | Continue reading
U.S. law enforcement today seized the clear web domain of the notorious BreachForums (aka Breached) hacking forum three months after apprehending its owner Conor Fitzpatrick (aka Pompompurin), under cybercrime charges. [...] | Continue reading
PBI Research Services (PBI) has suffered a data breach with three clients disclosing that the data for 4.75 million people was stolen in the recent MOVEit Transfer data-theft attacks. [...] | Continue reading
Cybersecurity solutions company Fortinet has updated its zero-trust access solution FortiNAC to address a critical-severity vulnerability that attackers could leverage to execute code and commands. [...] | Continue reading
Network and IT admins have been dealing with ongoing Microsoft 365 issues this week, reporting that some end users cannot use Microsoft Outlook or other Microsoft 365 apps. [...] | Continue reading
Security researchers have found a simple way to deliver malware to an organization with Microsoft Teams, despite restrictions in the application for files from external sources. [...] | Continue reading
The U.S. National Security Agency (NSA) released today guidance on how to defend against BlackLotus UEFI bootkit malware attacks. [...] | Continue reading
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six more security flaws to its known exploited vulnerabilities (KEV) list. [...] | Continue reading
A variant of the Mirai botnet is targeting almost two dozen vulnerabilities aiming to take control of D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek devices to use them for distributed denial-of-service (DDoS) attacks. [...] | Continue reading
Microsoft says Internet-exposed Linux and Internet of Things (IoT) devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign. [...] | Continue reading
VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication on unpatched systems. [...] | Continue reading
Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of users. [...] | Continue reading
DuckDuckGo has released its privacy-centric browser for Windows to the general public. It is a beta version available for download with no restrictions. [...] | Continue reading
Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers' credit cards and personal information. [...] | Continue reading
Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure Mobility Client) that can let attackers elevate privileges to SYSTEM. [...] | Continue reading
The North Korean APT37 hacking group uses a new 'FadeStealer' information-stealing malware containing a 'wiretapping' feature, allowing the threat actor to snoop and record from victims' microphones. [...] | Continue reading
Apple addressed three new zero-day vulnerabilities exploited in attacks installing Triangulation spyware on iPhones via iMessage zero-click exploits. [...] | Continue reading
Multinational shipping company UPS is alerting Canadian customers that some of their personal information might have been exposed via its online package look-up tools and abused in phishing attacks. [...] | Continue reading
The Federal Trade Commission (FTC) says Amazon allegedly used dark patterns to trick millions of users into enrolling in its Prime program and trapping them by making it as difficult as possible to cancel the automatically-renewing subscriptions. [...] | Continue reading
Threat actors are moving from the dark web to illicit Telegram channels specializing in cybercrime. This Flare article examines why threat actors are shifting from Tor and provides guidance on monitoring Telegram channels. [...] | Continue reading
The Chinese state-sponsored hacking group tracked as APT15 has been observed using a novel backdoor named 'Graphican' in a new campaign between late 2022 and early 2023. [...] | Continue reading
A new DDoS-as-a-Service botnet called "Condi" emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to build an army of bots to conduct attacks. [...] | Continue reading
The ransomware operation behind a cyberattack on the University of Manchester has begun to email students, warning that their data will soon be leaked after an extortion demand was not paid. [...] | Continue reading
VMware updated a security advisory published two weeks ago to warn customers that a now-patched critical vulnerability allowing remote code execution is being actively exploited in attacks. [...] | Continue reading