The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed through the plugin. [...] | Continue reading
Romanian national Mihai Ionut Paunescu, aka "Virus," was sentenced to three years in prison by a Manhattan federal court for running a bulletproof hosting service and facilitating the distribution of the Gozi (Ursnif), Zeus, SpyEye, and BlackEnergy malware. [...] | Continue reading
Blink Copilot - a true no-code platform for automating security and IT operations workflows. It is now possible for any security professional to generate automated workflows by just typing a prompt. [...] | Continue reading
A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites. [...] | Continue reading
Remote desktop connections are so powerful a magnet for hackers that an exposed connection can average more than 37,000 times every day from various IP addresses. [...] | Continue reading
Fortinet says a critical FortiOS SSL VPN vulnerability that was patched last week "may have been exploited" in attacks impacting government, manufacturing, and critical infrastructure organizations. [...] | Continue reading
Zacks Investment Research (Zacks) has reportedly suffered an older, previously undisclosed data breach impacting 8.8 million customers, with the database now shared on a hacking forum. [...] | Continue reading
Microsoft revealed in an update to the Azure status page that the preliminary root cause behind an outage that impacted the Azure Portal worldwide on Friday was what it described as a traffic "spike." [...] | Continue reading
Horizon3 security researchers have released proof-of-concept (PoC) exploit code for a remote code execution (RCE) bug in the MOVEit Transfer managed file transfer (MFT) solution abused by the Clop ransomware gang in data theft attacks. [...] | Continue reading
The Swiss government has disclosed that a recent ransomware attack on an IT supplier might have impacted its data, while today, it warns that it is now targeted in DDoS attacks. [...] | Continue reading
Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices. [...] | Continue reading
Researchers at the North Carolina State University Raleigh have discovered a privacy risk in the Strava app's heatmap feature that could lead to identifying users' home addresses. [...] | Continue reading
A hacking group tracked as 'Pink Drainer' is impersonating journalists in phishing attacks to compromise Discord and Twitter accounts for cryptocurrency-stealing attacks. [...] | Continue reading
The week was dominated by fallout over the MOVEit Transfer data-theft attacks, with the Clop ransomware gang confirming that they were behind them. [...] | Continue reading
A group of Ukrainian hackers known as the Cyber.Anarchy.Squad claimed an attack that took down Russian telecom provider Infotel JSC on Thursday evening. [...] | Continue reading
The University of Manchester warns staff and students that they suffered a cyberattack where threat actors likely stole data from the University's network. [...] | Continue reading
Progress Software warned customers today of newly found critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer (MFT) solution that can let attackers steal information from customers' databases. [...] | Continue reading
Microsoft announced today that users would also be able to communicate with Bing Chat, the AI-powered chat-based version of its Bing search engine, via voice commands. [...] | Continue reading
Russian nationals Alexey Bilyuchenko and Aleksandr Verner have been charged with the 2011 hacking of the leading (at the time) cryptocurrency exchange Mt. Gox and the laundering of around 647,000 bitcoins they stole. [...] | Continue reading
The Microsoft Azure Portal is down on the web as a threat actor known as Anonymous Suda claims to be targeting the site with a DDoS attack. [...] | Continue reading
Australian law firm HWL Ebsworth confirmed to local media outlets that its network was hacked after the ALPHV ransomware gang began leaking data they claim was stolen from the company. [...] | Continue reading
The Clop ransomware gang has been looking for ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer (MFT) solution since 2021, according to Kroll security experts. [...] | Continue reading
The Vivaldi Browser announced today that they are now spoofing Microsoft Edge to bypass browser restrictions Microsoft placed in Bing Chat. [...] | Continue reading
Researchers have released a proof-of-concept (PoC) exploit for an actively exploited Windows local privilege escalation vulnerability fixed as part of the May 2023 Patch Tuesday. [...] | Continue reading
A hacking group tracked as 'Asylum Ambuscade' was observed in recent attacks targeting small to medium-sized companies worldwide, combining cyber espionage with cybercrime. [...] | Continue reading
Microsoft is investigating an ongoing outage that is preventing OneDrive customers from accessing the cloud file hosting service worldwide, just as a threat actor known as 'Anonymous Sudan' claims to be DDoSing the service [...] | Continue reading
Google Chrome is getting new security-enhancing features for the built-in Password Manager, making it easier for users to manage their passwords and stay safe from account hijacking attacks. [...] | Continue reading
Pharmaceutical company Eisai has disclosed it suffered a ransomware incident that impacted its operations, admitting that attackers encrypted some of its servers. [...] | Continue reading
Mandiant's mWISE #cybersecurity conference runs from Sept 18-20, 2023 in Washington, D.C. Organizers are asking the public for keynote topic and speaker ideas, and if you register now, you can save 45% off the standard price. [...] | Continue reading
The Royal ransomware gang has begun testing a new encryptor called BlackSuit that shares many similarities with the operation's usual encryptor. [...] | Continue reading
Email and network security company Barracuda warns customers they must replace Email Security Gateway (ESG) appliances hacked in attacks targeting a now-patched zero-day vulnerability. [...] | Continue reading
Honda's e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account. [...] | Continue reading
Cisco has fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system. [...] | Continue reading
The notorious North Korean hacking group known as Lazarus has been linked to the recent Atomic Wallet hack, resulting in the theft of over $35 million in crypto. [...] | Continue reading
Hackers used the popular Minecraft modding platforms Bukkit and CurseForge to distribute a new 'Fractureiser' information-stealing malware through uploaded modifications and by injecting malicious code into existing projects. [...] | Continue reading
VMware issued multiple security patches today to address critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing attackers to gain remote execution or access sensitive information. [...] | Continue reading
A Florida man has pleaded guilty to importing and selling counterfeit Cisco networking equipment to various organizations, including education, government agencies, healthcare, and the military. [...] | Continue reading
A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. [...] | Continue reading
Over 60,000 Android apps disguised as legitimate applications have been quietly installing adware on mobile devices while remaining undetected for the past six months. [...] | Continue reading
Outlook.com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service. [...] | Continue reading
Microsoft has agreed to pay a $20 million fine and change data privacy procedures for children to settle Federal Trade Commission (FTC) charges over Children's Online Privacy Protection Act (COPPA) violations. [...] | Continue reading
Stealer logs represent one of the primary threat vectors for modern companies. This Flare explainer article will delve into the lifecycle of stealer malware and provide tips for detection and remediation. [...] | Continue reading
Google has released the monthly security update for the Android platform, adding fixes for 56 vulnerabilities, five of them with a critical severity rating and one exploited since at least last December. [...] | Continue reading
A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defense industry. [...] | Continue reading
Google has released a security update for Chrome web browser to address the third zero-day vulnerability that hackers exploited this year. [...] | Continue reading
The Clop ransomware gang has told BleepingComputer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal data. [...] | Continue reading
Outlook is down again for the second time today, with users facing a frustrating 503 error message when trying to access their accounts. [...] | Continue reading
Cybersecurity firm Kaspersky has released a tool to detect if Apple iPhones and other iOS devices are infected with a new 'Triangulation' malware. [...] | Continue reading