Over 60,000 Android apps disguised as legitimate applications have been quietly installing adware on mobile devices while remaining undetected for the past six months. [...] | Continue reading
Outlook.com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service. [...] | Continue reading
Microsoft has agreed to pay a $20 million fine and change data privacy procedures for children to settle Federal Trade Commission (FTC) charges over Children's Online Privacy Protection Act (COPPA) violations. [...] | Continue reading
Stealer logs represent one of the primary threat vectors for modern companies. This Flare explainer article will delve into the lifecycle of stealer malware and provide tips for detection and remediation. [...] | Continue reading
Google has released the monthly security update for the Android platform, adding fixes for 56 vulnerabilities, five of them with a critical severity rating and one exploited since at least last December. [...] | Continue reading
A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defense industry. [...] | Continue reading
Google has released a security update for Chrome web browser to address the third zero-day vulnerability that hackers exploited this year. [...] | Continue reading
The Clop ransomware gang has told BleepingComputer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal data. [...] | Continue reading
Outlook is down again for the second time today, with users facing a frustrating 503 error message when trying to access their accounts. [...] | Continue reading
Cybersecurity firm Kaspersky has released a tool to detect if Apple iPhones and other iOS devices are infected with a new 'Triangulation' malware. [...] | Continue reading
The SpinOk malware was found in a new batch of Android apps on Google Play, reportedly installed an additional 30 million times. [...] | Continue reading
GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards that could be exploited to install malware. [...] | Continue reading
KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the application's memory. [...] | Continue reading
Law enforcement arrested over 100 people in the takedown of the Genesis Market, notorious for selling stolen credentials. To prevent the loss of credentials, it's important to adopt a layered defense. [...] | Continue reading
Microsoft has linked the Clop ransomware gang to recent attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations. [...] | Continue reading
Microsoft's Windows 11 Moment 3 update brings a range of new features and improvements, designed to enhance user experience. [...] | Continue reading
The developers of Atomic Wallet are investigating reports of large-scale theft of cryptocurrency from users' wallets, with over $35 million in crypto reportedly stolen. [...] | Continue reading
CISA has added an actively exploited security bug in the Progress MOVEit Transfer managed file transfer (MFT) solution to its list of known exploited vulnerabilities, warning U.S. federal agencies to patch their systems by June 23. [...] | Continue reading
A new Magecart credit card stealing campaign hijacks legitimate sites to act as "makeshift" command and control (C2) servers to inject and hide the skimmers on targeted eCommerce sites. [...] | Continue reading
Online sellers are targeted in a new campaign to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks. [...] | Continue reading
Zyxel has published a security advisory containing guidance on protecting firewall and VPN devices from ongoing attacks and detecting signs of exploitation. [...] | Continue reading
After introducing a string of AI-powered assistants for its products, Microsoft has now announced that it will soon end support for the Windows standalone Cortana app. [...] | Continue reading
It has been a fairly quiet week regarding ransomware, with only a few reports released and no new significant attacks. However, we may have a rebrand in the making, and a ransomware operation is likely behind a new zero-day data-theft campaign, so we have some news to talk about. … | Continue reading
Microsoft says SMB signing (aka security signatures) will be required by default for all connections to defend against NTLM relay attacks, starting with today's Windows build rolling out to Insiders in the Canary Channel. [...] | Continue reading
State-sponsored North Korean hacker group Kimsuky (a.ka. APT43) has been impersonating journalists and academics for spear-phishing campaigns to collect intelligence from think tanks, research centers, academic institutions, and various media organizations. [...] | Continue reading
Leading snowboard maker Burton Snowboards confirmed notified customers of a data breach after some of their sensitive information was "potentially" accessed or stolen during what the company described in February as a "cyber incident." [...] | Continue reading
Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million. [...] | Continue reading
A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool. [...] | Continue reading
Microsoft is now rolling out a new Windows 11 dev build allowing Insiders to view their phone's camera roll in the File Explorer Gallery. [...] | Continue reading
Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing their sensitive data from compromised systems. [...] | Continue reading
Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. Russia blames these attacks on US intelligence agencies. [...] | Continue reading
Google announced today that bug bounty hunters who report sandbox escape chain exploits targeting its Chrome web browser are now eligible for triple the standard reward until December 1st, 2023. [...] | Continue reading
Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organizations. [...] | Continue reading
A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab, a popular Python library used by numerous projects to generate PDF files from HTML input. [...] | Continue reading
Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual assistant services. [...] | Continue reading
Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies. [...] | Continue reading
A threat actor known as Spyboy is promoting a Windows defense evasion tool called "Terminator" on the Russian-speaking forum RAMP (short for Russian Anonymous Marketplace). [...] | Continue reading
Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install malware. [...] | Continue reading
A stealthy remote access trojan (RAT) named 'SeroXen' has recently gained popularity as cybercriminals begin using it for its low detection rates and powerful capabilities. [...] | Continue reading
Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners' personal information for over seven years. [...] | Continue reading
There are seven main stages of a complex pen testing process that must be followed in order to effectively assess an application's security posture. Learn more from OutPost24 about these stages and how PTaaS can find flaws in web applications, [...] | Continue reading
The Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations in Indonesia, Brunei, and Vietnam. [...] | Continue reading
Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of websites today to address a critical vulnerability in the Jetpack WordPress plug-in. [...] | Continue reading
Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven months to backdoor customers' Email Security Gateway (ESG) appliances with custom malware and steal data. [...] | Continue reading
The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. [...] | Continue reading
Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install "undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control (TCC) security checks. [...] | Continue reading
A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers. [...] | Continue reading
Microsoft has shared a temporary fix for a widespread issue triggered by a buggy driver that causes built-in cameras on some ARM-based Windows devices (including Surface Pro X laptops) to stop working. [...] | Continue reading