Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. | Continue reading
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems. | Continue reading
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data. | Continue reading
‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings. | Continue reading
Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds. | Continue reading
Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal for SpaceX’s satellite-based internet system | Continue reading
Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account. | Continue reading
August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild. | Continue reading
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain. | Continue reading
Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods. | Continue reading
Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction. | Continue reading
Feds urge U.S. agencies to patch a Microsoft July Patch Tuesday 2022 bug that is being exploited in the wild by August 2. | Continue reading
The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine. | Continue reading
A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver. | Continue reading
State-sponsored actors are deploying the unique malware–which targets specific files and leaves no ransomware note–in ongoing attacks. | Continue reading
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks. | Continue reading
Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents. | Continue reading
The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs. | Continue reading
The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity. | Continue reading
The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020. | Continue reading
The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn. | Continue reading
Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said. | Continue reading
A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names. | Continue reading
2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur. | Continue reading
Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks. | Continue reading
Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda. | Continue reading
Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug. | Continue reading
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites. | Continue reading
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access. | Continue reading
GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations. | Continue reading
For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits. | Continue reading
Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages. | Continue reading
London Police can't say if they nabbed the 17-year-old suspected mastermind & multimillionaire – but researchers say they’ve been tracking an Oxford teen since mid-2021. | Continue reading
"Evolving intelligence" shows Russia amping up for cyber-war in response to Ukraine-related sanctions, the White House said — but researchers warn that many orgs are not prepared. | Continue reading
In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module. | Continue reading
The country’s citizens are being blocked from the internet because foreign certificate authorities can't accept payments due to Ukraine-related sanctions, so it created its own CA. | Continue reading
The 'TLStorm' vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure. | Continue reading
'Serious flaws' in the way Samsung phones encrypt sensitive material, as revealed by academics from Tel Aviv U, are 'embarrassingly bad.' | Continue reading
Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12. | Continue reading
It's unknown who's behind the cyberattacks against at least nine employees' iPhones, who are all involved in Ugandan diplomacy. | Continue reading
Raft of other proprietary game data and related software and developer kits also pilfered in the unspecified attack, which the company is investigating. | Continue reading
Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen. | Continue reading
A savvy campaign impersonating the cybersecurity company skated past Microsoft email security. | Continue reading
The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw. | Continue reading
A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc. | Continue reading
It's a little snippet of Python code – 6KB – that strikes fast and nasty, taking less than three hours to complete from initial breach to encryption. | Continue reading
A researcher combed through the Twitch leak and found what they said was evidence of PayPal chargebacks with names and emails; employees' emails; and more. | Continue reading
Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA. | Continue reading