Medium is banning AI-generated content from its paid Partner program, notifying users that the new policy goes into effect on May 1, 2024. [...] | Continue reading
Canadian retail chain Giant Tiger disclosed a data breach in March 2024. A threat actor has now publicly claimed responsibility for the data breach and leaked 2.8 million records on a hacker forum that they claim are of Giant Tiger customers. [...] | Continue reading
Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials. [...] | Continue reading
Royal Mail, the British postal and courier service began switching all snail mail stamps to barcoded stamps last year. The purpose of the barcode was to enhance security, deter stamp reuse, and possibly prevent forgeries—which it has failed to do. [...] | Continue reading
Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts. [...] | Continue reading
The Federal Trade Commission (FTC) is sending out $6,300,000 in partial refunds to 267,000 former AT&T Wireless customers as part of a data throttling settlement in 2019. [...] | Continue reading
Today, Palo Alto Networks warns that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks. [...] | Continue reading
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new version of "Malware Next-Gen," now allowing the public to submit malware samples for analysis by CISA. [...] | Continue reading
Restaurant reservation platform OpenTable says that all reviews on the platform will no longer be fully anonymous starting May 22nd and will now show members' profile pictures and first names. [...] | Continue reading
A recent cyberattack on Hoya Corporation was conducted by the 'Hunters International' ransomware operation, which demanded a $10 million ransom for a file decryptor and not to release files stolen during the attack. [...] | Continue reading
CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. [...] | Continue reading
Apple has been notifying iPhone users in 92 countries about a "mercenary spyware attack" attempting to remotely compromise their device. [...] | Continue reading
Employee offboarding isn't anybody's favorite task—but it's a critical IT process that needs to be executed diligently and efficiently. Learn more from Nudge Security on automating offboarding of users in a secure manner. [...] | Continue reading
DuckDuckGo has launched a new paid-for 3-in-1 subscription service called 'Privacy Pro,' which includes a virtual private network (VPN), a personal data removal service, and an identity theft restoration solution. [...] | Continue reading
AT&T is sending data breach notifications to 51 million former and current customers, warning them that their personal data was exposed in a hacking forum. However, the company has still not disclosed how the data was obtained. [...] | Continue reading
Password reuse might seem like a small problem — but it can have far-reaching consequences for an organization's cybersecurity. Learn more from Specops Software about what IT teams can do to combat the problem. [...] | Continue reading
Threat actors are abusing GitHub automation features and malicious Visual Studio projects to push a new variant of the "Keyzetsu" clipboard-hijacking malware and steal cryptocurrency payments. [...] | Continue reading
Microsoft has released the KB5036892 cumulative update for Windows 10 21H2 and Windows 10 22H2 with twenty-three changes and two new features. [...] | Continue reading
A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain. [...] | Continue reading
Maintaining visibility into container hosts, ensuring best practices, and conducting vulnerability assessments are necessary to ensure effective security. In this article Wazuh explores how its software can help implement best security practices for containerized environments. [. … | Continue reading
Researchers have discovered two techniques that could enable attackers to bypass audit logs or generate less severe entries when downloading files from SharePoint. [...] | Continue reading
Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. [...] | Continue reading
Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds. [...] | Continue reading
The Notepad++ project is seeking the public's help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project. There is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam s … | Continue reading
Windows 11 24H2 is set to arrive on existing devices this fall with several new features, mostly Copilot-related improvements. [...] | Continue reading
Microsoft is now using a Windows driver to prevent users from changing the Windows 10 and Windows 11 default browser manually or through software. [...] | Continue reading
Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) flaw the vendor addressed earlier this week. [...] | Continue reading
Microsoft has fixed a known issue causing 0x80073cf2 errors when using the System Preparation (Sysprep) tool after installing November Windows 10 updates. [...] | Continue reading
A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023. [...] | Continue reading
Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers. [...] | Continue reading
Cancer treatment and research center City of Hope is warning that a data breach exposed the sensitive information of over 820,000 patients. [...] | Continue reading
Recent high-profile malware attacks teach us lessons on limiting malware risks at organizations. Learn more from Blink Ops about what these attacks taught us. [...] | Continue reading
Data breach alerting service Have I Been Pwned (HIBP) warns that SurveyLama suffered a data breach in February 2024, which exposed the sensitive data of 4.4 million users. [...] | Continue reading
Omni Hotels & Resorts has confirmed a cyberattack caused a nationwide IT outage that is still affecting its locations. [...] | Continue reading
Jackson County, Missouri, is in a state of emergency after a ransomware attack took down some county services on Tuesday. [...] | Continue reading
The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor. [...] | Continue reading
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin. [...] | Continue reading
Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month. [...] | Continue reading
AT&T is facing multiple class-action lawsuits following the company's admission to a massive data breach that exposed the sensitive data of 73 million current and former customers. [...] | Continue reading
Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them. [...] | Continue reading
Microsoft Copilot is a powerful asset for companies, but with it comes an increased risk of data exposure. In this article, Varonis demonstrates prompt-hacking examples that can expose sensitive data. [...] | Continue reading
Microsoft has confirmed that some Outlook.com users are experiencing issues with emails being blocked and marked as spam when trying to email Gmail accounts. [...] | Continue reading
The Chinese 'Winnti' hacking group was found using a previously undocumented malware called UNAPIMON to let malicous processes run without being detected. [...] | Continue reading
Google announced a new Chrome security feature that ties cookies to a specific device, blocking hackers from stealing and using them to hijack users' accounts. [...] | Continue reading
Google has agreed to delete billions of data records collected from 136 million Chrome users in the United States, as part of a lawsuit settlement regarding alleged undisclosed browser data collection while in Incognito mode. [...] | Continue reading
Russia's Prosecutor General's Office has announced the indictment of six suspected "hacking group" members for using malware to steal credit card and payment information from foreign online stores. [...] | Continue reading
Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. [...] | Continue reading
The Indian government says it rescued and repatriated 250 citizens who sought jobs in Cambodia, only to be forced into conducting cybercrime once they arrived. [...] | Continue reading