Seriously, people - please check the stuff you fetch more carefully Security vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code.... [...]
Research highlights how major attacks like those exploiting Booking.com are executed Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season.... [...]
No need to panic, but grab those updates or mitigations anyway just to be safe A vulnerability in the SSH protocol can be exploited by a well-placed adversary to weaken the security of people's connections, if conditions are right.... [...]
Crims laugh it off and resume their activity The FBI created a decryption tool for the ransomware used by the gang known as BlackCat and/or AlphV, as part of a wider disruption campaign against the group.... [...]
Crims laugh it off and resume their activity Updated The FBI created a decryption tool for the ransomware used by the gang known as BlackCat and/or AlphV, as part of a wider disruption campaign against the extortionists.... [...]
Experts say malware strain make take years to die off completely Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet.... [...]
Move reportedly made after consulting with National Cyber Security Centre The National Grid is reportedly the latest organization in the UK to begin pulling China-manufactured equipment from its network over cybersecurity fears.... [...]
Novel malware adapts delivers DDoS attacks and provides RAT functionality Incident responders say they've found a new type of multi-platform malware abusing the New Kind of Network (NKN) protocol.... [...]
National security and infosec authorities band together to help victims sniff out stealthy Russian baddies hiding in networks Updated The offensive cyber unit linked to Russia's Foreign Intelligence Service (SVR) is exploiting the critical vulnerability affecting the JetBrains TeamCity CI/CD server at scale, and has been since September …
Trusted by major charities, DonorView publicly exposed children’s names and addresses, among other data Close to a million records containing personally identifiable information belonging to donors that sent money to non-profits were found exposed in an online database.... [...]
Officers potentially targeted by dissidents can't afford to relocate for their safety, while others seek support to change their names An official review of the Police Service of Northern Ireland's (PSNI) August data breach has revealed the full extent of the impact on staff.... [...]
Latest offensive cyber group to switch to atypical programming for payloads Research into Lazarus Group's attacks using Log4Shell has revealed novel malware strains written in an atypical programming language.... [...]
Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time Two years after the Log4Shell vulnerability in the open source Java-based Log4j logging utility was disclosed, circa one in four applications are dependent on outdated libraries, leaving them open to exploitation …
Microsoft spots surge in pro-Russia exploits of video platform to spread propaganda An unknown pro-Russia influence group spent time recruiting unwitting Hollywood actors to assist in smear campaigns against Ukraine and its president Volodymyr Zelensky.... [...]
Interpol increasingly concerned as abject abuse of victims scales far beyond Asia origins Human trafficking for the purposes of populating cyber scam call centers is expanding beyond southeast Asia, where the crime was previously isolated.... [...]
As Cyber Solidarity Act edges closer to full adoption in Europe The US Cybersecurity and Infrastructure Security Agency (CISA) has signed a working arrangement with its EU counterparts to increase cross-border information sharing and more to tackle criminals.... [...]
Apparently no one thought to check if this D-Link router 'issue' was actually exploitable A security vulnerability previously added to CISA's Known Exploited Vulnerability catalog (KEV), which was recognized by CVE Numbering Authorities (CNA), and included in reputable threat reports is now being formally rejected by infosec organizations.... [...]
Tardy IT admins likely to get a chilly reception over the lack of updates CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability.... [...]
Accounting software firm Tipalti says it’s investigating alleged break-in of its systems The AlphV/BlackCat ransomware group said it plans to "go direct" to the clients of a firm it allegedly attacked to extort them, claiming to have infiltrated the systems of accounting software vendor Tipalti.... [...]
With more than 1,500 tokens exposed, research highlights importance of securing supply chains in AI and ML The API tokens of tech giants Meta, Microsoft, Google, VMware, and more have been found exposed on Hugging Face, opening them up to potential supply chain attacks.... [...]
Exploits bypass most secure boot solutions from the biggest chip vendors Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers.... [...]
Hunt continues for the other elusive high-ranking members Another member of the Trickbot malware crew now faces a lengthy prison sentence amid US law enforcement's ongoing search for its leading members.... [...]
24 million Americans thought to have had their personal data stolen and sold for pennies A Ukrainian national is facing an eight year prison sentence for running an online marketplace that sold the personal data of approximately 24 million US citizens.... [...]
Assumed Conti offshoot averages 7 figures for each successful attack but may have issues with, er, 'closing deals' The Black Basta ransomware group has reportedly generated upwards of $100 million in revenue since it started operations in April 2022.... [...]
All customer support users told their info was accessed after analysis oversight Okta has admitted that the number of customers affected by its October customer support system data breach is far greater than previously thought.... [...]