Billions of Passwords Offered for $2 in Cyber-Underground
About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a 'COMB' collection. [...]
About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a 'COMB' collection. [...]
In a unique attack, cybercriminals locally install an extension to manipulate data in internal web applications that the victims have access to. [...]
An CRSF-to-stored-XSS security bug plagues 50,000 'Contact Form 7' Style users. [...]
Eletrobras, the largest power company in Latin America, faces a temporary suspension of some operations. [...]
As many as 100,000 of the music streaming service's customers could face account takeover. [...]
A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials. [...]
The by-now infamous company has issued patches for three security vulnerabilities in total. [...]
The infamous malware has incorporated the legitimate Masscan tool, which looks for open TCP/IP ports with lightning-fast results. [...]
The sophisticated backdoor steals SSH credentials for servers in academic and scientific high-performance computing clusters. [...]
The flaw in the free-source library could have been ported to multiple applications. [...]
Two new phishing tactics use the platform's automated responses to evade email filters. [...]
Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more. [...]
A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack. [...]
The suspect allegedly has extorted $27.6 million from ransomware victims, mostly in the healthcare sector. [...]
A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet. [...]
Hundreds of servers and 1 million Emotet infections have been dismantled globally, while authorities have taken NetWalker's Dark Web leaks site offline and charged a suspect. [...]
An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infiltrate systems for a month, without being noticed. [...]
The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download. [...]
The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks. [...]
The "KindleDrip" attack would have allowed attackers to siphon money from unsuspecting victims. [...]
The CursedGrabber malware has infiltrated the open-source software code repository. [...]
The company also issued patches for Tesla-based GPUs as part of an updated, separate security advisory. [...]
The attack vector was not the Orion platform but rather an email-protection application for Microsoft 365. [...]
The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks. [...]
CISA has issued an alert warning that cloud services at U.S. organizations are being actively and successfully targeted. [...]