Billions of Passwords Offered for $2 in Cyber-Underground
About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a 'COMB' collection. [...]
Showing only posts by Tara Seals. Show all posts.
Fake Forcepoint Google Chrome Extension Hacks Windows Users
In a unique attack, cybercriminals locally install an extension to manipulate data in internal web applications that the victims have access to. [...]
Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites
An CRSF-to-stored-XSS security bug plagues 50,000 'Contact Form 7' Style users. [...]
Ransomware Attacks Hit Major Utilities
Eletrobras, the largest power company in Latin America, faces a temporary suspension of some operations. [...]
Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months
As many as 100,000 of the music streaming service's customers could face account takeover. [...]
Microsoft Office 365 Attacks Sparked from Google Firebase
A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials. [...]
SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover
The by-now infamous company has issued patches for three security vulnerabilities in total. [...]
TrickBot Continues Resurgence with Port-Scanning Module
The infamous malware has incorporated the legitimate Masscan tool, which looks for open TCP/IP ports with lightning-fast results. [...]
Tiny Kobalos Malware Bedevils Supercomputers to Steal Logins
The sophisticated backdoor steals SSH credentials for servers in academic and scientific high-performance computing clusters. [...]
Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code
The flaw in the free-source library could have been ported to multiple applications. [...]
Microsoft 365 Becomes Haven for BEC Innovation
Two new phishing tactics use the platform's automated responses to evade email filters. [...]
Industrial Gear at Risk from Fuji Code-Execution Bugs
Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more. [...]
Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball
A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack. [...]
NetWalker Ransomware Suspect Charged: Tor Site Seized
The suspect allegedly has extorted $27.6 million from ransomware victims, mostly in the healthcare sector. [...]
Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming
A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet. [...]
Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline
Hundreds of servers and 1 million Emotet infections have been dismantled globally, while authorities have taken NetWalker's Dark Web leaks site offline and charged a suspect. [...]
Nefilim Ransomware Gang Hits Jackpot with Ghost Account
An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infiltrate systems for a month, without being noticed. [...]
2.28M MeetMindful Daters Compromised in Data Breach
The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download. [...]
Cisco DNA Center Bug Opens Enterprises to Remote Attack
The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks. [...]
Amazon Kindle RCE Attack Starts with an Email
The "KindleDrip" attack would have allowed attackers to siphon money from unsuspecting victims. [...]
Discord-Stealing Malware Invades npm Packages
The CursedGrabber malware has infiltrated the open-source software code repository. [...]
NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs
The company also issued patches for Tesla-based GPUs as part of an updated, separate security advisory. [...]
Malwarebytes Hit by SolarWinds Attackers
The attack vector was not the Orion platform but rather an email-protection application for Microsoft 365. [...]
SolarWinds Malware Arsenal Widens with Raindrop
The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks. [...]
Cloud Attacks Are Bypassing MFA, Feds Warn
CISA has issued an alert warning that cloud services at U.S. organizations are being actively and successfully targeted. [...]
« newer articles | page 14 | older articles »