Unknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university's Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution vulnerability (CVE-2024-4577). [...]
Oregon Zoo is informing that visitors who purchased tickets online between December and June had their payment card information compromised. [...]
According to user reports following this month's Patch Tuesday, the August 2024 Windows updates are breaking dual boot on some Linux systems with Secure Boot enabled. [...]
A hacker compromised Unicoin's Google Workspace (formerly G-Suite) account and changed the passwords for all company employees, locking them out of their corporate accounts for days. [...]
The U.S. government is warning of increased effort from Iran to influence upcoming elections through cyber operations targeting Presidential campaigns and the American public. [...]
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. [...]
Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company's systems on a hacking forum. [...]
Toyota confirmed that customer data was exposed in a third-party data breach after a threat actor leaked an archive of 240GB of stolen data on a hacking forum. [...]
Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level. [...]
CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. [...]
Suspected hackers behind the heist of $14,000,000 worth of cryptocurrency from blockchain tech firm Holograph were arrested in Italy after living a lavish lifestyle for weeks in the country. [...]
Flight tracking platform FlightAware is asking some users to reset their account login passwords due to a data security incident that may have exposed personal information. [...]
A new data extortion group tracked as Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to distract while exfiltrating data from the target device. [...]
A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites. [...]
Microsoft warned Entra global admins on Thursday to enable multi-factor authentication (MFA) for their tenants until October 15 to ensure users don't lose access to admin portals. [...]
Background check service National Public Data confirms that hackers breached its systems after threat actors leaked a stolen database with millions of social security numbers and other sensitive personal information. [...]
CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. [...]
A common yet overlooked type of weak password are keyboard walk patterns. Learn more from Specops Software on finding and blocking keyboard walk passwords in your organization. [...]
RansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks [...]
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. [...]
Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of stolen logins, until its seizure in June 2021. [...]
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled. [...]
Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. [...]
The U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards designed to resist future cyberattacks based on quantum computing technology. [...]
Hackers targeted AutoCanada in a cyberattack last Sunday that impacted the automobile dealership group's internal IT systems, which may lead to disruptions. [...]