Apple Patches Critical iOS Bugs; One Under Attack
Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks. [...]
Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks. [...]
If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds. [...]
Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers. [...]
Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is an actively exploited zero-day. [...]
The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients. [...]
First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks. [...]
This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild. [...]
Move over REvil, Ragnar Locker, BlackMatter, Conti et al: Three lesser-known gangs account for the vast majority of ransomware attacks in the U.S. and globally. [...]
The spoofed email has targeted close to 75K inboxes, slipping past spam and security controls across Office 365, Google Workspace, Exchange, Cisco ESA and more. [...]
After news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court." [...]
Alex Restrepo, Virtual Data Center Solutions at Veritas Technologies, discusses post-attack restoration options, and how to prepare for another one in the future. [...]
With so many people still working from home, cybercriminals are trying to cash in. Cyberattacks have increased 300% and the risk of losing important data or being compromised is much greater at home. Here are five recommendations for securing your home office. [...]
The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data. [...]
John Binns, claiming to be behind the massive T-Mobile theft of >50m customer records, dissed the security measures of the US's No. 2 wireless biggest carrier. T-Mobile is "humbled," it said, announcing new partnerships with security heavyweights on Friday. [...]
Splunk’s Ryan Kovar discusses the rise in supply-chain attacks a la Kaseya & how to get ahead of encryption leaving your business a pile of broken shells. [...]
Now adults, the then-teens apparently used clipboard hijacking malware to steal Bitcoin. [...]
CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers. [...]
Attackers stole tens of millions of current, former or prospective customers' personal data, the company confirmed. It's providing 2 years of free ID protection. [...]
There’s an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs. [...]
The Pakistan-linked threat group's campaign uses compromised WordPress sites to deliver the Warzone RAT to manufacturing companies in Taiwan and South Korea. [...]
LockBit offered Accenture's purported databases and made a requisite jab at its purportedly sad security. Accenture says it recovered just fine from backups. [...]
Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendors’ devices that are common in SOHO setups. [...]
Coupon codes for Netlifx or Google AdWords? Voting for the best football team? Beware: Malicious apps offering such come-ons could inflict a new trojan. [...]
Out of eight agencies, four were given D grades in a report for the Senate, while the Feds overall got a C-. [...]
Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead. [...]