Multiple NFT collections at risk by flaw in open-source library
A vulnerability in an open-source library that is common across the Web3 space impacts the security of pre-built smart contracts,...
cybersecurity
Holiday Hackers: How to Safeguard Your Service Desk
Hackers really don’t take holidays, but they will take advantage of them. Consumer traffic rises sharply during the holidays. Correspondingly,...
Hackers breach US govt agencies using Adobe ColdFusion exploit
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified...
Kali Linux 2023.4 released with GNOME 45 and 15 new tools
Kali Linux 2023.4, the fourth and final version of 2023, is now available for download, with fifteen new tools and...
HTC Global Services confirms cyberattack after data leaked online
IT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware...
December Android updates fix critical zero-click RCE flaw
Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code...
Tipalti investigates claims of data stolen in ransomware attack
Updated 12/4/23 to include information from Roblox. Tipalti says they are investigating claims that the ALPHV ransomware gang breached its network...
New AeroBlade hackers target aerospace sector in the U.S.
A previously unknown cyber espionage hacking group named 'AeroBlade' was discovered targeting organizations in the United States aerospace sector. The...
Stealthier version of P2Pinfect malware targets MIPS devices
The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined...
Fake WordPress security advisory pushes backdoor plugin
WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with...
Rust-Based Botnet P2Pinfect Targets MIPS Architecture
The cross-platform botnet known as P2Pinfect has been observed taking a significant leap in sophistication. Since its emergence in July 2023,...
North Korea’s state hackers stole $3 billion in crypto since 2017
North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry...
New proxy malware targets Mac users through pirated software
Cybercriminals are targeting Mac users with a new proxy trojan malware bundled with popular, copyrighted macOS software being offered on...
Linux version of Qilin ransomware focuses on VMware ESXi
A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the...
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are...
US Health Dept urges hospitals to patch critical Citrix Bleed bug
The U.S. Department of Health and Human Services (HHS) warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler...
LogoFAIL attack can install UEFI bootkits through bootup logos
Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they...
Hackers use new Agent Raccoon malware to backdoor US targets
A novel malware named 'Agent Raccoon' (or Agent Racoon) is being used in cyberattacks against organizations in the United States,...
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks
VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over...
French government recommends against using foreign chat apps
Prime Minister of France Élisabeth Borne signed a circular last week requesting all government employees to uninstall foreign communication apps such...
The Week in Ransomware – December 1st 2023 – Police hits affiliates
An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks...
TrickBot malware dev pleads guilty, faces 35 years in prison
On Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the Trickbot malware,...
FjordPhantom Android malware uses virtualization to evade detection
A new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade...
Zyxel warns of multiple critical vulnerabilities in NAS devices
Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on...
