Hackers exploit recent F5 BIG-IP flaws in stealthy attacks
F5 is warning BIG-IP admins that devices are being breached by "skilled" hackers exploiting two recently disclosed vulnerabilities to erase...
cybersecurity
LayerX Enterprise Browser Security Extension – Secure the Modern Workspace
The browser has become the main work interface in modern enterprises. It’s where employees create and interact with data, and...
Toronto Public Library outages caused by Black Basta ransomware attack
The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library...
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide
Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the...
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online
Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability. Apache...
New CVSS 4.0 vulnerability severity rating standard released
The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common...
Mozi malware botnet goes dark after mysterious use of kill-switch
Mozi malware botnet activity faded away in August after a mysterious unknown party sent a payload on September 27, 2023,...
Palo Alto Reveals New Features in Russian APT Turla’s Kazuar Backdoor
The latest version of the Kazuar backdoor could be more sophisticated than previously imagined, according to Palo Alto Networks.The Kazuar...
Malicious NuGet packages abuse MSBuild to install malware
A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware...
Massive cybercrime URL shortening service uncovered via DNS data
An actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four...
Canada bans WeChat and Kaspersky products on govt devices
Canada has banned the use of Kaspersky security products and Tencent's WeChat app on mobile devices used by government employees,...
Samsung Galaxy gets new Auto Blocker anti-malware feature
Samsung has unveiled a new security feature called 'Auto Blocker' as part of the One UI 6 update, offering enhanced...
Dozens of countries will pledge to stop paying ransomware gangs
An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C.,...
Flipper Zero Bluetooth spam attacks ported to new Android app
Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of...
British Library knocked offline by weekend cyberattack
The British Library has been hit by a major IT outage affecting its website and many of its services following...
Atlassian warns of critical Confluence flaw leading to data loss
Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead...
Avast confirms it tagged Google app as malware on Android phones
Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei,...
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks
A new malware wiper known as BiBi-Linux is being used to destroy data in attacks targeting Linux systems belonging to...
Toronto Public Library services down following weekend cyberattack
The Toronto Public Library (TPL) is warning that many of its online services are offline after suffering a cyberattack over the...
Huawei, Vivo phones tag Google app as TrojanSMS-PA malware
Huawei, Honor, and Vivo smartphones and tablets are displaying strange 'Security threat' alerts urging the deletion of the Google app,...
LastPass breach linked to theft of $4.4 million in crypto
Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases,...
SEC sues SolarWinds for misleading investors before 2020 hack
The U.S. Securities and Exchange Commission (SEC) today charged SolarWinds with defrauding investors by allegedly concealing cybersecurity defense issues before...
FTC orders non-bank financial firms to report breaches in 30 days
The U.S. Federal Trade Commission (FTC) has amended the Safeguards Rules, mandating that all non-banking financial institutions report data breach...
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked
Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as...
