Estée Lauder beauty giant breached by two ransomware gangs
Two ransomware actors, ALPHV/BlackCat and Clop, have listed beauty company Estée Lauder on their data leak sites as a victim...
cybersecurity
Chinese APT41 Linked to WyrmSpy and DragonEgg Surveillanceware
The Chinese espionage group APT41 (AKA Double Dragon, BARIUM and Winnti) has been linked to the sophisticated Android surveillanceware known...
Critical API Security Gaps Found in Financial Services
An industry-focused report on application programming interface (API) security has revealed a critical state of affairs in the financial services...
CISA orders govt agencies to mitigate Windows and Office zero-days
CISA ordered federal agencies to mitigate remote code execution zero-days affecting Windows and Office products that were exploited by the Russian-based...
Google Cloud Build bug lets hackers launch supply chain attacks
A critical design flaw in the Google Cloud Build service discovered by cloud security firm Orca Security can let attackers...
U.S. preparing Cyber Trust Mark for more secure smart devices
A new cybersecurity certification and labeling program called U.S. Cyber Trust Mark is being shaped to help U.S. consumers choose...
New critical Citrix ADC and Gateway flaw exploited as zero-day
Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits...
FIN8 deploys ALPHV ransomware using Sardonic malware variant
A financially motivated cybercrime gang has been observed deploying BlackCat ransomware payloads on networks backdoored using a revamped Sardonic malware...
Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware
Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name...
Strengthening Password Security may Lower Cyber Insurance Premiums
The global cyber insurance market is expected to reach over $20 billion by 2025. However, many organizations are finding it...
New Vulnerabilities Found in Adobe ColdFusion
Security researchers from Rapid7 have found active exploitation of multiple vulnerabilities in Adobe ColdFusion, a web development computing platform.On July...
JumpCloud discloses breach by state-backed APT hacking group
US-based enterprise software firm JumpCloud says a state-backed hacking group breached its systems almost one month ago as part of...
Frontline Security Practitioners Reveal the Latest About AI
Mark your calendar for mWISE™, the uniquely targeted, community-focused cybersecurity conference from Mandiant. It runs from September 18–20, 2023 in...
Meet NoEscape: Avaddon ransomware gang’s likely successor
The new NoEscape ransomware operation is believed to be a rebrand of Avaddon, a ransomware gang that shut down and...
CISA shares free tools to help secure data in the cloud
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shared a factsheet providing details on free tools and guidance for...
Police arrests Ukrainian scareware developer after 10-year hunt
The Spanish National Police has apprehended a Ukrainian national wanted internationally for his involvement in a scareware operation spanning from...
IT worker jailed for impersonating ransomware gang to extort employer
28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail...
Critical ColdFusion flaws exploited in attacks to drop webshells
Update 7/17/23: The article was updated due to a mistaken warning added by Adobe to its email notification. However, a...
Hackers exploiting critical WordPress WooCommerce Payments bug
Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators,...
US on Track For Record Number of Data Breaches
This year could be another record breaker for data compromise following 951 publicly reported incidents in the second quarter, a...
New CVSS Version Unveiled Amid Rising Cyber Threats
A new version of the Common Vulnerability Scoring System (CVSS 4.0) has been unveiled publicly by the Forum of Incident...
Thousands of images on Docker Hub leak auth secrets, private keys
Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted...
Gamaredon hackers start stealing data 30 minutes after a breach
Ukraine's Computer Emergency Response Team (CERT-UA) is warning that the Gamaredon hacking operates in rapid attacks, stealing data from breached...
Shutterfly says Clop ransomware attack did not impact customer data
Shutterfly, an online retail and photography manufacturing platform, is among the latest victims hit by Clop ransomware. Over the last few months,...
