New HiatusRAT malware attacks target US Defense Department
In a new HiatusRAT malware campaign, threat actors have targeted a server belonging to the U.S. Department of Defense in...
cybersecurity
Scraped data of 2.6 million Duolingo users released on hacking forum
The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted...
Akira ransomware targets Cisco VPNs to breach organizations
There's mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate...
Sneaky Amazon Google ad leads to Microsoft support scam
A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks...
Ivanti warns of new actively exploited MobileIron zero-day bug
US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in...
Japanese watchmaker Seiko breached by BlackCat ransomware gang
The BlackCat/ALPHV ransomware gang has added Seiko to its extortion site, claiming responsibility for a cyberattack disclosed by the Japanese...
TP-Link smart bulbs can let hackers steal your WiFi password
Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Link’s Tapo...
Cuba ransomware uses Veeam exploit against critical U.S. organizations
Image: Midjourney The Cuba ransomware gang was observed in attacks targeting critical infrastructure organizations in the United States and IT...
Rust devs push back as Serde project ships precompiled binaries
Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary. The move has generated a fair...
Hackers use VPN provider’s code certificate to sign malware
The China-aligned APT (advanced persistent threat) group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with...
The Week in Ransomware – August 18th 2023 – LockBit on Thin Ice
While there was quite a bit of ransomware news this week, the highlighted story was the release of Jon DiMaggio's...
Interpol arrests 14 suspected cybercriminals for stealing $40 million
An international law enforcement operation led by Interpol has led to the arrest of 14 suspected cybercriminals in an operation...
WinRAR flaw lets hackers run programs when you open RAR archives
A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can...
Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Lax policies for package naming on Microsoft’s PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular...
Hackers ask $120,000 for access to multi-billion auction house
Hackers claim to have breached the network of a major auction house and offered access to whoever was willing to...
Phishing campaign steals accounts for Zimbra email servers worlwide
An ongoing phishing campaign has been underway since at least April 2023 that attempts to steal credentials for Zimbra Collaboration...
Triple Extortion Ransomware and the Cybercrime Supply Chain
Ransomware attacks continue to grow both in sophistication and quantity. 2023 has already seen more ransomware attacks involving data exfiltration...
Thousands of Android APKs use compression trick to thwart analysis
Threat actors increasingly distribute malicious Android APKs (packaged app installers) that resist decompilation using unsupported, unknown, or heavily tweaked compression...
Phishing Spree Targets Zimbra Collaboration Account Holders
Cybersecurity researchers at ESET have exposed an ongoing mass-spreading phishing campaign that explicitly targets Zimbra Collaboration email server users. The...
Just announced: AI and security standards keynotes at mWISE
Mark your calendar for mWISE™, the uniquely targeted, community-focused cybersecurity conference from Mandiant. It’s taking place September 18–20, 2023 in...
File sharing site Anonfiles shuts down due to overwhelming abuse
Anonfiles, a popular service for sharing files anonymously, has shut down after saying it can no longer deal with the...
Major U.S. energy org targeted in QR code phishing attack
A phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious...
Google released first quantum-resilient FIDO2 key implementation
Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema...
CISA warns of critical Citrix ShareFile flaw exploited in the wild
CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown...
