A phishing campaign targeted Okta users at multiple companies, successfully swiping passwords from staffers and then using them to steal company secrets. Researchers say that a mysterious “threat actor” (a fancy term for a hacker or hacker group) has managed to steal nearly 10,000 login credentials from the employees of 130 organizations, in the latest far-reaching supply chain attack on corporate America. Many of the victims are prominent software companies, including firms like Twilio, MailChimp, and Cloudflare, among many others. The news comes from research conducted by cybersecurity firm Group-IB, which...
Malicious actors have taken advantage of a zero-day flaw in General Bytes Bitcoin ATM servers to steal cryptocurrency from clients. The way it works is that once a person deposits or buys bitcoin through the ATM, the money will instead be diverted to the threat actors. The hardware and software company General Bytes produces Bitcoin ATMs that, depending on the product, let users buy or trade approximately 50 different cryptocurrencies. The Bitcoin ATMs are managed by a remote Crypto Application Server (CAS), which also oversees the functionality of the ATM, determines what...
iPhone users urged to update to patch 2 zero-days Apple is urging macOS, iPhone and iPad users to immediately install updates this week that includes fixes for two zero-days under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over devices. Patches are available for affected devices running iOS 15.6.1 and macOS Monterey 12.5.1. The patches address two flaws, which basically impact any Apple device that can run either iOS 15 or the Monterey version of its desktop OS. The vulnerability...
According to the first half of the 2022 H1 Global Threat Analysis Report released by Radware this past week, cyber attacks have grown and evolved as a result of the Russian invasion of Ukraine. Here are two of the main findings: DDoS attacks rise dramatically – The first six months of 2022 were marked by a significant increase in DDoS activity across the globe. Attacks ranged from cases of hacktivism to terabit attacks in Asia and the United States. The number of malicious DDoS attacks climbed 203% compared to the first six...
A report published by Microsoft details of a threat actor named “SEABORGIUM”, which the vendor attributed to Russia, that targeted organizations in NATO member countries as well as in Northern and Eastern Europe for espionage. Also referred as Callisto, TA446 and COLDRIVER, the threat actor has been active since 2015 and reportedly used spyware developed by the infamous ‘HackingTeam’ in their earlier campaigns. Why is this Significant? This is significant because the “SEABORGIUM” threat actor has been active since 2015 and reportedly targeted various industries including defense contractors, think...
TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America. Securityaffairs reports, the group is a small crime threat actor, that has been active since at least April 2018, that employed multiple malware in its attacks, including Loda RAT, Vjw0rm, and Revenge RAT. The malware a reused to steal personal and financial data of hotel...
Disclosed this week, was the 3rd HTTPS attack this year to get to 10s of millions of RPS, after two lower-volume assaults were mitigated by Cloudflare. The very first of them peaked at 15.3 million RPS, Cloudflare revealed in April, while the 2nd reached 26 million RPS, the web security company introduced in June. What makes these assaults stick out from the crowd is the use of encrypted requests (HTTPS), meaning that they need significantly higher computational sources contrasted to regular DDoS strikes. The strike that Google revealed today clearly towers over the previously divulged incidents, as it was...
Amazon addressed a high-severity flaw in its Ring app for Android that could have exposed sensitive information and camera recordings. In May, Amazon fixed a high-severity vulnerability in its Ring app for Android that could have allowed a malicious app installed on a user’s device to access sensitive information and camera recordings. The Ring app allows users to monitor video feeds from multiple devices, including security cameras, video doorbells, and alarm systems. The Android application has been downloaded over 10 million times. Researchers from security firm Checkmarx discovered a vulnerability...
API-related security vulnerabilities continue to be a thorn in the side of organizations, with access control flaws now associated with high-severity CVEs. According to a new whitepaper published by API security firm Wallarm, titled ‘API vulnerabilities discovered and exploited in Q1-2022’, a total of 48 API-related vulnerabilities were found and reported in the first quarter. Based on industry standards, 18 were considered high-risk and 19 were labeled as of medium severity, the report (PDF) says. The critical vulnerabilities disclosed publicly earned themselves CVSS v3 scores ranging from 8.1 and 10. Top API...
The latest update to Google’s Chrome browser is out, bumping the four-part version number to 104.0.5112.101 (Mac and Linux), or to 104.0.5112.102 (Windows). According to Google, the new version includes 11 security fixes, one of which is annotated with the remark that “an exploit [for this vulnerability] exists in the wild”, making it a zero-day hole. The name zero-day is a reminder that there were zero days on which even the most well-informed and proactive user or sysadmin could have been patched ahead of the Bad Guys. Update details Details about the updates are scant, given...
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of the cookies. Cookie & Privacy Policy
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu