Top

Tag: Cybersecurity


Threats & Malware, Vulnerabilities

Zoom stomps critical privilege escalation bug plus 6 other flaws

February 15, 2024

Via: The Register

Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a critical privilege escalation flaw. Tracked as CVE-2024-24691 with a CVSS score of 9.6, Zoom says the vulnerability may enable privilege escalation […]


Cyber-crime, Malware

Bumblebee malware wakes from hibernation, forgets what year it is, attacks with macros

February 14, 2024

Via: The Register

The Bumblebee malware loader seemingly vanished from the internet last October, but it’s back and – oddly – relying on a vintage vector to try and gain access. First spotted in 2022 by researchers at Proofpoint – who identified it […]


Threats & Malware, Virus & Malware

China’s Volt Typhoon spies broke into emergency network of ‘large’ US city

February 14, 2024

Via: The Register

The Chinese government’s Volt Typhoon spy team has apparently already compromised a large US city’s emergency services network and has been spotted snooping around America’s telecommunications’ providers as well. According to a report on Tuesday by industrial cybersecurity biz Dragos, […]


Threats & Malware, Virus & Malware

Prudential Financial finds cybercrims lurking inside its IT systems

February 14, 2024

Via: The Register

Prudential Financial, the second largest life insurance company in the US and eight largest worldwide, is dealing with a digital break-in that exposed some internal company and customer records to a criminal group. The Fortune Global 500 and Fortune 500 […]


Network security, Security

OpenAI shuts down China, Russia, Iran, N Korea accounts caught doing naughty things

February 14, 2024

Via: The Register

OpenAI has shut down five accounts it asserts were used by government agents to generate phishing emails and malicious software scripts as well as research ways to evade malware detection. Specifically, China, Iran, Russia, and North Korea were apparently “querying […]


Cyber-crime, Malware

Crooks hook hundreds of exec accounts after phishing in Azure C-suite pond

February 13, 2024

Via: The Register

The number of senior business executives stymied by an ongoing phishing campaign continues to rise with cybercriminals registering hundreds of cloud account takeovers (ATOs) since spinning it up in November. Researchers from Proofpoint listed many C-suite roles as prime targets […]


Data loss, Network security, Threats & Malware

Jet engine dealer to major airlines discloses ‘unauthorized activity’

February 12, 2024

Via: The Register

Willis Lease Finance Corporation has admitted to US regulators that it fell prey to a “cybersecurity incident” after data purportedly stolen from the biz was posted to the Black Basta ransomware group’s leak blog. The form 8-K filed with the […]


Data loss, Threats & Malware

Europe’s largest caravan club admits wide array of personal data potentially accessed

February 12, 2024

Via: The Register

The Caravan and Motorhome Club (CAMC) and the experts it drafted to help clean up the mess caused by a January cyberattack still can’t figure out whether members’ data was stolen. According to an update shared with members late last […]


Data loss, Threats & Malware

Mon Dieu! Nearly half the French population have data nabbed in massive breach

February 12, 2024

Via: The Register

Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week. Payments outfits Viamedis and Almerys both experienced breaches of their […]


Threats & Malware, Vulnerabilities

Fortinet’s week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim

February 9, 2024

Via: The Register

We’ve had to write the word “Fortinet” so often lately that we’re considering making a macro just to make our lives a little easier after what the company’s reps will surely agree has been a week sent from hell. It […]


Threats & Malware, Vulnerabilities

Raspberry Robin devs are buying exploits for faster attacks

February 8, 2024

Via: The Register

Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks. An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to […]


Threats & Malware, Virus & Malware

Cybercrime duo accused of picking $2.5M from Apple’s orchard

February 8, 2024

Via: The Register

A cybersecurity researcher and his pal are facing charges in California after they allegedly defrauded an unnamed company, almost certainly Apple, out of $2.5 million. Noah Roskin-Frazee and Keith Latteri are alleged to have gained access to Apple’s systems via […]


Threats & Malware, Virus & Malware

Fake LastPass lookalike made it into Apple App Store

February 8, 2024

Via: The Register

LastPass says a rogue application impersonating its popular password manager made it past Apple’s gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. The software maker went public about the fake mobile app […]


Threats & Malware, Vulnerabilities

JetBrains urges swift patching of latest critical TeamCity flaw

February 7, 2024

Via: The Register

JetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool. Tracked as CVE-2024-23917, the vulnerability has been assigned a provisional 9.8 CVSS score and allows […]


Cyber-crime, Malware

Iran’s cyber operations in Israel a potential prelude to US election interference

February 7, 2024

Via: The Register

Iran’s anti-Israel cyber operations are providing a window into the techniques the country may deploy in the run-up to the 2024 US Presidential elections, Microsoft says. An analysis of Iran’s activity, published by Microsoft Threat Analysis Center (MTAC) today, concluded […]


Cyber-crime, Malware

U.S. Implements Visa Ban to Counter Spyware Proliferation

February 7, 2024

Via: SecureWorld

The U.S. State Department announced Monday a new policy to impose visa restrictions on individuals linked to the misuse of commercial spyware tools that enable unlawful surveillance and human rights abuses globally. “The misuse of commercial spyware threatens privacy and […]


Cyber-crime, Malware

EquiLend back in the saddle as ransom payment rumors swirl

February 6, 2024

Via: The Register

Global securities finance tech company EquiLend’s systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago. EquiLend was founded in 2001 by some of Wall Street’s biggest players – its board of directors includes BlackRock, […]


Threats & Malware, Vulnerabilities

Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM

February 6, 2024

Via: The Register

Fortinet’s FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution. Both CVE-2024-23108 and CVE-2024-23109 have been assigned provisional scores of 10 on the CVSS scale, suggesting exploits can be carried out remotely by […]


Cyber-crime, Malware

Chinese Coathanger malware hung out to dry by Dutch defense department

February 6, 2024

Via: The Register

Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense (MoD), blaming Chinese state-sponsored attackers for the espionage-focused intrusion. Specialists from the Netherlands’ Military Intelligence and Security Service (MIVD) and the General Intelligence […]


Threats & Malware, Vulnerabilities

Critical vulnerability in Mastodon is pounced upon by fast-acting admins

February 2, 2024

Via: The Register

Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. With a 9.4 severity score, exploiting CVE-2024-23832 potentially allows attackers to take over Mastodon accounts remotely. While […]