Top

Category: Threats & Malware

Threats and Malware


Threats & Malware, Virus & Malware

You had a year to patch this Veeam flaw – and now it’s going to hurt some more

July 11, 2024

Via: The Register

Yet another new ransomware gang, this one dubbed EstateRansomware, is now exploiting a Veeam vulnerability that was patched more than a year ago to deploy file-encrypting malware, a LockBit variant, and extort payments from victims. Veeam fixed the flaw, tracked […]


Threats & Malware, Vulnerabilities

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)

July 10, 2024

Via: Help Net Security

CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li has revealed. “Check Point Research […]


Threats & Malware, Virus & Malware

Houthi rebels are operating their own GuardZoo spyware

July 9, 2024

Via: The Register

When it comes to surveillance malware, sophisticated spyware with complex capabilities tends to hog the limelight – for example NSO Group’s Pegasus, which is sold to established governments. But it’s actually less polished kit that you’ve never heard of, like […]


Data loss, Threats & Malware

Not-so-OpenAI allegedly never bothered to report 2023 data breach

July 8, 2024

Via: The Register

It’s been a week of bad cyber security revelations for OpenAI, after news emerged that the startup failed to report a 2023 breach of its systems to anybody outside the organization, and that its ChatGPT app for macOS was coded […]


Threats & Malware, Vulnerabilities

Traeger security bugs bad news for grillers with neighborly beef

July 5, 2024

Via: The Register

Keen meatheads better hope they haven’t angered any cybersecurity folk before allowing their Traeger grills to update because a new high-severity vulnerability could be used for all kinds of high jinks. With summer in full swing in the northern hemisphere, […]


Data loss, Threats & Malware

Affirm admits customer info pwned in ransomware raid at Evolve Bank

July 2, 2024

Via: The Register

The number of financial institutions caught up in the ransomware attack on Evolve Bank & Trust continues to rise as fintech businesses Wise and Affirm both confirm they have been materially affected. News of Evolve being compromised by extortionists broke […]


Threats & Malware, Vulnerabilities

Thousands of servers could be at risk due to major OpenSSH security flaw

July 2, 2024

Via: TechRadar

OpenSSH, regarded as one of the “most secure software implementations in the world” has a “glaring gap” that allows threat actors to completely take over Linux systems that have it installed, experts have warned. A report from Qualys claims the […]


Data loss, Threats & Malware

Microsoft blamed for million-plus patient record theft at US hospital giant

June 26, 2024

Via: The Register

American healthcare provider Geisinger fears highly personal data on more than a million of its patients has been stolen – and claimed a former employee at a Microsoft subsidiary is the likely culprit. Geisinger on Monday announced the results of […]


Threats & Malware, Vulnerabilities

Batten down the hatches, it’s time to patch some more MOVEit bugs

June 26, 2024

Via: The Register

Thought last year’s MOVEit hellscape was well and truly behind you? Unlucky, buster. We’re back for round two after Progress Software lifted the lid on fresh vulnerabilities affecting MOVEit Transfer and Gateway. Progress Software initially contacted users on June 13 […]


Threats & Malware, Vulnerabilities

CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities

June 25, 2024

Via: The Register

US cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool (CSAT) portal. CSAT is used by industry facilities that house chemicals of interest, of which there are […]


Data loss, Threats & Malware

Levi’s and more affected in pants-dropping week of data breaches

June 24, 2024

Via: The Register

There were data breaches galore in the US last week with various major incidents reported to state attorneys general, some in good time, some not. We’ve got our top picks here for you, starting with the US’s most legendary denim […]


Threats & Malware, Virus & Malware

Car dealer software bigshot CDK pulls systems offline twice amid ‘cyber incident’

June 21, 2024

Via: The Register

The vendor behind the software on which nearly 15,000 car dealerships across the US rely says an ongoing “cyber incident” has forced it to pull systems offline for a second time in as many days. CDK Global first shut down […]


Threats & Malware, Vulnerabilities

Crypto exchange Kraken accuses blockchain security outfit CertiK of extortion

June 21, 2024

Via: The Register

Kraken, one of the largest cryptocurrency exchanges in the world, has accused a trio of security researchers of discovering a critical bug, expoliting it to steal millions in digital cash, then using stolen funds to extort the exchange for more. […]


Data loss, Threats & Malware

New Rust-based malware targets Microsoft Windows, abuses Powershell, and steals sensitive info

June 20, 2024

Via: TechRadar

Security pros are warning of a new infostealer being distributed using different methods across the internet. Fickle Stealer does the usual tactics – steals sensitive files, system information, files stored in the browser, cryptocurrency wallet information, and more – but […]


Threats & Malware, Vulnerabilities

Security bug could have allowed anyone to spoof Microsoft employee emails

June 19, 2024

Via: TechRadar

Security researchers recently claimed to have found a flaw that could allow threat actors to spoof Microsoft corporate emails. A cybersecurity researcher with the alias Slonser (full name Vsevolod Kokorin, according to TechCrunch) recently posted on X with a telling […]


Threats & Malware, Vulnerabilities

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

June 19, 2024

Via: The Hacker News

Crypto exchange Kraken revealed that an unnamed security researcher exploited an “extremely critical” zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken’s Chief Security […]


Threats & Malware, Vulnerabilities

VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug

June 18, 2024

Via: The Register

VMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server – the tool used to manage virtual machines and hosts in its flagship Cloud Foundation and vSphere suites. Announced late on Monday night, Pacific Time, the critical-rated […]


Threats & Malware, Virus & Malware

Notorious cyber gang UNC3944 attacks vSphere and Azure to run VMs inside victims’ infrastructure

June 17, 2024

Via: The Register

Notorious cyber gang UNC3944 – the crew suspected of involvement in the recent attacks on Snowflake and MGM Entertainment, and plenty more besides – has changed its tactics and is now targeting SaaS applications According to Google Cloud’s Mandiant threat […]


Threats & Malware, Virus & Malware

Crooks crack customer info at tracking device vendor Tile, issue ‘extortion’ demands

June 13, 2024

Via: The Register

Life360, purveyor of “Tile” Bluetooth tracking devices and developer of associated apps, has revealed it is dealing with a “criminal extortion attempt” after unknown miscreants contacted it with an allegation they had customer data in their possession. After being contacted […]


Data loss, Threats & Malware

Cylance clarifies data breach details, except where the data came from

June 12, 2024

Via: The Register

BlackBerry-owned cybersecurity shop Cylance says the data allegedly belonging to it and being sold on a crime forum doesn’t endanger customers, yet it won’t say where the information was stored originally. Saying very little about where the data came from, […]