Category: Threats & Malware

March 20, 2023

Last week, the NBA started sending out notification emails to an unknown number of individuals, to inform them that their information was compromised in a data breach at a third-party provider of newsletter services. The incident has resulted in the […]

March 15, 2023

While massive public data breaches rightfully raise alarms, the spike in malware designed to exfiltrate data directly from devices and browsers is a key contributor to continued user exposure, according to SpyCloud. The 2023 report identified over 22 million unique […]

March 14, 2023

It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, CVE-2023-24880) by different threat actors. About CVE-2023-23397 “CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is […]

March 14, 2023

Criminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google’s Threat Analysis Group (TAG). TAG discovered the in-the-wild exploit, and reported it to […]

March 13, 2023

Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar. “The videos lure users by pretending to be tutorials on how to download cracked versions of software […]

March 13, 2023

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. “By hijacking high-profile Facebook business […]

March 13, 2023

Zoll develops and markets medical equipment and software for advanced emergency care, including cardiac monitoring, oxygen therapy, ventilation, data management, and more. The data breach, the company says, was identified at the end of January, when it discovered unusual activity […]

March 13, 2023

Tracked as CVE-2020-5741, the first is a high-severity flaw in Plex Media Server that is described as a deserialization issue that can be exploited to execute arbitrary Python code, remotely. “This issue allowed an attacker with access to the server […]

March 10, 2023

AT&T is informing customers about a data breach at a vendor’s system that allowed threat actors to gain access to AT&T’s Customer Proprietary Network Information (CPNI). The incident came to light after customers posted the email communication from AT&T on […]

March 10, 2023

Google-owned Mandiant said the threat cluster shares “multiple overlaps” with a long-running operation dubbed “Dream Job” that employs job recruitment lures in email messages to trigger the infection sequence. UNC2970 is the new moniker designated by the threat intelligence firm […]

March 10, 2023

A proposed rule change at the Federal Communications Commission would expand the definition of a data breach for communications carriers. If approved by the agency, the rule would cover any incident that affects the confidentiality of customer information, even if […]

March 10, 2023

A hacker announced on a popular cybercrime forum on Thursday that they were “leaking data of a cybersecurity company called Acronis”, claiming that they hacked the company because they were bored and wanted to humiliate them. The hacker is the […]

March 9, 2023

Tracked as CVE-2023-27898 and CVE-2023-27905 and impacting both Jenkins Server and Update Center, the two security defects are described as cross-site scripting (XSS) bugs that can be exploited by providing a malicious plugin. Rated ‘high severity’, CVE-2023-27898 exists because Jenkins […]

March 9, 2023

Fortinet researchers observed the mining group 8220 Gang using a new crypter called ScrubCrypt in cryptojacking attacks. “Between January and February 2023, FortiGuard Labs observed a payload targeting an exploitable Oracle Weblogic Server in a specific URI.” reads the analysis […]

March 9, 2023

Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 […]

March 8, 2023

The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use […]

March 8, 2023

A total of 24 of the addressed security defects were reported by external researchers. These include eight high-severity flaws, 11 medium-severity bugs, and five low-severity issues. Three of the high-severity vulnerabilities reported by external researchers are use-after-free bugs impacting Swiftshader, […]

March 7, 2023

When it comes to data breaches, organizations are generally informed about the risks and procedures for mitigating them. They can (typically) respond with minimal collateral damage. But the impact a data breach can have on individuals can be devasting; getting […]

March 7, 2023

The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what’s a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service […]

March 7, 2023

A public effort to create a way of predicting the exploitation of vulnerabilities announced a new machine learning model that improves its prediction capabilities by 82%, a significant boost, according to the team of researchers behind the project. Organizations can […]