Category: Threats & Malware

January 24, 2024

For most organizations – especially security vendors – disclosing a corporate email breach, in which executives’ internal messages and attachments were stolen, would noticeably ding their stock prices. But Microsoft apparently doesn’t operate by the laws of Wall Street. Late […]

January 24, 2024

On January 9, during a period of heightened anticipation surrounding the potential approval of Bitcoin exchange-traded funds (ETFs), an unauthorized post appeared on the SEC’s X account claiming the approval had been granted. This triggered a surge in Bitcoin’s price […]

January 23, 2024

Australia’s government has used the “significant cyber incidents” sanctions regime it introduced in 2021 for the first time, against a Russian named Aleksandr Gennadievich Ermakov whom authorities have deemed responsible for the 2022 attack on health insurer Medibank Private. The […]

January 23, 2024

A Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud. Chouby Charleron is alleged to be behind […]

January 22, 2024

Ransomware is used by cybercriminals to steal and encrypt critical business data before demanding payment for its restoration. It represents one of, if not the most, serious cybersecurity threat currently facing governments, public/private sector organizations and enterprises around the world. […]

January 22, 2024

Conor Brian Fitzpatrick – aka “Pompourin,” a former administrator of notorious leak site BreachForums – has been sentenced to 20 years of supervised release. Fitzpatrick was arrested and charged in March 2023. Authorities accused him of running the site, which […]

January 22, 2024

AerCap, the world’s largest aircraft leasing company, has reported a ransomware infection that occurred earlier this month, but claims it hasn’t yet suffered any financial losses yet and all its systems are under control. In a US Securities and Exchange […]

January 19, 2024

VF Corporation, parent company of clothes and footwear brands including Vans and North Face, says 35.5 million customers were impacted in some way when criminals broke into their systems in December. The announcement was made in a Thursday 8-K/A filing […]

January 18, 2024

Security researchers have pinned a DDoS botnet that’s infected potentially millions of smart TVs and set-top boxes to an eight-year-old cybercrime syndicate called Bigpanzi. At least 170,000 bots were running daily at the campaign’s height after infecting Android-based TVs and […]

January 17, 2024

Crooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). In a joint warning issued on Tuesday, the US government agencies said the […]

January 17, 2024

Publicly exposed PostgreSQL and MySQL databases with weak passwords are being autonomously wiped out by a malicious extortion bot – one that marks who pays up and who is not getting their data back. Origin unknown, the bot is routinely […]

January 16, 2024

GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed. Tracked as CVE-2023-7028, the maximum-severity bug exploits a change introduced in version 16.1.0 back in May 2023 that allowed users to […]

January 16, 2024

VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment. First off, a pair of issues from Atlassian. Most serious is CVE-2023-22527, a template injection […]

January 16, 2024

Hackers were pretending to be Coinbase and used well-crafted phishing pages to steal people’s cryptocurrency hauls, according to a report from cybersecurity researchers Group-IB. As per the report, between November 2022 and 2023, an unnamed group of hackers operated a […]

January 12, 2024

The popularity of Github has made it too big to block, which is a boon to dissidents ducking government censors but a problem for internet security. GitHub says it is used by more than 100 million developers around the world. […]

January 11, 2024

The U.S. Securities and Exchange Commission’s (SEC) account on X (formerly Twitter) was briefly compromised on Tuesday, January 9, sending shockwaves through the cryptocurrency market and raising serious questions about the agency’s cybersecurity practices. A fake post announcing the approval […]

January 10, 2024

Fidelity National Financial now says criminals got hold of data belonging to 1.3 million customers after breaking into its IT network in November. The mortgage giant, which has assets totaling $74 billion and is one of the largest providers of […]

January 9, 2024

Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant. A collaboration between Cisco Talos, Avast, and the Netherlands police led to the development of the new […]

January 9, 2024

Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge. None of the January CVEs are under active exploit, […]

January 8, 2024

U.S. mortgage lender loanDepot has fallen victim to a cyberattack, prompting the company to take swift action by temporarily shutting down its IT systems and online payment portals. With approximately 6,000 employees and a loan servicing portfolio exceeding $140 billion, […]