• WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!
    Friday, March 24, 2023 from Naked Security - Sophos
    Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.
  • CISA Unveils Ransomware Notification Initiative
    Friday, March 24, 2023 from Infosecurity - Latest News
    Provides businesses with early warnings to evict threat actors before they can encrypt data
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
    Friday, March 24, 2023 from Infosecurity - Latest News
    The vulnerability could allow an unauthenticated attacker to gain admin privileges and take over a website
  • GitHub publishes RSA SSH host keys by mistake, issues update
    Friday, March 24, 2023 from The Register - Security
    Getting connection failures? Don't panic. Get new keys GitHub has updated its SSH keys after accidentally publishing the private part to the world. Whoops.…
  • GitHub Updates Security Protocol For Operations Over SSH
    Friday, March 24, 2023 from Infosecurity - Latest News
    The move reportedly did not stem from a compromise of GitHub systems or customer information
  • The ‘ordinary’ family at No 35: suspected Russian spies await trial in Slovenia
    Friday, March 24, 2023 from World news: Espionage | theguardian.com
    Couple arrested with huge amount of cash and history of extensive European travel now allegedly pawns in diplomatic game Maria Mayer and Ludwig Gisch settled in Slovenia’s capital, Ljubljana, in 2017, with their two young children....
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
    Friday, March 24, 2023 from THN : The Hacker News
    A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on...
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
    Friday, March 24, 2023 from THN : The Hacker News
    Any app that can improve business operations is quickly added to the SaaS stack. However, employees don't realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly...
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
    Friday, March 24, 2023 from THN : The Hacker News
    Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations "out of an abundance of caution" after it was briefly exposed in a public repository. The activity, which...
  • IRS Phishing Emails Used to Distribute Emotet
    Friday, March 24, 2023 from Infosecurity - Latest News
    Monster 500MB attachment hides a nasty surprise
  • UK Parliament Bans TikTok from its Network and Devices
    Friday, March 24, 2023 from Infosecurity - Latest News
    Further blow for Chinese social media app
  • Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies
    Friday, March 24, 2023 from THN : The Hacker News
    A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the...
  • Security Flaws Cost Fifth of Execs Business
    Friday, March 24, 2023 from Infosecurity - Latest News
    Business leaders still underestimate importance of security to growth
  • three-factor authentication (3FA)
    Friday, March 24, 2023 from SearchSecurity: Security Wire Daily News
  • Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites
    Friday, March 24, 2023 from THN : The Hacker News
    Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized...
  • French parliament says oui to AI surveillance for 2024 Paris Olympics
    Friday, March 24, 2023 from The Register - Security
    Liberté, égalité, reconnaissance faciale for all Despite the opposition of 38 civil society groups, the French National Assembly has approved the use of algorithmic video surveillance during the 2024 Paris Olympics.…
  • Uncle Sam reveals it sent cyber-soldiers to Albania to hunt for Iranian threats
    Friday, March 24, 2023 from The Register - Security
    'Hunt forward' teams of this sort aid with defense and learn how attackers like Tehran operate US Cyber Command operators have confirmed they carried out an online defensive mission in Albania, in response to last year's cyber attacks...
  • Critical infrastructure gear is full of flaws, but hey, at least it's certified
    Thursday, March 23, 2023 from The Register - Security
    Security researchers find bugs, big and small, in every industrial box probed Devices used in critical infrastructure are riddled with vulnerabilities that can cause denial of service, allow configuration manipulation, and achieve remote...
  • S3 Ep127: When you chop someone out of a photo, but there they are anyway…
    Thursday, March 23, 2023 from Naked Security - Sophos
    Listen now - latest episode. Full transcript inside.
  • China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers
    Thursday, March 23, 2023 from Infosecurity - Latest News
    The deployment of custom credential theft malware is the main novelty of the new campaign
  • SharePoint Phishing Scam Targets 1600 Across US, Europe
    Thursday, March 23, 2023 from Infosecurity - Latest News
    Cyber-criminals used the scam to steal the credentials for various email accounts
  • Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts
    Thursday, March 23, 2023 from THN : The Hacker News
    Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI's ChatGPT service to harvest Facebook session cookies and hijack the accounts. The "ChatGPT For Google" extension, a...
  • New Post-Exploitation Attack Method Found Affecting Okta Passwords
    Thursday, March 23, 2023 from Infosecurity - Latest News
    The flaw derives from the way the Okta system records failed login attempts to instances
  • TikTok to be banned from UK parliamentary devices
    Thursday, March 23, 2023 from World news: Espionage | theguardian.com
    Move follows UK government’s decision to ban Chinese-owned video-sharing app Politics live - latest updates Parliament is to ban the Chinese-owned video-sharing app TikTok from “all parliamentary devices and the wider parliamentary...
  • Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps
    Thursday, March 23, 2023 from THN : The Hacker News
    An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud. "Nexus appears to be in its early stages of development," Italian cybersecurity...
  • UK Government Sets Out Vision for NHS Cybersecurity
    Thursday, March 23, 2023 from Infosecurity - Latest News
    Plans to boost cyber-resilience in the health service by 2030
  • 2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks
    Thursday, March 23, 2023 from THN : The Hacker News
    In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate security budgets have risen significantly because of the growing...
  • 8 cybersecurity conferences to attend in 2023
    Thursday, March 23, 2023 from SearchSecurity: Security Wire Daily News
  • Malicious ChatGPT Chrome Extension Hijacks Facebook Accounts
    Thursday, March 23, 2023 from Infosecurity - Latest News
    Software was unwittingly downloaded thousands of times
  • Secure mail
    Thursday, March 23, 2023 from The Register - Security
    Protection from business email compromise Webinar   In the distant past, a master forger with a quill could fake a signature on the end of a letter but at least then you had time to consider the potential for fraud before any damage...
  • Irish Food Giant Dole Admits Employee Data Breach
    Thursday, March 23, 2023 from Infosecurity - Latest News
    Incident was linked to previously disclosed ransomware attack
  • Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers
    Thursday, March 23, 2023 from THN : The Hacker News
    Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of 2023. The intrusion set has been attributed to a Chinese cyber espionage actor associated with a long-running...
  • Attackers hit Bitcoin ATMs to steal $1.5 million in crypto cash
    Thursday, March 23, 2023 from The Register - Security
    Terminal maker General Bytes shutters its cloud business after second breach in seven months Unidentified miscreants have siphoned cryptocurrency valued at more than $1.5 million from Bitcoin ATMs by exploiting an unknown flaw in...
  • role-based access control (RBAC)
    Thursday, March 23, 2023 from SearchSecurity: Security Wire Daily News
  • German and South Korean Agencies Warn of Kimsuky's Expanding Cyber Attack Tactics
    Thursday, March 23, 2023 from THN : The Hacker News
    German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users' Gmail inboxes. The joint advisory comes from Germany's domestic...
  • Bogus ChatGPT extension steals Facebook cookies
    Thursday, March 23, 2023 from The Register - Security
    All aboard the chatbot hype train! Next stop: Fraud Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies – but not before more than 9,000 users installed the account-compromising bot.…
  • B-List celebs including Lindsay Lohan fined after crypto shill probe
    Thursday, March 23, 2023 from The Register - Security
    Didn't disclose payments as mastermind pumped up value of tokens with fake trades Eight very B-list celebrities have agreed to cough up fines after being accused of shilling a cryptocurrency without disclosing they were paid to do so,...
  • South Korea fines McDonald's for data leak from raw SMB share
    Thursday, March 23, 2023 from The Register - Security
    British American Tobacco, Samsung, also burgered up their infosec South Korea's Personal Information Protection Commission has fined McDonald's, British American Tobacco, and Samsung for privacy breaches.…
  • Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit
    Wednesday, March 22, 2023 from The Register - Security
    Maybe this is deserved given the problem's in a hidden telnet service Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers - including one critical command execution vulnerability. …
  • Journalist hurt by exploding USB bomb drive
    Wednesday, March 22, 2023 from The Register - Security
    Now that's a flash bang Police in Ecuador are investigating attacks on media organizations across the country after a journalist was injured by an exploding USB flash drive.…
  • Xi, Putin declare intent to rule the world of AI, infosec
    Wednesday, March 22, 2023 from The Register - Security
    'Technological sovereignty is the key to sustainability' states Russian despot Russian president Vladimir Putin and his Chinese counterpart Xi Jinping have set themselves the goal of dominating the world of information technology.…
  • Windows 11 also vulnerable to “aCropalypse” image data leakage
    Wednesday, March 22, 2023 from Naked Security - Sophos
    Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...
  • Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns
    Wednesday, March 22, 2023 from Hack Read
    By Waqas Pinduoduo has confirmed the incident, but denied the presence of malware in its app. This is a post from HackRead.com Read the original post: Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns
  • BreachForums taken down after arrest of alleged owner
    Wednesday, March 22, 2023 from SearchSecurity: Security Wire Daily News
  • CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems
    Wednesday, March 22, 2023 from THN : The Hacker News
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation....
  • German political parties accused of microtargeting voters on Facebook
    Wednesday, March 22, 2023 from The Register - Security
    Country's super strong data rights under magnifying glass after half a dozen complaints filed Remember the Who Targets Me browser extension from privacy activists at Noyb? The group yesterday filed explosive complaints based on log...
  • ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques
    Wednesday, March 22, 2023 from THN : The Hacker News
    The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware. According to multiple reports from AhnLab Security Emergency response...
  • Windows 11 and 10’s Snipping Tools Vulnerable to Data Exposure
    Wednesday, March 22, 2023 from Hack Read
    By Waqas Microsoft has stated that they are aware of the issue and are investigating, adding that they will take action to help keep customers protected. This is a post from HackRead.com Read the original post: Windows 11 and 10’s...
  • Preventing Insider Threats in Your Active Directory
    Wednesday, March 22, 2023 from THN : The Hacker News
    Active Directory (AD) is a powerful authentication and directory service used by organizations worldwide. With this ubiquity and power comes the potential for abuse. Insider threats offer some of the most potentials for destruction. Many...
  • Cyber insurance carriers expanding role in incident response
    Wednesday, March 22, 2023 from SearchSecurity: Security Wire Daily News
  • Powered by Feed Informer