Browsing tag
When you read reports about cyber-attacks affecting operational technology (OT), it’s easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks […]
A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu. “The PhantomBlu operation introduces a nuanced exploitation method, diverging from NetSupport RAT’s typical delivery mechanism by leveraging OLE (Object Linking and […]
Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. “A directory traversal within the ‘ftpservlet’ of the FileCatalyst […]
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. “In recent weeks, we have seen evidence that Midnight Blizzard is using information […]
Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos, which discovered the activity, described the authors as skilled and that the “threat actor has previously used similar tactics, techniques and procedures (TTPs) to distribute a banking trojan known as […]
An unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop a previously undocumented backdoor called Zardoor. Cisco Talos, which discovered the activity in May 2023, said the campaign has likely persisted since at least March 2021, adding it has identified only one compromised […]
The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. “The group’s weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal,” Uptycs security researchers Karthickkumar Kathiresan and […]
Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was patched by Apache in ActiveMQ […]
Download the free guide, “It’s a Generative AI World: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks.” ChatGPT now boasts anywhere from 1.5 to 2 billion visits per month. Countless sales, marketing, HR, IT executive, technical support, operations, finance and other functions are feeding data prompts and queries into […]
Information security specialists reported that Palo Alto Networks, a major security firm based in California, US, has become victim to a data breach that led to the exposure of personal information from former and current employees. Compromised data include details such as names, dates of birth, and employee social security numbers. Through a private email […]
According to ethical hacking specialists, multinational private security firm Prosegur was the victim of a massive ransomware attack that forced the shutdown of operations on its telecommunications platform. The company, based in Spain, acknowledged the incident through a statement published around noon yesterday (local time). As a security measure, the company decided to restrict communications […]
Over a hundred nursing homes in the US have had their operations crippled because the company providing them with technology services has become victim of a severe ransomware infection. According to information security specialists, threat actors, allegedly Russian hackers, demand a ransom of more than $14 million USD. The affected company is Wisconsin-based Virtual Care […]
Currently any company is exposed to computer security incidents. This time, web application security experts report that OnePlus, a smartphone manufacturer based in China, has suffered a data breach that led to the exposure of some personal details of its customers. Through a statement, the company mentioned that “an unauthorized actor accessed the information of […]
Again, new reports of security flaws that could affect the millions of WordPress users, the most popular content management system (CMS), have appeared. According to web application security specialists, the presence of a critical vulnerability has been detected in Jetpack, one of the most widely used WordPress plugins. Jetpack has free security, performance, and website […]
Information security specialists at IT secure firm Tenable Research report the discovery of 19 vulnerabilities in Cisco SPA100 Series Voice over Internet Protocol (VoIP) adapters. The vulnerabilities were apparently found while a home VoIP service was being configured. If exploited, these vulnerabilities would allow a threat actor to listen for conversations that users hold through […]
According to web application security specialists, Macy’s department store has been affected by a data breach that has compromised financial details of multiple store customers. This is the second time in less than two years that the company has suffered a data security incident. According to the Alexa voice assistant ranking, the Macy’s website is […]
According to data protection specialists, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) launched a new set of recommendations related to user privacy to help organizations to comply with data protection laws in different parts of the world. The new standard, ISO 27701, was created for adoption in any organization that […]
Information security experts anticipate that the balance in cybersecurity by the end of 2019 will be disastrous. According to figures collected up to this time of year, incidents of reported data breaches increased by about 30% compared to the previous year. In addition, this year it reached an all-time high of nearly 8 billion exposed […]
A couple of days ago web application security specialists reported a ransomware attack on Petroleos Mexicanos (PEMEX), a state-controlled Mexican oil company. Although the company did not explicitly recognize the ransomware infection, it is mentioned that the hackers responsible for the attack would have demanded about $5 million USD in Bitcoin to restore their systems. […]
The week is just beginning and new security incidents affecting major technology companies have already being reported. According to web application security specialists, SmarterASP.NET, an ASP.NET hosting service provider, was the victim of a serious ransomware attack that could affect its more than 400k customers. This is the third time this year that a major […]
According to information security specialists, the California Department of Motor Vehicles (DMV) suffered a data breach that exposed the Social Security numbers of thousands of city drivers; the incident would have given other government agencies undue access to this information. This incident is particularly serious for illegal migrants residing in the state, as the leaked […]