News
-
"Identity Thieves Exploit Security Flaw to Steal Credit Reports From Experian"The credit reporting company Experian has experienced yet another security breach. Identity thieves obtained credit records by exploiting a security flaw on its website. KrebsOnSecurity revealed that identity thieves are exploiting the Experian website…
-
"New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks"A team of researchers from the University of Sheffield has demonstrated methods that exploit Text-to-SQL models to generate malicious code, which could enable adversaries to extract sensitive data and launch Denial-of-Service (DoS) attacks. Xutan Peng, a…
-
"'Copyright Infringement' Lure Used for Facebook Credential Harvesting"A recently discovered extensive credential-harvesting campaign has hackers leveraging Facebook copyright infringement notices to steal enterprise credentials. According to researchers at Avanan, this latest phishing campaign sends users an email…
-
"Ground-breaking Tech Finally Turns Cybersecurity's Weakest Link to Its Greatest Strength, Says Deakin University"In collaboration with Deakin University, the Tide Foundation has verified a new security paradigm. Tide unravels the question of "who's guarding the guardian?" and undermines the current security idea that implies safeguarding something requires heavily…
-
"Dark Web Actors Fight For Drug Trafficking and Illegal Pharmacy Supremacy"According to new research conducted by Resecurity, the annual sale of illegal drugs on the dark web exceeded $470m in 2022. The company's new report highlights the growth of the shadow economy and new communication methods used by criminals,…
-
"Hackers Target Cryptocurrency Customers by Impersonating Well-Known Employee"Researchers from Division Seven, SafeGuard's threat intelligence division, have detailed how a threat actor targeted clients of a cryptocurrency company they partner with using a social engineering approach with a twist. The hackers pretended to be a…
-
"Serbian Government Reports 'Massive DDoS Attack' Amid Heightened Tensions in Balkans"Multiple major Distributed Denial-of-Service (DDoS) attacks have been launched against the website and Information Technology (IT) infrastructure of the Serbian Ministry of Internal Affairs, according to an announcement by the Serbian government.…
-
"CISA Notifies Hitachi Energy Customers of High-Severity Vulnerabilities"The US Cybersecurity and Infrastructure Security Agency (CISA) recently published advisories to inform organizations using Hitachi Energy products about several recently addressed critical and high-severity vulnerabilities. CISA published three…
-
"Air France, KLM Customers Warned of Loyalty Program Account Hacking"Franco-Dutch airline company Air France-KLM has recently started informing Flying Blue customers of a data breach involving their user accounts. Air France-KLM was formed in 2004 following the merger between Air France and KLM. Flying Blue is…
-
"Rackspace Ransomware Attack Was Executed by Using Previously Unknown Security Exploit"The Play ransomware group breached the Rackspace Hosted Exchange email system using the MS Exchange exploit chain recently disclosed by Crowdstrike researchers. The attack combines CVE-2022-41082, a Remote Code Execution (RCE) flaw, and CVE-2022-41080, a…
-
"Russia-Linked Turla APT Sneakily Co-Opts Ancient Andromeda USB Infections"A hacking gang, believed to be the Russia-linked Turla Team, reregistered at least three domains associated with the decade-old Andromeda malware, enabling the group to deploy its own espionage and surveillance tools on Ukrainian targets. According to…
-
"Gotta Catch 'Em All: Cybercriminals Target Victims With Fake Pokémon Game"Cybersecurity researchers at the AhnLab Security Emergency Response Center (ASEC) in South Korea have found a phishing campaign that aims to spread malware using a fake Pokémon NFT game. ASEC discovered at least two phishing pages masquerading as a…