A team of cybersecurity researchers at SafetyDetectives discovered an unsecured Elasticsearch server belonging to the Vietnamese tech firm Innovative Solution for Healthcare (iSofH). This company provides medical information and hospital management…

The potential for digital-home assistants like Amazon Alexa to infringe on user privacy by making and saving voice recordings of them is already widely known.  According to new research by a team of researchers from the University of Cambridge,…

Just in time for the Christmas holiday, researchers have found that after a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100,000 targets per day.  The botnet is spreading TrickBot…

The FBI issued a warning to private sector organizations about DoppelPaymer ransomware attacks and the change in techniques used by the operators behind these attacks. DoppelPaymer has affected various industries and targets, demanding the payment of six…

In a new study by researchers at Jumio, the researchers examined fraudulent attempts to open a new account using a manipulated government-issued ID and a corroborating selfie. Selfie-based fraud describes fraudulent attempts to use a picture or video (e.…

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released a new advisory about four newly discovered vulnerabilities impacting the Treck TCP/IP stack. These vulnerabilities affect Treck TCP/IP stack version 6.0.1.67 and older…

The Institute for Security and Technology (IST) has launched a multisector task force aimed at developing solutions for combating ransomware attacks. The Ransomware Task Force (RTF) will involve cybersecurity firms, cybersecurity threat sharing groups,…

Researchers have discovered a new phishing attempt that is using Facebook Messenger.  Adversaries use people's social media accounts to send "a video" to the user's friends.  The adversaries then ask, "is it you in this video". There is no…

Sophos researchers have reported the use of a backdoor named SystemBC by multiple ransomware families, including Ryuk and Egregor. The continuously evolving backdoor executes commands and enables adversaries to download and run scripts, executables, and…

Researchers at the healthcare cybersecurity provider CyberMDX discovered critical vulnerabilities in Dell Wyse Thin Client devices. The exploitation of these vulnerabilities could allow attackers to remotely run malicious code and access arbitrary files…

Positive Technologies released a new report titled "5G Standalone Core Security Research," highlighting several potential vulnerabilities in 5G standalone networks that could lead to Denial-of-Service (DoS) attacks. Researchers conducted network…

Synopsys researchers discovered a severe authentication bypass vulnerability in a popular Java cryptography library called Bouncy Castle. The vulnerability exists in the OpenBSDBcrypt class of Bouncy Castle. The exploitation of this vulnerability could…