News
-
"The Latest Victim of the MOVEit Data Breach is the Department of Health and Human Services"Federal health officials have recently notified Congress of a data breach that could involve the information of more than 100,000 people. A representative of the U.S. Department of Health and Human Services said Thursday that attackers gained…
-
"A New Wave of Insider Threats Will Be Driven by 'Shadow AI'"According to Imperva, poor data controls and the introduction of new generative Artificial Intelligence (AI) tools based on Large Language Models (LLMs) will cause an increase in insider data breaches in the coming year. As the effectiveness of chatbots…
-
"MITRE Publishes the Top 25 Most Dangerous Software Weaknesses"The US cybersecurity research organization MITRE has released its list of the top 25 most dangerous software vulnerabilities for 2023, with the top three remaining the same as last year's list. The 2023 Common Weakness Enumeration (CWE) list derives from…
-
"Employees Worry Less About Cybersecurity Best Practices in The Summer"According to security researchers at ThreatX, IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months when more employees are often traveling or working remotely. The researchers surveyed 2,000…
-
"Torrent of Image-Based Phishing Emails Are Harder to Detect and More Convincing"A torrent of image-based phishing emails has been released. They contain QR codes to bypass security protections and provide a level of customization that makes it easier to deceive recipients. In many cases, the emails are sent from a compromised email…
-
"miniOrange's WordPress Social Login and Register Plugin Was Affected by a Critical Auth Bypass Bug"Wordfence researchers have found a vulnerability in miniOrange's WordPress Social Login and Register plugin that allows an unauthenticated attacker to gain access to any account on a website by knowing the associated email address. Instead of requiring…
-
"Russian Satellite Telecom Dozor Allegedly Hit by Hackers"Hackers aligned with the Private Military Corporation (PMC) Wagner attacked Dozor-Teleport, a satellite communications provider used by Russia's Ministry of Defense and security services. Attackers targeted the infrastructure of the satellite…
-
"Medtronic Fixes Critical Flaw in Cardiac Device Data System"Medtronic's heart monitor data management system contains a vulnerability of critical severity that, if exploited, could lead to Remote Code Execution (RCE) or a Denial-of-Service (DoS) condition. The deserialization of untrusted data flaw, tracked as…
-
"200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin"Over 200,000 WordPress websites have recently been exposed to ongoing attacks targeting a critical vulnerability in the Ultimate Member plugin. The plugin is designed to make it easy for users to register and log in on sites and allows site owners…
-
"Researcher Outlines Known RFC Vulnerabilities in SAP Software That Lead to Unauthenticated Remote Code Execution"A researcher has identified what he deems to be several critical vulnerabilities impacting enterprise software solutions operating on ubiquitous SAP platforms. In a paper presented at a recent European cybersecurity conference, Fabian Hagg describes his…
-
"LockBit Claims TSMC Hack, Demands $70m Ransom"National Hazard Agency, a sub-group of the LockBit ransomware gang, has recently posted the name of Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest chip manufacturer, on LockBit’s dark web leak site on June 29, 2023. The…
-
"Pro-Russia DDoSia Hacktivist Project Sees 2,400% Membership Increase"The pro-Russia crowdsourced Distributed Denial-of-Service (DDoS) project called "DDoSia" has grown 2,400 percent in less than a year, with thousands of people participating in the launch of attacks against Western organizations. The project was initiated…