According to Microsoft, unknown attackers have used malicious third-party OAuth apps with a "Publisher identity verified" badge to target companies in the UK and Ireland. The attacks were identified by Proofpoint researchers around the beginning of…

A bug-bounty hunter discovered a vulnerability in Meta's Instagram Application Programming Interface (API) endpoints that could enable an adversary to conduct brute-force attacks and circumvent two-factor authentication (2FA) on Facebook. Gtm Manôz is…

After gaining access to some of GitHub's development and release planning repositories, unidentified attackers stole encrypted code-signing certificates for its Desktop and Atom programs. GitHub has not yet found evidence that the password-protected…

The Russia-affiliated Sandworm used yet another wiper malware strain named NikoWiper as part of an attack in October 2022 targeting an energy sector company in Ukraine. ESET disclosed that the NikoWiper is built on SDelete, a command line utility from…

A New York woman has recently been jailed after pleading guilty to offenses related to a fraud scheme that stole millions in COVID relief funds.  Sherry Joseph, 34, pleaded guilty to conspiracy to commit wire fraud back on November 10, 2022, and was…

According to the Identity Theft Resource Center (ITRC), data breach disclosures that included specific details for consumers dropped dramatically in 2022.  Of the 1,802 breaches the group tracked in 2022, 66% did not include victim and attack…

Security researchers at Check Point Research have discovered that a malicious live software service named TrickGate has been used by threat actors to bypass endpoint detection and response (EDR) protection software for over six years.  The…

Researchers in the UK have discovered vulnerabilities in the Power Management Bus (PMBus) for processors that can render server boards inoperable. Zitai Chen and David Oswald of the University of Birmingham identified the PMFault vulnerabilities in the…

Microsoft has urged administrators of on-premises Exchange servers to keep them patched and updated, warning that attackers "are not going to go away." The company stated that customers should install the latest available Cumulative Update (CU) and…

In recent months, the Google Play Store has housed an increasing amount of malicious activity, according to a new study. A study by Dr.Web discovered a significant rate of spyware, as well as a large number of fake apps and Trojans, intended to subscribe…

The Russia-Ukraine war emboldened cybercriminals, and Ransomware-as-a-Service (RaaS) began to flourish in 2022, presenting more challenges for enterprise security. According to the report "Global Cyber Security Outlook 2023" from the World Economic Forum…

A cyberattack on the fashion retailer JD Sports has resulted in the exposure of millions of customers' personal information. The company disclosed that as many as ten million user accounts may have been compromised. Names, phone numbers, order details,…