News
-
"Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs"In a September Patch Tuesday update, Microsoft addressed a pair of zero-day vulnerabilities, including a Local Privilege-Escalation (LPE) flaw that is being actively exploited in the wild. Furthermore, Microsoft revealed three separate critical…
-
"Organizations Falling Short in Addressing Security Risks"Ninety percent of IT security leaders believe their organizations are failing to address cybersecurity risks. According to research conducted by Foundry, this perception stems from various issues, including convincing all or parts of their organization…
-
"WordPress Plugin Vulnerability Leaves Sites Open to Total Takeover"The security firm WordFence warns of an actively exploited flaw in a widely used WordPress plugin that could leave websites completely vulnerable to hackers. WPGateway is a paid plugin that allows WordPress users to manage their websites from a single…
-
"Hackers Now Use 'Sock Puppets' for More Realistic Phishing Attacks"An Iranian-aligned hacking group is using a new phishing technique involving multiple personas and email accounts to trick targets into thinking an email conversation is genuine. The attackers send an email to the targets while CCing another email…
-
"Attackers Mount Magento Supply Chain Attack by Compromising FishPig Extensions"FishPig, a UK-based company that creates extensions for the popular Magento open-source e-commerce platform, has announced that malware was injected into its paid software offerings after its distribution server was compromised. According to Sansec…
-
"SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor"In February 2021, a Linux variant of a backdoor called SideWalk was used to target a Hong Kong university, demonstrating the implant's cross-platform capabilities. The malware was detected in the university's network by ESET researchers, which attributed…
-
"Marquette Computer Science Professor Receives NSF Funding for Confidential Computing Solutions"Dr. Keke Chen, Northwestern Mutual Data Science Institute Associate Professor of Computer Science at Marquette University's Klingler College of Arts and Sciences, has been awarded a $600,000 National Science Foundation (NSF) grant to explore confidential…
-
"FBI Warns of Vulnerabilities in Medical Devices Following Several CISA Alerts"The FBI warns of hundreds of vulnerabilities in widely used medical devices that could enable cyberattacks. The FBI's Internet Crime Complaint Center (IC3) identified an increasing number of vulnerabilities posed by unpatched medical devices running on…
-
"Ransomware Makes Use of Intermittent Encryption to Bypass Detection Algorithms"SentinelOne has released a report on intermittent encryption, a new method used by a few ransomware groups. Intermittent encryption encrypts every x bytes in files rather than encrypting selected complete files. As a result, intermittent encryption…
-
"Hackers Using New Browser-in-the-Browser Exploits For Stealing Steam Accounts"Hackers are using a phishing method called Browser-in-the-Browser (BITB) to obtain Steam user credentials. The BITB attack involves the creation of false browser windows inside the open window, which are then disguised as sign-in pop-up pages for…
-
"Gartner: Most Businesses Are Dropping Security Vendors to Improve Cyber Resiliency"A survey conducted by Gartner finds that many international companies are actively attempting to reduce the number of cybersecurity vendors they rely on in their technology stacks. In total, 75 percent of organizations surveyed by Gartner expressed…
-
"Ransomware Attackers Are Abusing VoIP Software to Breach Organizations"Arctic Wolf Labs' cybersecurity researchers have issued a warning about CVE-2022-29499, a Remote Code Execution (RCE) vulnerability discovered in Mitel MiVoice VoIP appliances that is being exploited by the Lorenz ransomware gang threat actor to attack…