Biztonsági szemle
2024. Aug. 28.
Biztonsági szemle
US puts up $2.5M bounty for Belarusian hacker's arrest, conviction
Malvertising campaigns promoting risky software have allegedly been launched by Kadariya, also known as Eseb, baxus, and Stalin, to facilitate widespread device compromise with the Angler Exploit Kit and other malicious payloads between Oct. 2013 and...
2024. Aug. 28.
Biztonsági szemle
Critical WordPress plugin bug poses compromise risk across over 1M sites
Such a flaw, tracked as CVE-2024-6386, stems from improper shortcode management and lacking input validation and sanitization within the WPML plugin.
2024. Aug. 28.
Biztonsági szemle
DarkGate malware spread through malicious Pidgin plugin
Attacks involved the malicious 'ss-otr' plugin installer, which had a signature from Polish firm Interrex and enabled retrieval of an Interrex certificate-signed DarkGate payload or PowerShell scripts from a controlled server.
2024. Aug. 28.
Biztonsági szemle
New HZ RAT malware for macOS sets sights on Chinese messaging apps
Intrusions commence lures to install HZ RAT for macOS as an OpenVPN Connect-spoofing installer, which when executed triggers shell command execution, file writing to disk, file delivery to the command-and-control server, and device availability...
2024. Aug. 28.
Biztonsági szemle
Misconfiguration exposes Illinois county's voter documents
Information leaked by the Amazon S3 instance included Paperless Online Voter Applications, National Change of Address applications, and vote by mail ballot applications.
2024. Aug. 28.
Biztonsági szemle
Novel Razr ransomware distributed via PythonAnywhere exploitation
Operations of Razr ransomware commence with unique machine ID, encryption key, and Initialization Vector generation, which are later delivered in unencrypted JSON format to a command-and-control server.
2024. Aug. 28.
Biztonsági szemle
Park'N Fly breach impacts nearly 1M
Attackers with unauthorized VPN access were able to infiltrate Park'N Fly's network between July 11 and July 13, enabling the theft of individuals' names, mailing and email addresses, and Canadian Automobile Association and Aeroplan numbers.
2024. Aug. 28.
Biztonsági szemle
Widespread QR code phishing targeted Microsoft 365 credentials
Attacks commenced with the delivery of emails redirecting to sway[.]cloud[.]microsoft domain-hosted phishing pages that lured targets into scanning QR codes with their less secure mobile devices, which would facilitate further malicious activity.
2024. Aug. 28.
Biztonsági szemle
Over 950K compromised in BlackSuit ransomware attack against Connexure
Infiltration of Connexure's network resulted in the exfiltration of individuals' full names, birthdates, Social Security numbers, and insurance claim details, said the firm in newly issued data breach notifications.
2024. Aug. 28.
Biztonsági szemle
Five traits of highly effective vulnerability management programs
Here’s a five-point checklist for building a strong vulnerability management team.
2024. Aug. 28.
Biztonsági szemle
Hundreds of LLM Servers Expose Corporate, Health & Other Online Data
LLM automation tools and vector databases can be rife with sensitive data — and vulnerable to pilfering.
2024. Aug. 28.
Biztonsági szemle
Zimbabwe Trains Government Officials in Cybersecurity Skills
African nation's proactive approach to cybersecurity comes amid a rise in painful cyberattacks, including the breach of a major bank.