April 26, 2024   10:20 AM   1 A new campaign tracked as “Dev Popper” is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). The developers are asked to perform tasks supposedly related to the interview, like downloading and running code from GitHub, in an effort to make the entire process appear legitimate. However, the threat actor's goal is make their...

April 26, 2024   12:38 PM   0 It's not just you: Telegram is down, and users report seeing a "Connecting" alert when they try to open messages, groups, or channels. The "Connecting" alert, typically used during slow internet connections, prevents users from accessing the messages.  BleepingComputer also observed Connecting" error when accessing the Telegram desktop client. We're seeing similar reports from users on X and Reddit....

April 23, 2024   03:50 PM   0 ​Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates. Although the April 2024 HU is optional, it also adds support for ECC certificates and Hybrid Modern Authentication (HMA) for OWA/ECP. If you have installed the March 2024 SU and have not experienced any known issues fixed in the optional update and do not need the new...

April 11, 2024   08:00 AM   2 DuckDuckGo has launched a new paid-for 3-in-1 subscription service called 'Privacy Pro,' which includes a virtual private network (VPN), a personal data removal service, and an identity theft restoration solution. DuckDuckGo started in 2008 as an internet search engine with an emphasis on protecting people's privacy, preventing online tracking, and bursting the bubble of personalized results. Over the years that followed,...

April 10, 2024   12:12 PM   0 A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot. The adversary used the script in an email campaign in March that targeted tens of organizations in Germany to deliver the Rhadamanthys information stealer. AI-based PowerShell deploys infostealer Researchers at cybersecurity company...

April 3, 2024   02:21 PM   1 A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin. LayerSlider is a versatile tool for creating responsive sliders, image galleries, and animations on WordPress sites, allowing users to build visually appealing elements with dynamic content on online platforms. Researcher AmrAwad...

April 3, 2024   06:28 PM   2 Data breach alerting service Have I Been Pwned (HIBP) warns that SurveyLama suffered a data breach in February 2024, which exposed the sensitive data of 4.4 million users. SurveyLama is an online platform that rewards registered users for completing surveys. Owned by French firm Globe Media, the platform is praised for high payouts (up to $20), fast payments, and multiple withdrawal options. In early February, HIBP's creator, Troy...

April 3, 2024   12:28 PM   0 AT&T is facing multiple class-action lawsuits following the company's admission to a massive data breach that exposed the sensitive data of 73 million current and former customers. Among the ten lawsuits filed since Saturday, when AT&T confirmed our previous reporting about the breach, one is handled by Morgan & Morgan, representing plaintiff Patricia Dean and similarly situated persons.  This law firm...

April 3, 2024   01:29 PM   0 IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways. Unauthenticated attackers can exploit one of them, a high-severity flaw tracked as CVE-2024-21894, to gain remote code execution and trigger denial of service states on unpatched appliances in low-complexity attacks that don't require user interaction. The vulnerability is...

March 22, 2024   01:45 PM   2 Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. Manfred Paul (@_manfp) earned a $100,000 award and 10 Master of Pwn points after exploiting an out-of-bounds (OOB) write flaw (CVE-2024-29944) to gain remote code execution and escaping Mozilla Firefox's sandbox using an exposed dangerous function weakness...

March 21, 2024   11:17 AM   0 Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks. Tracked as CVE-2023-48788, this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centre (NCSC). It impacts FortiClient EMS...

March 19, 2024   05:13 PM   0 The Cyber Crime Center (DC3) of the U.S. Department of Defense says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016. The federal agency launched its Vulnerability Disclosure Program (VDP) 7.5 years ago following a bug bounty event called 'Hack-the-Pentagon,' to engage crowd-sourced vulnerability reports that could help bolster its cyber...

March 19, 2024   06:04 PM   1 U.S. National Security Advisor Jake Sullivan and Environmental Protection Agency (EPA) Administrator Michael Regan warned governors today that hackers are "striking" critical infrastructure across the country's water sector. In a joint letter sent on Tuesday, they asked for the governors' support to ensure that water systems in their states are adequately defended against cyberattacks and that they can recover if they are...

March 19, 2024   07:25 PM   1 Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. The trio scanned more than five million domains and found 916 websites from organizations that either had no security rules enabled or had set them up incorrectly. More than 125 million sensitive user...

March 20, 2024   11:27 AM   0 UK bakery chain Greggs is the latest victim of recent point of sale system outages that forced store closures at large retail chains over the past few weeks. Greggs is a bakery chain with 2,300 branches across the UK, selling sausage rolls, baked goods, sandwiches, and sweets. The company employs 21,500 people and has an annual revenue of over $2.3 billion. Since this morning, customers have reported on social media that they...