Fake job interviews target developers with new Python backdoor
April 26, 2024
10:20 AM
1
A new campaign tracked as “Dev Popper” is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT).
The developers are asked to perform tasks supposedly related to the interview, like downloading and running code from GitHub, in an effort to make the entire process appear legitimate.
However, the threat actor's goal is make their...
Telegram is down with "Connecting" error
April 26, 2024
12:38 PM
0
It's not just you: Telegram is down, and users report seeing a "Connecting" alert when they try to open messages, groups, or channels.
The "Connecting" alert, typically used during slow internet connections, prevents users from accessing the messages.
BleepingComputer also observed Connecting" error when accessing the Telegram desktop client. We're seeing similar reports from users on X and Reddit....
Microsoft releases Exchange hotfixes for security update issues
April 23, 2024
03:50 PM
0
​Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates.
Although the April 2024 HU is optional, it also adds support for ECC certificates and Hybrid Modern Authentication (HMA) for OWA/ECP.
If you have installed the March 2024 SU and have not experienced any known issues fixed in the optional update and do not need the new...
DuckDuckGo launches a premium Privacy Pro VPN service
April 11, 2024
08:00 AM
2
DuckDuckGo has launched a new paid-for 3-in-1 subscription service called 'Privacy Pro,' which includes a virtual private network (VPN), a personal data removal service, and an identity theft restoration solution.
DuckDuckGo started in 2008 as an internet search engine with an emphasis on protecting people's privacy, preventing online tracking, and bursting the bubble of personalized results.
Over the years that followed,...
Malicious PowerShell script pushing malware looks AI-written
April 10, 2024
12:12 PM
0
A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot.
The adversary used the script in an email campaign in March that targeted tens of organizations in Germany to deliver the Rhadamanthys information stealer.
AI-based PowerShell deploys infostealer
Researchers at cybersecurity company...
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites
April 3, 2024
02:21 PM
1
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
LayerSlider is a versatile tool for creating responsive sliders, image galleries, and animations on WordPress sites, allowing users to build visually appealing elements with dynamic content on online platforms.
Researcher AmrAwad...
SurveyLama data breach exposes info of 4.4 million users
April 3, 2024
06:28 PM
2
Data breach alerting service Have I Been Pwned (HIBP) warns that SurveyLama suffered a data breach in February 2024, which exposed the sensitive data of 4.4 million users.
SurveyLama is an online platform that rewards registered users for completing surveys. Owned by French firm Globe Media, the platform is praised for high payouts (up to $20), fast payments, and multiple withdrawal options.
In early February, HIBP's creator, Troy...
AT&T faces lawsuits over data breach affecting 73 million customers
April 3, 2024
12:28 PM
0
AT&T is facing multiple class-action lawsuits following the company's admission to a massive data breach that exposed the sensitive data of 73 million current and former customers.
Among the ten lawsuits filed since Saturday, when AT&T confirmed our previous reporting about the breach, one is handled by Morgan & Morgan, representing plaintiff Patricia Dean and similarly situated persons.
This law firm...
Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks
April 3, 2024
01:29 PM
0
IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways.
Unauthenticated attackers can exploit one of them, a high-severity flaw tracked as CVE-2024-21894, to gain remote code execution and trigger denial of service states on unpatched appliances in low-complexity attacks that don't require user interaction.
The vulnerability is...
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own
March 22, 2024
01:45 PM
2
Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition.
Manfred Paul (@_manfp) earned a $100,000 award and 10 Master of Pwn points after exploiting an out-of-bounds (OOB) write flaw (CVE-2024-29944) to gain remote code execution and escaping Mozilla Firefox's sandbox using an exposed dangerous function weakness...
Exploit released for Fortinet RCE bug used in attacks, patch now
March 21, 2024
11:17 AM
0
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
Tracked as CVE-2023-48788, this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centre (NCSC).
It impacts FortiClient EMS...
US Defense Dept received 50 Thousand vulnerability reports since 2016
March 19, 2024
05:13 PM
0
The Cyber Crime Center (DC3) of the U.S. Department of Defense says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016.
The federal agency launched its Vulnerability Disclosure Program (VDP) 7.5 years ago following a bug bounty event called 'Hack-the-Pentagon,' to engage crowd-sourced vulnerability reports that could help bolster its cyber...
White House and EPA warn of hackers breaching water systems
March 19, 2024
06:04 PM
1
U.S. National Security Advisor Jake Sullivan and Environmental Protection Agency (EPA) Administrator Michael Regan warned governors today that hackers are "striking" critical infrastructure across the country's water sector.
In a joint letter sent on Tuesday, they asked for the governors' support to ensure that water systems in their states are adequately defended against cyberattacks and that they can recover if they are...
Misconfigured Firebase instances leaked 19 million plaintext passwords
March 19, 2024
07:25 PM
1
Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development.
The trio scanned more than five million domains and found 916 websites from organizations that either had no security rules enabled or had set them up incorrectly.
More than 125 million sensitive user...
UK bakery Greggs is latest victim of recent POS system outages
March 20, 2024
11:27 AM
0
UK bakery chain Greggs is the latest victim of recent point of sale system outages that forced store closures at large retail chains over the past few weeks.
Greggs is a bakery chain with 2,300 branches across the UK, selling sausage rolls, baked goods, sandwiches, and sweets. The company employs 21,500 people and has an annual revenue of over $2.3 billion.
Since this morning, customers have reported on social media that they...
More Articles
Read More
BlackCat ransomware turns off servers amid claim they stole $22 million ransom
March 4, 2024
12:44 PM
0
The ALPHV/BlackCat ransomware gang...
UK bakery Greggs is latest victim of recent POS system outages
March 20, 2024
11:27 AM
0
UK bakery chain Greggs is the latest...
CoralRaider attacks use CDN cache to push info-stealer malware
April 23, 2024
05:27 PM
0
A threat actor has been using a...
Windows 10 KB5035845 update released with 9 new changes, fixes
Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2,...
Windows 11 gets single Teams app for work and personal accounts
March 13, 2024
05:56 PM
6
Microsoft will soon provide a single...