May 12, 2024   10:16 AM   0 Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm. Firstmac is a significant player in Australia's financial services industry, focusing primarily on mortgage lending, investment management, and securitization services. Headquartered in Brisbane, Queensland, and employing 460 people, the firm has...

May 9, 2024   03:27 PM   0 Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key. XenCenter helps manage Citrix Hypervisor environments from a Windows desktop, including deploying and monitoring virtual machines. The security flaw (tracked as CVE-2024-31497) impacts multiple versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR, which bundle and use...

May 10, 2024   04:00 AM   0 Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. A set of eight separate issues, seven of them with identifiers CVE-2023-47610 through CVE-2023-47616 and another that has yet to be registered, were disclosed last November by security researchers at Kaspersky's ICS CERT division....

May 7, 2024   01:07 PM   0 Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. Tinyproxy is an open-source HTTP and HTTPS proxy server designed to be fast, small, and lightweight. It is specifically tailored for UNIX-like operating systems and is commonly used by small businesses, public WiFi providers, and home users. At the start of the month, Cisco...

April 29, 2024   03:41 PM   3 ​The Federal Communications Commission (FCC) has fined the largest U.S. wireless carriers almost $200 million for sharing their customers' real-time location data without their consent. FCC's forfeiture orders finalize Notices of Apparent Liability (NAL) issued against AT&T, Sprint, T-Mobile, and Verizon in February 2020. The fines imposed on Monday include $12 million...

April 29, 2024   10:23 AM   0 Financial Business and Consumer Solutions (FBCS) is warning 1,955,385 impacted individuals in the United States that the company suffered a data breach after discovering unauthorized access to specific systems in its network. FBCS is a nationally licensed debt collection agency in the U.S., specializing in collecting unpaid debts from consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities....

April 27, 2024   10:55 AM   0 Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. Threat actors use credential stuffing to compromise user accounts by trying out in an automated manner lists of usernames and passwords typically purchased from cybercriminals. In an advisory today, Okta says the attacks seem to originate from...

April 26, 2024   10:20 AM   1 A new campaign tracked as “Dev Popper” is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). The developers are asked to perform tasks supposedly related to the interview, like downloading and running code from GitHub, in an effort to make the entire process appear legitimate. However, the threat actor's goal is make their...

April 26, 2024   12:38 PM   0 It's not just you: Telegram is down, and users report seeing a "Connecting" alert when they try to open messages, groups, or channels. The "Connecting" alert, typically used during slow internet connections, prevents users from accessing the messages.  BleepingComputer also observed Connecting" error when accessing the Telegram desktop client. We're seeing similar reports from users on X and Reddit....

April 23, 2024   03:50 PM   0 ​Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates. Although the April 2024 HU is optional, it also adds support for ECC certificates and Hybrid Modern Authentication (HMA) for OWA/ECP. If you have installed the March 2024 SU and have not experienced any known issues fixed in the optional update and do not need the new...

April 11, 2024   08:00 AM   2 DuckDuckGo has launched a new paid-for 3-in-1 subscription service called 'Privacy Pro,' which includes a virtual private network (VPN), a personal data removal service, and an identity theft restoration solution. DuckDuckGo started in 2008 as an internet search engine with an emphasis on protecting people's privacy, preventing online tracking, and bursting the bubble of personalized results. Over the years that followed,...

April 10, 2024   12:12 PM   0 A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot. The adversary used the script in an email campaign in March that targeted tens of organizations in Germany to deliver the Rhadamanthys information stealer. AI-based PowerShell deploys infostealer Researchers at cybersecurity company...

April 3, 2024   02:21 PM   1 A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin. LayerSlider is a versatile tool for creating responsive sliders, image galleries, and animations on WordPress sites, allowing users to build visually appealing elements with dynamic content on online platforms. Researcher AmrAwad...

April 3, 2024   06:28 PM   2 Data breach alerting service Have I Been Pwned (HIBP) warns that SurveyLama suffered a data breach in February 2024, which exposed the sensitive data of 4.4 million users. SurveyLama is an online platform that rewards registered users for completing surveys. Owned by French firm Globe Media, the platform is praised for high payouts (up to $20), fast payments, and multiple withdrawal options. In early February, HIBP's creator, Troy...

April 3, 2024   12:28 PM   0 AT&T is facing multiple class-action lawsuits following the company's admission to a massive data breach that exposed the sensitive data of 73 million current and former customers. Among the ten lawsuits filed since Saturday, when AT&T confirmed our previous reporting about the breach, one is handled by Morgan & Morgan, representing plaintiff Patricia Dean and similarly situated persons.  This law firm...