Europol and Eurojust announced today the arrest of five individuals believed to be part of a massive online investment fraud ring with at least 33,000 victims who...
Author:
Russian hackers linked to widespread attacks targeting NATO and EU
Poland’s Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government’s Foreign Intelligence Service (SVR), to widespread...
WhatsApp boosts defense against account takeover via malware
WhatsApp announced today the introduction of several new security features, one of them dubbed “Device Verification” and designed to provide better protection against account takeover (ATO)...
Reddit is down, not loading content for mobile app users
Reddit is investigating a worldwide outage that prevents users from accessing the social network’s website on mobile apps. Users are reporting being automatically logged out when opening...
Windows admins warned to patch critical MSMQ QueueJumper bug
Security researchers and experts warn of a critical vulnerability in the Windows Message Queuing (MSMQ) middleware service patched by Microsoft during this month’s Patch Tuesday and...
OpenAI launches bug bounty program with rewards up to $20K
AI research company OpenAI announced today the launch of a new bug bounty program to allow registered security researchers to discover vulnerabilities in its product line...
Windows zero-day vulnerability exploited in ransomware attacks
Microsoft has patched a zero-day vulnerability in the Windows Common Log File System (CLFS), actively exploited by cybercriminals to escalate privileges and deploy Nokoyawa ransomware payloads....
iPhones hacked via invisible calendar invites to drop QuaDream spyware
Microsoft and Citizen Lab discovered commercial spyware made by an Israel-based company QuaDream used to compromise the iPhones of high-risk individuals using a zero-click exploit named...
3CX confirms North Korean hackers behind supply chain attack
VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month’s supply chain attack. “Based on the Mandiant investigation into the...
Apple fixes recently disclosed zero-days on older iPhones and iPads
Apple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs. “Apple...
KFC, Pizza Hut owner discloses data breach after ransomware attack
Yum! Brands, the brand owner of the KFC, Pizza Hut, and Taco Bell fast food chains, is now sending data breach notification letters to an undisclosed...
CISA orders govt agencies to update iPhones, Macs by May 1st
The Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch two security vulnerabilities actively exploited in the wild to hack iPhones, Macs, and iPads....
Western Digital struggles to fix massive My Cloud outage, offers workaround
On Friday, five days into a massive outage impacting its cloud services, Western Digital finally provided customers with a workaround to access their files. Since April...
Microsoft delays Exchange Online CARs deprecation until 2024
Microsoft announced today that Client Access Rules (CARs) deprecation in Exchange Online will be delayed by one year until September 2024. Microsoft 365 administrators can utilize...
Apple fixes two zero-days exploited to hack iPhones and Macs
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. “Apple is aware of a...
MSI confirms security breach following ransomware attack claims
Following reports of a ransomware attack, Taiwanese PC vendor MSI (short for Micro-Star International) confirmed today that its network was breached in a cyberattack. Earlier this week,...
FBI warns of companies exploiting sextortion victims for profit
For-profit companies reportedly linked to sextortion activity are targeting victims using various deceptive tactics to pressure them into paying for “assistance” services provided by non-profit agencies...
Flipper Zero banned by Amazon for being a ‘card skimming device’
Amazon has banned the sale of the Flipper Zero portable multi-tool for pen-testers as it no longer allows its sale on the platform after tagging it...
UK criminal records office confirms cyber incident behind portal issues
The UK’s Criminal Records Office (ACRO) has finally confirmed, after weeks of delaying issuing a statement, that online portal issues experienced since January 17 resulted from...
Microsoft: Windows 10 21H2 is reaching end of service in June
Microsoft reminded customers today that multiple editions of Windows 10, version 21H2, will reach the end-of-service (EOS) in two months, on June 13, 2023. This applies...
Microsoft and Fortra crack down on malicious Cobalt Strike servers
Microsoft, Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) have announced a broad legal crackdown against servers hosting cracked copies of Cobalt Strike, one...
Google will require Android apps to let you delete your account
Google has announced a new Google Play Store data deletion policy that will require Android developers to provide users with an online option to delete their accounts and...
Microsoft Edge Workspaces now available in limited public preview
Microsoft announced today that the recently introduced Edge Workspaces feature, which allows users to share groups of tabs with friends and family, is now available as...
Rockstar fixes Red Dead Redemption 2 game broken by Windows update
Microsoft says Rockstar Games has addressed a known issue affecting its launcher, causing the Red Dead Redemption 2 (RRD2) game to no longer launch on some...
CISA warns of Zimbra bug exploited in attacks against NATO countries
The Cybersecurity and Infrastructure Security Agency (CISA) warned federal agencies to patch a Zimbra Collaboration (ZCS) cross-site scripting flaw exploited by Russian hackers to steal emails...
US seizes $112 million from cryptocurrency investment scammers
Today, the U.S. Department of Justice seized six virtual currency accounts containing over $112 million in funds stolen in cryptocurrency investment schemes. Judges in the Central...
Cryptocurrency companies backdoored in 3CX supply chain attack
Some of the victims affected by the 3CX supply chain attack have also had their systems backdoored with Gopuram malware, with the threat actors specifically targeting...
Twitter open-sources recommendation algorithm code
Twitter announced on Friday that it’s open-sourcing the code behind the recommendation algorithm the platform uses to select the contents of the users’ For You timeline....
Microsoft OneNote will block 120 dangerous file extensions
Microsoft has shared more information on what malicious embedded files OneNote will soon block to defend users against ongoing phishing attacks pushing malware. The company first...