LATEST POST
Update Chrome NOW — zero-day bug is being exploited in the wild by hackers
Tom’s Guide reports: Google has issued an emergency security update patch for Chrome in order to fix three security issues including one zero-day bug that has been actively exploited in the wild by hackers. This makes it the third active vulnerability to be patched via emergency update since the start of the year, with two others occurring in March […]
Pro-Russian, anti-Israeli hackers pose biggest cybercrime threats in Germany
It may not seem inuitively obvious to many people, but Reuters reports that cybercrime in Germany rose to a record level last year, driven by hacker attacks from pro-Russian and anti-Israeli groups. Some 131,391 cases of cybercrime took place in Germany last year and a further 201,877 cases were committed from abroad or an unknown […]
Cartier latest luxury brand hit by consumer data breach
The Korea Times reports: Luxury jewelry brand Cartier has confirmed a breach of customer data, raising concerns over data security among high-end brands following recent incidents involving Dior and Tiffany. The company sent out an email Tuesday informing its customers that an “unauthorized third party” accessed its systems temporarily and obtained certain customer information. While […]
Security bug at compliance firm Vanta exposed customer data to other users
TechRadar reports: Security and compliance automation company Vanta has confirmed sharing sensitive customer data with other customers by mistake. In a statement (via TechCrunch), the company said a change it had made in the code resulted in a security breach. In it, some sensitive data from a small subset of customers was shared with other customers. […]
Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows
GBHackers reports: OpenSSH has become a standard tool for secure remote management on both Linux and Windows systems. Since its inclusion as a default component in Windows 10 version 1803, attackers have increasingly exploited its presence, leveraging it as a “Living Off the Land Binary” (LOLBIN). This means adversaries use trusted system tools ssh.exe to evade detection […]
0day for vBulletin: PoC is already online, but no one is installing the patch
When criminals note that there is an unpatched vulnerability, expect more attacks to follow. A Russian-language forum recently picked up a report from SecurityLab.ru. It begins (translation): Popular forums on vBulletin have once again been found to have holes through which arbitrary code can be executed directly on the server – without a login and […]
Victim Pays $800,000 in Bitcoin—But the Chat Was Not Private as Claimed by Akira
Ransomware gangs will swear not to reveal that you were a victim if you pay their ransom demands. SBut if they fail to secure their negotiation chat servers, researchers and intel analysts can discover who their victims are and shoulder-surf any negotiations or payment arrangements. The SuspectFile blog reports on another case like that where […]
Customers questioned top super fund about security weakness before cyberattacks
Australia’s biggest superannuation fund was questioned by its own clients about a security weakness in its accounts before cybercriminals stole hundreds of thousands of dollars in retirement savings. ABC Australia reports: Two AustralianSuper customers have told the ABC they had asked for multi-factor authentication (MFA) on their accounts but were rebuffed — one of them […]