-
Microsoft SharePoint RCE bug exploited to breach corporate network
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks.
- November 02, 2024
- 11:19 AM
3
-
LA housing authority confirms breach claimed by Cactus ransomware
The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirmed that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang.
- November 01, 2024
- 04:30 PM
3
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
OpenAI's new ChatGPT Search Chrome extension feels like a search hijacker
OpenAI's new "ChatGPT search" Chrome extension feels like nothing more than a typical search hijacker, changing Chrome's settings so your address bar searches go through ChatGPT Search instead.
- November 01, 2024
- 04:25 PM
- 2
-
LastPass warns of fake support centers trying to steal customer data
LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer.
- November 01, 2024
- 01:51 PM
- 1
-
Synology hurries out patches for zero-days exploited at Pwn2Own
Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week's Pwn2Own hacking competition within days.
- November 01, 2024
- 12:38 PM
- 0
-
DDoS site Dstat.cc seized and two suspects arrested in Germany
The Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years.
- November 01, 2024
- 10:50 AM
- 0
-
Sophos reveals 5-year battle with Chinese hackers attacking network devices
Sophos disclosed today a series of reports dubbed "Pacific Rim" that detail how the cybersecurity company has been sparring with Chinese threat actors for over 5 years as they increasingly targeted networking devices worldwide, including those from Sophos.
- October 31, 2024
- 06:16 PM
- 2
-
Microsoft: Chinese hackers use Quad7 botnet to steal credentials
Microsoft warns that Chinese threat actors use the Quad7 botnet, compromised of hacked SOHO routers, to steal credentials in password-spray attacks.
- October 31, 2024
- 04:03 PM
- 0
-
Hackers target critical zero-day vulnerability in PTZ cameras
Hackers are attempting to exploit two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, business conferences, government, and courtroom settings.
- October 31, 2024
- 02:23 PM
- 0
-
Microsoft wants $30 if you want to delay Windows 11 switch
Microsoft announced today that Windows 10 home users can delay the switch to Windows 11 for one more year if they're willing to pay $30 for Extended Security Updates (ESU).
- October 31, 2024
- 02:07 PM
- 9
-
LiteSpeed Cache WordPress plugin bug lets hackers get admin access
The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated site visitors to gain admin rights.
- October 31, 2024
- 12:19 PM
- 1
-
qBittorrent fixes flaw exposing users to MitM attacks for 14 years
qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app.
- October 31, 2024
- 11:11 AM
- 1
-
Over a thousand online shops hacked to show fake product listings
A phishing campaign dubbed 'Phish n' Ships' has been underway since at least 2019, infecting over a thousand legitimate online stores to promote fake product listings for hard-to-find items.
- October 31, 2024
- 09:00 AM
- 0
-
Sponsored Content
Cynet delivers 426% ROI in Forrester Total Economic Impact Study
A commissioned study conducted by Forrester Consulting on behalf of Cynet in October 2024 found that Cynet's All-in-One Cybersecurity Platform generated $2.73 million in savings, paying for itself in under six months, for a return on investment of 426%.
- October 31, 2024
- 07:00 AM
- 0
-
LottieFiles hacked in supply chain attack to steal users’ crypto
The popular LottieFiles Lotti-Player project was compromised in a supply chain attack to inject a crypto drainer into websites that steals visitors' cryptocurrency.
- October 31, 2024
- 05:02 AM
- 0
-
Interbank confirms data breach following failed extortion, data leak
Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online.
- October 30, 2024
- 06:22 PM
- 0
-
QNAP patches second zero-day exploited at Pwn2Own to get root
QNAP has fixed a second zero-day vulnerability exploited at the Pwn2Own Ireland 2024 hacking contest to gain a root shell and take over a TS-464 NAS device.
- October 30, 2024
- 01:36 PM
- 0
-
North Korean govt hackers linked to Play ransomware attack
The North Korean state-sponsored hacking group tracked as 'Andariel' has been linked to the Play ransomware operation, using the RaaS to work behind the scenes and evade sanctions.
- October 30, 2024
- 11:55 AM
- 0
-
Android malware "FakeCall" now reroutes bank calls to attackers
A new version of the FakeCall malware for Android hijacks outgoing calls from a user to their bank, redirecting them to the attacker's phone number instead.
- October 30, 2024
- 10:50 AM
- 0
-
Hackers steal 15,000 cloud credentials from exposed Git config files
A global large-scale dubbed "EmeraldWhale" exploited misconfigured Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories.
- October 30, 2024
- 10:00 AM
- 0
3
