Security
Critical zero-click Microsoft Outlook exploit unveiled: update now
Microsoft patched a critical remote code execution vulnerability on June 11th, which affected most Outlook email clients. Morphisec researchers warn that no input from users is required for attackers to execute code on their systems.
Read more about Critical zero-click Microsoft Outlook exploit unveiled: update now
Black Basta ransomware linked to exploited Windows zero-day
Black Basta ransomware has been exploiting a recently patched Windows privilege escalation to deploy attacks even before the patch, researchers from Symantec believe.
Read more about Black Basta ransomware linked to exploited Windows zero-day
Data leak reveals auto giant and others harvesting user data to train AI models
Van Mossel, the biggest auto dealer in Benelux, and other companies used the services of an obscure data analytics company to train AI models, which leaked their client data to anyone on the internet.
Read more about Data leak reveals auto giant and others harvesting user data to train AI models
New CISA phone scam, fraudsters pretend to be agency employees
US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory Wednesday warning Americans to beware of phone scammers posing as CISA employees.
Read more about New CISA phone scam, fraudsters pretend to be agency employees
Massive Chinese cyber espionage campaign impacts at least 20,000 FortiGate systems
The ongoing Chinese state-sponsored cyberespionage campaign, which is targeting FortiGate systems with advanced Coathanger malware, is “much more extensive than previously known,” the Dutch National Cyber Security Center (NCSC) has warned.
Read more about Massive Chinese cyber espionage campaign impacts at least 20,000 FortiGate systems
App for motorbike lovers reveals user plates, home addresses
Moto.app, an Italy-focused service for motorcycle enthusiasts, has exposed thousands of users, leaking their names, personal tax IDs, and other private details.
Read more about App for motorbike lovers reveals user plates, home addresses
Most malicious activity detections traced back to China
Cybersecurity company Trellix has detected a spike in malicious activity in recent months, with most of the detections linked to China and Russia. The researchers observed a noticeable increase in geopolitically motivated cyber threat operations.
Read more about Most malicious activity detections traced back to China
Poor cybersecurity to blame for data heist affecting 165 Snowflake customers
Affected Snowflake customers did not use multi-factor authentication, and in many cases, passwords had not been rotated for as long as four years, Google’s Mandiant says.
Read more about Poor cybersecurity to blame for data heist affecting 165 Snowflake customers
Critical Microsoft Azure vulnerability unveiled: no patch needed
Microsoft cloud computing platform Azure is vulnerable to authentication bypass attacks, researchers at Zero Day initiative by Trend Micro have revealed. The vulnerability has been given the highest possible CVSS score of 10 out of 10, meaning that it poses a critical risk.
Read more about Critical Microsoft Azure vulnerability unveiled: no patch needed
Meta, IRS among most impersonated organizations
Facebook parent Meta, along with the Internal Revenue Service (IRS), Apple, and Amazon, have been identified as the American brands most frequently impersonated by phishing scammers to defraud their victims.
Read more about Meta, IRS among most impersonated organizations
US adopts cybersec program to protect schools and libraries from attacks
US government officials voted yes to a new cybersecurity pilot program intended to help America’s schools and library systems bolster their defenses against the rising number of cyberattacks targeting the education sector.
Read more about US adopts cybersec program to protect schools and libraries from attacks
Hope for LockBit Ransomware victims: FBI recovers 7,000 decryption keys
Following a successful operation against LockBit, exposing the ringleader and seizing its infrastructure, FBI Cyber Assistant Director Bryan Vorndran claims that many victims can expect to reclaim their data.
Read more about Hope for LockBit Ransomware victims: FBI recovers 7,000 decryption keys
Russian cyber operations are largest threat to Olympics, Google warns
Cyber espionage, disruptive operations, information operations, and financial scams – the Paris 2024 Olympics faces numerous cyber threats, and Russia poses the largest of them, Google’s Mandiant warns. Other state-sponsored actors and cybercrime rings are throwing their hats into the ring, too.
Read more about Russian cyber operations are largest threat to Olympics, Google warns
The kebab you ordered is leaking your data
Multiple popular Turkish food delivery services route their orders through a service provider that does not care much about privacy. Up until now, the company has been leaking sensitive customer information with each incoming order. Attackers can target both restaurants and their clients.
Read more about The kebab you ordered is leaking your data
Millions of Cox WiFi routers were sitting ducks for hackers, researcher demonstrates
Do you trust the WiFi router that you’re renting from your internet service provider? Maybe you should think twice. After some tinkering, a security researcher found a way to hack into millions of routers used by Cox customers.
Read more about Millions of Cox WiFi routers were sitting ducks for hackers, researcher demonstrates
Kickstarter star leaks over half a million records with clients' data
Over half a million records with clients' data and a decade's worth of support tickets have been publicly exposed and likely accessed by threat actors after a US accessories maker forgot to set a password.
Read more about Kickstarter star leaks over half a million records with clients' data
Photo firm exposes 43K American uni students
A US-based graduation photo maker exposed the personal details of thousands of students from hundreds of American universities, the Cybernews research team has discovered.
Read more about Photo firm exposes 43K American uni students
Russia hacks Polish media, posts fake news about troops to Ukraine
A false news story posted on Polish state media claiming that its Prime Minister would spin up 200,000 soldiers to join Ukraine’s fight against Russia, is being blamed on Russian hackers.
Read more about Russia hacks Polish media, posts fake news about troops to Ukraine
Massacre of WiFi routers leaves 600,000 American families offline
An unprecedented wiperware campaign was carried out in the US last year, turning 600,000 WiFi routers into e-waste. In just 72 hours, a sizeable portion of a certain service provider’s (ISP’s) customers, mostly in rural communities, were left without access to emergency services.
Read more about Massacre of WiFi routers leaves 600,000 American families offline
Tentacles of notorious spyware tool LightSpy ensnare macOS
A malicious surveillance framework dubbed LightSpy has been expanded to target macOS systems, according to research by Threat Fabric. Ten plugins were designed to access a camera and sound recording and exfiltrate other private information from older affected systems.
Read more about Tentacles of notorious spyware tool LightSpy ensnare macOS
