Cybersecurity researchers have discovered a significant vulnerability in the LiteSpeed Cache plugin for WordPress. The vulnerability affects the LiteSpeed Cache plugin, which boasts over 4 million active installations, and presents a risk of unauthenticated site-wide stored XSS (cross-site scripting). This could potentially allow unauthorized access to sensitive information or privilege escalation on affected WordPress sites via
Feb 27, 2024NewsroomVulnerability / Website Security A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. “This plugin suffers from unauthenticated site-wide stored [cross-site scripting] vulnerability and could allow any
A recent joint advisory released by CISA in collaboration with the UK National Cyber Security Centre (NCSC) and other domestic and international partners sheds light on the evolving tactics of Russian Foreign Intelligence Service (SVR) cyber actors. Referred to by various aliases such as APT29, Midnight Blizzard, the Dukes or Cozy Bear, this group has
Feb 26, 2024The Hacker NewsSteganography / Malware Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos RAT using a malware loader called IDAT Loader. The attack has been attributed to a threat actor tracked by the Computer Emergency Response Team of
Almost four in five (78%) of organizations who paid a ransom demand were hit by a second ransomware attack, often by the same threat actor, according to Cybereason’s Ransomware: The Cost to Business Study 2024. Nearly two-thirds (63%) of these organizations were asked to pay more the second time. Of the 78% breached a second
How To Why and how are we subjected to so much disinformation nowadays, and is there a way to spot the fakes? Márk Szabó 20 Feb 2024 • , 6 min. read One of the best things about the internet is that it’s an expansive repository of knowledge – and this wealth of knowledge is
LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, “has engaged with law enforcement,” authorities said. The development comes following the takedown of the prolific ransomware-as-a-service (RaaS) operation as part of a coordinated international operation codenamed Cronos. Over 14,000 rogue accounts on third-party services like
Serco Leisure has been ordered to stop using facial recognition technology (FRT) and fingerprint scanning to monitor employee attendance by the UK’s data protection enforcement authority. The Information Commissioner’s Office (ICO) said the company unlawfully processed biometric data of more than 2000 employees across 38 sporting and leisure facilities under UK data protection law. Serco
Video Coming in two waves, the campaign sought to demoralize Ukrainians and Ukrainian speakers abroad with disinformation messages about war-related subjects 23 Feb 2024 This week, ESET researchers revealed their findings about Operation Texonto, a disinformation/psychological (PSYOP) campaign where Russia-aligned threat actors sought to demoralize Ukrainians and Ukrainian speakers abroad with disinformation messages about war-related
Feb 24, 2024NewsroomActive Directory / Data Protection Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light. “Microsoft will automatically enable the logs in customer accounts and increase
Read more about LockBit Ransomware: LockBit Takedown: What You Need to Know about Operation Cronos LockBit Infrastructure Disrupted by Global Law Enforcers LockBit and Royal Mail Ransomware Negotiation Leaked LockBit Remains Top Global Ransomware Threat “We know who he is. We know where he lives. We know how much he is worth. LockbitSupp has engaged
Digital Security You would never give your personal ID to random strangers, right? So why provide the ID of your computer? Unsuspecting users beware, IP grabbers do not ask for your permission. Márk Szabó 22 Feb 2024 • , 6 min. read A common message that any user of a social platform like Discord might
Feb 23, 2024NewsroomRed Teaming / Artificial Intelligence Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems. The red teaming tool is designed to “enable every organization across the globe to innovate responsibly with the latest artificial intelligence advances,”
Cybersecurity experts at Kaspersky have uncovered a new phishing campaign that specifically targets small and medium-sized businesses (SMBs). The attack method involves exploiting the email service provider (ESP) SendGrid to gain access to client mailing lists, subsequently utilizing stolen credentials to send out convincing phishing emails. These emails are crafted to appear authentic, posing a
ESET products and research have been protecting Ukrainian IT infrastructure for years. Since the start of the war in February 2022, we have prevented and investigated a significant number of attacks launched by Russia-aligned groups. We have also published some of the most interesting findings on WeLiveSecurity: Even though our main focus remains on analyzing
Feb 22, 2024NewsroomQuantum Computing / Encryption Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the threat of a practical quantum computer. “With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is
Over 40% of companies globally are struggling to fill critical cybersecurity roles, particularly in information security research and malware analysis, as highlighted by a recent report from Kaspersky. This shortage is particularly acute in Europe, Russia and Latin America. Additionally, security operations center (SOC) and security assessment and network security roles are understaffed, with figures
Feb 21, 2024NewsroomMalware / Cyber Espionage The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. “The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command module, and that
Operation Cronos, the global law enforcement operation that took down LockBit, one of the world’s most harmful ransomware groups, is a major breakthrough in the fight against cybercrime. The operation, announced on February 20, was led by the UK’s National Crime Agency (NCA) and the FBI. Key Takeaways from the Biggest Ransomware Takedown The results
Feb 20, 2024NewsroomServer Security / Cryptojacking A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. “This particular campaign involves the use of a number of novel system weakening techniques against the data store itself,” Cado security researcher Matt Muir said
A rising trend in cryptocurrency counterfeiting has been identified by security researchers, particularly targeting Fortune 100 companies. According to a report published by Resecurity researchers today, these efforts involve the creation of tokens that impersonate major brands, government bodies and even national fiat currencies. In decentralized finance (DeFi) and crypto, where rapid growth is prevalent,
Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices.
PDF threats are on the rise with cybercriminals spreading malware, including WikiLoader, Ursnif and DarkGate, through PDFs, a new report by HP Wolf Security has found. The company’s analysis saw a 7% rise in PDF threats in Q4 2023, compared to Q1 of the same year. It noted that previously PDF lures have been used
Video Artificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack the basics and examine AI’s broader implications. Alžbeta Kovaľová 15 Feb 2024 Artificial intelligence (AI) is clearly the topic du jour as technologies that fall under the umbrella term of AI
Feb 18, 2024NewsroomMalware / Cybercrime A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S.
Organizations based in the EU are being targeted by spear phishing campaigns leveraging EU political and diplomatic events, according to the bloc’s Computer Emergency Response Team (CERT-EU). In its Threat Landscape Report 2023, published on February 15, 2024, CERT-EU found that lures exploiting the EU agenda have been rife in 2023. “In recent years, 2023
Video Here’s how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals 16 Feb 2024 Cyber-insurance has been an increasingly hot topic lately, with the cyber-insurance industry growing of 62 percent last year, which largely appears to be attributable to
Efficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction losses, misunderstandings, delays, and overlaps. Externally, frustration-free customer communication is directly correlated to a positive customer experience and higher satisfaction. However, business communication channels are also a major target for cybercriminals. In recent years, especially since
Read more on Ivanti vulnerabilities: Bad news continues to pile up for Utah-based IT software provider Ivanti as a new vulnerability has been discovered in its products. On February 8, Ivanti disclosed a new authentication bypass vulnerability impacting its Connect Secure, Policy Secure, and ZTA gateways. This new vulnerability, identified as CVE-2024-22024, is the latest
Feb 16, 2024NewsroomEndpoint Security / Cryptocurrency Multiple companies operating in the cryptocurrency sector are the target of an ongoing malware campaign that involves a newly discovered Apple macOS backdoor codenamed RustDoor. RustDoor was first documented by Bitdefender last week, describing it as a Rust-based malware capable of harvesting and uploading files, as well as gathering
- « Previous Page
- 1
- …
- 3
- 4
- 5
- 6
- 7
- …
- 98
- Next Page »