Romanian energy giant battles ongoing attack Ransomware disrupts medical device maker Deloitte responds to data theft claims Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can…
IT Security News Hourly Summary 2024-12-10 09h : 16 posts
16 posts were published in the last hour 8:4 : Hackers Attacking Global Sporting Championships Via Fake Domains To Steal Logins 7:39 : heise-Angebot: iX-Workshop: E-Rechnungspflicht – Anpassung von Faktura- und ERP-Software 7:39 : WordPress: WPForms-Plug-in reißt Sicherheitsleck in 6…
Hackers Attacking Global Sporting Championships Via Fake Domains To Steal Logins
Cybercriminals online take advantage of well-known events to register malicious domains with keywords related to the event, with the intention of tricking users through phishing and other fraudulent schemes. The analysis examines event-related abuse trends across domain registrations, DNS and…
heise-Angebot: iX-Workshop: E-Rechnungspflicht – Anpassung von Faktura- und ERP-Software
Softwareentwickler lernen Hands-on, welche Formate wie unterstützt, geprüft und umgewandelt werden können oder müssen und wie sie dabei vorgehen. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: heise-Angebot: iX-Workshop: E-Rechnungspflicht – Anpassung von Faktura- und ERP-Software
WordPress: WPForms-Plug-in reißt Sicherheitsleck in 6 Millionen Webseiten
Im WordPress-Plug-in WPForms können Angreifer eine Lücke missbrauchen, um etwa Zahlungen rückabzuwickeln. Sechs Millionen Webseiten nutzen das Plug-in. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: WordPress: WPForms-Plug-in reißt Sicherheitsleck in 6 Millionen Webseiten
Gefälschte Schlussverkaufaktionen: Neue Betrugsmasche auf Instagram
Die Verbraucherzentralen warnen vor einer zunehmenden Zahl gefälschter Schlussverkaufaktionen in sozialen Medien. (Verbraucherschutz, Security) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Gefälschte Schlussverkaufaktionen: Neue Betrugsmasche auf Instagram
Black Basta Ransomware Leverages Microsoft Teams To Deliver Malicious Payloads
In a resurgence since May 2024, the Black Basta ransomware campaign has exhibited a troubling escalation in its attack methods, incorporating a multi-stage infection chain that blends social engineering, a custom packer, a mix of malware payloads, and advanced delivery…
Hackers Target Android Users via WhatsApp to Steal Sensitive Data
Researchers analyzed a malicious Android sample created using Spynote RAT, targeting high-value assets in Southern Asia, which, likely deployed by an unknown threat actor, aims to compromise sensitive information. Although the target’s precise location and nature have not been disclosed,…
Mauri Ransomware Leverages Apache ActiveMQ Vulnerability to Deploy CoinMiners
The Apache ActiveMQ server is vulnerable to remote code execution (CVE-2023-46604), where attackers can exploit this vulnerability by manipulating serialized class types in the OpenWire protocol to load malicious class configurations from external sources. Successful exploitation allows attackers to execute…
New Meeten Malware Attacking macOS And Windows Users To Steal Logins
A sophisticated crypto-stealing malware, Realst, has been targeting Web3 professionals, as the threat actors behind this campaign have employed AI-generated content to create fake companies, such as “Meetio,” to appear legitimate. By tricking victims into participating in video calls, cybercriminals…
WhatsApp finally fixes View Once flaw that allowed theft of supposedly vanishing pics
And it only took four months, tut WhatsApp has fixed a problem with its View Once feature, designed to protect people’s privacy with automatically disappearing pictures and videos.… This article has been indexed from The Register – Security Read the…
Massive Data Harvesting Operation Exploits AWS Customer Misconfigurations
Independent cybersecurity experts Noam Rotem and Ran Locar have exposed a sophisticated cyber operation targeting vulnerabilities in public websites, leading to unauthorized access to sensitive customer data, infrastructure credentials, and proprietary source code. The researchers collaborated with the AWS Fraud…
Ransomware Disrupts Operations at Leading Heart Surgery Device Maker
Artivion, a prominent manufacturer of heart surgery devices, disclosed a significant ransomware attack that has disrupted its operations. The incident involved the encryption and acquisition of company files, prompting Artivion to take immediate measures to contain the breach. According to…
PowerDMARC One-Click Auto DNS Publishing with Entri
Simplify DNS management with PowerDMARC’s One-Click Auto DNS Publishing powered by Entri. Publish DNS records like DMARC, SPF, DKIM, and more in just one click. The post PowerDMARC One-Click Auto DNS Publishing with Entri appeared first on Security Boulevard. This…
Balancing Security and Convenience With EV Charging
After years of quiet growth, the electric vehicle (EV) market has kicked into high gear, powered by sustainability trends, technology advances and increased consumer enthusiasm. Earlier this year, a team from Cornell created a new lithium battery that can charge…
Authorities Dismantled Hackers Who Stolen Millions Using AirBnB
An international cybercrime network responsible for stealing millions of euros across at least ten European countries has been dismantled in a joint operation by the Rotterdam Police Cybercrime Team and the Belgian police. The sophisticated criminal group employed phishing schemes…
50% of M&A Security Issues are Non-Malicious
More than half of M&A security incidents in 2024 were non-malicious, resulting instead from integration-induced investigation delays, policy and compliance challenges, and issues baselining internal tools, a report from ReliaQuest has revealed. These findings suggest that inherited assets present a…
Brand Impersonations Surge 2000% During Black Friday
Phishing scams impersonating major holiday brands like Walmart, Target, and BestBuy increased by more than 2000% during Black Friday week, new research from Darktrace has revealed. These findings come as part of a wider increase in phishing activity during the…
Mysterious Drone-Like Objects Disrupting Electronics in New Jersey: Is It a New Cyber Threat or Something More?
In recent days, unusual reports have emerged from New Jersey, where large, car-sized flying objects have been spotted, particularly in the countryside. These objects, which have sparked widespread speculation, are believed by some to be drones or potentially UFOs (unidentified…
Cyber Threats in the Form of MS Office Email Attachments: A Growing Danger
In the world of cybersecurity, one of the most common and persistent threats is the exploitation of email attachments, particularly those involving Microsoft Office documents. Cybercriminals have long relied on social engineering tactics to deliver malicious payloads via email attachments,…
U.S. Subsidiary of a Japanese water Treatment Company Hit By Ransomware Attack
Kurita America Inc. (KAI), the North American subsidiary of Tokyo-based Kurita Water Industries Ltd., has confirmed it was the victim of a ransomware attack that compromised multiple servers and potentially leaked sensitive data. The attack was detected on Friday, November 29,…
APT-C-53 Weaponizing LNK Files To Deploy Malware Into Target Systems
Gamaredon, a persistent threat actor since 2013, targets the government, defense, diplomacy, and media sectors of their victims, primarily through cyberattacks, to gain sensitive information and disrupt operations. It continues to employ sophisticated tactics, leveraging malicious LNK and XHTML files…
The Next Frontier: Predictions Driving Tech and Security in 2025
As we unveil the third edition of Information Security Buzz’s 2025 predictions, we are thrilled by the incredible response. In this installment, we dive even deeper into the evolving cybersecurity landscape, where advancements in AI, quantum computing, and cloud technologies…
Preventing data leakage in low-node/no-code environments
Low-code/no-code (LCNC) platforms enable application development by citizen developers, often generating “shadow engineering” projects that evade security oversight. While LCNC solutions like Power BI reports and automated workflows foster agility and innovation, they also introduce significant risks, including data leakage.…