Recent Security News
-
Nigerian BEC Scammer Pleads Guilty in US Court
March 7, 2024 at 09:34AM Nigerian national Henry Echefu pleaded guilty in a US court to his role in a business email compromise (BEC) fraud scheme causing about $200,000 in losses. Echefu and co-conspirators engaged in unauthorized access to email accounts, instructing victims to make wire transfers. He faces up to 20 years in prison…
-
Cisco Patches High-Severity Vulnerabilities in VPN Product
March 7, 2024 at 09:34AM Cisco announced patches for two high-severity vulnerabilities in Secure Client VPN application, impacting Linux, macOS, and Windows versions. The first issue, tracked as CVE-2024-20337, could be exploited remotely without authentication, while the second bug, tracked as CVE-2024-20338, affects only Secure Client for Linux and requires authentication. Cisco also addressed multiple…
-
Cybercriminals Spoof US Government Organizations in BEC, Phishing Attacks
March 7, 2024 at 09:34AM Since 2021, US organizations have faced phishing and BEC attacks from threat actor TA4903. Spoofing government and private businesses, the attacks aimed at obtaining corporate credentials for BEC activities. The threat actor registered new domains, spoofing various sectors. TA4903 targeted government departments and SMBs, using diverse phishing tactics and adopting…
-
Apple is Making Big App Store Changes in Europe Over New Rules. Could it Mean More iPhone Hacking?
March 7, 2024 at 09:34AM Apple is making significant changes to the iPhone’s App Store in Europe under the Digital Markets Act, allowing alternative app stores and payment methods. Despite concerns about security risks and increased competition, European regulators are hopeful that the consumer benefits will outweigh the challenges faced by tech giants like Apple.…
-
Hacked WordPress Sites Abusing Visitors’ Browsers for Distributed Brute-Force Attacks
March 7, 2024 at 09:21AM Threat actors are launching distributed brute-force attacks on WordPress sites through malicious JavaScript injections, causing unauthorized access to target sites. This shift from crypto drainers to brute-force attacks may be driven by profit motives, as compromised sites can be monetized in various ways. Prior attacks have exploited vulnerabilities in WordPress…