Recent Security News
-
Ransomware Actor Uses TeamViewer to Gain Initial Access to Networks
January 19, 2024 at 04:48PM TeamViewer is widely used by organizations for remote support and access. However, attackers have exploited it for ransomware deployment. Huntress reported two failed attempts involving initial access via TeamViewer. Past incidents also show TeamViewer’s misuse. TeamViewer has security measures, but incidents often result from weak security practices. The company recommends…
-
Five ripped off IT giant with $7M+ in bogus work expenses, prosecutors claim
January 19, 2024 at 04:25PM Five individuals have been accused of a scheme involving over $7 million in fraudulent work expense claims submitted to an IT consultancy. The alleged embezzlement scheme comprised of no-show jobs, false timesheets, and disguising personal expenses as business expenses. They now face charges of wire fraud, wire fraud conspiracy, tax…
-
Massive Data Breach at VF Hits 35M Vans, Retail Customers
January 19, 2024 at 04:05PM Apparel conglomerate VF Corporation experienced a data breach in December, compromising personal data of 35.5 million customers. The breach caused disruptions to its operations and led to website slowdowns and order cancellations. The company confirmed minor residual impacts and ongoing investigations but assured that sensitive information like Social Security numbers…
-
Payoneer accounts in Argentina hacked in 2FA bypass attacks
January 19, 2024 at 03:28PM Many Payoneer users in Argentina woke up to find their 2FA-protected accounts hacked, with funds stolen after receiving SMS OTP codes while sleeping. Suspected hacking methods include a potential Movistar data leak or a breached SMS provider. Payoneer has not provided specific answers but acknowledged the fraud and advised users…
-
Third Ivanti Vulnerability Exploited in the Wild, CISA Reports
January 19, 2024 at 03:00PM A critical vulnerability, CVE-2023-35082, in Ivanti Endpoint Manager Mobile (EPMM) with a CVSS score of 9.8 has been added to CISA’s Known Exploited Vulnerabilities Catalog. It allows an authentication bypass and patch bypass for another high-risk vulnerability, CVE-2023-35078. Rapid7 reports a potential threat actor exploitation, with all versions of Invanti…