Recent Security News

  • Zero-Day Alert: Ten Thousand Cisco IOS XE Systems Now Compromised

    October 17, 2023 at 03:19PM Thousands of Internet exposed Cisco IOS XE devices have been infected by a threat actor exploiting an unpatched vulnerability. Cisco has disclosed the flaw, which allows arbitrary code execution, with a severity rating of 10 out of 10. The attacks have a global footprint and the compromised systems all have…

    Read More

  • Amazon adds passkey support as new passwordless login option

    October 17, 2023 at 03:09PM Amazon has introduced passkey support as a passwordless login option to enhance security for customers. Passkeys are digital credentials that use biometric controls or PINs linked to devices for logging into websites. They mitigate the risk of data breaches, compromised accounts, phishing attacks, and information-stealing malware. Passkeys also simplify the…

    Read More

  • D-Link confirms data breach after employee phishing attack

    October 17, 2023 at 02:55PM Networking equipment manufacturer D-Link confirmed a data breach in which customer and employee information, including the CEO’s details, were stolen and put up for sale. The attacker claims to have also taken source code for D-Link’s software. The company shut down affected servers, disabled user accounts, and clarified that only…

    Read More

  • ‘Etherhiding’ Blockchain Technique Hides Malicious Code in WordPress Sites

    October 17, 2023 at 01:11PM Attackers have been using proprietary blockchain technology to conceal malicious code in a campaign involving fake browser updates. The campaign, called ClearFake, tricks users into downloading fake browser updates from compromised WordPress sites. The attackers use a technique called “EtherHiding” to host malicious code on Binance Smart Chain contracts, making…

    Read More

  • Watch Out: Attackers Are Hiding Malware in ‘Browser Updates’

    October 17, 2023 at 12:49PM Threat actors are disguising malware as fake browser updates and spreading it through vulnerable websites. This tactic has been adopted by multiple threat clusters, including TA569. The malicious code is injected into legitimate websites and presents users with convincing browser update notifications. When users click “Update,” they unknowingly download malware.…

    Read More