Recent Security News
-
Hackers exploit MagicLine4NX zero-day in supply-chain attack
November 24, 2023 at 01:20PM The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) have warned that the North Korean Lazarus hacking group has been breaching companies using a zero-day vulnerability in the MagicLine4NX software. The group primarily targets South Korean institutions and is known for utilizing supply-chain attacks and zero-day vulnerabilities…
-
Cyberattack on IT provider CTS impacts dozens of UK law firms
November 24, 2023 at 12:16PM A cyberattack on CTS, a leading UK managed service provider (MSP) for law firms, has caused a major outage affecting numerous law firms and home buyers. CTS is working with a cyber forensics firm to investigate the incident and restore services, but cannot provide a timeline for resolution. It is…
-
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
November 24, 2023 at 11:12AM A malicious bot called Telekopye is being used by threat actors for large-scale phishing scams. The bot can create phishing websites, emails, SMS messages, and more. The threat actors, known as Neanderthals, operate as a legitimate company and recruit members through underground forums. Their main goal is to carry out…
-
OpenCart owner turns air blue after researcher discloses serious vuln
November 24, 2023 at 10:40AM The owner of OpenCart, an e-commerce store management system, has responded hostilely to a security researcher who disclosed a vulnerability in the product. The researcher, Mattia Brollo, tried to contact OpenCart for nearly a month through various channels before receiving dismissive and offensive responses from the owner, Daniel Kerr. OpenCart…
-
North Korean Software Supply Chain Attack Hits North America, Asia
November 24, 2023 at 07:36AM A Taiwanese software company was breached by a North Korean threat group known as Diamond Sleet. The hackers manipulated a legitimate application installer to download and execute a malicious payload. Microsoft has detected their activity and provided indicators of compromise for detection. The threat actor is known for data theft…