Recent Security News

  • Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

    September 16, 2024 at 01:21AM Cybersecurity researchers have identified ongoing phishing campaigns using HTTP header refresh entries to deliver fake email login pages, targeting large corporations in South Korea, U.S. government agencies, and schools. These attacks encompass various sectors and are part of a growing trend of sophisticated tactics to trick recipients and steal sensitive…

    Read More

  • 23andMe settles class-action breach lawsuit for $30 million

    September 15, 2024 at 10:34PM Genetic testing company 23andMe has settled a class action suit related to a 2023 data breach for $30 million. The settlement covers 6.4 million US citizens affected and includes privacy and monitoring provisions. In other news, Apple dropped its lawsuit against NSO Group, and two individuals were arrested for running…

    Read More

  • Windows vulnerability abused braille “spaces” in zero-day attacks

    September 15, 2024 at 02:18PM The “Windows MSHTML spoofing vulnerability” (CVE-2024-43461) was exploited by the Void Banshee APT hacking group, leading to it being reclassified as previously exploited. Based on the meeting notes, it appears that the “Windows MSHTML spoofing vulnerability” tracked under CVE-2024-43461 was recently fixed but has now been marked as previously exploited…

    Read More

  • FBI tells public to ignore false claims of hacked voter data

    September 15, 2024 at 02:18PM The FBI and CISA warn of false claims about U.S. voter registration data being compromised by cyberattacks. They highlight that this disinformation aims to manipulate public opinion and undermine confidence in democratic institutions. No evidence of a cyberattack impacting the election process or compromising the integrity of the results has…

    Read More

  • Malware locks browser in kiosk mode to steal Google credentials

    September 15, 2024 at 02:18PM A new malware campaign locks users in their browser’s kiosk mode to prompt them for Google credentials, which are then stolen by information-stealing malware. This uncommon method serves to frustrate and deceive users into entering sensitive information. Based on the meeting notes, it appears that a malware campaign has been…

    Read More