January 15, 2024 at 04:19PM The U.S. Secret Service executed a seizure warrant to recover $34,000 stolen through a fake antivirus renewal email scam. The court document details how threat actors gained access to victims’ accounts by tricking them into installing malicious software and disclosing account credentials. The scam’s intensity has recently increased, leading to … Read more
January 15, 2024 at 02:46PM Microsoft is addressing issues with installing the KB5034441 security update, which patches a BitLocker vulnerability. The update can fail on systems with a small Windows Recovery Environment (WinRE) partition, displaying the 0x80070643 error. Microsoft offers manual partition resizing instructions and a PowerShell script to automate the update process, also providing … Read more
January 15, 2024 at 02:43PM Over 11,500 Juniper Networks devices are vulnerable to a new remote code execution (RCE) flaw, urging urgent patch application. Previously affected by critical RCE bugs, the latest CVE-2024-21591 impacts J-Web interface, with confirmed exposures and geographic stats. With the software’s threat potential and HPE’s acquisition of Juniper, administrators are advised … Read more
January 15, 2024 at 02:30PM Ukrainian Police and Europol arrested a 29-year-old individual in Mykolaiv, Ukraine, suspected of orchestrating a $2 million cryptojacking scheme. The attacker targeted a major ecommerce company, hacking over 1,500 user accounts and infecting the service with cryptocurrency mining malware. Authorities are investigating potential accomplices and the suspect’s ties to pro-Russian … Read more
January 15, 2024 at 01:34PM Phemedrone malware exploits Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass security prompts in Windows. It steals data from web browsers, cryptocurrency wallets, and apps like Discord and Steam. The flaw was fixed in November 2023, but unpatched systems remain at risk. Trend Micro researchers have identified the specific apps and … Read more
January 15, 2024 at 01:34PM Security researchers discovered that more than 178,000 SonicWall firewalls with exposed online management interfaces are vulnerable to denial-of-service and remote code execution attacks. These vulnerabilities affect a large number of appliances and can lead to serious security risks. Users are advised to take measures to protect their devices from these … Read more
January 15, 2024 at 12:41PM GitLab admins must urgently apply the latest security patches due to a critical account-bypass vulnerability (CVE-2023-7028) impacting versions 16.1.0 to 16.7.1. Attackers can exploit it to send password reset emails and potentially take over accounts. Enabling 2FA is recommended as a stop-gap mitigation. Other vulnerabilities (CVE-2023-5356, CVE-2023-4812, CVE-2023-6955, and CVE-2023-2030) … Read more
January 15, 2024 at 11:44AM The Guardio Labs research team has revealed a security flaw, dubbed MyFlaw, in the Opera web browser for Windows and macOS, allowing execution of files on the operating system. The flaw exploits the My Flow feature, prompting updates on Nov 22, 2023, to address it. The vulnerability emphasizes the need … Read more
January 15, 2024 at 11:44AM The ransomware industry witnessed a significant 55.5% surge in victims worldwide in 2023, totaling 4,368 cases. Groups like LockBit 3.0, AlphV, and Cl0p were notable contributors. Emerging groups like 3AM, Rhysida, and Akira also made an impact. Cyberint expects these new players to further establish themselves alongside veteran groups in … Read more
January 15, 2024 at 11:44AM Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners, allowing attackers to execute arbitrary code. Bitdefender discovered the BCC100 thermostat flaw, which Bosch addressed in November 2023. Additionally, Rexroth nutrunners have over two dozen vulnerabilities, with patches expected by January 2024. These vulnerabilities could … Read more