January 15, 2024 at 11:44AM Thousands of WordPress sites are affected by the Balada Injector malware, exploiting a vulnerability in the Popup Builder plugin. The campaign, active since 2017, aims to redirect visitors to fraudulent pages and push notification scams. The attackers establish persistent control by adding backdoors and malicious plugins. The issue was addressed … Read more
January 15, 2024 at 11:44AM The environmental services sector experienced a significant increase in HTTP-based DDoS attacks, with a 61,839% surge year-over-year, coinciding with global environmental events. Cybersecurity experts emphasized the growing intersection of environmental issues and cybersecurity. Cryptocurrency remains the primary target, with the U.S. and China being the main sources of attack traffic. … Read more
January 15, 2024 at 11:19AM The Adblock and Adblock Plus ad blockers caused performance issues on YouTube, initially blamed on Google but later identified to be an issue with the extensions themselves. The extensions slowed video buffering, impacting navigation and video loading. The developers are investigating but are unable to reproduce the problem yet. Other … Read more
January 15, 2024 at 10:40AM The FTC secures settlement with X-Mode Social, prohibiting sale of sensitive location data. Outlogic to delete previously collected data and honor opt-out requests, under FTC settlement. Critical vulnerabilities in Cisco, Siemens, Rapid Software, and Fortinet products. iOSpionage campaign exploited Apple’s ECC. HMG hit by data breach, unable to identify compromised … Read more
January 15, 2024 at 09:49AM Submit your clever cybersecurity-related caption for a chance to win a $25 Amazon gift card by emailing [email protected] with the subject line “Dark Reading January Toon” or via social media (X, Facebook, or LinkedIn). Deadline for entries is February 12, 2024. Last month’s winner was Chad F. from the Department … Read more
January 15, 2024 at 07:48AM A Windows SmartScreen vulnerability (CVE-2023-36025) is being actively exploited to deliver Phemedrone Stealer malware, as reported by Trend Micro. Despite patches being released, threat actors continue to exploit the bug to bypass Windows Defender SmartScreen protection, leading to infections. The malware, written in C#, can steal a wide range of … Read more
January 15, 2024 at 07:07AM A vulnerability in GitLab’s email verification process (CVE-2023-7028, CVSS score 10) allows attackers to hijack the password reset process by sending reset messages to unverified email addresses. This affects GitLab CE/EE versions 16.1 to 16.7.1, with patches released in versions 16.5.6, 16.6.4, and 16.7.2. Users are advised to update instances … Read more
January 15, 2024 at 06:12AM Security solutions provider Netscout has observed a significant increase in botnet scanning activity, with peak numbers reaching 43,000 devices on December 20. The use of free cloud and hosting servers by attackers to create botnet launch pads has risen, allowing for anonymity and low overhead. The scanning represents reconnaissance activity … Read more
January 15, 2024 at 06:12AM Juniper Networks has addressed more than 100 vulnerabilities, including the critical CVE-2024-21591 affecting Junos OS. The flaw could allow attackers to execute arbitrary code or cause a denial-of-service. Additionally, the company has patched high and medium severity flaws in third-party components. No known attacks exploiting these vulnerabilities have been reported. … Read more
January 15, 2024 at 03:55AM Rubrik has selected the top 12 must-see demos of their products, available on demand. The demos cover various aspects, such as reducing complexity, data protection, integrations, and handling data fragmentation. The increasing digital information creates risks, making Rubrik’s data protection management approach valuable. Access The 12 Days of Demos for … Read more