October 8, 2024 at 12:12PM Ivanti released security updates to address three new Cloud Services Appliance (CSA) zero-day vulnerabilities being actively exploited. These flaws impact CSA 5.0.1 and earlier, with the company advising affected customers to upgrade to version 5.0.2 and monitor for signs of compromise. Ivanti pledged a focus on Secure by Design and … Read more
October 2, 2024 at 10:20AM DrayTek issued security updates for multiple router models, addressing 14 vulnerabilities, including a critical remote code execution flaw. Around 785,000 routers could be affected, with over 704,500 having their web interface exposed. Five critical flaws were highlighted, warranting immediate attention. No active exploitation has been reported, and users are encouraged … Read more
September 26, 2024 at 01:37PM Hurricane Helene approaches Florida coastline as a Category 3 storm with a life-threatening 20-foot surge. Cybercriminals are anticipated to exploit public interest and anxiety by launching fraud and phishing schemes related to the hurricane. The US National Hurricane Center and Cybersecurity agencies advise people to be cautious of charitable solicitations, … Read more
September 25, 2024 at 03:48AM A new phishing campaign targets transportation and logistics companies in North America, using compromised email accounts to distribute information stealers and remote access trojans. The campaign has evolved with new infrastructure and techniques, including the use of ClickFix to trick victims into downloading malware. Several stealer malware strains have also … Read more
September 18, 2024 at 03:12PM Numerous high-profile X accounts were hacked to promote the $HACKED Solana token, leading to a successful pump-and-dump scheme. Accounts with large followings, including MoneyControl and People Magazine, were compromised to post about the token. The cyberattack significantly boosted the token’s market value, but the situation is evolving, and the method … Read more
September 18, 2024 at 02:04PM Two threat groups are using QR code parking scams in the UK and globally, affecting users who scan the malicious codes, resulting in potential financial fraud and a parking ticket. The scams have spread to Canada and the US, with tourists being targeted in various UK locations. Businesses are urged … Read more
September 18, 2024 at 08:24AM CISA and the FBI issued a Secure by Design alert highlighting the prevalence of cross-site scripting (XSS) vulnerabilities. They urge organizations to eliminate XSS flaws by validating and sanitizing user input, implementing additional security measures, conducting code reviews, and using modern web frameworks. The agencies also recommend implementing secure by … Read more
September 17, 2024 at 03:46AM Cryptocurrency exchange Binance warns of a global threat targeting cryptocurrency users with clipper malware to facilitate financial fraud. The malware monitors clipboard activity to steal sensitive data and replace cryptocurrency addresses with the attacker’s. Binance advises caution and taking steps to prevent further fraudulent transactions. Blockchain analytics firm Chainalysis reports … Read more
September 16, 2024 at 05:20PM Ivanti alerted customers about the active exploitation of a high-severity vulnerability (CVE-2024-8190) in its Cloud Service Appliance (CSA). The company recommended upgrading to CSA 5.0 to remediate the bug, warning that unauthorized access is possible with a CVSS score of 7.2. Users are urged to update to the latest version … Read more
September 6, 2024 at 09:18AM The SecurityWeek cybersecurity news roundup offers a valuable compilation of noteworthy cybersecurity stories that may not warrant full articles. This week’s stories include MITRE’s comparison of international PQC standards, US Army Special Forces hack, Transport for London cyberattack, CBIZ data breach, UK’s takedown of a banking anti-fraud website, OpenSSL and … Read more