December 22, 2023 at 08:35PM Mint Mobile, a subsidiary of T-Mobile, has confirmed a data breach exposing customer information. The breach notification assured customers that credit card numbers and passwords were not affected, but disclosed that names, phone numbers, email addresses, and other account details were compromised. The company has resolved the breach and is … Read more
December 22, 2023 at 12:54PM The Chameleon Android banking trojan, detected by ThreatFabric, has expanded its reach to the UK and Italy from its initial targets in Australia and Poland. The malware employs various tactics, such as phishing pages and accessing Accessibility Services, to perform Account Takeover and Device Takeover attacks, targeting banking and cryptocurrency … Read more
December 22, 2023 at 12:07PM Businesses worldwide face a surge in cyber threats, with ransomware attacks increasing by over 1,000% since 2019. Aon’s global survey identifies cyberattacks as the top risk for organizations, leading to a shift in cybersecurity investment in the Middle East. Organizations must prioritize a holistic, proactive approach to cyber resilience, including … Read more
December 22, 2023 at 05:39AM Researchers discovered a vulnerability in ChatGPT, which could be exploited to steal sensitive information by injecting malicious content through image markdown rendering. OpenAI addressed the issue partially for the web application but not for mobile apps. Additionally, a custom GPT named ‘The Thief’ was created to phish for user credentials … Read more
December 21, 2023 at 07:51AM A new JavaScript malware targets over 40 financial institutions worldwide, compromising users’ banking credentials via web injections. The campaign, detected by IBM Security Trusteer, uses dynamic tactics to bypass security measures and dissuade victims from logging in. Additionally, other online fraud schemes, including investment scams and phishing attacks impersonating postal … Read more
December 21, 2023 at 07:33AM Ivanti has released Avalanche 6.4.2 to patch 20 vulnerabilities in its enterprise mobile device management product. The flaws, including critical ones, can be exploited for remote code execution and denial-of-service attacks. Customers are urged to install the patches promptly due to the potential targeting of Ivanti product vulnerabilities by threat … Read more
December 21, 2023 at 07:33AM ESO Solutions suffered a ransomware attack, compromising personal and health information of 2.7 million individuals, including patient details from various healthcare providers. The company claims it restored the affected systems from backups and secured the deletion of the data. ESO has initiated notifications and is cooperating with law enforcement for … Read more
December 21, 2023 at 02:45AM Attackers are utilizing an old Microsoft Office vulnerability in phishing campaigns to distribute Agent Tesla malware. The infection chains leverage decoy Excel documents in invoice-themed messages to trick targets into opening them. Once downloaded, the malware initiates communication with a malicious destination to download additional files. Organizations must stay updated … Read more
December 20, 2023 at 11:08AM Attackers exploit a 6-year-old Microsoft Office flaw, CVE-2017-11882, in an email campaign delivering spyware via malicious Excel attachments. Zscaler revealed that the end goal is to load Agent Tesla, a remote access Trojan, in a unique attack vector that pairs a longstanding vulnerability with new complexity and evasion tactics. Organizations … Read more
December 20, 2023 at 10:21AM The NSA’s 2023 Cybersecurity Year in Review report highlights its efforts to block 10 billion user connections to malicious domains, focus on protecting national security systems, offer no-cost cybersecurity services to DoD contractors, release six security products, improve vulnerability scanning, promote AI security, and maintain its commitment to privacy and … Read more