December 22, 2023 at 05:39AM Researchers discovered a vulnerability in ChatGPT, which could be exploited to steal sensitive information by injecting malicious content through image markdown rendering. OpenAI addressed the issue partially for the web application but not for mobile apps. Additionally, a custom GPT named ‘The Thief’ was created to phish for user credentials … Read more
December 21, 2023 at 07:51AM A new JavaScript malware targets over 40 financial institutions worldwide, compromising users’ banking credentials via web injections. The campaign, detected by IBM Security Trusteer, uses dynamic tactics to bypass security measures and dissuade victims from logging in. Additionally, other online fraud schemes, including investment scams and phishing attacks impersonating postal … Read more
December 21, 2023 at 07:33AM Ivanti has released Avalanche 6.4.2 to patch 20 vulnerabilities in its enterprise mobile device management product. The flaws, including critical ones, can be exploited for remote code execution and denial-of-service attacks. Customers are urged to install the patches promptly due to the potential targeting of Ivanti product vulnerabilities by threat … Read more
December 21, 2023 at 07:33AM ESO Solutions suffered a ransomware attack, compromising personal and health information of 2.7 million individuals, including patient details from various healthcare providers. The company claims it restored the affected systems from backups and secured the deletion of the data. ESO has initiated notifications and is cooperating with law enforcement for … Read more
December 21, 2023 at 02:45AM Attackers are utilizing an old Microsoft Office vulnerability in phishing campaigns to distribute Agent Tesla malware. The infection chains leverage decoy Excel documents in invoice-themed messages to trick targets into opening them. Once downloaded, the malware initiates communication with a malicious destination to download additional files. Organizations must stay updated … Read more
December 20, 2023 at 11:08AM Attackers exploit a 6-year-old Microsoft Office flaw, CVE-2017-11882, in an email campaign delivering spyware via malicious Excel attachments. Zscaler revealed that the end goal is to load Agent Tesla, a remote access Trojan, in a unique attack vector that pairs a longstanding vulnerability with new complexity and evasion tactics. Organizations … Read more
December 20, 2023 at 10:21AM The NSA’s 2023 Cybersecurity Year in Review report highlights its efforts to block 10 billion user connections to malicious domains, focus on protecting national security systems, offer no-cost cybersecurity services to DoD contractors, release six security products, improve vulnerability scanning, promote AI security, and maintain its commitment to privacy and … Read more
December 20, 2023 at 10:10AM The sci-fi film Blade Runner portrays a search for lifelike replicants, paralleling the digital realm where businesses confront human-like bots. These advanced bots pose cyber threats, challenging conventional security methods. Counteracting them demands dynamic solutions, including real-time feedback loops, understanding bot behavior, disrupting their feedback, and actionable intelligence to stay … Read more
December 20, 2023 at 09:03AM Ransomware groups are increasingly using remote encryption in their attacks, targeting unmanaged devices to compromise entire networks. Microsoft revealed that about 60% of ransomware attacks involve remote encryption. This tactic renders process-based remediation measures ineffective, with compromised machines unable to detect malicious activity. Cybercriminals are also engaging with the media … Read more
December 19, 2023 at 06:00PM 35 million customers of Comcast Xfinity have been affected by the CitrixBleed vulnerability, leading to a breach of customer data, including sensitive information. Although Comcast promptly patched and mitigated the vulnerability, attackers were still able to exfiltrate a large amount of data over a three-day period. The ongoing threat of … Read more