February 26, 2024 at 09:15AM Over 8,000 subdomains of reputable brands and institutions have been illicitly commandeered as part of a spam and click monetization system known as SubdoMailing. The ResurrecAds threat actor is responsible for this intricate campaign, using the hijacked domains to distribute phishing emails and circumvent security measures. Guardio Labs is actively … Read more
February 26, 2024 at 05:15AM Cybersecurity researchers are cautioning about a surge in email phishing campaigns utilizing Google Cloud Run to distribute banking trojans Astaroth, Mekotio, and Ousaban. Malware distribution campaigns using the same Google Cloud storage bucket have been observed since September 2023. Phishing activities are further facilitated by the availability of phishing kits … Read more
February 20, 2024 at 06:12AM Former council staff member in Stratford-on-Avon District breached databases, stealing 79,000 email addresses for personal business promotion. No financial or personal information compromised. Council issued apologies and confirmed internal controls were not at fault. Perpetrator referred to police, received official caution, and data was deleted. Information Commissioner’s Office opted not … Read more
February 14, 2024 at 11:59AM The Bumblebee loader, known for delivering various malware, has reappeared in the US targeting organizations after a four-month hiatus. The recent campaign uses email with OneDrive URLs to initiate attacks, signaling a surge in cybercriminal activity. Interestingly, the attackers have employed VBA macro-enabled documents, a tactic rarely used since Microsoft’s … Read more
February 12, 2024 at 11:57PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a medium-severity security flaw affecting Roundcube email software to its known exploited vulnerabilities catalog. Tracked as CVE-2023-43770, the cross-site scripting (XSS) flaw in Roundcube Webmail allows for information disclosure via malicious link references. Agencies are mandated to apply fixes by … Read more
February 12, 2024 at 02:03PM CISA warns of active exploitation of Roundcube email server vulnerability (CVE-2023-43770), impacting versions newer than 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3. The security flaw leads to persistent cross-site scripting attacks. CISA has added it to the Known Exploited Vulnerabilities Catalog, urging immediate patching by federal agencies and private … Read more
January 26, 2024 at 07:58PM The Trend Vision One™ platform integrates AI-powered email and collaboration security to address the growing need for streamlined IT and security operations. It provides comprehensive threat protection, detection, and response across email, users, endpoint, cloud, and network, with centralized visibility and management. It also enables proactive containment of threats and … Read more
January 24, 2024 at 07:36AM Various market research reports forecast significant growth in the cybersecurity sector. The Insight Partners estimates a 15.9% CAGR, projecting the market to reach $660.67 billion by 2030. Statista expects $183.10 billion in revenue by 2024, while ResearchAndMarkets predicts the global defense cybersecurity market to grow to $49.4 billion by 2028. … Read more
January 23, 2024 at 04:37PM An exposed Trello API allowed the creation of millions of data profiles, linking public and private information. A threat actor attempted to sell the data of 15,115,516 Trello members containing emails, usernames, and full names. The leaked email addresses were accessed through a publicly exposed API, elevating the severity of … Read more
January 19, 2024 at 07:23PM Microsoft disclosed a breach in corporate email accounts, with data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The attack was detected on January 12th, and it was found that Nobelium accessed the accounts through a password spray attack in November 2023. The investigation is ongoing, and Microsoft is … Read more