April 2, 2024 at 11:39AM A high-severity XSS vulnerability in WP-Members Membership plugin, tracked as CVE-2024-1852, allows attackers to inject malicious scripts into web pages via user registration functionality. The issue arises from insufficient input sanitization and output escaping. Version 3.4.9.3 contains a patch, but users are urged to update installations promptly due to the … Read more
March 20, 2024 at 04:54AM Twitter users have been encountering misleading external links, leading to unexpected destinations like Telegram accounts promoting crypto scams instead of the displayed website like Forbes.com. This issue arises because Twitter’s link previews show the ultimate destination, which can be altered by malicious websites. This poses a significant threat to users, … Read more
March 8, 2024 at 10:34AM Microsoft discovered that the Russian hacking group ‘Midnight Blizzard’ accessed their internal systems and source code after stealing authentication secrets in January. They gained access using a non-production test account without multi-factor authentication. Microsoft is informing affected customers and increasing security measures to defend against these advanced persistent threats. From … Read more
March 6, 2024 at 01:18PM Duvel Moortgat Brewery was recently hit by a ransomware attack, leading to the suspension of beer production at its bottling facilities. The Belgian brand is known for its popular beers such as Vedett, Maredsous, and La Chouffe. The company’s spokesperson mentioned that although production has been halted, distribution should not … Read more
March 4, 2024 at 09:47AM The National Intelligence Service (NIS) of South Korea has warned of increased cyber espionage attacks by North Korean hackers targeting domestic semiconductor manufacturers. The attacks exploit known vulnerabilities in internet-exposed servers to steal sensitive data. South Korean chipmakers, including Samsung Electronics and SK Hynix, are crucial in the global semiconductor … Read more
March 2, 2024 at 07:48AM Consumer Reports revealed security flaws in certain doorbell cameras, including EKEN and Tuck brands manufactured by Eken Group Ltd. Cameras sold by Walmart, Shein, and others were affected. The vulnerabilities allowed unauthorized access and control, prompting platform removals and refunds. Calls for improved vetting of sellers and products on e-commerce … Read more
February 26, 2024 at 12:09PM Zyxel, a Taiwanese networking company, has issued patches for security vulnerabilities in its firewall and access point products. The defects could lead to remote code execution attacks. The company documented four specific vulnerabilities and urged urgent application of patches and hotfixes. Zyxel has acknowledged its products being exploited in DDoS-capable … Read more
February 23, 2024 at 03:11PM U-Haul notifies 67,000 customers in the US and Canada of a security breach on December 5th. Intruders gained access to customer records with personal data, but no financial info was compromised. U-Haul enhanced security measures and offered affected customers a free one-year membership with Experian IdentityWorks Credit 3B. Identity-related attacks … Read more
February 23, 2024 at 10:13AM A critical security vulnerability in ConnectWise ScreenConnect has been identified, with potential for a large-scale supply-chain attack. Exploitation can allow hackers to access numerous servers and endpoints, including those of managed service providers. Multiple CVEs have been disclosed, with active exploitation reported. Organizations are advised to apply patches and monitor … Read more
February 14, 2024 at 07:15AM Infamous malware loader Bumblebee resurfaces in a new phishing campaign targeting organizations in the U.S. Proofpoint warned about voicemail-themed lures leading to Word files with VBA macros launching PowerShell commands to execute Bumblebee. The attack chain relies on macro-enabled documents, coinciding with reappearance of new variants of QakBot, ZLoader, and … Read more