May 9, 2024 at 11:30AM Dell recently cautioned about a data breach where a threat actor claimed to have acquired information for about 49 million customers via a breached Dell portal. The stolen data includes names, physical addresses, Dell hardware and order details. Though Dell reassures minimal risk as no financial data was accessed, customers … Read more
May 8, 2024 at 01:31PM The FBI warns of Storm-0539, a hacking group targeting retail employees’ personal and work devices with phishing attacks. Once infiltrated, the attackers move laterally through the network to compromise gift card business processes and generate fraudulent gift cards. To defend against these attacks, the FBI advises corporations to review incident … Read more
April 28, 2024 at 10:30AM Okta has reported a significant increase in credential stuffing attacks, facilitated by residential proxy services and stolen credentials. Cisco also cautioned of a surge in brute-force attacks targeting various devices. These attacks appear to originate from TOR exit nodes and anonymizing services. Okta recommends enforcing strong passwords, enabling two-factor authentication, … Read more
April 16, 2024 at 11:24AM Security researchers have uncovered a “credible” takeover attempt targeting the OpenJS Foundation, resembling a recent incident aimed at the open-source XZ Utils project. The incident involved suspicious emails urging updates to JavaScript projects and calls to designate new maintainers. This highlights the risks of supply chain attacks and the need … Read more
April 4, 2024 at 07:03PM Visa issued a security alert warning about increased detections of the JsOutProx malware targeting financial institutions in South and Southeast Asia, the Middle East, and Africa. The malware provides remote access and can execute various malicious activities. Mitigation actions and indicators of compromise were recommended, and the campaign involved phishing … Read more
April 4, 2024 at 08:30AM SurveyLama confirms a data breach affecting over 4.4 million users, occurring in February and brought to light through Have I Been Pwned. Email addresses, personal information, and hashed passwords were compromised. The platform has enforced a password reset and is enhancing security measures. Users are advised to reset all associated … Read more
March 30, 2024 at 12:58PM AT&T confirmed being affected by a data breach involving 73 million customers, after initially denying the leaked data originated from them. The data includes sensitive information such as names, addresses, phone numbers, and in some cases, social security numbers and birth dates. AT&T has reset passcodes for 7.6 million impacted … Read more
March 30, 2024 at 01:51AM RedHat issued an urgent security alert about backdoored versions of the XZ Utils data compression library, impacting versions 5.6.0 and 5.6.1. The compromised code interferes with the sshd daemon process and could allow unauthorized remote access under specific circumstances. Microsoft researcher Andres Freund discovered the issue, prompting GitHub to disable … Read more
March 28, 2024 at 11:09AM Apple device users are encountering continuous password reset requests and vishing calls, often from a number posing as Apple’s official support line. It appears that several Apple device users have been receiving frequent password reset prompts and vishing calls from a number that is spoofing Apple’s legitimate customer support line. … Read more
March 8, 2024 at 06:01PM Cybercrime gang Magnet Goblin swiftly exploits vulnerabilities in Ivanti devices to breach networks of US organizations in the medical, manufacturing, and energy sectors. CISA confirms Ivanti attacks, urging organizations to review Ivanti advisory. Magnet Goblin deploys remote-control and data-stealing malware, leveraging one-day vulnerabilities, posing a significant threat to global digital … Read more