Cybersecurity Center

Cybersecurity News

  • FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT (Saturday May 11, 2024)
    The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. "The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall (HackerNews)
  • North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (Friday May 10, 2024)
    The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at two South Korean cryptocurrency firms. "Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and exfiltration of files," (HackerNews)
  • CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar) (Friday May 10, 2024)
    Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you'll explore how AI tools are shaping the future of cybersecurity defenses. During the session, Censys Security Researcher Aidan Holland will (HackerNews)
  • Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (Friday May 10, 2024)
    Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024. Use-after-free bugs, which arise when a program (HackerNews)
  • What's the Right EDR for You? (Friday May 10, 2024)
    A guide to finding the right endpoint detection and response (EDR) solution for your business’ unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints. This is why endpoint (HackerNews)
  • Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials (Friday May 10, 2024)
    Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices," the SonicWall Capture Labs threat research team said in a recent report. The (HackerNews)
  • Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models (Friday May 10, 2024)
    Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team. "Once initial access was obtained, they exfiltrated cloud credentials and gained (HackerNews)
  • New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation (Thursday May 09, 2024)
    Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has (HackerNews)
  • Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign (Thursday May 09, 2024)
    Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. "The campaign sent emails with content intended to arouse the recipient's interest and persuade him to click on the link," the computer emergency response team, CERT Polska, said in a Wednesday bulletin. Clicking on the link (HackerNews)
  • New Guide: How to Scale Your vCISO Services Profitably (Thursday May 09, 2024)
    Cybersecurity and compliance guidance are in high demand among SMEs. However, many of them cannot afford to hire a full-time CISO. A vCISO can answer this need by offering on-demand access to top-tier cybersecurity expertise. This is also an opportunity for MSPs and MSSPs to grow their business and bottom line. MSPs and MSSPs that expand their offerings and provide vCISO services (HackerNews)
  • Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (Thursday May 09, 2024)
    Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet. That's according to findings from Juniper Threat Labs, which said the vulnerabilities CVE-2023-46805 and CVE-2024-21887 have been leveraged to deliver the botnet payload. While CVE-2023-46805 is an authentication bypass flaw, (HackerNews)
  • Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover (Thursday May 09, 2024)
    Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next (HackerNews)
  • A SaaS Security Challenge: Getting Permissions All in One Place  (Wednesday May 08, 2024)
    Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user’s base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of (HackerNews)
  • New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (Wednesday May 08, 2024)
    Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm. The techniques have been collectively dubbed Pathfinder by a group of academics from the University of California San Diego, Purdue University, UNC Chapel (HackerNews)
  • The Fundamentals of Cloud Security Stress Testing (Wednesday May 08, 2024)
    ״Defenders think in lists, attackers think in graphs,” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list security gaps directly related to their assets in the network and eliminate as many as possible, starting with the most critical. (HackerNews)
  • Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version (Wednesday May 08, 2024)
    A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. "These enhancements aim to increase the malware's stealthiness, thereby remaining undetected for longer periods of time," Zscaler ThreatLabz researcher Muhammed Irfan V A said in a technical report. "Hijack (HackerNews)
  • Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites (Wednesday May 08, 2024)
    A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus admin users with the names wpsupp‑user  (HackerNews)
  • U.S. Charges Russian Man as Boss of LockBit Ransomware Group (Tuesday May 07, 2024)
    The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev as the gang's leader "LockbitSupp," and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments. (KrebsOnSecurity)
  • Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (Tuesday May 07, 2024)
    The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury’s Office of Foreign Assets Control ( (HackerNews)
  • APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data (Tuesday May 07, 2024)
    The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud subsidiary Mandiant said in a report published last week. "APT42 was (HackerNews)
  • China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion (Tuesday May 07, 2024)
    The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to light last month, singled out MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE) through the exploitation of two Ivanti Connect Secure zero-day (HackerNews)
  • New Case Study: The Malicious Comment (Tuesday May 07, 2024)
    How safe is your comments section? Discover how a seemingly innocent 'thank you' comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read the full real-life case study here.  When is a ‘Thank you’ not a ‘Thank you’? When it’s a sneaky bit of code that’s been hidden inside a ‘Thank You’ (HackerNews)
  • Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever) (Tuesday May 07, 2024)
    Google on Monday announced that it's simplifying the process of enabling two-factor authentication (2FA) for users with personal and Workspace accounts. Also called 2-Step Verification (2SV), it aims to add an extra layer of security to users' accounts to prevent takeover attacks in case the passwords are stolen. The new change entails adding a second step method, such as an (HackerNews)
  • Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering (Tuesday May 07, 2024)
    A Russian operator of a now-dismantled BTC-e cryptocurrency exchange has pleaded guilty to money laundering charges from 2011 to 2017. Alexander Vinnik, 44, was charged in January 2017 and taken into custody in Greece in July 2017. He was subsequently extradited to the U.S. in August 2022. Vinnik and his co-conspirators have been accused of owning and managing (HackerNews)
  • Why Your VPN May Not Be As Secure As It Claims (Monday May 06, 2024)
    Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target's traffic off of the protection provided by their VPN without triggering any alerts to the user. (KrebsOnSecurity)
  • Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution (Monday May 06, 2024)
    More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.1, the latter of (HackerNews)
  • China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices (Monday May 06, 2024)
    The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced around July 2023, with the first confirmed attack against an unnamed victim (HackerNews)
  • It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs (Monday May 06, 2024)
    Cybercriminals are vipers. They’re like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into.  With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price? That’s the daunting question (HackerNews)
  • Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components (Monday May 06, 2024)
    Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data," mobile security firm (HackerNews)
  • New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (Monday May 06, 2024)
    Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs. The exact distribution vector is currently unclear, although there are (HackerNews)
  • Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities (Saturday May 04, 2024)
    Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The Czech Republic's Ministry of Foreign Affairs (MFA), in a statement, said some unnamed (HackerNews)
  • Expert-Led Webinar - Uncovering Latest DDoS Tactics and Learn How to Fight Back (Friday May 03, 2024)
    In today's rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To address this urgent need, we are thrilled to announce our upcoming webinar, "Uncovering Contemporary (HackerNews)
  • Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (Friday May 03, 2024)
    Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News. (HackerNews)
  • New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data (Friday May 03, 2024)
    SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does not enable complete control or comprehensive monitoring of their usage. (HackerNews)
  • NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources (Friday May 03, 2024)
    The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State. "The (HackerNews)
  • Google Announces Passkeys Adopted by Over 400 Million Accounts (Friday May 03, 2024)
    Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times over the past two years. "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords," Heather Adkins, vice president of security engineering at Google, said. (HackerNews)
  • Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (Friday May 03, 2024)
    HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems. Of the 10 security defects, four are rated critical in severity - CVE-2024-26304 (CVSS score: 9.8) - Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Service Accessed via (HackerNews)
  • Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw (Thursday May 02, 2024)
    Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability codenamed the Dirty Stream attack that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory. "The implications of this vulnerability pattern include arbitrary code execution and token theft, (HackerNews)
  • Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (Thursday May 02, 2024)
    A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims. Yaroslav Vasinskyi (aka Rabotnik), 24, along with his co-conspirators part of the REvil ransomware group orchestrated more than 2,500 ransomware attacks and demanded ransom payments in (HackerNews)
  • When is One Vulnerability Scanner Not Enough? (Thursday May 02, 2024)
    Like antivirus software, vulnerability scans rely on a database of known weaknesses. That’s why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn’t existed in the vulnerability management space. The benefits of using multiple scanning engines Generally speaking (HackerNews)
  • Dropbox Discloses Breach of Digital Signature Service Affecting All Users (Thursday May 02, 2024)
    Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with the U.S. Securities and Exchange Commission (SEC), said it became aware of the " (HackerNews)
  • New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (Thursday May 02, 2024)
    A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is CVE-2015-2051 (CVSS score: 9.8), which affects D-Link DIR-645 routers and allows remote attackers to execute arbitrary (HackerNews)
  • CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability (Thursday May 02, 2024)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild. Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email (HackerNews)
  • New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials (Thursday May 02, 2024)
    A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests. "This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent (HackerNews)
  • Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds (Wednesday May 01, 2024)
    A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet market. The findings come from Elliptic in collaboration with researchers from the& (HackerNews)
  • Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers (Wednesday May 01, 2024)
    Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol to secure its C2 communications. "Wpeeper is a typical backdoor Trojan for Android (HackerNews)
  • How to Make Your Employees Your First Line of Cyber Defense (Wednesday May 01, 2024)
    There’s a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you’ve got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard, (HackerNews)
  • ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (Wednesday May 01, 2024)
    The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it's based on, indicating that it's being actively developed. "The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the original infection," Zscaler ThreatLabz researcher Santiago (HackerNews)
  • Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (Wednesday May 01, 2024)
    A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust," said FBI Director Christopher Wray. (HackerNews)
  • Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years (Tuesday April 30, 2024)
    Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositories in Docker Hub are imageless and have no content except for the repository (HackerNews)
  • Man Who Mass-Extorted Psychotherapy Patients Gets Six Years (Tuesday April 30, 2024)
    A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. (KrebsOnSecurity)
  • U.S. Government Releases New AI Security Guidelines for Critical Infrastructure (Tuesday April 30, 2024)
    The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats. "These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems," the Department of Homeland Security (DHS)& (HackerNews)
  • Considerations for Operational Technology Cybersecurity (Tuesday April 30, 2024)
    Operational Technology (OT) refers to the hardware and software used to change, monitor, or control the enterprise's physical devices, processes, and events. Unlike traditional Information Technology (IT) systems, OT systems directly impact the physical world. This unique characteristic of OT brings additional cybersecurity considerations not typically present in conventional IT security (HackerNews)
  • FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data (Monday April 29, 2024)
    The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers -- including AT&T, Sprint, T-Mobile and Verizon -- for illegally sharing access to customers' location information without consent. (KrebsOnSecurity)
  • Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme (Monday April 22, 2024)
    The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump's Dumps. (KrebsOnSecurity)
  • Who Stole 3.6M Tax Records from South Carolina? (Tuesday April 16, 2024)
    For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like Home Depot and Target in the years that followed. (KrebsOnSecurity)
  • Crickets from Chirp Systems in Smart Lock Key Leak (Monday April 15, 2024)
    The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. (KrebsOnSecurity)
  • Why CISA is Warning CISOs About a Breach at Sisense (Thursday April 11, 2024)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening. (KrebsOnSecurity)
  • Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers (Wednesday April 10, 2024)
    On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links -- such as fedetwitter[.]com, which is currently rendered as fedex.com in tweets. (KrebsOnSecurity)
  • April’s Patch Tuesday Brings Record Number of Fixes (Tuesday April 09, 2024)
    If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month's patch batch -- a record 147 flaws in Windows and related software. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.