Cybersecurity Center

Cybersecurity News

  • Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts (Saturday April 13, 2024)
    A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July. "At the time of both attacks, (HackerNews)
  • U.S. Treasury Hamas Spokesperson for Cyber Influence Operations (Saturday April 13, 2024)
    The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday announced sanctions against an official associated with Hamas for his involvement in cyber influence operations. Hudhayfa Samir ‘Abdallah al-Kahlut, 39, also known as Abu Ubaida, has served as the public spokesperson of Izz al-Din al-Qassam Brigades, the military wing of Hamas, since at least 2007. "He publicly (HackerNews)
  • Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (Saturday April 13, 2024)
    Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company's Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work of a single threat actor of (HackerNews)
  • Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files (Friday April 12, 2024)
    "Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal. liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying library that is part of the XZ Utils data compression software. The (HackerNews)
  • Code Keepers: Mastering Non-Human Identity Management (Friday April 12, 2024)
    Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard (HackerNews)
  • Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (Friday April 12, 2024)
    The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2, becoming the latest such tool in its arsenal after SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go. "While occasionally switching to a new remote administration tool or changing their C2 framework, MuddyWater’s methods remain constant," Deep (HackerNews)
  • Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (Friday April 12, 2024)
    Palo Alto Networks is warning that a critical flaw impacting PAN-OS software used in its GlobalProtect gateways is being actively exploited in the wild. Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity. "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct (HackerNews)
  • Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker (Friday April 12, 2024)
    Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the "Miscellaneous Scripts" section of the Magento admin panel. " (HackerNews)
  • U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks (Friday April 12, 2024)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft's systems that led to the theft of email correspondence with the company. The attack, which came to light earlier this year, has been (HackerNews)
  • Why CISA is Warning CISOs About a Breach at Sisense (Thursday April 11, 2024)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening. (KrebsOnSecurity)
  • Python's PyPI Reveals Its Secrets (Thursday April 11, 2024)
    GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in GitHub, but a number in the popular Python package repository PyPI. PyPI, (HackerNews)
  • TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (Thursday April 11, 2024)
    A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors," Proofpoint said. "Additionally, the actor appeared to (HackerNews)
  • Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (Thursday April 11, 2024)
    Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are used by state actors to pull off "individually targeted (HackerNews)
  • Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (Thursday April 11, 2024)
    Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. "An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to (HackerNews)
  • Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers (Wednesday April 10, 2024)
    On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links -- such as fedetwitter[.]com, which is currently rendered as fedex.com in tweets. (KrebsOnSecurity)
  • 'eXotic Visit' Spyware Campaign Targets Android Users in India and Pakistan (Wednesday April 10, 2024)
    An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is not linked to any known threat actor or group. It's tracking the group behind the operation under the (HackerNews)
  • Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files (Wednesday April 10, 2024)
    Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files (WSFs) since March 2024. "Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its distributors have experimented with other initial infection vectors," HP Wolf Security researcher Patrick (HackerNews)
  • Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware (Wednesday April 10, 2024)
    Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL, (HackerNews)
  • Hands-on Review: Cynomi AI-powered vCISO Platform (Wednesday April 10, 2024)
    The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain (HackerNews)
  • Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel (Wednesday April 10, 2024)
    Cybersecurity researchers have disclosed what they say is the "first native Spectre v2 exploit" against the Linux kernel on Intel systems that could be exploited to read sensitive data from the memory. The exploit, called Native Branch History Injection (BHI), can be used to leak arbitrary kernel memory at 3.5 kB/sec by bypassing existing Spectre v2/BHI mitigations, researchers from Systems and (HackerNews)
  • Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses (Wednesday April 10, 2024)
    We all know passwords and firewalls are important, but what about the invisible threats lurking beneath the surface of your systems? Identity Threat Exposures (ITEs) are like secret tunnels for hackers – they make your security way more vulnerable than you think. Think of it like this: misconfigurations, forgotten accounts, and old settings are like cracks in your digital fortress walls. Hackers (HackerNews)
  • Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (Wednesday April 10, 2024)
    Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The update is aside from 21 vulnerabilities that the company addressed in its (HackerNews)
  • Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (Wednesday April 10, 2024)
    A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are invoked on Windows with untrusted arguments. "The Rust standard library did not properly escape (HackerNews)
  • April’s Patch Tuesday Brings Record Number of Fixes (Tuesday April 09, 2024)
    If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month's patch batch -- a record 147 flaws in Windows and related software. (KrebsOnSecurity)
  • 10-Year-Old 'RUBYCARP' Romanian Hacker Group Surfaces with Botnet (Tuesday April 09, 2024)
    A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with The Hacker News. "Its primary method of operation (HackerNews)
  • Hackers Targeting Human Rights Activists in Morocco and Western Sahara (Tuesday April 09, 2024)
    Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks to trick victims into installing bogus Android apps and serve credential harvesting pages for Windows users. Cisco Talos is tracking the activity cluster under the name Starry Addax, describing it as primarily singling out activists associated with (HackerNews)
  • Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access (Tuesday April 09, 2024)
    Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024. The (HackerNews)
  • CL0P's Ransomware Rampage - Security Measures for 2024 (Tuesday April 09, 2024)
    2023 CL0P Growth  Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the ‘CryptoMix’ ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to 2022. But in 2023 the CL0P ransomware gang took itself to new heights and became one of the (HackerNews)
  • Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing (Tuesday April 09, 2024)
    Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet (HackerNews)
  • Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (Tuesday April 09, 2024)
    Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in (HackerNews)
  • Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity Cloud PAM Essentials (Tuesday April 09, 2024)
    As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can't be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing a transformative shift toward cloud-based offerings. One Identity PAM Essentials stands (HackerNews)
  • Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (Monday April 08, 2024)
    Google has announced support for what's called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 security technical lead Samuel Groß, aims to prevent "memory corruption in V8 from spreading within the host process." The search behemoth has described V8 Sandbox as a lightweight, in-process sandbox (HackerNews)
  • Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox (Monday April 08, 2024)
    Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it's designed to retrieve (HackerNews)
  • The Drop in Ransomware Attacks in 2024 and What it Means (Monday April 08, 2024)
    The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure (HackerNews)
  • Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme (Monday April 08, 2024)
    A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs researcher Karla Agregado said. The email message, the company said, originates from an email (HackerNews)
  • Google Sues App Developers Over Fake Crypto Investment App Scam (Monday April 08, 2024)
    Google has filed a lawsuit in the U.S. against two app developers for allegedly engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns. The individuals in question are Yunfeng Sun (aka Alphonse Sun) and Hongnam (HackerNews)
  • Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (Saturday April 06, 2024)
    Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution. It was addressed by the company as part of (HackerNews)
  • AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (Friday April 05, 2024)
    New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers' models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines. "Malicious models represent a major risk to AI systems, (HackerNews)
  • CISO Perspectives on Complying with Cybersecurity Regulations (Friday April 05, 2024)
    Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance is a time-consuming, high-stakes process that demands strong organizational and (HackerNews)
  • From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware (Friday April 05, 2024)
    Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader application to view the content. According to Fortinet FortiGuard Labs, clicking the URL (HackerNews)
  • New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA (Friday April 05, 2024)
    Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an "evolving threat" called JSOutProx. "JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET," Resecurity said in a technical report published this week. "It employs the .NET (de)serialization feature to interact with a core (HackerNews)
  • Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (Friday April 05, 2024)
    Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the uncategorized monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Also previously linked to the exploitation spree is a Chinese (HackerNews)
  • Vietnam-Based Hackers Steal Financial Data Across Asia with Malware (Thursday April 04, 2024)
    A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it as financially motivated. Targets of the campaign include India, China, South Korea, Bangladesh, Pakistan, Indonesia, (HackerNews)
  • New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware (Thursday April 04, 2024)
    An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. "The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident," Cofense researcher Dylan Duncan said. The (HackerNews)
  • Fake Lawsuit Threat Exposes Privnote Phishing Sites (Thursday April 04, 2024)
    A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. (KrebsOnSecurity)
  • Considerations for Operational Technology Cybersecurity (Thursday April 04, 2024)
    Operational Technology (OT) refers to the hardware and software used to change, monitor, or control the enterprise's physical devices, processes, and events. Unlike traditional Information Technology (IT) systems, OT systems directly impact the physical world. This unique characteristic of OT brings additional cybersecurity considerations not typically present in conventional IT security (HackerNews)
  • New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (Thursday April 04, 2024)
    New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks. The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024. "Many HTTP/2 implementations do not properly limit or sanitize the (HackerNews)
  • Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure (Thursday April 04, 2024)
    Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of flaws is as follows - CVE-2024-21894 (CVSS score: 8.2) - A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an (HackerNews)
  • Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (Wednesday April 03, 2024)
    Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A privilege escalation flaw in the firmware component "There are indications that the [ (HackerNews)
  • U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (Wednesday April 03, 2024)
    The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland Security (DHS) on Tuesday, found that the intrusion was preventable, and that it became successful (HackerNews)
  • ‘The Manipulaters’ Improve Phishing, Still Fail at Opsec (Wednesday April 03, 2024)
    Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called "The Manipulaters," a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities. (KrebsOnSecurity)
  • Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (Wednesday April 03, 2024)
    Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware. The prototype – currently tested against "some" Google Account users running Chrome Beta – is built with an aim to make it an open web standard, the tech giant's Chromium team said. "By binding authentication sessions to the (HackerNews)
  • Attack Surface Management vs. Vulnerability Management (Wednesday April 03, 2024)
    Attack surface management (ASM) and vulnerability management (VM) are often confused, and while they overlap, they’re not the same. The main difference between attack surface management and vulnerability management is in their scope: vulnerability management checks a list of known assets, while attack surface management assumes you have unknown assets and so begins with discovery. Let’s look at (HackerNews)
  • Mispadu Trojan Targets Europe, Thousands of Credentials Compromised (Wednesday April 03, 2024)
    The banking trojan known as Mispadu has expanded its focus beyond Latin America (LATAM) and Spanish-speaking individuals to target users in Italy, Poland, and Sweden. Targets of the ongoing campaign include entities spanning finance, services, motor vehicle manufacturing, law firms, and commercial facilities, according to Morphisec. "Despite the geographic expansion, Mexico remains the (HackerNews)
  • Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (Wednesday April 03, 2024)
    A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL injection impacting versions from 7.9.11 through 7.10.0. The issue has been addressed in version (HackerNews)
  • Thread Hijacking: Phishes That Prey on Your Curiosity (Thursday March 28, 2024)
    Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient's natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here's the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop. (KrebsOnSecurity)
  • Recent ‘MFA Bombing’ Attacks Targeting Apple Users (Tuesday March 26, 2024)
    Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds "Allow" or "Don't Allow" to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user's account is under attack and that Apple support needs to "verify" a one-time code. (KrebsOnSecurity)
  • Mozilla Drops Onerep After CEO Admits to Running People-Search Networks (Friday March 22, 2024)
    The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep's CEO to admit that he has founded dozens of people-search networks over the years. (KrebsOnSecurity)
  • The Not-so-True People-Search Network from China (Thursday March 21, 2024)
    It's not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it's not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities. (KrebsOnSecurity)
  • CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms (Thursday March 14, 2024)
    The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.