Month: June 2024
A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them. The attack was discovered by the Wordfence Threat Intelligence team yesterday, but the malicious injections appear to have occurred towards the end of last week,…
Read MoreThe prohibitive cost structure has been labeled the “SSO Tax” and CISA says potential SMB customers “perceive SSO as being excessively costly due to the higher cost of the premium-tier service that includes SSO as compared to the lower-tier service that does not include SSO coupled with a requirement to subscribe for a minimum number…
Read MoreOver 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites. A polyfill is code, such as JavaScript, that adds modern functionality to older browsers that do not usually support it. For example, it…
Read MoreThe potential for mischief is extensive. Sagi Tzadik, the Wiz researcher who discovered the vulnerability, told CSO: “An attacker would be able to covertly leak private models, spy on user prompts, alter their responses, ransom the whole system, and even gain a foothold in the internal network. Once exploited, the machine is compromised.” Authentication shortcomings…
Read MoreA threat actor ‘obtained certain personal information’ belonging to more than 60,000 customers and stored in the Snowflake platform, according to Neiman Marcus Group. Neiman Marcus Group confirmed Tuesday that it’s among the victims impacted by recent widespread cyberattacks targeting Snowflake customers, in an incident that saw data belonging to more than 60,000 customers potentially…
Read MoreThe Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey. The new activity has been tracked since May and relies on more compact variants that require fewer permissions and come with fresh features…
Read MoreThe modern web browser has undergone a profound transformation in recent years, becoming an indispensable tool in today’s digital age. It facilitates online communication and provides unparalleled productivity, especially as organizations continue to transition to hybrid work models and embrace cloud-based operations. Unfortunately, security infrastructures haven’t evolved as fast as they should, making these browsers…
Read MoreLuxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company’s database stolen in recent Snowflake data theft attacks. In a data breach notification filed with the Office of the Maine Attorney General, the company says that the breach impacted 64,472 people. “In May 2024, we learned that, between April…
Read Moreffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt…
Read MoreAI is in the news, it’s on our devices–it makes organizations run better, it can help you get into college or land a new job, and scammers increasingly use AI to swindle people more efficiently, but what else can it do? We asked two experts this week: What’s the ultimate AI crime? Cybersecurity and privacy…
Read MoreRecent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA