Month: June 2024
A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them. The attack was discovered by the Wordfence Threat Intelligence team yesterday, but the malicious injections appear to have occurred towards the end of last week,…
Read More
The prohibitive cost structure has been labeled the “SSO Tax” and CISA says potential SMB customers “perceive SSO as being excessively costly due to the higher cost of the premium-tier service that includes SSO as compared to the lower-tier service that does not include SSO coupled with a requirement to subscribe for a minimum number…
Read More
Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites. A polyfill is code, such as JavaScript, that adds modern functionality to older browsers that do not usually support it. For example, it…
Read More
The potential for mischief is extensive. Sagi Tzadik, the Wiz researcher who discovered the vulnerability, told CSO: “An attacker would be able to covertly leak private models, spy on user prompts, alter their responses, ransom the whole system, and even gain a foothold in the internal network. Once exploited, the machine is compromised.” Authentication shortcomings…
Read More
A threat actor ‘obtained certain personal information’ belonging to more than 60,000 customers and stored in the Snowflake platform, according to Neiman Marcus Group. Neiman Marcus Group confirmed Tuesday that it’s among the victims impacted by recent widespread cyberattacks targeting Snowflake customers, in an incident that saw data belonging to more than 60,000 customers potentially…
Read More
The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey. The new activity has been tracked since May and relies on more compact variants that require fewer permissions and come with fresh features…
Read More
The modern web browser has undergone a profound transformation in recent years, becoming an indispensable tool in today’s digital age. It facilitates online communication and provides unparalleled productivity, especially as organizations continue to transition to hybrid work models and embrace cloud-based operations. Unfortunately, security infrastructures haven’t evolved as fast as they should, making these browsers…
Read More
Luxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company’s database stolen in recent Snowflake data theft attacks. In a data breach notification filed with the Office of the Maine Attorney General, the company says that the breach impacted 64,472 people. “In May 2024, we learned that, between April…
Read Moreffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt ffrt…
Read More
AI is in the news, it’s on our devices–it makes organizations run better, it can help you get into college or land a new job, and scammers increasingly use AI to swindle people more efficiently, but what else can it do? We asked two experts this week: What’s the ultimate AI crime? Cybersecurity and privacy…
Read More