Month: July 2024
Additionally, the threat actor deploys cryptominers to profit from compromised systems, the cloud security intelligence and solutions provider added. CRYSTALRAY leverages existing vulnerability proof of concepts (PoCs) and uses OSS penetration testing tools to scan a list of targets against these vulnerabilities. Once detected, they modify the existing PoCs for their payload and drop them…
Read More
The IT systems outage for car dealerships caused by a mid-June ransomware attack still lasted two weeks. CDK Global reportedly paid $25 million to cybercriminals after a mid-June ransomware attack disrupted business for thousands of car dealerships. According to a report from CNN citing multiple sources, software maker CDK paid the ransom to accelerate the…
Read More
The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale. “The social media bot farm used elements of AI to create fictitious social media profiles —…
Read More
Jul 12, 2024NewsroomVulnerability / Software Security A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users’ inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. “Exim through…
Read More
He went on to speculate about the origin of the nude pictures: “Were they obtained from compromised devices without the knowledge or consent of the owner? They certainly don’t look like anything that would be loaded into a ticketing system.” CSOonline approached mSpy for comment on the breach and to ask what advice it had…
Read More
AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company’s Snowflake account. The company confirmed to BleepingComputer that the data was stolen from the Snowflake account between April 14 and April…
Read More
An AT&T spokesperson reportedly disclosed the theft of customer records was part of the recent wave of data theft attacks targeting Snowflake customers. An AT&T spokesperson reportedly disclosed that the massive theft of customer records was part of the recent wave of data theft attacks targeting Snowflake customers. The disclosure came as the telecom giant…
Read MoreThe NSA Has a Long-Lost Lecture by Adm. Grace Hopper The NSA has a video recording of a 1982 lecture by Adm. Grace Hopper titled “Future Possibilities: Data, Hardware, Software, and People.” The agency is (so far) refusing to release it. Basically, the recording is in an obscure video format. People at the NSA can’t…
Read More
Image: MidjourneyNetgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. The stored XSS security flaw (fixed in firmware version 1.0.0.72 and tracked as PSV-2023-0122) impacts the XR1000 Nighthawk gaming router. While the company didn’t disclose any…
Read More
Jul 12, 2024The Hacker NewsDigital Security / Online Safety In today’s digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability. Most people don’t realize their credentials have been compromised until the damage is done.…
Read More