A financially motivated Chinese threat actor dubbed “SilkSpecter” is using thousands of fake online stores to steal the payment card details of online shoppers in the U.S. and Europe. The fraud campaign started in October 2024, offering steep discounts for the upcoming Black Friday shopping period that usually sees elevated shopping activity. EclecticIQ threat researcher…

Read More

CISA warned today that two more critical security vulnerabilities in Palo Alto Networks’ Expedition migration tool are now actively exploited in the wild. Attackers can use the two unauthenticated command injection (CVE-2024-9463) and SQL injection (CVE-2024-9465) vulnerabilities to hack into unpatched systems running the company’s Expedition migration tool, which helps migrate configurations from Checkpoint, Cisco,…

Read More

​New Glove Stealer malware can bypass Google Chrome’s Application-Bound (App-Bound) encryption to steal browser cookies. As Gen Digital security researchers who first spotted it while investigating a recent phishing campaign said, this information-stealing malware is “relatively simple and contains minimal obfuscation or protection mechanisms,” indicating that it’s very likely in its early development stages. During…

Read More

​New Glove Stealer malware can bypass Google Chrome’s Application-Bound (App-Bound) encryption to steal browser cookies. As Gen Digital security researchers who first spotted it while investigating a recent phishing campaign said, this information-stealing malware is “relatively simple and contains minimal obfuscation or protection mechanisms,” indicating that it’s very likely in its early development stages. During…

Read More

Managing increasingly distributed IT systems is a major challenge for IT managers and MSPs. As part of CRN’s Stellar Startups for 2024, here are four data center technology startups, founded in 2018 or later, that solution providers should be aware of. Center Of Attention Managing IT hardware and software systems and services is an increasingly…

Read More

The Tenable Cloud Risk Report 2024 reveals that nearly four in 10 organizations have workloads that are publicly exposed, contain a critical vulnerability and have excessive permissions. Here’s what to watch for in your organization. In a “GPS mapping” of today’s most pressing cloud security issues, the Tenable Cloud Risk Report 2024 from Tenable Cloud…

Read More

Robert Purbeck, a 45-year-old man from Idaho, has been sentenced to ten years in prison for hacking at least 19 organizations in the United States, stealing the personal data of more than 132,000 people, and multiple extortion attempts. As showcased in the indictment, prosecutors linked multiple data theft and blackmail incidents to Purbeck (also known…

Read More

Hackers are using a novel technique that abuses extended attributes for macOS files to deliver a new trojan that researchers call RustyAttr. The threat actor is hiding malicious code in custom file metadata and also uses decoy PDF documents to help evade detection. The new technique is similar to how the Bundlore adware in 2020 hid its…

Read More

We’ve all been there: staring at the login screen, trying to remember which password variation we’re supposed to use on a particular site. Thankfully, a quick call to the IT helpdesk can easily get us back on track. But multiply that “quick fix” across your organization — where employees average two resets a year —…

Read More

OpenAI’s ChatGPT platform provides a great degree of access to the LLM’s sandbox, allowing you to upload programs and files, execute commands, and browse the sandbox’s file structure. The ChatGPT sandbox is an isolated environment that allows users to interact with the it securely while being walled off from other users and the host servers.…

Read More