Items tagged with security

The cybersecurity firm Group-IB published research today detailing how various threat actors are stealing Steam login credentials using browser windows. Specialists from the computer emegency response team at Group-IB (CERT-GIB) discovered over 150 phishing resources mimicking Steam in just the month of July. Steam... Read more...
Research conducted by a team at the firmware security firm Binarly reveals that six vulnerabilities remain unpatched in various enterprise-grade HP laptops and desktops despite HP having developed patches for these vulnerabilities. Binarly discovered three of these vulnerabilities last year and notified HP of their... Read more...
No matter how you pronounce it, GIFs are fun and entertaining for most people, and a mild annoyance for the rest. Unfortunately for users of Microsoft Teams, they are also a danger to their systems. A new malware known as GIFShell has surfaced, and the attack vector is Microsoft Teams. Found by Security researcher... Read more...
After introducing video end-to-end encryption (E2EE) for a subset of its wired doorbell and camera devices over a year ago, Ring has announced that it is now extending this capability to its wireless devices. While the company doesn’t specify in its announcement which of its battery-powered devices will support E2EE... Read more...
Scammers and fraudsters have been targeting YouTube creators with sophisticated email campaigns. The emails pose as legitimate notices from Google which claim to be a copyright report and possible strike against the channel. These include a Google Drive link to the purported report, which actually contains a malware... Read more...
The outdoor recreational apparel brand The North Face has reportedly been hit by a major credential stuffing attack. In a credential stuffing attack, threat actors take user login credentials exposed in unrelated data breaches and enter them into a targeted website or service. This form of cyberattack takes advantage... Read more...
Cybersecurity researchers from Palo Alto Networks’ Unit 42 have discovered a campaign exploiting multiple vulnerabilities in D-Link routers to spread botnet malware. A botnet is a network of compromised consumer or enterprise devices controlled by a threat actor to carry out malicious tasks, such as mining... Read more...
The international phenoms that are Minecraft and Roblox are practically ubiquitous in gaming today. The two games are available on multiple platforms including consoles, PC, and even mobile devices. Unfortunately, their significant popularity, especially amongst younger generations, makes them an excellent target for... Read more...
Last week, Microsoft revealed a vulnerability in the TikTok Android app that threat actors potentially could have exploited to hijack TikTok user accounts with a single click. Fortunately, TikTok patched the vulnerability earlier this year before its disclosure. However, shortly after Microsoft publicly disclosed the... Read more...
Ransomware attacks have been targeting school districts, hospitals, government organizations, businesses, and even hospitals in recent years. It's a rather nasty piece of work; it can cause loss of data, stolen data, more viruses, and even inaccessibility to systems necessary for operations. An entire town in Canada... Read more...
It's been several days since Google began rolling out an important security update for its Chrome browser, but even so, there's no guarantee that it's been applied on your system yet. Given the acknowledgement that the patched flaw is one that is actively being exploited in the wild, you'd be well served to manually... Read more...
A nasty bit of Android malware previously lurking on the Google Play Store has returned with additional capabilities. Known as SharkBot, the malware is designed to steal user login credentials, particularly credentials used to access financial applications. The malware has also been found to initiate money transfers... Read more...
On September 2, 2022, Samsung reported that it had discovered a security breach of their U.S. systems. Unfortunately for some Samsung customers, this means that their personal information may have leaked out into the wild. The report states that the initial indication came in July, and by August it had established the... Read more...
A new report by Microsoft details a vulnerability in the TikTok Android app that threat actors could have exploited to hijack user accounts with a single click. The vulnerability appears in the National Vulnerability Database with the Common Vulnerabilities and Exposures (CVE) identifier CVE-2022-28799 and a high... Read more...
If you are still using an iPhone 5S, 6 or 6 Plus, you have a rare OS update to download. Apple released an update on Wednesday for iOS 12 that patches a security hole already fixed in its newer versions of iOS. It seems older smartphones are getting some love recently, as both Apple and Samsung have released... Read more...
The James Webb Space Telescope (JWST) came online this year after more than 20 years of design and development. It's a real watershed moment for astronomy, and unfortunately, yet another way for internet ne'er-do-wells to distribute malware. Security researchers have identified a new malware campaign that has... Read more...
Do you ever feel like company advertisers are doing more than listening to you? Let's face it, they probably are. You might be concerned to hear that your pocket smart device is also tracking where you are. This is not new information for most people. Many use GPS mapping apps, such as Google Maps, Waze, and Apple... Read more...
The password manager LastPass has published a blog post notifying users of a recent data breach. According to the CEO, Karim Toubba, the breach affected parts of the company’s development environment but did not touch any databases containing user data or passwords. Rather than stealing user information, it seems that... Read more...
Back in January of this year, a group of developers serving as white-hat hackers warned the "Souls" community of a serious Remote Code Execution (RCE) exploit that they found in FromSoftware's fantasy RPG series. The games' online play was taken down as a response and has remained down ever since. However... Read more...
A new report by cybersecurity firm Mandiant details an ongoing hacking campaign targeting Microsoft 365. The threat actor behind this campaign is an advanced persistent threat (APT) known as “Cozy Bear” or simply “APT29.” APT29 is thought to be a Russian hacking group sponsored by the Russian Foreign Intelligence... Read more...
Plex, a company that provides media streaming solutions, sent out emails early this morning informing users of a data breach. According to the notice, Plex launched an investigation yesterday after discovering suspicious activity on one of its databases. The investigation revealed that a third-party actor managed to... Read more...
Successful hacking involves more than just gaining unauthorized access to a system. Once inside, malicious actors like to cover their tracks not only to prevent getting caught, but also to maximize how much data they can extract. To this end, the Iranian-backed hacker group known as Charming Kitten has been discovered... Read more...
First ... Prev 2 3 4 5 6 Next