Hackers can breach networks using data on resold corporate routers
Enterprise-level network equipment on the secondary market hide sensitive data that hackers could use to breach corporate environments or to...
Read more →Category: Bleeping Computer
Google ads push BumbleBee malware used by ransomware gangs
The enterprise-targeting Bumblebee malware is distributed through Google Ads and SEO poisoning that promote popular software like Zoom, Cisco AnyConnect,...
Read more →
EvilExtractor malware activity spikes in Europe and the U.S.
Researchers are seeing a rise in attacks spreading the EvilExtractor data theft tool, used to steal users’ sensitive data in...
Read more →
GitHub now allows enabling private vulnerability reporting at scale
GitHub announced that private vulnerability reporting is now generally available and can be enabled at scale, on all repositories belonging...
Read more →
The Week in Ransomware – April 21st 2023
A lot of news broke this week related to ransomware, with the discovery of LockBit testing macOS encryptors to an...
Read more →
Critical infrastructure also hit by supply chain attack behind 3CX breach
The X_Trader software supply chain attack that led to last month’s 3CX breach has also impacted at least several critical...
Read more →
GhostToken GCP flaw let attackers backdoor Google accounts
Google has addressed a Cloud Platform (GCP) security vulnerability impacting all users and allowing attackers to backdoor their accounts using...
Read more →
Kubernetes RBAC abused to create persistent cluster backdoors
Hackers use a novel method involving RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack...
Read more →
American Bar Association data breach hits 1.4 million members
The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older...
Read more →
University websites using MediaWiki, TWiki hacked to serve Fortnite spam
Websites of multiple U.S. universities are serving Fortnite and ‘gift card’ spam. Researchers observed Wiki and documentation pages being hosted by universities including Stanford, MIT, Berkeley,...
Read more →
Attackers use abandoned WordPress plugin to backdoor websites
Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an...
Read more →
Ukraine targeted by 60% of Russian phishing attacks in 2023
Google’s Threat Analysis Group (TAG) has been monitoring and disrupting Russian state-backed cyberattacks targeting Ukraine’s critical infrastructure in 2023. Google...
Read more →