New Whirlpool backdoor used in Barracuda ESG hacks
Image: Midjourney The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor malware named ‘Whirlpool’ used in attacks on compromised Barracuda Email…
Category: Bleeping Computer
Exploring the Stealer Log Lifecycle
The first seven months of 2023 have seen a continued rapid evolution of the cybercrime ecosystem. Ransomware data exfiltration attacks, stealer log distribution, and new…
Dell Compellent hardcoded key exposes VMware vCenter admin creds
An unfixed hardcoded encryption key flaw in Dell’s Compellent Integration Tools for VMware (CITV) allows attackers to decrypt stored vCenter admin credentials and retrieve the…
New BitForge cryptocurrency wallet flaws lets hackers steal crypto
Image: Midjourney Multiple zero-day vulnerabilities named ‘BitForge’ in the implementation of widely used cryptographic protocols like GG-18, GG-20, and Lindell 17 affected popular cryptocurrency wallet…
Hackers use open source Merlin post-exploitation toolkit in attacks
Ukraine is warning of a wave of attacks targeting state organizations using ‘Merlin,’ an open-source post-exploitation and command and control framework. Merlin is a Go-based…
Missouri warns that health info was stolen in IBM MOVEit data breach
Missouri’s Department of Social Services warns that protected Medicaid healthcare information was exposed in a data breach after IBM suffered a MOVEit data theft attack.…
Rhysida ransomware behind recent attacks on healthcare
The Rhysida ransomware operation is making a name for itself after a wave of attacks on healthcare organizations has forced government agencies and cybersecurity companies…
Popular open source project Moq criticized for quietly collecting data
Open source project Moq (pronounced “Mock”) has drawn sharp criticism for quietly including a controversial dependency in its latest release. Distributed on the NuGet software registry, Moq sees…
EvilProxy phishing campaign targets 120,000 Microsoft 365 users
EvilProxy is becoming one of the more popular phishing platforms to target MFA-protected accounts, with researchers seeing 120,000 phishing emails sent to over a hundred…
Preventative medicine for securing IoT tech in healthcare organizations
The widespread adoption of a digital transformation workspace and the shift to web applications has led to a global rise in cybercrime, with 2022 seeing…
Google to fight hackers with weekly Chrome security updates
Google has changed the Google Chrome security updates schedule from bi-weekly to weekly to address the growing patch gap problem that allows threat actors extra…
Microsoft Visual Studio Code flaw lets extensions steal passwords
Microsoft’s Visual Studio Code (VS Code) code editor and development environment contains a flaw that allows malicious extensions to retrieve authentication tokens stored in Windows,…