U.S. preparing Cyber Trust Mark for more secure smart devices
A new cybersecurity certification and labeling program called U.S. Cyber Trust Mark is being shaped to help U.S. consumers choose connected devices that are more…
Category: Bleeping Computer
New critical Citrix ADC and Gateway flaw exploited as zero-day
Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and “strongly…
Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware
Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation. Discovered yesterday…
Strengthening Password Security may Lower Cyber Insurance Premiums
The global cyber insurance market is expected to reach over $20 billion by 2025. However, many organizations are finding it harder (and more expensive) than…
New critical Citrix ADC and Gateway flaw exploited as zero-days
Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and “strongly…
Google Cloud Build bug lets hackers launch supply chain attacks
A critical design flaw in the Google Cloud Build service discovered by cloud security firm Orca Security can let attackers escalate privileges, providing them with…
FIN8 deploys ALPHV ransomware using Sardonic malware variant
A financially motivated cybercrime gang has been observed deploying BlackCat ransomware payloads on networks backdoored using a revamped Sardonic malware version. Tracked as FIN8 (aka…
Critical ColdFusion flaws exploited in attacks to drop webshells
Update 7/17/23: The article was updated due to a mistaken warning added by Adobe to its email notification. However, a newer version of the bug…
Microsoft Exchange Online hit by new outage blocking emails
Microsoft is investigating an ongoing Exchange Online outage preventing customers from sending emails and triggering 503 errors on affected systems. Impacted users report having issues…
CISA orders govt agencies to mitigate Windows and Office zero-days
CISA ordered federal agencies to mitigate remote code execution zero-days affecting Windows and Office products that were exploited by the Russian-based RomCom cybercriminal group in NATO…
Hackers exploiting critical WordPress WooCommerce Payments bug
Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation. WooCommerce…
Adobe warns of critical ColdFusion RCE bug exploited in attacks
Adobe warns that a critical ColdFusion pre-authentication remote code execution vulnerability tracked as CVE-2023-29300 is actively exploited in attacks. Adobe disclosed the vulnerability on July 11th,…