Canada’s largest alcohol retailer’s site hacked to steal credit cards
The Liquor Control Board of Ontario (LCBO), a Canadian government enterprise and the country’s largest beverage alcohol retailer, revealed that unknown attackers had breached its…
Category: Bleeping Computer
Brave browser’s new Snowflake feature help bypass Tor blocks
Brave Browser version 1.47 was released yesterday, adding the Snowflake extension in the software’s settings, enabling users to turn their devices into proxies that help…
Google Chrome to let you disable or enable extensions per site
Google is working on a new feature that allows you to disable or enable Chrome extensions based on site-by-site basis. The Chrome Web Store has…
CircleCI’s hack caused by malware stealing engineer’s 2FA-backed session
Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that their 2FA-backed SSO session cookie, allowing access to the company’s internal systems.…
The Week in Ransomware – January 13th 2023
The LockBit ransomware operation has again taken center stage in the ransomware news, as we learned yesterday they were behind the attack on Royal Mail.…
PoC exploits released for critical bugs in popular WordPress plugins
Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly…
NortonLifeLock warns that hackers breached Password Manager accounts
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts…
Buggy Microsoft Defender ASR rule deletes Windows app shortcuts
Microsoft has addressed a false positive triggered by a buggy Microsoft Defender ASR rule that would delete application shortcuts from the desktop, the Start menu,…
Govt networks targeted with now-patched SSL-VPN zero-day
Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets. The security flaw (CVE-2022-42475)…
MetaMask warns of new ‘Address Poisoning’ cryptocurrency scam
Cryptocurrency wallet provider MetaMask is warning users of a new scam called ‘Address Poisoning’ used to trick users into sending funds to a scammer rather…
Cuba ransomware hacking Exchange servers via OWASSRF flaw
Microsoft says Cuba ransomware threat actors are hacking Microsoft Exchange servers unpatched against a critical server-side request forgery (SSRF) vulnerability also exploited in Play ransomware…
Exchange Server 2013 reaches end of support in 90 days
Microsoft warned customers today that Exchange Server 2013 will reach its extended end-of-support (EOS) date 90 days from now, on April 11, 2023. Exchange Server…