Hacks
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack. This vulnerability is the result of a lack of input validation, which is a security measure that is used to ensure that all data received by an application or system…
iPhone Users Urged to Update to Patch 2 Zero-Days
The recent discovery of two major vulnerabilities in Apple’s operating systems has left users and security experts alike feeling concerned. The two flaws, which affect the kernel and WebKit components of both macOS and iOS, can allow threat actors to gain control of devices if exploited. In an effort to protect users, Apple has released…
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. Fake hotel reservations have been around for years, but the situation is much worse now due to the increased use of reservation systems and the growth of online travel agencies. What’s more, the…
Firewall Bug Under Active Attack Triggers CISA Warning
Palo Alto Networks recently issued a warning that its PAN-OS firewall software is under active attack. In response, the Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to patch their systems as soon as possible. The attack targets a vulnerability in the PAN-OS web interface, which can allow an attacker to gain access to…
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is facing a wave of criticism from a former employee, who claims that the company’s handling of security and privacy issues is putting the public’s safety at risk. The criticism is coming from the former head of security at Twitter, Michael Coates, who says the company’s lack of action on security and privacy issues…
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of vulnerable cameras remain exposed to a critical CVE that has been left unpatched for 11 months. This vulnerability, discovered in April 2019, affects cameras from over 70 different vendors and puts thousands of organizations at risk of being hacked. The vulnerability, tracked as CVE-2018-10562, lies in the use of an insecure…
Ransomware Attacks are on the Rise
Lockbit is quickly becoming the most prolific ransomware group this summer, with two of Conti’s offshoots trailing behind. Lockbit has been active since April and they have already caused considerable damage in many countries. Since their initial attack, they have targeted high-profile organizations, such as hospitals, universities, and government agencies, in an attempt to extort…
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
It has recently been discovered that over 130 companies have been victims of a phishing campaign that spoofed a multi-factor authentication system. This type of attack is a major security threat, as it can potentially access the data and information of hundreds of companies and individuals. The campaign was launched in May of this year…
Watering Hole Attacks Push ScanBox Keylogger
Researchers have uncovered a watering hole attack that is likely to have been carried out by an Advanced Persistent Threat (APT) group known as TA423. This attack is an attempt to plant a JavaScript-based reconnaissance tool known as ScanBox. ScanBox is a tool that can be used to collect detailed information on a target computer,…