THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 – Nov 17)
What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people.
This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative—using everything from human trust to hidden flaws in
This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative—using everything from human trust to hidden flaws in
AnnieMac Data Breach Impacts 171,000 People
AnnieMac Home Mortgage is informing over 171,000 individuals that their data has been compromised in a hacker attack.
The post AnnieMac Data Breach Impacts 171,000 People appeared first on SecurityWeek.
Gmail’s New Shielded Email Feature Lets Users Create Aliases for Email Privacy
Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam.
The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android.
The idea is to create unique, single-use email addresses that forward the messages to
The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android.
The idea is to create unique, single-use email addresses that forward the messages to
Fake Discount Sites Exploit Black Friday to Hijack Shopper Information
A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season.
“The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products
“The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products
Beyond Compliance: The Advantage of Year-Round Network Pen Testing
IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here’s the thing: hackers don’t wait around for compliance schedules.
Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%),
Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%),
Library of Congress Says an Adversary Hacked Some Emails
The Library of Congress has notified lawmakers of a “cyber breach” of its IT system by an adversary and a hack of emails.
The post Library of Congress Says an Adversary Hacked Some Emails appeared first on SecurityWeek.
T-Mobile Also Targeted in Chinese Telecom Hacking Campaign
T-Mobile has also been targeted by the Chinese group Salt Typhoon in a major espionage campaign targeting US telecom companies.
The post T-Mobile Also Targeted in Chinese Telecom Hacking Campaign appeared first on SecurityWeek.
NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta’s Lawsuit
Legal documents released as part of an ongoing legal tussle between Meta’s WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so.
They also show that NSO Group repeatedly found ways to install the invasive surveillance tool on the target’s devices as
They also show that NSO Group repeatedly found ways to install the invasive surveillance tool on the target’s devices as
Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites
A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site.
The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The
The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The