A financially motivated Chinese threat actor dubbed “SilkSpecter” is using thousands of fake online stores to steal the payment card details of online shoppers in the U.S. and Europe. […]
CISA warns of more Palo Alto Networks bugs exploited in attacks
CISA warned today that two more critical security vulnerabilities in Palo Alto Networks’ Expedition migration tool are now actively exploited in attacks. […]
New Glove infostealer malware bypasses Chrome’s cookie encryption
New Glove Stealer information-stealing malware can bypass Google Chrome’s Application-Bound (App-Bound) encryption to steal browser cookies. […]
New Glove Stealer malware bypasses Chrome’s cookie encryption
New Glove Stealer information-stealing malware can bypass Google Chrome’s Application-Bound (App-Bound) encryption to steal browser cookies. […]
Iranian Hackers Target Aerospace Industry in ‘Dream Job’ Campaign
Iran-linked Charming Kitten hackers have been running a ‘dream job’ campaign targeting the aerospace industry with the SnailResin malware.
The post Iranian Hackers Target Aerospace Industry in ‘Dream Job’ Campaign appeared first on SecurityWeek.
Experts Uncover 70,000 Hijacked Domains in Widespread ‘Sitting Ducks’ Attack Scheme
Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years.
The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently
The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently
Hacker gets 10 years in prison for extorting US healthcare provider
Robert Purbeck, a 45-year-old man from Idaho, has been sentenced to ten years in prison for hacking at least 19 organizations in the United States, stealing the personal data of more than 132,000 people, and multiple extortion attempts. […]
Bitsight to Acquire Cybersixgill for $115 Million
Cyber risk management solutions provider Bitsight is acquiring threat intelligence firm Cybersixgill for $115 million.
The post Bitsight to Acquire Cybersixgill for $115 Million appeared first on SecurityWeek.
ChatGPT allows access to underlying sandbox OS, “playbook” data
OpenAI’s containerized ChatGPT environment is open to limited yet extensive access to core instructions while allowing arbitrary file uploads and command execution within the isolated sandbox. […]
Low-Code, High Risk: Millions of Records Exposed via Misconfigured Microsoft Power Pages
Security researcher investigated Microsoft Power Pages installations and found several with misconfigurations allowing unintentional access to confidential data.
The post Low-Code, High Risk: Millions of Records Exposed via Misconfigured Microsoft Power Pages appeared first on SecurityWeek.