The Federal Trade Commission (FTC) is distributing over $72 million in Epic Game Fortnite refunds for the company’s use of dark patterns to trick players into making unwanted purchases. […]
US sanctions Chinese firm for hacking firewalls in ransomware attacks
The U.S. Treasury Department has sanctioned Sichuan Silence, a Chinese cybersecurity company, and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. […]
Wald.ai Raises $4M in Seed Funding to Protect Data in Conversations With AI Assistants
Wald.ai has raised $4 million in seed funding for a solution designed to ensure data protection when organizations use AI assistants.
The post Wald.ai Raises $4M in Seed Funding to Protect Data in Conversations With AI Assistants appeared first on SecurityWeek.
Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged
Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems.
Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo’s LexiCom,
Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo’s LexiCom,
New Cleo zero-day RCE flaw exploited in data theft attacks
Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. […]
Inside the incident: Uncovering an advanced phishing attack
Recently, Varonis investigated a phishing campaign in which a malicious email enabled a threat actor to access the organization. This blog post will reveal the tactics used to avoid detection and share what was discovered during the investigation. […]
Cleo File Transfer Tool Vulnerability Exploited in Wild Against Enterprises
CVE-2024-50623, an improperly patched vulnerability affecting Cleo file transfer tools, has been exploited in the wild.
The post Cleo File Transfer Tool Vulnerability Exploited in Wild Against Enterprises appeared first on SecurityWeek.
Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam
Cybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing) campaign that’s designed to distribute an updated version of the Antidot banking trojan.
“The attackers presented themselves as recruiters, luring unsuspecting victims with job offers,” Zimperium zLabs Vishnu Pratapagiri researcher said in a new report.
“As part of their fraudulent hiring process, the
“The attackers presented themselves as recruiters, luring unsuspecting victims with job offers,” Zimperium zLabs Vishnu Pratapagiri researcher said in a new report.
“As part of their fraudulent hiring process, the
SAP Patches Critical Vulnerability in NetWeaver
SAP has released patches for 16 vulnerabilities, including a critical-severity SSRF bug in NetWeaver (Adobe Document Services).
The post SAP Patches Critical Vulnerability in NetWeaver appeared first on SecurityWeek.
Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client
Microsoft offers $10,000 in rewards to researchers who can manipulate a realistic simulated LLM-integrated email client.
The post Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client appeared first on SecurityWeek.