Attackers could exploit vulnerable deployments to intercept and tamper with communications in certain configurations.
The post ConnectWise Patches Critical Flaw in Automate RMM Tool appeared first on SecurityWeek.
⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More
It’s easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn’t just patching fast, but watching smarter and staying alert for what you don’t expect.
Here’s a quick look at this week’s top threats, new tactics, and security stories shaping
Here’s a quick look at this week’s top threats, new tactics, and security stories shaping
Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches
ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches.
ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser — most commonly a CAPTCHA, but also things like fixing an error on a webpage.
The name is a little misleading, though
ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser — most commonly a CAPTCHA, but also things like fixing an error on a webpage.
The name is a little misleading, though
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale.
The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users.
“
The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users.
“
Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks
On Android, the out-of-bounds write issue can be triggered during the processing of media files without user interaction.
The post Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks appeared first on SecurityWeek.
NSO Ordered to Stop Hacking WhatsApp, but Damages Cut to $4 Million
The judge ruled that punitive damages of $167 million awarded by a jury were excessive.
The post NSO Ordered to Stop Hacking WhatsApp, but Damages Cut to $4 Million appeared first on SecurityWeek.
AWS outage crashes Amazon, PrimeVideo, Fortnite, Perplexity and more
AWS outage has taken down millions of websites, including Amazon.com, PrimeVideo, Perplexity AI, Canva and more. […]
American Airlines Subsidiary Envoy Air Hit by Oracle Hack
Envoy Air, which operates the American Eagle brand, has confirmed that business information was stolen by hackers.
The post American Airlines Subsidiary Envoy Air Hit by Oracle Hack appeared first on SecurityWeek.
MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems
China on Sunday accused the U.S. National Security Agency (NSA) of carrying out a “premeditated” cyber attack targeting the National Time Service Center (NTSC), as it described the U.S. as a “hacker empire” and the “greatest source of chaos in cyberspace.”
The Ministry of State Security (MSS), in a WeChat post, said it uncovered “irrefutable evidence” of the agency’s involvement in the intrusion
The Ministry of State Security (MSS), in a WeChat post, said it uncovered “irrefutable evidence” of the agency’s involvement in the intrusion
China Accuses US of Cyberattack on National Time Center
The Ministry of State Security alleged that the NSA exploited vulnerabilities in the messaging services of a foreign mobile phone brand to steal sensitive information.
The post China Accuses US of Cyberattack on National Time Center appeared first on SecurityWeek.