The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds. […]
New Case Study: Unmanaged GTM Tags Become a Security Nightmare
Are your tags really safe with Google Tag Manager? If you’ve been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it forgot that you can’t afford to allow tags to go unmanaged or become misconfigured.
Read the
Read the
Void Arachne Uses Deepfakes and AI to Deliver Malicious VPNs to Chinese Users
Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0.
“The campaign also promotes compromised MSI files embedded with nudifiers and deepfake pornography-generating software, as well as
“The campaign also promotes compromised MSI files embedded with nudifiers and deepfake pornography-generating software, as well as
Warning: Markopolo’s Scam Targeting Crypto Users via Fake Meeting Software
A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft.
The attack chains involve the use of a purported virtual meeting software named Vortax (and 23 other apps) that are used as a conduit to deliver Rhadamanthys, StealC,
The attack chains involve the use of a purported virtual meeting software named Vortax (and 23 other apps) that are used as a conduit to deliver Rhadamanthys, StealC,
Mailcow Mail Server Flaws Expose Servers to Remote Code Execution
Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances.
Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues were responsibly disclosed by SonarSource on March 22, 2024.
The flaws
Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues were responsibly disclosed by SonarSource on March 22, 2024.
The flaws
Microsoft says bug causes Windows 10 apps to display Open With dialogs
Microsoft has confirmed that Windows 10 apps will mistakenly display an “How do you want to open this file?” dialog box when attempting to right-click on the program’s icon and perform a registered task. […]
Microsoft says bug causes Windows apps to display Open With dialogs
Microsoft has confirmed that Windows 10 apps will mistakenly display an “How do you want to open this file?” dialog box when attempting to right-click on the program’s icon and perform a registered task. […]
AMD investigates breach after data for sale on hacking forum
AMD is investigating whether it suffered a cyberattack after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains AMD employee information, financial documents, and confidential information. […]
ONNX phishing service targets Microsoft 365 accounts at financial firms
A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments. […]
VMware fixes critical vCenter RCE vulnerability, patch now
VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. […]