Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut down its systems and leaving clients unable to operate their business normally. […]
Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
Crypto exchange Kraken revealed that an unnamed security researcher exploited an “extremely critical” zero-day flaw in its platform to steal $3 million in digital assets and refused to return them.
Details of the incident were shared by Kraken’s Chief Security Officer, Nick Percoco, on X (formerly Twitter), stating it received a Bug Bounty program alert about a bug that “allowed them to
Details of the incident were shared by Kraken’s Chief Security Officer, Nick Percoco, on X (formerly Twitter), stating it received a Bug Bounty program alert about a bug that “allowed them to
Chinese Cyber Espionage Group Exploits Fortinet, Ivanti and VMware Zero-Days
The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments.
“Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available
“Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available
“Researchers” exploit Kraken exchange bug, steal $3 million in crypto
The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds. […]
New Case Study: Unmanaged GTM Tags Become a Security Nightmare
Are your tags really safe with Google Tag Manager? If you’ve been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it forgot that you can’t afford to allow tags to go unmanaged or become misconfigured.
Read the
Read the
Void Arachne Uses Deepfakes and AI to Deliver Malicious VPNs to Chinese Users
Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0.
“The campaign also promotes compromised MSI files embedded with nudifiers and deepfake pornography-generating software, as well as
“The campaign also promotes compromised MSI files embedded with nudifiers and deepfake pornography-generating software, as well as
Warning: Markopolo’s Scam Targeting Crypto Users via Fake Meeting Software
A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft.
The attack chains involve the use of a purported virtual meeting software named Vortax (and 23 other apps) that are used as a conduit to deliver Rhadamanthys, StealC,
The attack chains involve the use of a purported virtual meeting software named Vortax (and 23 other apps) that are used as a conduit to deliver Rhadamanthys, StealC,
Mailcow Mail Server Flaws Expose Servers to Remote Code Execution
Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances.
Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues were responsibly disclosed by SonarSource on March 22, 2024.
The flaws
Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues were responsibly disclosed by SonarSource on March 22, 2024.
The flaws
Microsoft says bug causes Windows 10 apps to display Open With dialogs
Microsoft has confirmed that Windows 10 apps will mistakenly display an “How do you want to open this file?” dialog box when attempting to right-click on the program’s icon and perform a registered task. […]
Microsoft says bug causes Windows apps to display Open With dialogs
Microsoft has confirmed that Windows 10 apps will mistakenly display an “How do you want to open this file?” dialog box when attempting to right-click on the program’s icon and perform a registered task. […]