Taiwan-based QNAP Systems on Friday announced patches for a dozen vulnerabilities across its product portfolio, including high-severity flaws in its operating system. The first of the high-severity issues is CVE-2023-39296, which is described as a prototype pollution flaw that could allow remote attackers “to override existing attributes with ones that have an incompatible type, which […]
Set your clocks to LP4 Closing out 2023 with the BADBADNOTGOOD collaborative EP New Heart Designs EP; offering nu-jazz reimaginings of cuts from their 2021 mega breakout Glow On – in a similar vein to the Mall Grab collab Share A View EP which followed 2018’s sophomore smash Time & Space) – Turnstile have seemingly […]
The websites and online services for multiple Chambers of Crafts in Germany are down following a “security incident” that appears to have impacted a managed service provider. A statement on the parent organization’s website, which is still online, says that the cyberattack affected an unidentified IT service’s data center and was discovered during the first […]
Saudi Ministry exposed sensitive data for 15 months Pierluigi Paganini January 08, 2024 Saudi Ministry of Industry and Mineral Resources (MIM) had an environment file exposed, opening up sensitive details for anybody willing to take them. The Cybernews research team believes that the sensitive data was accessible for 15 months. An environment (env.) file serves […]
Fraud Management & Cybercrime , Healthcare , Industry Specific State AG Settlement Comes After 2021 Lorenz Ransomware Attack on Health Center Marianne Kolbasuk McGee (HealthInfoSec) • January 8, 2024 Image: Refuah Health Center The New York attorney general fined a federally funded health center that provides services to underserved communities up to $450,000 […]
The authentication bypass flaw in OFBiz allows attackers to remotely execute arbitrary code and access sensitive information. Upgrading to OFBiz version 18.12.11 is crucial to patch both this zero-day vulnerability and another equally serious hole.
Details about a Christmas-season ransomware attack on a global Christian organization became clearer this week as a cybercrime gang took credit for what appears to be a related theft of data. The World Council of Churches (WCC), an inter-church organization, said on December 28 that it had been victimized by ransomware, but did not offer […]
The LockBit ransomware gang took credit for a November attack on a hospital system that forced multiple facilities in New Jersey and Pennsylvania to cancel appointments and operate without patient files. This weekend, LockBit posted Capital Health to its extortion website, threatening to leak seven terabytes of stolen data from the company. The gang claimed […]
FortiGuard Labs researchers recently encountered a new Lumma Stealer campaign that leverages YouTube channels for propagation. The attackers are strategically compromising YouTube accounts and uploading videos that pretend to offer cracked software for legitimate video editing tools such as Vegas Pro. Modus operandi According to researchers, these videos contain embedded malicious URLs, enticing users to […]