Cybersecurity
Category Added in a WPeMatico Campaign
Oct 26, 2023NewsroomCyber Threat / Malware The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. “IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader […]
Popular typing assistant Grammarly said it has fixed vulnerabilities affecting user logins after being notified by a security company of the issues. The bugs affected social sign-in — when someone accesses a web service through their existing credentials for a platform like Facebook or Google — and were caused by issues with implementations of Open […]
Oct 26, 2023NewsroomVulnerability / Network Security Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version 4.4.1 released on October 6, 2023. “This is […]
Oct 26, 2023NewsroomEndpoint Protection / Malware A relatively new threat actor known as YoroTrooper is likely made of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani entities, barring the […]
A significant data breach has allegedly compromised Airbnb’s security, potentially exposing the personal information of 1.2 million users. A threat actor, who goes by the name ‘Sheriff’ on the darkweb, has come forward, claiming the Airbnb data breach, which includes sensitive details such as names, email addresses, countries of residence, cities, and more. Airbnb Data […]
Thousands of Massachusetts customers who use the Bank of Canton may have had personal information, such as account numbers and social security numbers, exposed following a data breach, a bank spokesperson confirmed to Boston 25. Approximately 9,540 people who use the Bank of Canton may have had their banking information exposed after Fiserv, one of […]
Oct 25, 2023NewsroomVulnerability / Cyber Threat VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol. “A malicious […]
Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian. The actor also appears to have a defensive interest in the website of the Kazakhstani state-owned email service and […]
Suspected Russian cybercriminals have increased their attacks against Ukrainian financial and government organizations using Smokeloader malware, according to Ukrainian cybersecurity officials. Since May of this year, the malware operators have targeted Ukrainian organizations with intense phishing attacks, primarily attempting to infiltrate their systems and steal sensitive information, according to research published Tuesday by Ukraine’s National […]