Cybersecurity
Category Added in a WPeMatico Campaign
The Bitcoin ATM operator, CoinFlip recently filed a data breach notice with the official Vermont Government. The CoinFlip data breach notification was also shared with its customers in September this year. However, it was not reported in the media, also due to the absence of the same being claimed by a cybercriminal group. This leaves […]
ESET Research ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible Matthieu Faou 25 Oct 2023 • , 5 min. read ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began […]
New England Biolabs leak sensitive data Pierluigi Paganini October 25, 2023 On September 18th, the Cybernews research team discovered two publicly hosted environment files (.env) attributed to New England Biolabs. Leaving environment files open to the public is one of the simplest mistakes that web admins can make, but it can have disastrous consequences. Despite […]
AI has been the shiniest thing in tech since at least November 2022, when ChatGPT was made available to the masses and unveiled the transformative potential of large language models for all the world to see. As businesses scramble to take the lead in operationalizing AI-enabled interfaces, ransomware actors will use it to scale their […]
The Cybersecurity and Infrastructure Security Agency (CISA) is working with industry stakeholders and government agencies on a new version of the National Cyber Incident Response Plan (NCIRP) — the framework that outlines the country’s response to significant cyber incidents. The updated plan was mandated in the 2023 National Cybersecurity Strategy, and CISA is now working […]
Oct 25, 2023NewsroomThreat Intelligence / Vulnerability The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims’ accounts. “Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube,” ESET security researcher Matthieu Faou said […]
Oct 25, 2023Newsroom Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings uncovered in Booking[.]com and Expo. The weaknesses, now addressed by the respective companies following responsible disclosure between February and April 2023, could have allowed malicious actors […]
A global coalition of government cybersecurity leaders will announce efforts to boost information sharing about digital threats and take on nefarious cryptocurrency payments when they convene in Washington next week, a senior White House official said on Tuesday. The Biden administration is set to host officials from 50 countries next week for its International Counter […]
The Transportation Security Administration (TSA) renewed cybersecurity directives for passenger and freight railroad carriers that were set to expire on Tuesday. The rules — split into three separate directives — mandate that operators test parts of their cybersecurity incident response plans every year, submit annual updated cybersecurity assessment plans to TSA and report on the […]