Cybersecurity

Iran Dupes US Military Contractors, Gov’t Agencies in Cyber Campaign

An elite team of Iranian state-sponsored hackers successfully infiltrated hundreds of thousands of employee accounts at US companies and government agencies, according to the Feds, as part of a multiyear cyber espionage campaign aimed at stealing military secrets. The US Departments of Treasury and State are among those compromised in the elaborate campaign, which lasted […]

Cybersecurity

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites Pierluigi Paganini April 22, 2024 Japan’s CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads to the server. Japan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities, including a […]

Cybersecurity

Ongoing Azure Compromises Target Senior Execs, Microsoft 365 Apps

Dozens of environments and hundreds of individual user accounts have already been compromised in an ongoing campaign targeting Microsoft Azure corporate clouds. The activity is in some ways scattershot — involving data exfiltration, financial fraud, impersonation, and more, against organizations in a wide variety of geographic regions and industry verticals — but also very honed, […]

Cybersecurity

Hundreds of network operators’ credentials found circulating in Dark Web

Hundreds of network operators’ credentials found circulating in Dark Web Pierluigi Paganini January 30, 2024 Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and LACNIC are available on the dark web, Resecurity warns. Resecurity conducted a thorough scan of the Dark Web and identified over 1,572 compromised customers of RIPE, Asia-Pacific Network Information […]

Cybersecurity

Convincing LinkedIn ‘Profiles’ Target Saudi Workers for Information Leakage

Attackers have used hundreds of fake profiles on LinkedIn — many very convincing — to target professionals at companies in Saudi Arabia, not only for financial fraud, but to convince employees in specific roles to provide sensitive corporate information. In a presentation at the Black Hat Middle East and Africa conference last month, researchers said […]

Cybersecurity

BBTok Banking Trojan Impersonates 40+ Banks to Hijack Victim Accounts

Threat actors are targeting hundreds of banking customers in Latin America with a new variant of an existing banking Trojan that replicates the interfaces of more than 40 Mexican and Brazilian banks. The campaign is aimed at tricking infected victims into giving up two-factor authentication (2FA) and/or payment-card details so attackers can hijack their bank […]

  • 1
  • 2