The Federal Communications Commission is warning mobile phone service providers to ensure they are shielding customers from cybercriminals who use fraudulent SIM swaps to take over unwitting victims’ mobile phone accounts. The warning comes on the heels of a Cyber Safety Review Board (CSRB) finding announced in August. The board detailed the operations of the […]
Dec 12, 2023NewsroomVulnerability / Software Security Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed “file upload logic” that could enable unauthorized path traversal and could be […]
A city in North Carolina is warning government employees that data from its systems may have been accessed in a pre-Thanksgiving holiday incident. The City of Hendersonville — a town of more than 15,000 located near the Blue Ridge Mountains about 30 minutes from Asheville — released a notice this week warning that a group […]
The United Kingdom and South Korea issued a joint advisory warning about software supply chain attacks from North Korean (DPRK) state-linked hackers. The advisory was published Thursday as the nations’ two governments announced a new strategic cyber partnership, pledging to work together “to disrupt and deter DPRK malicious cyber capabilities and activities that contribute to […]
Nov 24, 2023NewsroomCloud security / Data Protection Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks. “These encoded Kubernetes configuration secrets were uploaded to public repositories,” Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new research published earlier this week. Some […]
The federal government is warning current and former public service employees and members of the RCMP and Canadian Armed Forces their personal and financial information may have been accessed in a data breach that occurred on Oct. 19. The breach affects federal government data held by Brookfield Global Relocation Services (BGRS) and SIRVA […]
Security researchers with eSentire, a top global cybersecurity solutions provider, are warning that Russian-speaking affiliates of the ransomware gang ALPHV/BlackCat are attacking corporations and public entities in the Americas and Europe. In the past three weeks, we have seen these affiliates attempt to breach a law firm, a manufacturer, and a warehouse provider within our […]
Nov 15, 2023NewsroomNetwork Securit / Vulnerability VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. “On an […]
Beware! Researchers are warning about a rise in crypto spam and scam messages that leverage the “Release scores” feature of Google Forms quizzes to deliver emails. These spam messages ask victims to invest in crypto or share their details. Here’s how it works According to Cisco Talos, spammers exploit Google Forms to create quizzes and […]