🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
22 AprThousands of Palo Alto Firewalls Potentially Impacted by Exploited VulnerabilityShadowserver has identified roughly 6,000 internet-accessible Palo Alto Networks firewalls potentially vulnerable to CVE-2024-3400. The post Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
22 AprCitrix UberAgent Flaw Let Attackers Elevate PrivilegesA significant vulnerability has been identified in Citrix’s monitoring tool, uberAgent. If exploited, this flaw could allow attackers to escalate their privileges within the system, posing a serious risk to organizations using affected software versions. CVE-2024-3902 ̵…GBHACKERS.COM
22 AprAndroxgh0st Malware Compromises Servers Worldwide for Botnet AttackAndroxgh0st operators are exploiting multiple CVEs, including CVE-2021-3129 and CVE-2024-1709 to deploy a web shell on vulnerable servers, granting remote control capabilities. Evidence also suggests active web shells associated with CVE-2019-2725.HACKREAD.COM
22 AprAnalyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentialsSince 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions. Microsoft has issued a security update addressing this vulnerability as CVE-2022-38028. The post Analyzing Forest B…MICROSOFT.COM
22 AprMore attacks target recently patched critical flaw in Palo Alto Networks firewallsAn increasing number of attackers are trying to exploit a critical vulnerability in firewall appliances from Palo Alto Networks after proof-of-concept exploit code was published last week. The flaw was originally reported on April 12th as a zero-day after an APT group was found e…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
22 Apr6 security items that should be in every AI acceptable use policyAn AI acceptable use policy (AI AUP) serves as a foundational component of an organization’s security framework, helping to mitigate risks and promote the responsible use of AI technologies. Broadly speaking, an AI acceptable use policy is a set of rules and guidelines that gover…CSOONLINE.COM
22 AprHelloKitty Ransomware Rebrands, Releases CD Projekt and Cisco DataAn operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks.BLEEPINGCOMPUTER.COM
22 AprApple Removes WhatsApp & Threads from its App Store for ChinaWith the tightening grip of Chinese regulatory measures on foreign digital services, Apple Inc. has removed several major messaging apps, including WhatsApp and Threads by Meta Platforms, from its App Store in China. This decision follows direct orders from the Chinese government…GBHACKERS.COM
22 AprCyber Security Today, April 22, 2024 - Vulnerability found in CrushFTP file transfer software, security updates for Cisco's controller management application, and moreThis episode reports on a new campaign to steal credentials from LastPass users, a warning to admits of Ivanti Avalanche mobile device management software, and moreCYBERSECURITYTODAY.LIBSYN.COM
22 AprResearchers Uncover Windows Flaws Granting Hackers Rootkit-Like PowersNew research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. "When a user executes a function that has a path argument in Windows, the DOS p…THEHACKERNEWS.COM
22 AprCrushFTP Servers Zero-day Under Active Attack: Update NowCrushFTP is a file transfer server that supports secure protocols, offers easier configuration, and offers powerful monitoring tools. It also provides a web interface that allows users to transfer files using a web browser. A critical vulnerability associated with FileSystem esca…GBHACKERS.COM
22 AprMITRE Hacked by State-Sponsored Group via Ivanti Zero-DaysMITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability. The post MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days appeared first on SecurityWeek .SECURITYWEEK.COM
22 AprAlert! Zero-day Exploit For WhatsApp Advertised On Hacker ForumsA zero-day exploit targeting the popular messaging app WhatsApp has been advertised on underground hacker forums. The exploit has raised serious concerns regarding the safety of users on Android and iOS platforms. This exploit is reported to have the potential to significantly co…GBHACKERS.COM
22 AprVMware ESXi Shell Service Exploit on Hacking Forums: Patch NowA new exploit targeting VMware ESXi Shell Service has been discovered and is circulating on various hacking forums. This vulnerability poses a significant risk to organizations using VMware for their virtual environments, potentially allowing unauthorized access and control over …GBHACKERS.COM
22 AprWindows MagicDot Path Flaw Lets Attackers Gain Rootkit-Like AbilitiesA new vulnerability has been unearthed, allowing attackers to gain rootkit-like abilities on Windows systems without requiring administrative privileges. Dubbed “MagicDot,” this vulnerability exploits the DOS-to-NT path conversion process within the Windows operating …GBHACKERS.COM
22 AprMITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti FlawsThe MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization …THEHACKERNEWS.COM
22 AprMitre Corporation targeted by nation-state threat actorsMitre Corporation, a non-profit organization that operates federally funded research and development centers (FFRDCs) on behalf of the US government, has revealed a major breach in its Networked Experimentation, Research, and Virtualization Environment (NERVE), a collaborative ne…CSOONLINE.COM
22 AprResearchers Uncover Windows Flaws Granting Hackers Rootkit-Like PowersNew research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.THEHACKERNEWS.COM
22 AprMalware Developer Lures Child Exploiters Into Honeytrap to Extort ThemThreat actors created a website to impersonate UsenetClub, a subscription service for "uncensored" access to images and videos downloaded from Usenet. They claimed to provide free access to the site after the installation of a "CryptVPN" software.BLEEPINGCOMPUTER.COM
22 AprDon’t be afraid of GenAI code, but don’t trust it until you test it“You are what you eat” applies figuratively to humans. But it applies literally to the large language models (LLM) that power generative artificial intelligence (GenAI) tools. They really are what they eat. If the massive datasets fed to LLMs from websites, forums, repositories, …CSOONLINE.COM
22 AprCrushFTP Patches Exploited Zero-Day VulnerabilityCrushFTP patches a zero-day vulnerability allowing unauthenticated attackers to escape the VFS and retrieve system files. The post CrushFTP Patches Exploited Zero-Day Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
22 AprHackers Group Claims To Have Broke Into IDF & Stolen DocumentsAnonymous claims a successful cyberattack against the Israeli Defence Force (IDF), gaining access to 20 gigabytes of data, which allegedly includes over 233,000 military documents in various formats, like PDFs, Word files, and presentations. The IDF considers the authentici…GBHACKERS.COM
22 AprDevSecOps: Still a challenge but more achievable than everIt’s been said before—long before. It’s the 18th-century philosopher Voltaire who gets credit for the timeless proverb “Perfect is the enemy of good.” But here we are, centuries later, and it’s still relevant—in this case to modern software development. If you try to make softwar…CSOONLINE.COM
22 AprHow application security can create velocity at enterprise scaleModern software has completely transformed the way organizations operate and compete in the market. With the increasing demand for secure and reliable software delivered at scale, the pressure to meet time-to-market deadlines has never been greater. To manage software risk and al…CSOONLINE.COM
22 AprMalicious PyPI Package Attacking Discord Users To Steal CredentialsHackers often target PyPI packages to exploit vulnerabilities and inject malicious code into widely used Python libraries. Recently, cybersecurity researchers at FortiGuard Labs identified a malicious PyPI package attacking Discord users to steal credentials. The malicious PyPI p…GBHACKERS.COM
22 AprUsing Legitimate GitHub URLs for MalwareInteresting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg . The attac…SCHNEIER.COM
22 AprSynlab Italia suspends operations following ransomware attackSynlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. [...]BLEEPINGCOMPUTER.COM
22 AprMicrosoft: APT28 hackers exploit Windows flaw reported by NSAMicrosoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. [...]BLEEPINGCOMPUTER.COM
22 AprDependency Confusion Vulnerability Found in Apache ProjectThe exploit occurs when referencing a private/local package, which inadvertently fetches a malicious package similarly named from the public registry due to misconfigurations in package managers.INFOSECURITY-MAGAZINE.COM
22 AprRussian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery SchemeThe head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-c…KREBSONSECURITY.COM
22 AprStudy: GPT-4 Agent Can Exploit Unpatched VulnerabilitiesResearchers Keep Prompts Under Wraps Academics at a U.S. university found that if you feed a GPT-4 artificial intelligence agent public security advisories, it can exploit unpatched "real-world" vulnerabilities without precise technical information. Researchers said OpenAI asked …DATABREACHTODAY.CO.UK
22 AprMicrosoft: APT28 hackers exploit Windows flaw reported by NSAMicrosoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. [...]BLEEPINGCOMPUTER.COM
22 AprReport: Russian Hackers Targeting Ukrainian Soldiers on AppsRussian Hackers Using Open-Source Malware on Popular Messaging Apps, Report Says Ukraine's Computer Emergency Response Team is warning in an April report that a Russian hacking group known as UAC-0184 is using open-source malware to target Ukrainian soldiers on popular messaging …DATABREACHTODAY.CO.UK
22 AprWhat does DoD’s CMMC Requirement Mean for American Businesses - Edward Tuorinsky - BSW #347Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover: - The bac…YOUTUBE.COM
📢 SECURITY ADVISORIES 11[−]
22 AprUK Cyber Agency NCSC Announces Richard Horne as its Next Chief ExecutiveThe hire marks another coup for the British public sector in poaching talent from the technology industry, particularly at the executive level, following the recruitment of Ollie Whitehouse as the NCSC’s chief technology officer earlier this year.THERECORD.MEDIA
22 AprGiving NIST Digital Identity Guidelines a Boost: Supplement for Incorporating Syncable AuthenticatorsWe all need supplements sometimes. Whether it’s a little extra vitamin C during flu season or some vitamin D during the dark days of Winter. When used correctly, supplements help our body adjust to the changing conditions around us. Similarly, we are applying this same concept fo…NIST.GOV
22 AprCISA Releases Physical Security Checklist to Help Election Officials Secure Polling LocationsCISA.GOV
22 Apr7 Tips for Complying With Healthcare Fraud RegulationsAttorney Rachel Rose on Navigating the Intensifying Scrutiny of Federal Regulators The federal government is cracking down on healthcare fraud in all forms including kickbacks, lapses in cybersecurity and privacy, lack of fairness in Medicare Advantage policies, and inflated phar…DATABREACHTODAY.CO.UK
22 AprUS government says security flaw in Chirp Systems’ app lets anyone remotely control smart home locksCISA said Chirp Systems ignored the federal agency and the reporting security researcher. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
22 Apr[NEW GAME] The Inside Man: New Recruits GameWe released a new game, now available on the KnowBe4 Modstore. I played it myself and this is recommended for all Inside Man fans! "Mark Shepherd, The Inside Man himself, is recruiting a crack security team to thwart the sinister ‘Handler’. Your mission is to accumula…KNOWBE4.COM
22 AprUnraveling the "Materiality" Mystery: A CISO's Guide to SEC Compliance - Mike Lyborg - BSW #347The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at Swimlane, joins Business Security Weekly to discuss how to prepare. In this interview he'll discus…YOUTUBE.COM
🔥 INCIDENT REPORTING 15[−]
22 AprCannes Hospital Cancels Medical Procedures Following CyberattackCannes Hospital Centre – Simone Veil cancels medical procedures after shutting down systems in response to a cyberattack. The post Cannes Hospital Cancels Medical Procedures Following Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
22 AprHellokity Ransomware Actors Returns Under New NameThe notorious cybercrime group previously known as Hellokity has reemerged under a new alias, “HelloGookie.” This development was reported by the cybersecurity watchdog MonThreat via their Twitter account. Hellokity, known for its high-profile cyber-attacks, has been …GBHACKERS.COM
22 AprT2 - 85,894 breached accountsIn April 2024, 86k records from the T2 tea store were posted to a popular hacking forum . Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes.HAVEIBEENPWNED.COM
22 AprGUEST ESSAY: Here’s why securing smart cities’ critical infrastructure has become a top priorityCritical infrastructure like electrical, emergency, water, transportation and security systems are vital for public safety but can be taken out with a single cyberattack. How can cybersecurity professionals protect their cities? In 2021, a lone hacker infiltrated a water treatmen…LASTWATCHDOG.COM
22 AprJavaScript Malware Switches to Server-Side Redirects and Uses DNS TXT Records as TDSA malware campaign was found injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains, specifically using dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs.SUCURI.NET
22 AprResearchers Claim that Windows Defender Can Be BypassedCybersecurity experts from SafeBreach have revealed a series of vulnerabilities that could allow attackers to remotely delete files on a computer using Windows Defender, potentially leading to data loss and system instability. Tomer Bar and Shmuel Cohen, seasoned security researc…GBHACKERS.COM
22 AprRising Ransomware Issue: English-Speaking Western AffiliatesSecurity experts say Western teenagers comprise a number of active affiliate groups, many with ties to the cybercrime community that calls itself "The Community," aka the Com or Comm.HEALTHCAREINFOSECURITY.COM
22 AprReport: 51% of Enterprises Experienced a Breach Despite Large Security StacksThreat actors are continuing to successfully breach across the entire attack surface. Around 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result, according to a survey by Pentera.HELPNETSECURITY.COM
22 AprRansomware Double-Dip: Re-Victimization in Cyber ExtortionBetween crossovers - Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimizatio…THEHACKERNEWS.COM
22 AprPentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous ValidationOver the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises deploy an average of 53 different security solutions to safeguar…THEHACKERNEWS.COM
22 AprRural Texas Towns Report Cyberattacks That Caused One Water System to OverflowA hack that caused a small Texas town’s water system to overflow in January has been linked to a shadowy Russian hacktivist group, the latest case of a U.S. public utility becoming a target of foreign cyberattacks. The post Rural Texas Towns Report Cyberattacks That Caused One Wa…SECURITYWEEK.COM
22 Apr4 out of 5 of Physicians Were Impacted by February’s Cyber Attack on Change HealthcareA new survey of physicians details the devastating impact of the Change Healthcare cyber attack on the healthcare sector.KNOWBE4.COM
22 AprBeware Of Weaponized Zip Files That Deliver WINELOADER MalwareAPT29, a Russian threat group, targeted German political parties with a new backdoor called WINELOADER using spear-phishing emails containing malicious links to ZIP files hosted on compromised websites. The ZIP files deployed an HTA that initiated a multi-stage infection chain, d…GBHACKERS.COM
22 AprRussian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data TheftThe threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harve…THEHACKERNEWS.COM
22 AprFeds Issue Guide for Change Health Breach Reporting DutiesHHS OCR Says the Company Has Not Yet Filed HIPAA Breach Reports to the Agency The Department of Health and Human Services has not yet received HIPAA breach reports from Change Healthcare or parent company UnitedHealth Group about their massive cyberattack. HHS is telling HIPAA-co…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 13[−]
22 AprISC Stormcast For Monday, April 22nd, 2024 https://isc.sans.edu/podcastdetail/8948, (Mon, Apr 22nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
22 AprMicrosoft Warns: North Korean Hackers Turn to AI-Fueled Cyber EspionageMicrosoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient. "They are learning to use tools powered by AI large language models (LLM) to make their operations more e…THEHACKERNEWS.COM
22 AprIt appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years, (Mon, Apr 22nd)It has been nearly three years since we last looked at the number of industrial devices (or, rather, devices that communicate with common OT protocols, such as Modbus/TCP, BACnet, etc.) that are accessible from the internet[ 1 ]. Back in May of 2021, I wrote a slightly …ISC.SANS.EDU
22 AprRussian Sandworm hackers targeted 20 critical orgs in UkraineRussian hacker group Sandworm aimed to disrupt operations at around 20 critical infrastructure facilities in Ukraine, according to a report from the Ukrainian Computer Emergency Response Team (CERT-UA). [...]BLEEPINGCOMPUTER.COM
22 AprBSides Tampa 2023 - 16 talkssubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/73d59b1e-4b54-4b07-b152-3491e2b0721e.png BSides Tampa 2023 PlaylistINFOSEC.PUB
22 AprMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 2 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
22 AprKudos! CEO Reveals He Got PhishedThe other day I was participating in a company’s employee meeting when the CEO revealed he had been “caught” that morning by a real phishing attack email.KNOWBE4.COM
22 AprResearch Shows How Attackers Can Abuse EDR Security ProductsVulnerabilities in Palo Alto Networks Cortex XDR allowed a security researcher to turn it into a malicious offensive tool. The post Research Shows How Attackers Can Abuse EDR Security Products appeared first on SecurityWeek .SECURITYWEEK.COM
22 AprGitLab affected by GitHub-style CDN flaw allowing malware hostingBleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue …BLEEPINGCOMPUTER.COM
22 AprMultifactor Authentication Bypass Attacks: Top DefensesJoe Toomey of Cyber Insurer Coalition Details Rise in Attacks Targeting Weak MFA Adversaries seeking easy access to enterprise networks continue to probe for weak multifactor authentication deployments, oftentimes via nontargeted attacks that lead to phishing pages designed to st…DATABREACHTODAY.CO.UK
22 AprOlympians Tout AI in SportsInternational Olympics Committee Publishes AI Strategy Olympic Games organizers on Friday in London touted artificial intelligence for its potential to revolutionize sports and rolled out a framework the International Olympics Committee said will guide responsible use of AI. Pari…DATABREACHTODAY.CO.UK
22 AprRussian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theftsubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://thehackernews.com/2024/04/russian-hacker-group-toddycat-uses.html?m=1THEHACKERNEWS.COM
22 AprHHS Beefs Up Privacy Protection for Reproductive Health InfoFinalizes HIPAA Privacy Rule Changes Involving PHI Related to Reproductive Care Healthcare providers are prohibited from disclosing protected health information related to lawful reproductive healthcare, according to a final rule released Monday by federal regulators. The new HIP…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 4[−]
22 AprEarth Day 2024: Sophos Supports this Year’s Planet vs. Plastics CampaignTo mark Earth Day on April 22, and its theme of Planet vs. Plastics, Sophos employees are being encouraged to use their Sophos Volunteering hours to take part in practical opportunities to join the fight against plastic pollution, as well as take part in a series of wellbeing web…SOPHOS.COM
22 AprResearchers Find Dozens of Fake E-Zpass Toll Websites After FBI WarningResearchers from cybersecurity firm DomainTools told Recorded Future News that they have found nearly 30 newly created domains related to tolls, 15 of which have a “high chance of being weaponized for phishing, malware, or spam.”THERECORD.MEDIA
22 AprUkrainian Soldiers’ Apps Increasingly Targeted for Spying, Cyber Agency WarnsThe agency is attributing the surge to a group tracked as UAC-0184, which was spotted in February targeting an unnamed Ukrainian entity in Finland. CERT-UA does not attribute UAC-0184’s activity to any specific foreign cyber threat group.THERECORD.MEDIA
22 AprFrom Water to Wine: An Analysis of WINELOADERA recent malware campaign used weaponized ZIP files to distribute the WINELOADER malware. The attackers send phishing emails with ZIP attachments that, when extracted, execute a PowerShell script to download and install the malware.SPLUNK.COM
🎙️ PODCASTS 1[−]
22 AprBenefits of a Unified CNAPP and XDR PlatformIn this episode of the "Cybersecurity Insights" podcast, Uptycs CEO Ganesh Pai discusses unifying XDR and CNAPP to improve visibility and explains the coming shift from behavioral detection to outlier or anomaly detection, which uses sophisticated ML and AI.DATABREACHTODAY.CO.UK
📡 INFOSEC NEWS 7[−]
22 AprJury Dishes Out Guilty Verdict in Mango Markets Fraud CaseA New York federal jury found a hacker guilty of all charges that he masterminded and carried out a scheme to fraudulently obtain $110 million from cryptocurrency exchange Mango Markets and investors.BANKINFOSECURITY.COM
22 AprNATO to Launch New Cyber Center to Contest Cyberspace ‘At All Times'The new facility, details about which have not previously been reported, marks the fruition of a significant doctrinal shift in how the alliance approaches operations in cyberspace.THERECORD.MEDIA
22 AprCritical Flaw in the Forminator Plugin Impacts Hundreds of Thousands of WordPress SitesJapan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities, including a flaw that allows unrestricted file uploads to the server.SECURITYAFFAIRS.COM
22 AprCryptocurrency fraud with Toncoin on Telegram | Kaspersky official blogCryptocurrency scammers have devised a new "earning" scheme: they encourage users to buy Toncoin, invite friends through referral links, and then make big profits from their investments.KASPERSKY.COM
22 AprMalicious PyPI Package Attacking Discord Users to Steal CredentialsA malicious PyPI package named "discordpy_bypass-1.7" was detected on March 12, 2024. This package is designed to extract sensitive information from user systems using a blend of persistence techniques, browser data extraction, and token harvesting.FORTINET.COM
22 AprUnitedHealth says Change hackers stole health data on ‘substantial proportion of people in America’The health tech giant processes 15 billion health transactions a year, and handles health information for about half of all Americans. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM