Saturday, March 25, 2023
Infosecurity Magazine

CISA Unveils Ransomware Notification Initiative

Provides businesses with early warnings to evict threat actors before they can encrypt data
Infosecurity Magazine

WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites

The vulnerability could allow an unauthenticated attacker to gain admin privileges and take over a website
Infosecurity Magazine

GitHub Updates Security Protocol For Operations Over SSH

The move reportedly did not stem from a compromise of GitHub systems or customer information
Infosecurity Magazine

Now UK Parliament Bans TikTok from its Network and Devices

Further blow for Chinese social media app
Infosecurity Magazine

IRS Phishing Emails Used to Distribute Emotet

Monster 500MB attachment hides a nasty surprise
Infosecurity Magazine

Fifth of Execs Admit Security Flaws Cost Them New Biz

Business leaders still underestimate importance of security to growth
Infosecurity Magazine

China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers

The deployment of custom credential theft malware is the main novelty of the new campaign
Infosecurity Magazine

SharePoint Phishing Scam Targets 1600 Across US, Europe

Cyber-criminals used the scam to steal the credentials for various email accounts
Infosecurity Magazine

New Post-Exploitation Attack Method Found Affecting Okta Passwords

The flaw derives from the way the Okta system records failed login attempts to instances
Infosecurity Magazine

UK Government Sets Out Vision for NHS Cybersecurity

Plans to boost cyber-resilience in the health service by 2030
Infosecurity Magazine

Malicious ChatGPT Chrome Extension Hijacks Facebook Accounts

Software was unwittingly downloaded thousands of times
Infosecurity Magazine

Irish Food Giant Dole Admits Employee Data Breach

Incident was linked to previously disclosed ransomware attack
Infosecurity Magazine

BreachForums Shuts Down After Admin's Arrest

The forum's admin said the move might be temporary and that they will set up a new Telegram group
Infosecurity Magazine

New Android Banking Trojan 'Nexus' Promoted As MaaS

Nexus offers overlay attacks and keylogging activities designed to steal victims' credentials
Infosecurity Magazine

CISA and NSA Enhance Security Framework With New IAM Guide

Guidance includes best practices for identity governance, environmental hardening, SSO, MFA and IAM auditing
The Hacker News

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal...
The Hacker News

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The glitch, which came to light on...
SecurityWeek

US Charges 20-Year-Old Head of Hacker Site BreachForums

The US Justice Department charged Conor Brian Fitzpatrick, founder of BreachForums, a major underground website for computer hackers. The post US Charges 20-Year-Old Head of Hacker Site BreachForums appeared first on SecurityWeek.
SC Magazine

Dish customers struggle with service disruptions weeks after ransomware attack

Customers complain that they are still having payment issues and are not able to contact customer service weeks after Dish Network suffered a ransomware attack.
Security Affairs

CISA announced the Pre-Ransomware Notifications initiative

The US Cybersecurity and Infrastructure Security Agency (CISA) announced the Pre-Ransomware Notifications service to help organizations stop ransomware attacks before damage occurs. The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of...