WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
27Mar By RBNo Comments
News

WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites

The WordPress content management system (CMS) payment solution plugin WooCommerce has been found to contain vulnerable code that might grant an unauthenticated attacker access to administrative capabilities and take control of a website. The information was discovered by Wordfence's WordPress security specialists, who also detailed the crucial authentication bypass in a blog post on Thursday. Senior threat researcher Ram Gall's Wordfence blog post details how the team discovered the vulnerability after examining version 5.6.2 of the WooCommerce plugin on the same day it was made available. Following a study of the update, Gall said, "we found that it eliminated vulnerable code that may enable an unauthenticated attacker read more WooCommerce Patches Critical Plugin Flaw Affecting...
Read More
GitHub Updates Security Protocol For Operations Over SSH
27Mar By RBNo Comments
News

GitHub Updates Security Protocol For Operations Over SSH

After learning the key was briefly exposed in a public repository, the repository hosting provider GitHub announced it is replacing its current RSA SSH host key with a new one as a precaution. In a post earlier today, GitHub stated, "We quickly took action to control the exposure and started investigating to identify the core cause and consequences." The key replacement is now complete, and users will notice the change over the following 30 minutes. The company stated that the modification was made in order to safeguard customers' Git operations over SSH, especially from potential threat actors seeking to pose as GitHub read more GitHub Updates Security Protocol For Operations Over SSH. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our...
Read More
IRS Phishing Emails Used to Distribute Emotet
27Mar By RBNo Comments
News

IRS Phishing Emails Used to Distribute Emotet

Security professionals have cautioned US taxpayers not to fall for a fresh phishing scheme that uses the IRS as an enticement to install the nasty Trojan Emotet on their computers. Tax filing season has historically been a time for con artists to deceive consumers, and the most recent attempt discovered by Malwarebytes is no exception. The phishing emails in question include the subject "IRS Tax Forms W-9" and a counterfeit "IRS Online Center" sender address. In the email's body, there are numerous mistakes in the brief message read more IRS Phishing Emails Used to Distribute Emotet. Stay up-to-date with the latest cybersecurity news and increase your cybersecurity awareness through ReconBee.com‘s in-depth coverage of the newest threats, breaches, and solutions.
Read More
CISA Unveils Ransomware Notification Initiative
27Mar By RBNo Comments
News

CISA Unveils Ransomware Notification Initiative

A new initiative to help businesses swiftly patch vulnerabilities targeted by ransomware attackers has been revealed by the Joint Cyber Defense Collaboration (JCDC) and the US Cybersecurity and Infrastructure Security Agency (CISA). Businesses might potentially drive out threat actors by receiving early alerts from the Pre-Ransomware Notification Initiative before they can encrypt data and systems and demand a ransom in exchange for access. Since January 2023, CISA has alerted more than 60 institutions about early-stage ransomware incursions using its proactive cyber protection capacity read more CISA Unveils Ransomware Notification Initiative. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threa...
Read More
Klarna plugs ChatGPT into its platform for faster product recommendations
24Mar By RBNo Comments
News

Klarna plugs ChatGPT into its platform for faster product recommendations

The most recent business to declare its integration with ChatGPT is the payments and shopping service Klarna. The company is launching a personalised shopping experience that offers product recommendations when Klarna users ask for shopping advice, inspiration, and product links via Klarna's search and compare tool. The company claimed it is "one of the first brands to work with OpenAI to use its protocol to build an integrated Plugin for ChatGPT." This is how it goes: Users can ask ChatGPT questions after installing the Klarna plugin from the ChatGPT read more Klarna plugs ChatGPT into its platform for faster product recommendations. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breach...
Read More
SharePoint Phishing Scam Targets 1600 Across US and Europe
24Mar By RBNo Comments
News

SharePoint Phishing Scam Targets 1600 Across US and Europe

At least 1600 people in Europe, the US, and other nations have been the subject of a novel phishing scam that relies on reliable servers from Microsoft's collaborative platform SharePoint. It uses a native notification mechanism. In a new advisory released earlier today, Kaspersky security experts detailed the discoveries and added that cybercriminals have used the scam to obtain the login information for a number of email accounts, including Yahoo!, AOL, Outlook, Office 365, and others. The employee gets the typical message that someone is sharing a file read more SharePoint Phishing Scam Targets 1600 Across US and Europe. Stay up-to-date with the latest cybersecurity news and increase your cybersecurity awareness through ReconBee.com‘s in-depth coverage of the newest threats, b...
Read More
Irish Food Giant Dole Admits Employee Data Breach
24Mar By RBNo Comments
News

Irish Food Giant Dole Admits Employee Data Breach

A fresh fruit multinational with headquarters in Ireland has admitted that a ransomware attack that targeted the company in February resulted in the compromising of employee data. Dole is a desirable target for online extortionists since it has nearly 38,000 employees working in 30 countries and $9.2 billion in sales last year. On February 22, the company disclosed that a ransomware assault had "recently" occurred and had "minimal" effects on busine...
Read More
Malicious ChatGPT Chrome Extension Hijacks Facebook Accounts
24Mar By RBNo Comments
News

Malicious ChatGPT Chrome Extension Hijacks Facebook Accounts

Security researchers have issued another alert regarding a security problem that is spreading thanks to public interest in ChatGPT and is posing as a Chrome extension this time. Using a legal open source "ChatGPT for Google" extension as a base, threat actors allegedly injected malicious code intended to harvest Facebook session cookies, according to a blog post by Guardio. Malicious sponsored search engine results then led users to the extension.To test the new algorithm, you search for "Chat GPT 4," a...
Read More
New Android Banking Trojan Nexus Promoted As MaaS
23Mar By RBNo Comments
News

New Android Banking Trojan Nexus Promoted As MaaS

A brand-new Android banking Trojan has been found in a number of worldwide harmful activities.  The programme, dubbed "Nexus" by Cleafy security experts, offers functionality to conduct account takeover (ATO) assaults and is advertised as a component of a Malware-as-a-Service (MaaS) subscription. The organisation stated in a Tuesday advisory that "a new Android banking Malware debuted on several hacking forums under the name of Nexus" in January 2023.  ...
Read More
CISA and NSA Enhance Security Framework With New IAM Guide
23Mar By RBNo Comments
News

CISA and NSA Enhance Security Framework With New IAM Guide

A new manual has been released by the National Security Agency (NSA) and the US Cybersecurity and Infrastructure Security Agency (CISA) to help system administrators secure identity and access management (IAM) infrastructure. It's a component of the Enduring Security Framework for organizations (ESF). In order to combat IAM threats, it provides suggested best practices for identity governance, environmental hardening, identity federation/single sign-on, multi-factor authentication (MFA), and IAM auditing and monitoring. CISA and NSA describe a few recent attacks that took advantage read more about CISA and NSA Enhance Security Framework With New IAM Guide. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the ...
Read More
Follow Us on Twitter
Join our community on LinkedIn