Tag: cyberattack news

WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
News

WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites

The WordPress content management system (CMS) payment solution plugin WooCommerce has been found to contain vulnerable code that might grant an unauthenticated attacker access to administrative capabilities and take control of a website. The information was discovered by Wordfence's WordPress security specialists, who also detailed the crucial authentication bypass in a blog post on Thursday. Senior threat researcher Ram Gall's Wordfence blog post details how the team discovered the vulnerability after examining version 5.6.2 of the WooCommerce plugin on the same day it was made available. Following a study of the update, Gall said, "we found that it eliminated vulnerable code that may enable an unauthenticated attacker read more WooCommerce Patches Critical Plugin Flaw Affecting...
Ransomware Attacks Double in Europe’s Transport Sector
News

Ransomware Attacks Double in Europe’s Transport Sector

The most significant cyberthreats hitting Europe's transportation industry last year were ransomware and data breaches, with occurrences of the former nearly doubling in volume, according to ENISA. The first danger landscape report for the vertical from the EU security agency covers the months of January 2021 and October 2022. It claimed that while malware reports decreased from 11% to 6% and data breaches and leaks decreased from 21% to 9%, ransomware event reports climbed from 13% of the total in 2021 to 25% in 2022. Attackers target credentials, customer and employee personal information read more Ransomware Attacks Double in Europe's Transport Sector. Stay up-to-date with the latest cybersecurity news and increase your cybersecurity awareness through ReconBee.com‘s in-dept...
Ferrari Reveals Data Breach Ransom Attack
News

Ferrari Reveals Data Breach Ransom Attack

After a threat organization attempted to blackmail the company, one of the most well-known luxury car manufacturers in the world alerted customers that their personal information may have been stolen. In a brief statement that was released yesterday, Ferrari said that the "ransom demand linked to some client contact details." It asserted to have notified the "necessary authorities" and requested assistance from a private security firm to find out what took place. As a rule Ferrari won't be kept hostage because complying with such demands read more Ferrari Reveals Data Breach Ransom A...
US Government IIS Server Breached via Telerik Software Flaw
News

US Government IIS Server Breached via Telerik Software Flaw

The Progress Telerik user interface (UI) for ASP.NET AJAX contains a.NET deserialization vulnerability (CVE-2019-18935), according to information released by the US Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability also affected the Microsoft Internet Information Services (IIS) web server of a federal civilian executive branch (FCEB) agency between November 2022 and January 2023, according to a report released by CISA on Wednesday. If successfully exploited, the flaw permits remote code execution read more US Government IIS Server Breached via Telerik Software Flaw. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.
Ring won’t say if it was hacked after ransomware gang claims attack
News

Ring won’t say if it was hacked after ransomware gang claims attack

Data allegedly involving Ring, an Amazon-owned video surveillance company, is being threatened to be leaked by a well-known ransomware group. Ring, a company that makes video doorbells, was identified as a victim on the dark website of the ransomware gang ALPHV on Monday. "There's always an option to let us release your data," the Russia-linked group added with the listing, spotted by TechCrunch. The precise data that ALPHV has access to is unknown, and the gang hasn't disclosed any proof of data theft read more Ring won’t say if it was hacked after ransomware gang claims attack. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.
Security giant Rubrik says hackers used Fortra zero-day to steal internal data
News

Security giant Rubrik says hackers used Fortra zero-day to steal internal data

The Fortra GoAnywhere zero-day vulnerability, which has been connected to hacks against a hospital network and a bank, has claimed its newest victim: Silicon Valley-based data security business Rubrik. Michael Mestrovich, chief information security officer at Rubrik, claimed that the vulnerability in Fortra's GoAnywhere file-transfer programme, which the company employs for internal data exchange, allowed attackers access to the non-production IT testing environments used by the company. Known as CVE-2023-0669, this vulnerability originally came to light on February 2 read more Security giant Rubrik says hackers used Fortra zero-day to steal internal data. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the ...
Investment Fraud is Now Biggest Cybercrime Earner
Risk, Security

Investment Fraud is Now Biggest Cybercrime Earner

Investment fraud will cost victims more than $3.3 billion in 2022, according to the FBI, surpassing business email compromise (BEC) as the top-earning cybercrime category last year. The Internet Crime Complaint Center (IC3) of the FBI compiles the Internet Crime Report 2022 from complaints submitted to it by businesses and individuals worldwide during the year. Around 801,000 complaints led to an estimate of $10.3 billion in total losses from cybercrime for 2022. Although the latter number increased by 49% over the amount from the prior year, the overall number of complaints read more Investment Fraud is Now Biggest Cybercrime Earner. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breach...
8220 Gang Behind ScrubCrypt Attack Targeting Oracle Weblogic Server
Risk, Security

8220 Gang Behind ScrubCrypt Attack Targeting Oracle Weblogic Server

A new payload that targets a vulnerable Oracle Weblogic Server in a specific Universal Resource Identifier has been linked to the threat actor known as "8220 Gang" (URI). The extraction of ScrubCrypt, a type of malware created to obfuscate and encrypt software with the objective of evading detection by security solutions, is what distinguishes the payload, according to Fortinet security researchers who researched it. In the advisory published on Wednesday, senior antivirus analyst Cara Lin from Fortinet stated, "We examined the malware introduced into a victim's machine and, as part of our examination read more 8220 Gang Behind ScrubCrypt Attack Targeting Oracle Weblogic Server. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our compreh...
Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw
Reputation, Resources, Risk, Security

Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw

Lazarus Group, a North Korean threat actor, was observed twice in the past year using holes in undisclosed software to access a South Korean finance company. The information was released by security experts at Asec, who on Tuesday published an advisory about the attacks. The first attack was noted by the corporation in May 2022, while the second one happened in October of that same year. According to reports, the same zero-day vulnerability was used by both operations. The impacted company "was employing a vulnerable version of a certificate application that was commonly used by public institutions and universities during the infiltration read more Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw. Stay informed with the best cybersecurity news and raise your cybe...
City of Oakland Faces Major Data Leak
Risk, Security

City of Oakland Faces Major Data Leak

As ransomware attackers who broke into municipal government networks last month started leaking the data they took, the City of Oakland is bracing itself. City officials apologized for the ongoing disturbance the incident is causing in a statement they posted on Friday. We just learned that an unauthorized person had obtained specific files from our network and intended to make the material publicly available, the statement read more City of Oakland Faces Major Data Leak. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.