Category: Uncategorized
-

Facebook Ads Lead to Fake Websites Stealing Credit Card Information [email protected] (The Hacker News)
Facebook users are the target of a scam e-commerce network that uses hundreds of fake websites to steal personal and financial data using brand impersonation and malvertising tricks. Recorded Future’s Payment Fraud Intelligence team, which detected the campaign on April 17, 2024, has given it the name ERIAKOS owing to the use of the same…
-
VMware ESXi Ransomware Attack (CVE-2024-37085)
What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According…
-
Ransomware Attack Hits OneBlood Blood Bank, Disrupts Medical Operations Ryan Naraine
OneBlood, a non-profit blood bank serving more than 300 U.S. hospitals, has been hit by a disruptive ransomware attack. The post Ransomware Attack Hits OneBlood Blood Bank, Disrupts Medical Operations appeared first on SecurityWeek. Read More
-
Cost of Data Breach in 2024: $4.88 Million, Says Latest IBM Study Kevin Townsend
The average cost of a data breach jumped to $4.88 million from $4.45 million in 2023, a 10% spike. The post Cost of Data Breach in 2024: $4.88 Million, Says Latest IBM Study appeared first on SecurityWeek. Read More
-
Massive OTP-Stealing Android Malware Campaign Discovered Kevin Townsend
Android malware can intercept and steal OTPs and login credentials, leading to complete account takeovers. The post Massive OTP-Stealing Android Malware Campaign Discovered appeared first on SecurityWeek. Read More
-

DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight [email protected] (The Hacker News)
Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not…
-
Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains Ionut Arghire
Vulnerabilities in hosted email services allow attackers to spoof the identity of senders, bypassing security measures. The post Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains appeared first on SecurityWeek. Read More
-
CrowdStrike Faces Lawsuits From Customers, Investors Eduard Kovacs
CrowdStrike is facing lawsuits from investors and customers following the incident that caused massive global outages. The post CrowdStrike Faces Lawsuits From Customers, Investors appeared first on SecurityWeek. Read More
-
Microsoft confirms DDoS attack disrupted cloud services
Post ContentRead More
-

North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS [email protected] (The Hacker News)
The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEV#POPPER and linked to North Korea, has been found to have singled out victims across South Korea, North America, Europe, and the Middle East.…
