Category: security

CISA confirms it was breached by attackers using Ivanti flaws, some systems taken offline

One of the organizations compromised through a recently-discovered flaw in Ivanti products was, ironically enough, the US government’s Cybersecurity and Infrastructure Security Agency (CISA). Confirmation of the breach came from CISA itself, as well as from an anonymous source “with knowledge of the situation”, with a CISA spokesperson telling The…

Read More

Thousands of WordPress sites facing malware infection following major plugin hack

More than 3,000 WordPress-powered websites were compromised as a result of not patching a known vulnerability fast enough, a report from cybersecurity researchers Sucuri and PublicWWW has claimed. Sucuri says that over the past couple of weeks, unnamed threat actors were leveraging a vulnerability tracked as CVE-2023-6000 to redirect people…

Read More

QNAP warns its NAS devices are facing a critical security flaw — but a patch is available, so update now

QNAP is sounding the alarm on its NAS devices, saying they’re vulnerable to flaws that could result in dangerous cyberattacks. The company has said some of its QTS, QuTS hero, QuTScloud, and myQNAPcloud products were vulnerable to three distinct flaws, one of which was particularly dangerous. That flaw is tracked…

Read More

New Magnet Goblin cybercrime crew is targeting Windows and Linux devices with all-new malware

Cybersecurity researchers from Check Point haev discovered a new hacking collective deploying all-new malware on Windows and Linux devices. Check Point says the previously-unknown group, dubbed Magnet Goblin, was leveraging 1-day vulnerabilities – flaws for which a patch was only recently released. In some instances, the group was leveraging flaws…

Read More

Using the wrong font could be a major security problem — and possibly not for the reason you might think

An investigation by Canva deep dive into the world of font security has uncovered three unexpected vulnerabilities and revealed how choosing the wrong font could spell out a cybersecurity disaster. In an effort to enhance the security of its tools, Canva has been researching less-explored attack surfaces, including fonts, which…

Read More

This simple, straightforward car insurance phishing scam is so basic, it’s actually working really well

Cybersecurity researchers have recently discovered an incredibly simple phishing campaign that seems to be performing exceptionally well. In a blog post, experts from Cofense described a newly found phishing campaign in which threat actors impersonate a car insurance company. The body of the emails is short and to the point,…

Read More