Category: security
HPE says Russian Midnight Blizzard hackers hit security team emails
Russian state-sponsored threat actors known as Midnight Blizzard breached HPE’s email environment late last year and stole sensitive data from its employees’ inboxes. HPE confirmed the news in a new 8-K submission with the U.S. Securities and Exchange Commission (SEC) last week, BleepingComputer finds. As per the filing, the company…
Read More
This cybercrime network acts like a food delivery service for criminals — and even uses legitimate affiliate marketing techniques to recruit other partners-in-crime
Cybersecurity researchers from Infoblox have revealed new research on VexTrio, a “massive criminal affiliate program” that the team says counts more than five dozen criminal organizations in its customer list. As explained by the researchers, VexTrio is a complex, and massive, traffic direction system (TDS). It operates similarly to a…
Read More
Popular file transfer software has a seriously dangerous security bug that gives anyone free administrator rights — so patch it now to avoid another Moveit-like debacle
GoAnywhere Managed File Transfer (MFT), the program at the center of a major data reach scandal around a year ago, may have a new high-severity vulnerability which users should patch immediately to avoid more trouble. Cybersecurity researchers Mohammed Eldeeb and Islam Elrfai from Spark Engineering Consultants discovered the flaw in…
Read More
This devious malware uses Bond-inspired driver to kill security suites — then proceeds to systematically encrypt your data and drops a $2 million ransom request
Experts have identified a new ransomware variant that uses an outdated, vulnerable driver, to pose as an antivirus program, kill all real security programs on the computer, and then infect the device. The researchers dubbed the variant Kasseika and believe it to be linked to an old malware variant that…
Read More
15 million Trello users at risk after unknown hacker uses proxy service to scrape data — emails, usernames, full names and other accounts info are available for sale on hacking forum
A threat actor has put some 15 million people at risk by managing to link their private email addresses with public data from their Trello accounts. A hacker with the alias “emo” took to a popular hacking forum recently, where they offered a database of more than 15 million Trello…
Read More
Hacked websites are being put at even greater risk by malicious web redirect scripts
Parrot traffic direction system (TDS), a malicious script that redirects website visitors to dangerous destinations, was observed evolving and becoming harder to detect. Cybersecurity researchers Unit 42, from Palo Alto Networks, recently analyzed 10,000 Parrot landing page scripts, gathered between August 2019 and October 2023. They concluded the majority of…
Read More