Tag: security
Thousands of WordPress websites hit in new malware attack, here’s what we know
Security researchers find more than 5,000 websites carrying a piece of malicious code The malware installs a plugin that steals login credentials and sensitive data The researchers recommended a number of mitigation measures Thousands of WordPress websites were observed running malware able to create a rogue admin account and exfiltrated…
Read More
A flaw in Google OAuth system is exposing millions of users via abandoned accounts
Buying domains from businesses that shut down could grant access to their SaaS accounts, research finds Google argues it’s not a vulnerability, and that businesses should make sure they’re not leaving sensitive information behind Researchers propose additional safeguards Experts have found a vulnerability in Google’s OAuth “Sign in with Google”…
Read More
Blood donation firm reveals donor personal data stolen in cyberattack
OneBlood suffered a cyberattack in July 2024, and has now concluded its investigation The analysis has shown OneBlood lost sensitive information on some customers Names and Social Security numbers among the details taken OneBlood, a nonprofit medical organization crucial for the operations of healthcare firms across the Southeastern US, has…
Read More
CISA tells agencies to patch BeyondTrust bug now
CISA added two bugs found in BeyondTrust products Both were seen in the wild in December 2024 Federal agencies have until February 3, 2025 to patch up The US Cybersecurity and Infrastructure Security Agency (CISA) has added two recently-discovered BeyondTrust bugs to its Known Exploited Vulnerabilities (KEV) catalog. The move…
Read More
UK Government launches ransomware protection proposals
Proposals on ransomware protection are being introduced for consultation by the UK Government The proposals aim to make critical infrastructure less vulnerable These include mandatory reporting and a ban on ransom payments The UK Government is introducing a consultation on proposals to protect British businesses and infrastructure from the increasing…
Read More
WordPress users targeted by devious new credit card skimmer malware
Sucuri finds malicious code being embedded in WordPress sites The code harvests and exfiltrates payment information from ecommerce websites The researchers are warning WordPress site admins to inspect all custom code Cybercriminals are once again targeting WordPress websites with credit card skimmers, stealing victim’s sensitive payment information in the process.…
Read More