Your cart is currently empty!
Author: Omar
-
200K+ websites are threatened by SQLi vulnerability, according to a WordPress plugin alert alert.
Website Security / Cryptojacking- February 27, 2024 Newsroom A well-known WordPress plugin called Ultimate Member, which has over 200 000 installed users, has a critical security flaw. A CVSS score of 9.8 out of a maximum of 10 is associated with the vulnerability, tracked as CVE- 2024- 1071. Christiaan Swiers, a security researcher, is credited…
-
BlackCat ransomware is linked to a hack at a subsidiary of UnitedHealth called Optum.
According to sources with knowledge of the investigation, the BlackCat ransomware group was the cause of an ongoing outage affecting the Change Healthcare payment exchange platform following a cyberattack on UnitedHealth Group subsidiaryOptum . On Wednesday, Change Healthcare issued a warning to its customers that some of its services were temporarily unavailable as a result of…
-
DoOM visits Husqvarna’s smart lawnmowers to kill demons
Midjourney A new software update for Husqvarna’s robotic line of lawnmowers will soon give you the opportunity to play DOOM on a lawnmower if you’ve ever wanted to. Owners of the Automower NERA series can now sign up for the new update, which will be released in April, just in time to begin mowing the…
-
Developers are urged by White House to switch to memory-safe programming.
Midjourney The Office of the National Cyber Director ( ONCD ) of the White House urged tech companies to switch to Rust, a memory-safe programming language, to increase software security by reducing memory safety vulnerabilities. When memory is accessed, written, allocated, or deallocated, these flaws in software can cause memory management issues. They occur when…
-
Hackers squander a 14-year-old CMS editor to create SEO poisoning on government and academic websites.
Threat actors are stealing money from a CMS editor that was discontinued 14 years ago to sabotage education and government organizations around the world and contaminate search results with shady websites or scams. Open redirections are when websites permit arbitrary redirection requests without proper verification or security checks, whether intentionally or accidentally due to a…
-
US and allies warn that Russian hackers are switching to cloud attacks.
Midjourney Members of the Five Eyes ( FVEY ) intelligence alliance issued a warning today that APT29 Russian Foreign Intelligence Service ( SVR ) hackers are now conducting attacks that target and target their cloud services. Following the SolarWinds supply-chain attack they orchestrated more than three years ago, APT29  ( also known as Cozy Bear,…
-
ThyssenKrupp, a tycoon of steel, confirms cyberattack on automotive division
As part of its response and containment strategy, steel giant ThyssenKrupp confirms  that hackers last week breached systems in its Automotive division, forcing them to shut down IT systems. With over 100 000 employees and a gross annual revenue of over$ 44.4 billion ( 2022 ), ThyssenKrupp AG is one of the biggest steel producers…
-
Not Sticking With Cybersecurity Training? Risky PasswordHabits: How to FixThem
In order to enhance security and reduce risks, organizations invest in security awareness training programs after realizing the cybersecurity risks that their end users pose. Cybersecurity training does have its drawbacks, particularly when it comes to altering end-user behavior regarding passwords. End users prioritize convenience and efficiency over security despite being aware of best practices.…
-
Steganography is used to deploy Remcos RAT in new IDAT loader attacks.
The Hacker News ( Feb. 26, 2024)Steganography and malware As part of a malicious campaign that uses a malware-loader called IDAT Loader to distribute a commercial remote access trojan known as Remcos RAT, Ukrainian entities based in Finland have been targeted. The Computer Emergency Response Team of Ukraine ( CERT-UA) has identified an attacker responsible…
-
8, 000+ Trusted Brand Subdomains Hijacked for a Massive Spam Operation
More than 8,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at least September 2022, under the name SubdoMailing. The emails range from “counterfeit package delivery alerts…