The International Monetary Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year.

This international financial institution, funded by 190 member countries, is also a major United Nations financial agency headquartered in Washington, D.C.

According to a press release published today, the IMF detected the incident in February and is now conducting an investigation to assess the attack’s impact.…

Read More

Microsoft announced that Office LTSC 2024, the next Office LTSC release, will enter a commercial preview phase starting next month and will be generally available later this year.

The company will also release Office 2024 later this year, a new version of on-premises Office for consumers, which comes with five years of support and the traditional “one-time purchase” model.…

Read More

Moldovan national Sandu Boris Diaconu has been sentenced to 42 months in prison for operating E-Root, a major online marketplace that sold access to hacked computers worldwide.

According to court documents, after the federal prison ends, Diaconu (aka ‘utmsandu,’ ‘sandushell,’ ‘rootarhive,’ and ‘WinD3str0y’) will also be under supervised release for another 3 years.…

Read More

A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools.

StopCrypt, also known as STOP Djvu, is the most widely distributed ransomware in existence that you rarely hear about.

While you constantly hear how big some ransomware operations are, such as LockBit, BlackCat, and Clop, you rarely hear security researchers discussing STOP.…

Read More

A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools.

StopCrypt, also known as STOP Djvu, is the most widely distributed ransomware in existence that you rarely hear about.

While you constantly hear how big some ransomware operations are, such as LockBit, BlackCat, and Clop, you rarely hear security researchers discussing STOP.…

Read More

SIM swappers have adapted their attacks to steal a target’s phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.

Embedded Subscriber Identity Modules (eSIMs) are digital cards stored on the chip of the mobile device and serve the same role and purpose as a physical SIM card but can be remotely reprogrammed and provisioned, deactivated, swapped, deleted.…

Read More

Tech support companies Restoro and Reimage will pay $26 million to settle charges that they used scare tactics to trick their customers into paying for unnecessary computer repair services.

The U.S. Federal Trade Commission imposed the fine in response to the two Cyprus-based firms’ deceptive marketing, which violates the FTC Act and the Telemarketing Sales Rule.…

Read More

Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy.

The company launched Safe Browsing in 2005 to defend users against web phishing attacks and has since upgraded it to block malicious domains that push malware, unwanted software, and various social engineering schemes.…

Read More

Nissan Oceania is warning of a data breach impacting 100,000 people after suffering a cyberattack in December 2023 that was claimed by the Akira ransomware operation.

In early December, the Japanese automaker’s regional division covering distribution, marketing, sales, and services in Australia and New Zealand announced it was investigating a cyberattack on its systems.…

Read More

The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group (UHG) subsidiary Optum, which operates the Change Healthcare platform, in late February.

This investigation is coordinated by HHS’ Office for Civil Rights (OCR), which enforces the Health Insurance Portability and Accountability Act (HIPAA) rules that protect patients’ health information from being disclosed without their knowledge or consent.…

Read More

Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers.

FortiClient EMS enables admins to manage endpoints connected to an enterprise network, allowing them to deploy FortiClient software and assign security profiles on Windows devices.…

Read More

Today is Microsoft’s March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws.

This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution and denial of service flaws.

The number of bugs in each vulnerability category is listed below

24 Elevation of Privilege Vulnerabilities 3 Security Feature Bypass Vulnerabilities 18 Remote Code Execution Vulnerabilities 6 Information Disclosure Vulnerabilities 6 Denial of Service Vulnerabilities 2 Spoofing Vulnerabilities

The total count of 60 flaws does not include 4 Microsoft Edge flaws fixed on March 7th.…

Read More

Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company’s products and services.

Though this is lower than the $12 million Google’s Vulnerability Reward Program paid to researchers in 2022, the amount is still significant, showcasing a high level of community participation in Google’s security efforts.…

Read More

GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days.

This is according to cybersecurity experts at GitGuardian, who sent out 1.8 million complimentary email alerts to those who exposed secrets, seeing only a tiny 1.8% of those contacted taking quick action to correct the error.…

Read More

Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks.

Tuta Mail is an open-source end-to-end encrypted email service with ten million users. Its creator, Tuta, is based in Germany, where it’s involved in developing post-quantum secure cloud storage and file-sharing solutions for the government.…

Read More

Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service.

Once the end-of-service date is reached, systems running Windows 10 21H2 (the Windows 10 November 2021 Update) will no longer receive monthly quality updates encompassing bug fixes or patches addressing newly identified security vulnerabilities.…

Read More

Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum.

Okta is a San Fransisco-based cloud identity and access management solutions provider whose Single Sign-On (SSO), multi-factor authentication (MFA), and API access management services are used by thousands of organizations worldwide.…

Read More

Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft’s Configuration Manager, which could allow an attacker to execute payloads or become a domain controller.

Configuration Manager (MCM), formerly known as System Center Configuration Manager (SCCM, ConfigMgr), has been around since 1994 and is present in many Active Directory environments, helping administrators manage servers and workstations on a Windows network.…

Read More

Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions.

However, BleepingComputer has learned there is more to this attack, with threat actors selling the stolen accounts for as little as $0.50 per account, allowing purchasers to use stored credit cards to make illegal purchases.…

Read More

The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets.

Wallet drainers are apps or malicious scripts that trick users into entering their secret passphrases or performing malicious transactions allowing attackers to steal all digital assets, including NFTs and cryptocurrency, from users’ wallets.…

Read More

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.

The flaw leveraged in the attacks is tracked as CVE-2023-6000, a cross-site scripting (XSS) vulnerability impacting Popup Builder versions 4.2.3 and older, which was initially disclosed in November 2023.…

Read More
Image: Midjourney

A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems.

1-day flaws refer to publicly disclosed vulnerabilities for which a patch has been released. Threat actors looking to exploit these flaws must do so quickly before a target can apply security updates.…

Read More

Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication.

America’s Cyber Defense Agency CISA confirmed last month that attackers are actively exploiting the flaw by adding it to its Known Exploited Vulnerabilities (KEV) catalog.…

Read More

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices.

The Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that can lead to an authentication bypass, command injection, and SQL injection.

While the last two require the attackers to be authenticated on the target system, which significantly lessens the risk, the first (CVE-2024-21899) can be executed remotely without authentication and is marked as “low complexity.”…

Read More

Microsoft says the Russian ‘Midnight Blizzard’ hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack.

In January, Microsoft disclosed that Midnight Blizzard (aka NOBELIUM) had breached corporate email servers after conducting a password spray attack that allowed access to a legacy non-production test tenant account.…

Read More

The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files.

Xplain is a Swiss technology and software solutions provider for various government departments, administrative units, and even the country’s military force.…

Read More

An easy phishing attack using a Flipper Zero device can lead to compromising Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.

Security researchers Talal Haj Bakry and Tommy Mysk reported their finding to Tesla saying that linking a car to a new phone lacks proper authentication security.…

Read More

Update: Title and content updated to clarify this is MiTM phishing attack conducted using a Flipper Zero but it could be performed by other devices.

Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.…

Read More

An easy phishing attack using a Flipper Zero device can lead to compromising Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.

Security researchers Talal Haj Bakry and Tommy Mysk reported their finding to Tesla saying that linking a car to a new phone lacks proper authentication security.…

Read More

The U.S. Department of Justice (DoJ) has announced the unsealing of an indictment against Linwei (Leon) Ding, 38, a former software engineer at Google, suspected of stealing Google AI trade secrets for Chinese companies.

The charges allege that Ding stole proprietary information about Google’s artificial intelligence (AI) technologies and transferred it to two companies based in China, where he secretly worked.…

Read More

FBI’s Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion.

The number of relevant complaints submitted to the FBI in 2023 reached 880,000, 10% higher than the previous year, with the age group topping the report being people over 60, which shows how vulnerable older adults are to cybercrime.…

Read More