Crypto-payments service provider CoinsPaid suffered a cyber attack that resulted in the theft of $37,200,000 worth of cryptocurrency. CoinsPaid, a crypto-payment service provider, fell victim to a cyber attack, leading to the theft of $37,200,000 worth of cryptocurrency. The company attributes the cyber heist to the North Korea-linked APT Lazarus, which is also responsible for […]
The issue of how to prevent insider threats without infringing on employee privacy is one that has been a hot topic of debate in recent years. Because insider threats are uniquely challenging to detect and identify, different methods are needed than traditional detection based on signatures or other known threat triggers. Tools that are designed […]
Zimbra addressed a zero-day vulnerability exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers. Two weeks ago Zimbra urged customers to manually install updates to fix a zero-day vulnerability, now tracked as CVE-2023-38750, that is actively exploited in attacks against Zimbra Collaboration Suite (ZCS) email servers. Zimbra Collaboration Suite is a comprehensive open-source messaging and […]
DepositFiles, a popular web hosting service, left its environment configuration file accessible, revealing a trove of highly sensitive credentials. The recent tsunami of Cl0p-driven ransomware attacks via the MOVEit Transfer exploit is a painful reminder of the general idea behind the pessimistic âthe cloud is just someone elseâs computerâ analogy. DepositFiles, a service boasting that itâs the […]
Swedish software firm Ortivus suffered a cyberattack that has resulted in at least two British ambulance services losing access to electronic patient records. Two British ambulance services were not able to access electronic patient records after a cyber attack that hit their software provider Ortivus. Ortivus was a Swedish software company specializing in providing solutions […]
FraudGPT is another cybercrime generative artificial intelligence (AI) tool that is advertised in the hacking underground. Generative AI models are becoming attractive for crooks, Netenrich researchers recently spotted a new platform dubbed FraudGPT which is advertised on multiple marketplaces and the Telegram Channel since July 22, 2023. According to Netenrich, this generative AI bot was […]
US CISA added actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability, tracked as CVE-2023-35078, to its Known Exploited Vulnerabilities Catalog. The vulnerability is an authentication bypass issue impacting Ivanti Endpoint Manager Mobile (EPMM) […]
Experts warn of a severe privilege escalation, tracked as CVE-2023-30799, in MikroTik RouterOS that can be exploited to hack vulnerable devices. VulnCheck researchers warn of a critical vulnerability, tracked as CVE-2023-30799 (CVSS score: 9.1), that can be exploited in large-scale attacks to target over 500,000 RouterOS systems. “MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are […]
Atlassian addressed three vulnerabilities in its Confluence Server, Data Center, and Bamboo Data Center products that can lead to remote code execution. Atlassian has addressed three critical and high severity vulnerabilities impacting the Confluence Server, Data Center, and Bamboo Data Center products. Successful exploitation of the vulnerabilities could result in remote code execution on vulnerable systems. According to […]
VMware fixed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment that exposed CF API admin credentials in audit logs. VMware has addressed an information disclosure vulnerability, tracked as CVE-2023-20891 (CVSSv3 score 6.5), in VMware Tanzu Application Service for VMs (TAS for VMs) and Isolation Segment that exposed logged credentials […]