Social media analytics service Social Blade disclosed a security breach after a database containing allegedly stolen data from the company was offered for sale. Social Blade is an American social media analytics platform, the company disclosed the security breach after a database containing company data was offered for sale on a hacker forum this week. “On December 14th […]
Gemini crypto exchange warns users of an ongoing phishing campaign after a third-party vendor suffered a security breach. Gemini crypto exchange is warning of phishing campaigns targeting its users after a threat actor obtained their data by breaching a third-party vendor. The company pointed out that its systems were not impacted. “Some Gemini customers have […]
US CISA added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities impacting Veeam Backup & Replication software, tracked as CVE-2022-26500 and CVE-2022-26501 (CVSS 3.1 Base Score 9.8), to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant […]
Microsoft announced that a botnet dubbed MCCrash is launching distributed denial-of-service (DDoS) attacks against private Minecraft servers. Microsoft spotted a cross-platform botnet, tracked as MCCrash, which has been designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. The IT giant tracks this cluster of activity as DEV-1028. The experts report that the botnet […]
Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022. Microsoft revised the severity rate for the CVE-2022-37958 vulnerability, the IT giant now rated it as “critical” because it discovered that threat actors can exploit the bug to achieve remote code execution. The CVE-2022-37958 was […]
A Chinese-speaking APT group, tracked as MirrorFace, is behind a spear-phishing campaign targeting Japanese political entities. ESET researchers recently discovered a spear-phishing campaign targeting Japanese political entities and attributed it to the Chinese-speaking APT group tracked as MirrorFace. The experts tracked the campaign as Operation LiberalFace, it aimed at Japanese political entities, especially the members of […]
The portal of the FBI’s InfraGard US Critical Infrastructure Intelligence was hacked, and data is available for sale on a cybercrime forum. InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure. Through seamless collaboration, InfraGard connects owners and operators within […]
The U.S. Department of Justice (DoJ) seized forty-eight domains that offered DDoS-for-Hire Service Platforms to crooks. The U.S. Department of Justice (DoJ) this week announced the seizure of 48 domains associated with the DDoS-for-Hire Service platforms (aka Booter services) used by threat actors. Below is the list of domains seized by the FBI: The authorities […]
Talos researchers uncovered a phishing campaign distributing the QBot malware to Windows systems using SVG files. Talos researchers uncovered a phishing campaign distributing the QBot malware using a new technique that leverages Scalable Vector Graphics (SVG) images embedded in HTML email attachments. HTML smuggling is a highly evasive technique for malware delivery that leverages legitimate HTML5 […]
Researchers discovered a new Go-based botnet, dubbed GoTrim, attempting to brute force WordPress websites. Fortinet FortiGuard Labs researchers spotted a new Go-based botnet, dubbed GoTrim, that has been spotted scanning and brute-forcing WordPress and OpenCart websites. The botnet was named GoTrim because it was written in Go and uses “:::trim:::” to split data sent and received […]