20 Sep 2021

Payment API Vulnerabilities Exposed “Millions” of Users

According to new information uncovered by CloudSEK, millions of customers may have unknowingly exposed their personal and payment information after researchers discovered API security vulnerabilities that affect multiple different apps. CloudSEK found that of the 13,000 apps uploaded to its security search engine BeVigil for mobile applications, roughly 250 utilized

Read More
20 Sep 2021

Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk

Researchers have found a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux to demonstrate hidden security threats. Researchers have dubbed the flaws OMIGOD. The Open Management Infrastructure (OMI) is software that many don’t realize is embedded in a host of services and represents a significant

Read More
20 Sep 2021

TTEC hit with ransomware attack, hampering work for major clients

TTEC, a US-based customer experience technology giant has confirmed that they suffered from a cybersecurity incident. According to employees, the company stated that it was hit with ransomware. TTEC boasts billions in annual revenue and nearly 61,000 employees. Earlier this week, the company warned its employees not to click on

Read More
17 Sep 2021

Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang

Microsoft and RiskIQ researchers have uncovered several campaigns using a recently patched Microsoft MSHTML flaw, restating calls for organizations to update impacted systems. The vulnerability was first exploited by the Ryuk ransomware gang, which leveraged the bug ahead of the patch, according to the new research. Microsoft released the fix

Read More
17 Sep 2021

Cyberattacks against the aviation industry linked to Nigerian threat actor

Researchers have uncovered a campaign against the aviation sector and tracked it back to Nigeria-based threat actors. Microsoft Intelligence released a series of tweets outlining the campaign, which it determined to target aerospace and travel sectors with spear-phishing emails distributing an actively developed loader. The loader then delivers two different

Read More
17 Sep 2021

USG Warns Of ‘Critical’ Vulnerability That Poses ‘Serious Risk’ To Defense Contractors, Others

Earlier this week, the US FBI and Cybersecurity and Infrastructure Security Agency released a joint advisory warning the public of alleged active exploitation of a critical vulnerability found in a popular password management solution called Zoho. Zoho’s ManageEngine AdSelfService Plus, a tool that aids users in creating strong passwords and

Read More
16 Sep 2021

Household Names Hit with £500K Fine for Spamming Consumers

In the UK, three popular companies have been fined nearly half a million USD collectively by the UK privacy regulator after delivering hundreds of millions of marketing messages to consumers and violating certain marketing laws. We Buy Any Car was allegedly fined £200,000 by the Information Commissioner’s Office after sending

Read More
16 Sep 2021

REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out

Bitdefender collaborated with law enforcement to create a key that would release data encrypted in ransomware attacks before the REvil ransomware gang disappeared from the internet on July 13. The universal decryption key will be free for victims of REvil ransomware attacks. The firm announced that it will be passing

Read More
16 Sep 2021

New Go malware Capoae targets WordPress installs, Linux systems

A new strain of malware called Capoae was publicized earlier this week by security research firm Akamai. The firm stated that the new malware is written in the Golang programming language, which is becoming increasingly popular among threat actors due to its cross-platform capabilities. The malware spreads through known vulnerabilities

Read More
15 Sep 2021

Attackers Impersonate DoT in Two-Day Phishing Scam

Threat actors allegedly impersonated the US Department of Transportation in a two-day phishing campaign, leveraging the recent $1 trillion infrastructure bill. The cyber attackers created new domains mimicking the real DoT site. The campaign combined a series of tactics, such as creating seemingly legitimate domains to evade security detections and

Read More