24 Jan 2022

20K WordPress Sites Exposed by Insecure Plugin REST-API

More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams, and other cyber threats due to a high-severity cross-site scripting (XSS) bug affecting the WordPress Email Template Designer. The template designer is WP HTML Mail, a plugin that allowed users to design custom emails. Wordfence researcher Chloe

Read More
20 Jan 2022

Ransomware Attack on Moncler

Italian luxury brand Moncler has suffered a cyberattack in which cybercriminals stole data and published it on the dark web. The company confirmed the attack on Tuesday, stating that it had suffered from a data breach after being attacked by the AlphV/BlackCat ransomware operation in December. The attack caused a

Read More
20 Jan 2022

Cheap malware is behind a rise in attacks on cryptocurrency wallets

Chainalysis has recently warned that a rise in cheap and easy to use malware has resulted in a rise of cryptocurrency theft. Crytocurrency has been a popular target for cybercriminals, whether they are stealing it via cryptocurrency exchanges or demanding it as an extortion payment in ransomware attacks. The growing

Read More
19 Jan 2022

Man Charged with Smuggling Tech Exports to Iran

Kambiz Attar Kashani, a 44 year-old with dual citizenship to the US and Iran, has been charged with violating sanctions by exporting IT goods and services to the latter country. Kashani was arrested last Friday on charges of conspiring to illegal export to the Central Bank of Iran. Kashani reportedly

Read More
19 Jan 2022

Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks

According to a new report from Citizen Lab, attackers can access audio and files uploaded to the MY2022 mobile app, which is required for use by all winter games attendees. Attackers can even access health details of the athletes, according to Citizen Labs. The mobile app focuses on managing communications

Read More
19 Jan 2022

Zoom vulnerabilities impact clients, MMR servers

Project Zero researcher Natalie Silvanovich published a new analysis of security flaws present in the Zoom video chat platform. The vulnerabilities were uncovered as part of an investigation after a zero-click attack was demonstrated at Pwn2Own. Silvanovich, inspired by the demonstration, located two different bugs. The first is a buffer

Read More
18 Jan 2022

NATO, Ukraine Sign Deal to ‘Deepen’ Cyber Cooperation

NATO signed a deal on Monday to strengthen its cyber support for Ukraine after a hacking attack against Kyiv. These attacks have prompted fears that Russia could be plotting an invasion. Ukraine said Sunday that it had evidence Moscow was behind last week’s attack on government websites, however the Kremlin

Read More
18 Jan 2022

PCI SSC updates card security standards to secure the card production process

The PCI Security Standards Council announced an update of the PCI Card Production and Provisioning Security Requirements. The update allows payment card vendors to secure components and sensitive data involved in the production of payment cards. These standards protect against fraud via the compromise of card materials.  Card production includes

Read More
18 Jan 2022

Ukraine: Wiper malware masquerading as ransomware hits government organizations

Microsoft researchers have revealed evidence of a malware operation targeting multiple organizations in Ukraine in the wake of last week’s cyber attack on Ukrainian government websites. The new attack is deploying Master Boot Records (MBR) wiper malware disguised as ransomware. According to Microsoft, the malware first appeared on the victimized

Read More
18 Jan 2022

Russia arrests REvil ransomware gang members at request of US officials

14 members of the REvil ransomware group have been arrested by the Russian government. A joint effort between the Federal Security Service of the Russian Federation and the Ministry of Internal Affairs of Russia led to the arrest of the members of the cybercrime group. Several assets were seized in

Read More