15 Sep 2021

Microsoft Patches Actively Exploited Windows Zero-Day Bug

In the most recent Patch Tuesday, Microsoft released fixes 66 CVEs, including an RCE bug under active attack. Three of the bugs that were patched in the update were rated critical. One of which has been under active attack for nearly two weeks. One of the other bugs included in

Read More
15 Sep 2021

DOJ fines NSA hackers who assisted UAE in attacks on dissidents

The Justice Department has announced a deal with three former US Intelligence operatives that allows them to pay a fine rather than face jail time for breaking multiple laws when conducting offensive hacking for the government of the United Arab Emirates. The deal is controversial, as it allows the three

Read More
14 Sep 2021

WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing

A new security vulnerability in the WooCommerce Multi-Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular plugin for WordPress websites whereas the Multi-Currency plugin from Envato allows e-tailers to use WooCommerce to set pricing for international shoppers. The plugin is

Read More
14 Sep 2021

Apple Releases Urgent Patch Following Discovery of Pegasus Spyware

This week, Apple released an urgent update that mitigates a critical vulnerability exploited by the Pegasus mobile software. The flaw, which is tracked as CVE-2021-30860, was first discovered by security researchers at the University of Toronto’s Citizen Lab when analyzing the iPhone of a Saudi activist who had been targeted

Read More
13 Sep 2021

Poland Extradites Alleged Botnet Operator to US

Ukrainian national Glib Oleksandr Ivanov-Tolpintsev has been extradited to the United States and is facing charges associated with decrypting the credentials of thousands of computers across the world and selling them on dark web forums. Ivanov-Tolpintsev was initially arrested in Poland on October 3, 2020, however, he will now travel

Read More
13 Sep 2021

MyRepublic Data Breach Raises Data-Protection Questions

A MyRepublic data breach has raised controversy over security for critical data being housed in third-party infrastructure, according to researchers. Almost 79,000 MyRepublic mobile subscribers have been exposed in a data breach that affected personal information such as scanned copies of Singapore’s National Registration Identity cards, names, pictures, dates of

Read More
13 Sep 2021

SOVA, Worryingly Sophisticated Android Trojan, Takes Flight

A new Android banking trojan referred to as SOVA is currently under active development, according to researchers. The malware is reportedly looking to incorporate several tools into its arsenal, including ransomware functionality, distributed denial of service, and man in the middle. The banking trojan already boasts functions such as banking

Read More
13 Sep 2021

Singapore moots ‘foreign interference’ law with powers to issue online platforms take-down order

Singapore has delayed new laws that would arm the government with the ability to issue directives to different platforms, such as social media sites. The government would also obtain the power to block or remove any content deemed to be a part of hostile information campaigns. The proposed bill was

Read More
10 Sep 2021

Thousands of Fortinet VPN Account Credentials Leaked

According to a statement released by Fortinet, credentials stolen from 87,000 unpatched SSL-VPNs have been posted to an online forum by former Babuk gang members for free. On Wednesday, BleepingComputer reported that it had been a miscommunication with a threat actor who leaked nearly half a million Fortinet VPN credentials.

Read More
10 Sep 2021

Healthcare orgs in California, Arizona send out breach letters for nearly 150,000 after SSNs accessed during ransomware attacks

Two healthcare organizations have begun distributing breach notification letters after both revealed that sensitive information had been compromised as a result of recent cyberattacks. The data accessed by cybercriminals includes Social Security numbers, treatment information, and diagnosis data. Those who were impacted by the attack are located in California and

Read More