30 Sep 2021

Apple AirTag Zero-Day Weaponizes Trackers

An unpatched stored cross-site scripting (XSS) bug in Apple’s AirTag “Lost Mode” could expose users to several different web-based attacks such as credential harvesting, malware delivery, token theft, and click-jacking. The personal tracker devices are suffering from a zero-day that could allow attackers to fully weaponize the device, according to

Read More
30 Sep 2021

Canadian Vaccine Passport App Exposes Data

According to recent reports, the Canadian vaccine passport app called PORTpass may have exposed personal information belonging to hundreds of thousands of Canadians. The app’s operators allegedly left data such as names, identification documents, and email addressed on an unsecured website stored in plain text and accessible to the public.

Read More
30 Sep 2021

NSA, CISA partner for guide on safe VPNs amid widespread exploitation by nation-states

The NSA and CISA have released a detailed guide pertaining to how organizations and individuals should select virtual private networks as they remain actively under attack and face exploitation from nation states and cybercriminals alike. The guide also features details on ways to deploy a VPN securely. The NSA stated

Read More
30 Sep 2021

Cyber-attack Floors British Payroll Firm

Giant Group, a British payroll company, has allegedly been struck by a sophisticated cyberattack that has shut down its entire network and left some contractors without pay. The company confirmed on September 24 that it had taken its network and fully integrated IT infrastructure offline after detecting suspicious activity. On

Read More
29 Sep 2021

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

Microsoft has warned that the Nobelium APT is currently compromising single-sign-on services to install a post-exploitation backdoor. The backdoor maintains network persistence and steals data from victims. Nobelium, the threat actors behind the SolarWinds supply-chain attacks, are using a backdoor called FoggyWeb to conduct the attacks. The attacks target Active

Read More
29 Sep 2021

This dangerous mobile Trojan has stolen a fortune from over 10 million victims

Zimperium zLabs has reported that a new malware Trojan targeting Android devices has achieved a victim count of over ten million across at least 70 different countries. The malware has been embedded in at least 200 malicious applications, many of which were able to circumvent protections offered by the Google

Read More
28 Sep 2021

California Hospital Sued Over Data Breach

Following a cyberattack that occurred between December 2, 2020, and April 8, 2021, an academic healthcare system in California is facing legal action. The cyberattack caused a data breach that potentially exposed sensitive information pertaining to half a million patients, employees, and students. The healthcare organization, UC San Diego Health,

Read More
28 Sep 2021

Russia Behind ‘Ghostwriter’ Campaign Targeting Germany

The European Union has blamed Russia for an ongoing disinformation campaign referred to as Ghostwriter that is targeting Germany amid political events and elections. Germany is only the latest target of the campaign, which has been ongoing for years and previously attempted to discredit NATO, smeared and cyberattacked Parliament members,

Read More
28 Sep 2021

FCC details $1.9 billion program to rip out Huawei and ZTE gear in the US

The US Federal Communications Commission (FCC) recently released a new set of rules for small carriers to abide by that aims to rip out and replace network equipment and services from Huawei and ZTE, two companies based in China. The small carriers will have access to $1.9 billion in funding

Read More
27 Sep 2021

Apple Patches 3 More Zero-Days Under Active Attack

Apple has patched three zero-day security vulnerabilities in recently released updates to iOS and macOS that are being actively exploited. One of the flaws could allow an attacker to execute arbitrary code with kernel privileges and affects macOS and older versions of iPhones. The two security releases went live on

Read More