Security firm Akamai has published a report detailing criminal activity pertaining to a massive wave of credential stuffing attacks targeting the retail, travel, and hospitality industries. The campaign occurred between July of 2018 and June 2020. Akamai’s report includes examples of advertisements on the darknet demonstrating how cybercriminals gain financial

A botnet called KashmirBlack has been infecting thousands of websites running on content management systems such as WordPress, Joomla, and Drupal. The botnet uses Dropbox and GitHub to avoid detection and is focused on spamming and defacing hundreds of thousands of websites.  Security firm Imperva was the first to report

Nvidia released a security update yesterday that fixed several high severity flaws in the GeForce Experience software. The patch update addresses issues in all versions of GeForce Experience 3.20.5.70 on Windows and below. According to Nvidia, the flaws could lead to denial of service, escalation of privileges, code execution, or

Oracle released a massive critical patch update earlier this week consisting of 402 patches for vulnerabilities across 29 product sets. This marks the second quarter this year that Oracle’s critical patch update (CPU) contained more than 400 fixes. The vulnerabilities fixed this quarter include several issues that would allow for

In July, the Department of Homeland Security allegedly received a report from two cybersecurity firms detailing a vulnerability in the online voter registration systems used by counties in California and Florida. The researchers warned that hackers could leverage an old flaw that allowed them to change voter registration files four

According to researchers, due to a misconfigured Google Cloud storage bucket, hundreds of medical patients taking cancer drugs including Aromasin, Ibrance, and others are now vulnerable to phishing attacks as well as malware and identity fraud. The company hosting the leaked information, pharmaceutical giant Pfizer, left the Google Cloud storage

Yesterday, Adobe released another out-of-band patch, occurring outside of the company’s typical monthly security fix release cycle. The updates impact Adobe Illustrator, Dreamweaver, Marketo, After Effects, Photoshop, Animate, Premiere Pro, and other popular applications on both Windows and macOS machines. The first app the tech giant patched was Illustrator, which

According to researchers, the cybercriminals behind the creation of the sophisticated GravityRAT spyware have released new variants for macOS and Android. This marks the first time the operators behind the remote access trojan have administered new versions since its formation in 2015. According to researchers from Kaspersky, the group has

Google’s Waze app contains a serious security vulnerability that allows hackers to identify users and track their locations. The flaw has since been patched and was an API flaw that allowed security researcher Peter Gasper to use the app to uncover the true identity of drivers using it. Gasper is

On Monday, the Justice Department announced that a federal grand jury had charged six Russian intelligence officers labeled the Sandword team responsible for notoriously destructive attacks spanning the globe. The group has been traced back to the 2017 NotPetya outbreak that caused over $1 billion in damage to US organizations