A security firm holding a grudge against WordPress recently released proof-of-concept (PoC) code for two zero-days affecting two official Facebook plugins for WordPress. The impacted plugins are “Messenger Customer Chat” (20,000 installations) and “Facebook for WooCommerce” (200,000 installations). The flaws are tricky to exploit, but can enable threat actors to

New research by Dragos indicates that the threat actors behind the 2017 Triton (aka Trisis) malware attack that shut down a petrochemical plant in Saudi Arabia, started to scan power grids in the US and Asia-Pacific regions at the end of last year. Because of this, analysts are worried that

A new survey by Shred-it shows that data breaches are very often the result of human error. The majority of C-suite executives (53%) and more than a quarter of Small Business Owners (SBOs) (28%) point to human error or accidental loss by an external vendor/source as the cause of data

US intelligence officials have been investigating the Russian power grid since at least 2012 and recently began targeting power grid control systems in offensive operations, according to a recent New York Times report based on information from current and former government officials. The offensive operations involved infecting Russian systems with

Once again, Twitter has purged thousands of inauthentic user accounts connected to influence operations. A total of 4,779 accounts were removed, many of which were tied to the Iranian regime, while a few were linked to Russia. According to the social media platform, more than 1,600 of the fraudulent accounts

Last month, cybercriminals managed to scam the City of Burlington in Canada out of CAD $503,000 (around USD $375,000). The city officially referred to the incident as “a complex phishing email,” but the phishing method used is more commonly known as a business email compromise (BEC) scam. The threat actors

Last week, four intelligence experts warned the US House Intelligence Committee in a testimony about the growing risks resulting from the development of increasingly sophisticated deepfakes, which are images or videos doctored by artificial intelligence (AI) that show individuals saying and doing things they never said or did. Committee chairman

Europol is developing a “cryptocurrency tracing game” that is intended as training material on cryptocurrency crime prevention. The agency says the game “will allow law enforcement officers to get hands-on training and advice on tracing cryptocurrencies in criminal investigations,” according to Europol. This is the first time gamification is used

A recent report by Kaspersky shows that threat actors are increasingly targeting the gaming community by distributing malware disguised as pirated copies of popular video games. Over the course of 2018 and the first part of 2019, more than 900,000 users downloaded malicious files thinking they were illegal copies of

A recent string of data breaches impacting three US universities serves as a reminder that universities are major targets for cybercrime. Graceland University discovered that an “unauthorized user gained access to the email accounts of current employees,” and was thereby able to obtain the personal information of anyone who had