01 Jun 2022

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

Microsoft has released a workaround for a critical zero-day flaw that is reportedly being actively exploited by threat actors. Dubbed ‘Follina,’ the vulnerability was originally identified in April and has been leveraged by attackers to target organizations in Russia and Tibet. The flaw is tracked as CVE-2022-3019 and is a

Read More
31 May 2022

US Academic Credentials Displayed in Public and Dark Web Forums

The Federal Bureau of Investigation (FBI) has warned the public of a new threat via a Private Industry Notification. The warning targets universities, colleges, and higher education institutions that credentials have been advertised for same on dark web criminal marketplaces. According to the FBI, the credentials were discovered in January

Read More
31 May 2022

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats

Security researchers have warned that the ChromeLoader browser hijacker could provide a gateway into bigger threats, such as the capability to spread ransomware, spyware, and steal data from browser sessions. Researchers state that the malware’s use of PowerShell could further this malicious activity, transforming it from a run-of-the-mill browser hijacker

Read More
31 May 2022

Turkish Airline Exposes Flight and Crew Info in 6.5TB Leak

Low-cost Turkish airline Pegasus Airlines has accidentally leaded the personal information of its flight crew, source code, and flight data due to a misconfigured AWS bucket. SafetyDetectives, a research team, discovered the unsecured database on February 28 and was able to trace the leaked information to the Electronic Flight Bag

Read More
31 May 2022

Singapore ups investment in quantum computing to stay ahead of security threats

Singapore announced last week that it plans to set aside $17.09 million to support national platforms under the Quantum Engineering Programme for up to 3.5 years. The program is part of the country’s Research, Innovation, and Enterprise plan set forth in 2020 that aims to ensure encryption technologies remain diligent

Read More
27 May 2022

India’s SpiceJet Strands Planes After Being Hit By Ransomware Attack

SpiceJet, an India-based airline, was forced to delay numerous flights on Wednesday after being hit by a ransomware attack that occurred on Tuesday. The company released a post to Twitter confirming that its operations had been impacted by the cybersecurity incident. On Thursday, morning flight departures were still suffering from

Read More
27 May 2022

Cybergang Claims REvil is Back, Executes DDoS Attacks

According to researchers at Akamai, actors claiming to be the REvil ransomware group is targeting one of its customers with a Layer 7 attack. The group has also demanded an extortion payment in Bitcoin from Akami’s client. The defunct REvil ransomware gang went dark in July 2021 after several law

Read More
27 May 2022

Critical Flaws in Popular ICS Platform Can Trigger RCE

Cisco Talos has reportedly uncovered eight vulnerabilities in the Open Automation Software, a popular industrial control system (ICS) platform. Two of the flaws are categorized as critical, meaning that they pose a risk for infrastructure networks and should be addressed immediately. Exploiting the flaws could lead to remote code execution

Read More
26 May 2022

U.S. Cybersecurity Agency ‘Strongly Urges’ You Patch These 75 Actively Exploited Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has identified 75 security vulnerabilities that pose a significant risk to its list of flaws that should be patched immediately. All of the vulnerabilities are known to be actively exploited, heightening the risk of an attack. For organizations, there are risks of

Read More
26 May 2022

Multi-Continental Operation Leads to Arrest of Cybercrime Gang Leader

Interpol has announced that the organization was able to track down and apprehend the suspected leader of a transnational cybercrime syndicate. The 37-year-old individual was arrested in Nigeria and is believed to have lead major phishing campaigns, business email compromise schemes, and other malicious behavior that targeted companies and individuals.

Read More