Censys, an attack surface management firm, has identified roughly 30,000 internet-exposed QNAP network attacked storage appliances that have been affected by a critical vulnerability. The vulnerability is a critical-severity code injection vulnerability that is described as an SQL injection bug. It allows remote attackers to inject malicious code into vulnerable

On Monday, GitHub confirmed that threat actors stole digital certificates used for applications such as Desktop and Atom in a cyberattack that occurred in December 2022. GitHub stated that it investigated the incident and determined that there was no risk to GitHub’s services and that it detected no unauthorized changes

Security researchers have identified a highly successful new business email compromise (BEC) group. The group has been named Firebrick Ostrich and has conducted at least 347 campaigns since April 2021. Firebrick Ostrich uses relatively unsophisticated techniques to target organizations, such as open source research to identify existing contracts and vendors,

On Tuesday, Microsoft and cybersecurity firm Proofpoint warned that a threat actor had recently abused Microsoft’s verified publisher status to launch a campaign involving malicious OAuth applications. The warning stated that organizations using cloud services should be aware of the campaign, especially those in Ireland and the UK. Microsoft has

TrickGate, a malicious live software service, has been deployed by threat actors in recent attacks to bypass endpoint detection. The malware is not new, and has been deployed against detection measures and response protection software for six years. Check Point Research recently released a report detailing TrickGate and its usage

According to recent reports, Russian hactivists targeted several hospitals across the US and the Netherlands with DDoS attacks. The campaign targeted facilities including the University of Michigan Hospital and Stanford Health Care Center. The recent attacks may be in response to President Biden’s recent decision to send dozens of Abrams

JD Sports has advised its customers to change their passwords after the discovery of a cyberattack that may have resulted in the exposure of data belonging to 10 million customers. JD Sports notified its users of the breach via email, stating that the attack impacts customers who placed orders between

Microsoft has confirmed that it plans to change its software to automatically block all XLL add-in files that have been downloaded from the internet. The reasoning behind the update is to prevent phishing attacks and malware downloads that rely on these types of lures. Microsoft stated that the plans will

The US Government Accountability Office (GAO) released a report last Thursday highlighting federal agencies’ failure to implement cybersecurity recommendations. The GAO found that 60% of the cybersecurity recommendations made by the office since 2010 have not been implemented. The GAO stated that the failure to follow the recommendations results in

The FBI has announced that it confirmed a link between North Korean hackers and the $100 million Horizon Bridge Heist that occurred in June 2022. Horizon bridge is a platform designed to enable cryptocurrency holders to transfer assets between networks such as the Ethereum Network, Binance Chain, Bitcoin, and Harmony’s