Invicta Malware Delivered Through Fake GoDaddy Refund Invoices

Invicta Malware Delivered Through Fake GoDaddy Refund Invoices

The creator of this Invicta malware is heavily active on social networking sites, using them to advertise their information-stealing malware and its deadly powers. GoDaddy refund emails have become a common tool hackers use to deceive customers into downloading malware....

/ May 29, 2023
New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force

New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force

May 29, 2023Ravie LakshmananAuthentication / Mobile Security Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed BrutePrint, bypasses limits put...

/ May 29, 2023
Data Breach at MCNA Dental Insurer Impacts 9 Million Users

Data Breach at MCNA Dental Insurer Impacts 9 Million Users

The discovery of unauthorized access to MCNA Insurance Company’s systems occurred on March 6th 2023, although the initial breach had taken place as early as February 26th 2023. MCNA Insurance Company, a prominent US-based dental benefits manager serving millions of...

/ May 29, 2023
Dark Frost botnet launches a large-scale DDoS attack compromising hundreds of devices

Dark Frost botnet launches a large-scale DDoS attack compromising hundreds of devices

Posted on May 29, 2023 at 8:19 AM A new botnet known as Dark Frost has been detected to be behind a distributed denial-of-service (DDoS) attack within the gaming industry. The botnet has expanded in terms of activity and it...

/ May 29, 2023
Commercial PREDATOR Spyware - Delivered Through Zero-Click Exploit

Commercial PREDATOR Spyware – Delivered Through Zero-Click Exploit

A commercial spyware product offered by the spyware company Intellexa (formerly Cytrox) has been described by Cisco Talos. By designing deployment procedures that frequently call for little to no user engagement, spyware vendors go to significant efforts to make the final...

/ May 28, 2023
Stealing From Wallets to Browsers: Bandit Stealer Hits Windows Devices

Stealing From Wallets to Browsers: Bandit Stealer Hits Windows Devices

A new info-stealing malware called Bandit Stealer is capable of evading detection and stealing personal and financial banking data stored in cryptocurrency wallets and web browsers. Bandit Stealer is a new information stealer that Trend Micro cybersecurity researchers recently detected....

/ May 27, 2023
Free VPN Data Breach - Over 360 Million User Records Exposed

Free VPN Data Breach – Over 360 Million User Records Exposed

Based on reports from Jeremiah Fowler, a non-password-protected database exposed nearly 360 million records related to a VPN. The database contained email addresses, device information, and even website references that users visited. According to the investigation, these records belonged to...

/ May 27, 2023
New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. “It has the potential to expand to other platforms as Bandit Stealer was...

/ May 27, 2023
Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

May 27, 2023Ravie LakshmananAPI Security / Vulnerability A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on...

/ May 27, 2023
Hackers exploit XSS flaw in a WordPress cookie consent plugin

Hackers exploit XSS flaw in a WordPress cookie consent plugin

Posted on May 27, 2023 at 9:24 AM Hackers have been launching ongoing attacks targeting WordPress sites. These attacks have been targeted at an unauthenticated stored cross-site scripting (XSS) vulnerability within a WordPress cookie consent plugin known as Beautiful Cookie...

/ May 27, 2023
Gaming Firms and Community Members Hit by Dark Frost Botnet

Gaming Firms and Community Members Hit by Dark Frost Botnet

Researchers believe Dark Frost was created using stolen/leaked source code from Qbot, Gafgyt, and Mirai malware to carry out DDoS attacks. Web infrastructure company Akamai’s Security Intelligence Response Team has discovered a new botnet targeting the gaming industry with DDoS...

/ May 26, 2023
Mirai Malware Hits Zyxel Devices After Command Injection Bug

Mirai Malware Hits Zyxel Devices After Command Injection Bug

Zyxel informed its customers about the security flaw on 25 April 2023 and announced patches for impacted firewalls, which included USG Flex, ATP, ZyWALL/USG, and VPN. A variant of the Mirai botnet has successfully hacked various Zyxel Firewalls after exploiting...

/ May 26, 2023