American fashion brand and retailer Guess is notifying affected customers of a data breach following a February ransomware attack that led to data theft. "A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorized access to Guess' systems between February 2, 2021 and February 23, 2021," the company said in breach notification letters mailed to impacted customers. READ MORE...
The FBI has sounded an alert amongst owners of cryptocurrency, digital currency exchanges, and cryptocurrency payment platforms that their virtual riches are being actively targeted by malicious hackers. As Bleeping Computer reports, the FBI has warned those who hold or handle large amounts of cryptocurrency that cybercriminals are using a variety of methods in their attempts to steal fortunes. READ MORE...
SolarWinds has issued a hotfix for a zero-day remote code execution (RCE) vulnerability already under active, yet limited, attack on some of the company's customers. Microsoft alerted the company about the flaw, which affects its Serv-U Managed File Transfer Server and Serv-U Secured FTP products. Specifically, the vulnerability exists in the latest Serv-U version 15.2.3 HF1 released on May 5 of this year, as well as all prior versions, the company said in a security advisory posted over the weekend. READ MORE...
Kaseya made good on its promise to issue patches by July 11. On Saturday, the company behind the Virtual System/Server Administrator (VSA) platform that got walloped by the REvil ransomware-as-a-service (RaaS) gang in a massive supply-chain attack released urgent updates to address critical zero-day security vulnerabilities in VSA. Kaseya released the VSA 9.5.7a (9.5.7.2994) update to fix three zero-day vulnerabilities used in the ransomware attacks. READ MORE...
Hackers compromised gambling sites to deliver a new remote access trojan (RAT) called BIOPASS that enables watching the victim's computer screen in real time by abusing popular live-streaming software. Apart from the unusual feature, which comes on top of the regular functions seen in RATs, the malware can also steal private data from web browsers and instant messaging applications. READ MORE...
Social media companies intentionally make it very easy to set up new accounts and profiles. After all, the greater the number of users, the more the company is worth. This poses some challenges for the way the public forms opinions about the Defense Department. You see, the same convenience that allows you to join a new social network with no hassle has enabled online scammers to set up profiles impersonating members of the military, a trend that's rising rapidly. READ MORE...
Several programmable logic controllers (PLCs) from Schneider Electric's Modicon series that automate industrial processes in factories, energy utilities, HVAC systems and other installations are impacted by a flaw that could allow hackers to bypass their authentication mechanism and execute malicious code. According to researchers from security firm Armis, who found and reported the vulnerability, attackers with network access to impacted controllers could exploit the issue to install malware. READ MORE...