U.S. Water and Wastewater Systems (WWS) Sector facilities have been breached multiple times in ransomware attacks during the last two years, U.S. government agencies said in a joint advisory on Thursday. The advisory also mentions ongoing malicious activity targeting WWS facilities that could lead to ransomware attacks affecting their ability to provide potable water by effectively managing their wastewater. READ MORE...
Thingiverse, a site that hosts free-to-use 3D printer designs, has suffered a data breach - and at least 228,000 unlucky users' email addresses have been circulating on black-hat crime forums. News of the breach came from Have I Been Pwned (HIBP), whose maintainer Troy Hunt uploaded the 228,000 breached email addresses to the site after being tipped off to their circulation on the forums. READ MORE...
Phishing actors are following a new trend of targeting non-executive employees but who still have access to valuable areas within an organization. As reported by Avanan researchers, half of all phishing emails they analyzed in recent months impersonated non-executives, and 77% of them targeted employees on the same level. Previously, phishing actors would impersonate CEOs and CFOs to trick company employees in targeted phishing attacks. READ MORE...
Networking and cybersecurity solutions provider Juniper Networks this week released more than 40 security advisories to describe over 70 vulnerabilities that affect the company's products. Roughly half of the advisories describe critical and high-severity vulnerabilities, including ones that can be exploited for denial-of-service (DoS) attacks, remote code execution (including through XSS attacks), privilege escalation, and security bypass. READ MORE...
Researchers at Imperva uncovered a new ad injection campaign based on an adblocker named AllBlock. The AllBlock extension was available at the time of writing for Chrome and Opera in the respective web stores. While disguising your adware as an adblocker may seem counterintuitive, it is actually a smart thing to do. But let's have a look at what they did and how, first. READ MORE...
When Township High School District 214 in Illinois got rickrolled all at once across its six different schools just before graduation, it was more than a meticulously executed senior prank. Cybersecurity star-in-the-making and recent high-school graduate Minh Duong found, and was able to exploit, a zero-day bug in the district's Exterity IPTV system. The goof was received in good humor by school administrators, luckily for Minh and his cohorts, and the bug was reported to Exterity. READ MORE...