Aleksandr Brovko, formerly of the Czech Republic, will serve eight years in prison for his role in operating a scheme to steal and traffic sensitive personal and financial information in an operation that resulted in a loss to victims of some $100 million. Brovko, a Russian national, was sentenced on October 30 after pleading guilty in February to conspiracy to commit bank and wire fraud. READ MORE...
BEC attacks increased 15% quarter-over-quarter, driven by an explosion in invoice and payment fraud, Abnormal Security research reveals. "As the industry's only measure of BEC attack volume by industry, our quarterly BEC research is important for CISOs to prepare and stay ahead of attackers," said Evan Reiser, CEO of Abnormal Security. "Not only are BEC campaigns continuing to increase overall, they are rising in 75% of industries that we track." READ MORE...
Google has released updates to address multiple vulnerabilities in the Chrome browser, including two that are actively exploited in attacks. Chrome 86.0.4240.183 for Windows, macOS, and Linux was pushed to the stable channel with patches for a total of seven vulnerabilities, all of which feature a severity rating of high. Google said it awarded $36,000 in bug bounty rewards to the researchers who discovered the newly addressed vulnerabilities. READ MORE...
Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server. The vulnerability (CVE-2020-14750) has a CVSS base score of 9.8 out of 10, and is remotely exploitable without authentication (meaning it may be exploited over a network without the need for a username and password). While specific details of the flaw were not disclosed, Oracle's alert said it exists in the Console of the Oracle WebLogic Server and can be exploited via the HTTP network protocol. READ MORE...
The day after WordPress pushed out a critical 5.5.2 security update, patching a remote code execution bug and nine additional flaws, it was forced push out a second update and then a third 5.5.3 update. The hiccup is tied to the WordPress auto-update feature that accidentally started sending 455 million websites a WordPress update (5.5.2) that caused new WordPress installs to fail. READ MORE...
Healthcare is not in a good place right now. With some countries and states deciding to go back in to lockdown due to the continued rise of reported COVID-19 infections-and several garnering record-high numbers compared to when almost every country initially went into lockdown-it seems horrible timing that hospital ransomware is back in the news. But cybercriminals behaving like criminals isn't something that we should be shocked about. READ MORE...
Over 100,000 computers remain affected by the Windows vulnerability known as SMBGhost, more than half a year after a patch was rolled out, new research reveals. Tracked as CVE-2020-0796 and featuring a CVSS score of 10, the critical vulnerability was addressed in March 2020 via an out-of-band update. Weeks later, information on how it can be abused to escalate privileges and cause a denial of service condition was made public. READ MORE...
This morning, GitHub's pristine layout vanished off of the repository, in what looks like a miss on the company's part in renewing an SSL certificate. Soon, reports emerged all over the internet from users who had to endure a broken GitHub experience. The expired certificate prevented numerous resources like images, JavaScript, and CSS stylesheets from correctly loading on GitHub. READ MORE...