The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new directive that will now require federal agencies to patch known exploited vulnerabilities within specific time frames. CISA has published a catalog listing approximately 290 vulnerabilities going back to 2017 that threat actors are currently actively exploiting in attacks against federal entities and other organizations. The catalog sets hard deadlines within which federal agencies are required to patch them. READ MORE...
The U.K. Labour Party notified members that some of their information was impacted in a data breach after a ransomware attack hit a supplier managing the party's data. The data breach was announced in a data breach notification published on the party's website after informing relevant authorities about the incident. "On 29 October 2021, we were informed of the cyber incident by the third party." the breach notice reads. READ MORE...
Federal prosecutors on Wednesday unsealed an indictment against a 22-year-old British man accused of stealing $784,000 in cryptocurrency from a Manhattan-based holding company. U.S. attorneys in the Southern District of New York say Joseph James O'Connor and his associates SIM-swapped three executives between March and May in 2019 at a company that maintained cryptocurrency wallet infrastructure for various international exchanges. READ MORE...
A new-ish threat actor sometimes known as "Tortilla" is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. Cisco Talos researchers said in a Wednesday report that they spotted the malicious campaign a few weeks ago, on Oct. 12. Tortilla, an actor that's been operating since July, is predominantly targeting U.S. victims. READ MORE...
A new Magecart threat actor is stealing people's payment card info from their browsers using a digital skimmer that uses a unique form of evasion to bypass virtual machines (VM) so it targets only actual victims and not security researchers. The Malwarebytes team discovered the new campaign, which adds an extra browser process that uses the WebGL JavaScript API to check a user's machine to ensure it's not running on a VM, researchers revealed in a blog post published Wednesday. READ MORE...
Google announced earlier this year that it is planning to forcefully transition as many of its users as possible to two-factor authentication (2FA). The company elaborated further in October, saying it was planning to auto-enroll 150 million Google accounts in 2FA by the end of the year. Now, with just two months left in the year, Android Police has found a few reports showing that the process has started, with some users finally being auto-enrolled in 2FA. READ MORE...
During the first day of Pwn2Own Austin 2021, contestants won $362,500 after exploiting previously unknown security flaws to hack printers, routers, NAS devices, and speakers from Canon, HP, Western Digital, Cisco, Sonos, TP-Link, and NETGEAR. At Pwn2Own Austin (previously known as Pwn2Own Mobile), security researchers will target mobile phones, printers, routers, network-attached storage, smart speakers, televisions, external storage, and other devices, all up to date and in their default configuration. READ MORE...
Google's latest monthly security patches for the Android operating system contains fixes for 39 flaws, including one security vulnerability that the tech giant says is being actively exploited in the wild. The security hole is described as a use-after-free (UAF) vulnerability in the Android operating system's kernel. UAF vulnerabilities can occur when a program uses dynamic memory incorrectly, giving attackers an opportunity to trick it into running their own malicious code. READ MORE...
Attackers are actively exploiting an "old" vulnerability (CVE-2021-22205) to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The additional bad news is that at least half of the 60,000 internet-facing GitLab installations the company detects are not patched against this issue. What are the attackers doing with these servers? Damian Menscher, a security reliability engineer responsible for DDoS defense at Google, says that some of them are used to generate DDoS attacks: READ MORE...