GoDaddy said on Friday that its network suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites. GoDaddy is one of the world's largest domain registrars, with nearly 21 million customers and revenue in 2022 of almost $4 billion. READ MORE...
The FBI says it has contained a cyber incident at the agency's New York field office that reportedly affected a computer network used in child sexual exploitation investigations. In a statement to FedScoop, the agency said it is aware of the incident and is working to gain additional information. The FBI added: "This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time." READ MORE...
Burton Snowboards, a favorite brand for downhill shredders and X-Games fans everywhere, has closed down its e-commerce operations due to a "cyber incident" that occurred earlier this week. In an online system-outage update, the Burlington-based company noted that a Feb. 14 attack continues to impact "some of our operations," and added, "we are working closely with third-party specialists to investigate the incident and determine the full nature and scope." READ MORE...
Coinbase cryptocurrency exchange platform has disclosed that an unknown threat actor stole the login credentials of one of its employees in an attempt to gain remote access to the company's systems. As a result of the intrusion the attacker obtained some contact information belonging to multiple Coinbase employees, the company said, adding that customer funds and data remained unaffected. READ MORE...
A previously unknown threat actor is targeting telecommunications companies in the Middle East in what appears to be a cyber-espionage campaign similar to many that have hit telecom organizations in multiple countries in recent years. Researchers from SentinelOne who spotted the new campaign said they're tracking it as WIP26, a designation the company uses for activity it has not been able to attribute to any specific cyberattack group. READ MORE...
Fortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities (CVE-2022-39952, CVE-2021-42756) affecting its FortiNAC and FortiWeb solutions. Since cyberattackers love to exploit vulnerabilities in Fortinet enterprise solutions and a PoC exploit for CVE-2022-39952 is expected to be released soon, admins are advised to get a move on patching. READ MORE...
SolarWinds this week published multiple advisories describing high-severity vulnerabilities expected to be patched with a SolarWinds Platform update by the end of February. Out of a total of seven security defects, five are described as deserialization of untrusted data issues that could be exploited to achieve command execution. Four of them have a CVSS score of 8.8. READ MORE...
Security researchers have discovered a new backdoor called WhiskerSpy used in a campaign from a relatively new advanced threat actor tracked as Earth Kitsune, known for targeting individuals showing an interest in North Korea. The actor used a tried and tested method and picked victims from visitors to a pro North Korea website, a tactic known as a watering hole attack. READ MORE...
Malwarebytes warns of a remote code execution vulnerability impacting several Arris routers, for which proof-of-concept (PoC) exploit code has been released. Tracked as CVE-2022-45701, the bug exists because the router firmware does not properly neutralize special characters in requests, which allowed security researcher Yerodin Richards to perform shell script command injection. READ MORE...
A human player has comprehensively defeated a top-ranked AI system at the board game Go, in a surprise reversal of the 2016 computer victory that was seen as a milestone in the rise of artificial intelligence. Kellin Pelrine, an American player who is one level below the top amateur ranking, beat the machine by taking advantage of a previously unknown flaw that had been identified by another computer. READ MORE...