The FBI issued an alert on Thursday to inform the higher education sector about the exposure of credentials that can allow threat actors to access user accounts or an organization's network. According to the FBI, cybercriminals have been selling usernames and passwords on various public and dark web forums. The agency has provided three examples. One example, from January 2022, involves the sale of credentials belonging to US-based universities and colleges on Russian cybercrime forums. READ MORE...
Hundreds of Indian air travellers were stranded inside their planes after the low-cost airline SpiceJet cancelled or delayed flights due to an "attempted ransomware attack", the company has said. Many angry passengers, some of whom were left waiting inside their planes for up to five hours earlier this week, complained about a lack of communication from the budget carrier. READ MORE...
Tax software vendor Intuit has warned that QuickBooks customers are being targeted in an ongoing series of phishing attacks impersonating the company and trying to lure them with fake account suspension warnings. Today's alert comes after Intuit received multiple user reports who received these phishing emails and notified their QuickBooks accounts were suspended following a failed business info review. READ MORE...
Mozilla has published updates for two critical security issues in Firefox and Thunderbird, demonstrated during Pwn2Own Vancouver. The vulnerabilities, discovered in the Firefox JavaScript engine (shared by the Firefox-based Tor browser) relate to Firefox 100.0.2, Firefox for Android 100.3.0, and Firefox ESR 91.9.1. For users of Thunderbird, the vulnerability there is in relation to Thunderbird 91.9.91. READ MORE...
A strain of Windows uses PowerShell to add a malicious extension to a victim's Chrome browser for nefarious purposes. A macOS variant exists that uses Bash to achieve the same and also targets Safari. The makers of the ChromeLoader software nasty ensure their malware is persistent once on a system and is difficult to find and remove, according to threat hunters at cybersecurity shop Red Canary, who have been tracking the strain since early February and have seen a flurry of recent activity. READ MORE...
Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products. While the vulnerabilities aren't rated as critical, they are still significant on their own and can be abused by threat actors as part of exploit chains. Large organizations use Zyxel products, and any exploitable flaws in them immediately capture the attention of threat actors. READ MORE...
GitHub has revealed it stored a "number of plaintext user credentials for the npm registry" in internal logs following the integration of the JavaScript package registry into GitHub's logging systems. The information came to light when the company today published the results of its investigation into April's unrelated OAuth token theft attack, where it described how an attacker grabbed data including the details of approximately 100,000 npm users. READ MORE...