Outlook[.]com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service. This outage follows two major outages yesterday, creating widespread disruptions for global Outlook users, preventing users worldwide from reliably accessing or sending email and using the mobile Outlook app. READ MORE...
One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers. READ MORE...
An attacker under the Magecart umbrella has infected an unknown number of e-commerce sites in the US, UK, and five other countries with malware for skimming credit card numbers and personally identifiable information (PII) belonging to people making purchases on these sites. But in a new wrinkle, the threat actor is also using the same sites as hosts for delivering the card-skimming malware to other target sites. READ MORE...
Applications developed by public sector organizations tend to have more security flaws than applications created by the private sector, according to Veracode. The findings are notable because increased numbers of flaws and vulnerabilities in applications correlate with increased levels of risk. The research comes amid a flurry of recent initiatives by the federal government to strengthen cybersecurity, including efforts to reduce vulnerabilities in applications that perform critical government functions. READ MORE...
It's possible for threat actors to manipulate artificial intelligence chatbots such as ChatGPT to help them distribute malicious code packages to software developers, according to vulnerability and risk management company Vulcan Cyber. The issue is related to hallucinations, which occur when AI, specifically a large language model (LLM) such as ChatGPT, generates factually incorrect or nonsensical information that may look plausible. READ MORE...
Over 60,000 Android apps disguised as legitimate applications have been quietly installing adware on mobile devices while remaining undetected for the past six months. The discovery comes from Romanian cybersecurity firm Bitdefender which detected the malicious apps using an anomaly detection feature added to its Bitdefender Mobile Security software last month. READ MORE...
A spree initiated by a financially-motivated ransomware group that actively exploited a zero-day vulnerability in Progress Software's MOVEit file transfer service to steal customers' data is afoot. Exploits have been underway for at least four months, according to Trustwave, and the compromise of MOVEit databases has resulted in at least one follow-on attack that has ensnared multiple downstream victims. READ MORE...
Google's latest Chrome update is out, and this time the company hasn't minced its words about one of the two security patches it includes: Google is aware that an exploit for CVE-2023-3079 exists in the wild. There's no two-degrees-of-separation verbiage, as we've often seen from Google before, to say that the company "is aware of reports" of an exploit. READ MORE...