Clop, the ransomware crew that has exploited the MOVEit vulnerability extensively to steal corporate data, has given victims a June 14 deadline to pay up or the purloined information will be leaked. Organizations including British Airways, the BBC, and the Boots pharmacy chain in the UK have had their employees' records stolen by the Russian gang via the software flaw. It's feared thousands if not tens of thousands of workers have had their personal info swiped. READ MORE...
Pharmaceutical company Eisai has disclosed it suffered a ransomware incident that impacted its operations, admitting that attackers encrypted some of its servers. Eisai is a Tokyo-based pharmaceutical company with an annual revenue of $5.3 billion and over 10,000 employees. The company maintains nine manufacturing and fifteen medical research units in Japan, the United Kingdom, North Carolina, and Massachusetts. READ MORE...
Firefox's latest major update is out, following Mozilla's usual every-fourth-Tuesday release cycle. The list of security fixes this month (like full moons, there are sometimes two Firefox releases in a calendar month, but most months only have one) is splendidly short, and there aren't any critical bugs or zero-days in the list. But there's a fascinating bug that acts as a reminder that it's hard to write responsive, user-friendly browser code that's also strong against deliberate trickery. READ MORE...
Virtualization technology giant VMware on Wednesday shipped urgent patches to cover security defects in the Aria Operations for Networks product, warning that the flaws expose businesses to remote code execution attacks. VMware released an advisory documenting three critical-severity vulnerabilities haunting the network and application monitoring tool and called special attention to a command injection issue (CVE-2023-20887) that carries a CVSSv3 base score of 9.8/10. READ MORE...
A number of ransomware gangs have stopped using malware to encrypt targets' files and have switched to a data theft/extortion approach to get paid, 0mega - a low-profile and seemingly not very active threat actor - seems to be among them. 0mega (spelled with a zero) is a relative newcomer to the ransomware/extortion business. Evidence of its activities were first spotted roughly a year ago, when one victim - a UK-based electronics repair and refurbishment company. READ MORE...
Minecraft players should hold off on downloading any new mods or plugins while cybersecurity researchers try to track down a fix for malware ripping through the game. A worm virus named "fracturizer" has been found embedded in popular Minecraft modpacks, several game themes pulled together, which are then used by players to toggle between multiple mods, giving the player more experience options, as well as helping the malware spread. READ MORE...
Cisco on Wednesday announced patches for a critical vulnerability in its Expressway series and TelePresence Video Communication Server (VCS) enterprise collaboration and video communication solutions. Tracked as CVE-2023-20105 (CVSS score of 9.6), the vulnerability allows an administrator with 'read-only' rights to elevate their privileges to 'read-write'. READ MORE...
Regular WeLiveSecurity readers won't be stunned to read that cyberattacks and their methods keep evolving as bad actors continue to enhance their repertoire. It's also become a common refrain that as security vulnerabilities are found and patched (alas, sometimes after being exploited), malicious actors find new chinks in the software armor. Sometimes, however, it is not "just" a(nother) security loophole that makes the headlines, but a new form of attack. READ MORE...
Honda's e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account. Honda is a Japanese manufacturer of automobiles, motorcycles, and power equipment. In this case, only the latter division is impacted, so owners of Honda cars or motorcycles aren't affected. READ MORE...
Anyone who has taken a basic computer science class has undoubtedly spent time devising a sorting algorithm-code that will take an unordered list of items and put them in ascending or descending order. It's an interesting challenge because there are so many ways of doing it and because people have spent a lot of time figuring out how to do this sorting as efficiently as possible. READ MORE...