Log4j, despite its prevalence and difficulty to find, was exploited at lower levels than experts predicted when it was disclosed in December 2021, the Cyber Safety Review Board said in a post-mortem incident report released Thursday. Secretary of Homeland Security Alejandro Mayorkas delivered the report to President Joe Biden. Yet, Log4j is an "endemic vulnerability," likely to persist for years or even decades, the review board said. "The Log4j event is not over." READ MORE...
The bad news keeps on rolling for British recruitment agency Morgan Hunt amid confirmation it suffered a digital burglary, with intruders making off with the personal data for some of the freelancers on its books. In a letter to contractors, Morgan Hunt - which provides personnel services to clients in the charity education, finance, government, housing and technology sectors - confirmed the break-in: READ MORE...
Stuxnet's attack on Iran's uranium enrichment facilities manifested fears of cyberattacks leaking into the real world. What once was theory is now upon us. Two weeks ago, multiple Iranian steel facilities experienced a cyberattack that might have been pulled off by what many cybersecurity experts in the field believe is "a professional and tightly regulated team of state-sponsored military hackers, who may even be obliged to carry out risk assessments before they launch an operation." READ MORE...
Web protection firm Cloudflare warns that a small but powerful botnet has launched distributed denial-of-service (DDoS) attacks on roughly 1,000 organizations over the past month alone. Dubbed Mantis, the botnet is responsible for a record-breaking 26 million requests per second (RPS) HTTPS DDoS attack observed in June, and it has since continued to display strength, with more than 3,000 attacks launched over the past several months. READ MORE...
Security researchers have spotted fresh flaws in Lenovo laptops just months after the vendor patched a bunch of its products. The PC maker has now fixed the trio of bugs, which were flagged up by ESET this week. More than 70 models were impacted by this latest issue, including a number of ThinkBook devices. The vulnerabilities reported were buffer overflows in the UEFI firmware. READ MORE...
For more than a year, North Korean hackers have been running a ransomware operation called HolyGhost, attacking small businesses in various countries. The group has been active for quite a while but it failed to gain the notoriety and financial success of other gangs even if the operation followed the same recipe: double extortion combined with a leak site to publish the name of the victims and stolen data. READ MORE...
Researchers have discovered a new phishing kit that injects malware into legitimate WordPress sites and uses a fake PayPal-branded social engineering scam to trick targets into handing over their most sensitive data, including government documents, photos, and even banking information - under the guise of security controls. Akamai researchers said the attackers use a file management WordPress plug-in to deploy the phishing kit. READ MORE...
On April 18, 2022, a handful of US citizens scrambled to get their taxes filed. While tax season is usually a stressor, consider that these filers got some unsolicited help. Imagine that somehow, strangers that might resemble angels just appeared in their lives, offering guidance and help to work with them through this process … all through the computer screen. READ MORE...