Helga Labus
Surge in identity crime victims reporting suicidal thoughts
Identity theft can have great financial impact on the victims, but the experienced emotional, physical and psychological impact can be even more devastating, according to the …
Bogus OfficeNote app delivers XLoader macOS malware
A new macOS-specific variant of the well known XLoader malware is being delivered disguised as the “OfficeNote” app. “Multiple submissions of this sample …
Open redirect flaws increasingly exploited by phishers
Phishing attacks using open redirect flaws are on the rise again, according to Kroll’s Cyber Threat Intelligence (CTI) team, which means organizations should consider …
Seiko joins growing list of ALPHV/BlackCat ransomware victims
Japanese watchmaker Seiko has been added to ALPHV (BlackCat) ransomware group’s victim list, following a data breach occurring in early August. The Seiko data breach The …
Juniper Networks fixes flaws leading to RCE in firewalls and switches
Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers …
WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)
RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR …
Chrome will tell users when extensions they use are removed from Chrome Web Store
Google will be extending the Safety check feature within the Chrome browser to alert users when a previously installed extension is no longer available in the Chrome Web …
Phishers use QR codes to target companies in various industries
A phishing campaign using QR codes has been detected targeting various industries, with the aim to acquire Microsoft credentials. “The most notable target, a major …
LinkedIn users targeted in account hijacking campaign
LinkedIn users are being targeted in an ongoing account hijacking campaign, getting locked out of their accounts; the hacked accounts are held for ransom. Users discussing …
Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)
Two stack-based buffer overflow bugs (collectively designated as CVE-2023-32560) have been discovered in Ivanti Avalanche, an enterprise mobility management solution. A buffer …
Major vulnerabilities discovered in data center solutions
Researchers have discovered serious security vulnerabilities in two widely used data center solutions: CyberPower’s PowerPanel Enterprise Data Center Infrastructure …
Microsoft 365 accounts of execs, managers hijacked through EvilProxy
A phishing campaign leveraging the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at …