Security News > 2023 > May

The viral video of the "Mediterranean beef squid"is a hoax. It's not even a deep fake; it's a plastic toy.

"Unfortunately, one of our primary login domains was seized today. Therefore, we recommend using the domain singlelogin.re to log in to your account, as well as to register. Please share this domain with others," Z-Library said in a Telegram post. Z-Library's seized domains now display a banner indicating that the FBI seized them in accordance with a warrant issued pursuant to 18 U.S.C. 981(b) and 21 U.S.C. 853(f) by the United States District Court for the Eastern District of New York.

There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit. Adding to the problem is the fact that the adapter reached its end of life in June 2020, and while the last date to extend or renew a service contract for the product isn't until August 2024, Cisco said in the advisory it will not release firmware updates to address the flaw and there are no workarounds.

While it may seem counterintuitive to target a local government, Bill Siegel of ransomware incident response firm Coveware told BleepingComputer that approximately 35% of public sector cases they handled paid a ransom. PCrisk found new STOP ransomware variants that append the.

The city of Dallas, Texas, is working to restore city services following a ransomware attack that crippled its IT systems. "The city is experiencing a service outage and is working to restore services," the city's website read on Friday morning.

Like PyPI for Pythonistas, Gems for Ruby fans, NPM for JavaScript programmers, or LuaRocks for Luaphiles, Packagist is a repository where community contributors can publish details of PHP packages they've created. Unlike PyPI, which provides its own servers where the actual library code is stored, Packagist links to, but doesn't itself keep copies of, the code you need to download. There's an upside to doing it this way, notably that projects that are managed via well-known source code services such as GitHub don't need to maintain two copies of their official releases, which helps avoid the problem of "Version drift" between the source code control system and the packaging system.

A new Android malware called 'FluHorse' has been discovered, targeting users in Eastern Asia with malicious apps that imitate legitimate versions. The apps mimicked by the FluHorse carrier apps are 'ETC,' a toll-collection app used in Taiwan, and 'VPBank Neo,' a banking app in Vietnam.

Roid security updates released this month patch a high-severity vulnerability exploited as a zero-day to install commercial spyware on compromised devices. According to a Google Threat Analysis Group report published in March, it was exploited as part of a complex chain of multiple 0-days and n-days in a spyware campaign targeting Samsung Android phones.

Canadian diversified software company Constellation Software confirmed on Thursday that some of its systems were breached by threat actors who also stole personal information and business data. Constellation Software acquires, manages, and builds software businesses through six operating groups: Volaris, Harris, Jonas, Vela Software, Perseus Group, and Topicus.

Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks. The two plugins are among WordPress's most popular custom field builders, with 2,000,000 active installs on sites worldwide.