Security News > 2023 > October

Are you excited to pursue a cybersecurity career but unsure where to begin? Whether you're a student, an incoming professional, or ready to work in a different field, the tried-and-tested career hacks in this eBook will help you get your start in cybersecurity. You don't need work experience - just a passion and the drive to enter a challenging and rewarding field that protects the world from cyber threats and bad actors.

Sponsored The cyber attack which culminated in the personal details of 1.5m patients being compromised after hackers broke into the databases of SingHealth in 2018 provides a stark illustration of why organizations in Singapore need to remain vigilant and well protected against further incidents. Fostering the knowledge and expertise to do precisely that is the intention behind the Exercise Cyber Star program.

The popular D-Link DAP-X1860 WiFi 6 range extender is susceptible to a vulnerability allowing DoS attacks and remote command injection. An attacker within the extender's range can set up a WiFi network and deceptively name it similar to something the target is familiar with but include a tick in the name, like 'Olaf's Network,' for example.

The ALPHV ransomware gang has claimed an attack that affected state courts across Northwest Florida last week. The presence of Florida's First Judicial Circuit's data leak page on ALPHV's website suggests that the court has either not engaged in negotiations with the ransomware operation or has firmly declined to meet the gang's demands.

A memory corruption vulnerability in the open-source libcue library can let attackers execute arbitrary code on Linux systems running the GNOME desktop environment. Libcue, a library designed for parsing cue sheet files, is integrated into the Tracker Miners file metadata indexer, which is included by default in the latest GNOME versions.

Multiple Balada Injector campaigns have compromised and infected over 17,000 WordPress sites using known flaws in premium theme plugins. Balada Injector is a massive operation discovered in December 2022 by Dr. Web, which has been leveraging various exploits for known WordPress plugin and theme flaws to inject a Linux backdoor.

A new Magecart card skimming campaign hijacks the 404 error pages of online retailer's websites, hiding malicious code to steal customers' credit card information. All websites feature 404 error pages that are displayed to visitors when accessing a webpage that does not exist, has been moved, or has a dead/broken link.

An ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of...

A former US Army Sergeant with Top Secret US military clearance created a Word document entitled "Important Information to Share with Chinese Government," according to an FBI agent's sworn declaration. The DoJ said Schmidt retired from active duty in January 2020, traveling to China, then back to the US, then to Istanbul in February 2020, before returning to the US again, and then going back to China in March 2020.

Hackers are conducting a large-scale campaign to exploit the recent CVE-2023-3519 flaw in Citrix NetScaler Gateways to steal user credentials. The flaw is a critical unauthenticated remote code execution bug discovered as a zero-day in July that impacts Citrix NetScaler ADC and NetScaler Gateway.