Security News

This is the sort of situation facing more and more companies, as cybercriminals not only take advantage of existing vulnerabilities in the open-source ecosystem, but actively work to inject their own, giving them the chance to attack supply chains at their leisure. This session, featuring a panel of experts from Immersive Labs, takes you through the decision-making process you would face as you try to protect your own organisation as well your customers.

Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks. It is possible to install the update immediately simply by going into the Chrome menu > Help > About Google Chrome.

Sports equipment and sportswear brand Mizuno is affected by phone outages and order delays after being hit by ransomware, BleepingComputer has learned from sources familiar with the attack. Mizuno is a Japanese sports equipment and sportswear company with over 3,800 employees and locations throughout Asia, Europe, and North America.

A zero-day remote code-execution bug in the Magento 2 and Adobe Commerce platforms has been actively exploited in the wild, Adobe said - prompting an emergency patch to roll out over the weekend. If you are running Magento 2.3 or 2.4, install the custom patch from Adobe ASAP, ideally within the next few hours;.

Adobe rolled out emergency updates for Adobe?Commerce and?Magento Open Source to fix a critical vulnerability tracked as CVE-2022-24086 that's being exploited in the wild. Administrators of online stores running Adobe Commerce or Magento Open Source versions 2.4.3-p1/2.3.7-p2 and below are strongly advised to prioritize addressing CVE-2022-24086 and apply the update as soon as possible.

Setting out how the combination of military and mobile telecom-enabled targeting capabilities can create a battlefield advantage; the paper illustrates the consistency of such a model with the concept of hybrid warfare. Since detecting this threat actor, periodic reconnaissance activities were observed in at least 7 target mobile networks around the world and given the wide geographic distribution of these targeted mobile operators, it is probable that the threat actor is active on a global scale.

Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021. "Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors' growing technological sophistication and an increased ransomware threat to organizations globally," the agencies said in the joint bulletin.

The NFL's San Francisco 49ers team is recovering from a cyberattack by the BlackByte ransomware gang who claims to have stolen data from the American football organization.The 49ers confirmed the attack in a statement to BleepingComputer and said it caused a temporary disruption to portions of their IT network.

The US government has added 15 vulns under active attack to a little-known but very useful public database: its Known Exploited Vulnerabilities catalogue. Building on numerous advisory notes over the past few years warning of currently exploited tools, the Cybersecurity and Infrastructure Security Agency now maintains a public list of vulnerabilities that are, or have been, actively exploited.

FBI: Criminals escalating SIM swap attacks to steal millions of dollars. The FBI says criminals have escalated SIM card swap attacks to hijack victims' phone numbers and steal millions of dollars from fiat and virtual currency accounts.