Security News
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. Currently installed on more than 30,000 websites, WP Automatic lets administrators automate content importing from various online sources and publishing on their WordPress site.
Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple...
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the...
Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also...
Social engineering has also increased, now representing 19% of phishing attacks and phishing emails are over three times longer than they were in 2021, likely due to the increase in use of generative AI. On the other hand, the use of attachment-based payloads has decreased since 2021; three years ago, these accounted for 72.7% of attacks detected by Egress, and by the first quarter of 2024, this had fallen to 35.7% as threat actors evolve their payloads to evade cybersecurity efforts. Generative AI is also expected to increase attack success rate, including creating payloads such as malware, phishing websites and invoices for wire fraud attacks as cybercriminals look to streamline their processes and deliver more efficient campaigns at even swifter pace.
A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. Cisco Talos assesses with moderate confidence that the campaign is a CoralRaider operation, based on similarities in tactics, techniques, and procedures with past attacks attributed to the threat actor.
Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact...
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Synlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline.Part of the Synlab group that is present in 30 countries worldwide, the Synlab Italia network operates 380 labs and medical centers across Italy.
Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigationWhile it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be possible by disabling the devices' telemetry, it has now been confirmed that this mitigation is ineffectual. Geopolitical tensions escalate OT cyber attacksIn this Help Net Security interview, Andrew Ginter, VP of Industrial Security at Waterfall Security, discusses operational technology cyber attacks and their 2024 Threat Report.