Security News

As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed at the plugins and themes in a period of 36 hours with the goal of taking over the websites and carrying out malicious actions.

Ramamoorthy is firmly on the affirmative side for using AI to fight cybercrime. "Attackers use powerful techniques like AI to exploit unsuspecting end-users to gain access to privileged information by compromising said access points."

Approximately 330 SPAR shops in North East England face severe operational problems following a weekend cyberattack, forcing many stores to close or switch to cash-only payments. SPAR is an international supermarket franchise that operates 13,320 stores in 48 countries, but the recent security incident only affected stores in the northern part of England.

Last month saw an alarming rise in cyberattacks against healthcare facilities. Ransomware attacks across the globe locked 68 care providers out of their respective networks during Q3 of this year alone, threatening patient safety and privacy.

As of Friday - as in, shopping-on-steroids Black Friday - retail titan IKEA was wrestling with a then-ongoing reply-chain email phishing attack in which attackers were malspamming replies to stolen email threads. The phishing emails were coming from internal IKEA email addresses, as well as from the systems compromised at the company's suppliers and partners.

IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails. A reply-chain email attack is when threat actors steal legitimate corporate email and then reply to them with links to malicious documents that install malware on recipients' devices.

The software industry does not currently track the source of all code, nor does it grade the level of security standards applied in these international code factories. Establish a grading scale to rate each piece of code to more effectively determine the risk a company is inheriting from the code.

Vestas Wind Systems, a leader in wind turbine manufacturing, has shut down its IT systems after suffering a cyberattack. Vestas is a leading North American manufacturer, installer, and servicing company for wind turbines, with 40,000 MW installed and 36,000+ MW under service in the U.S. and Canada.

The U.S. Department of Justice has unsealed charges against two Iranian nationals for cyberattacks against the U.S. 2020 presidential campaign, and there's a $10 million reward offered for information on their activities. Kazemi and Kashian allegedly breached at least one state election website and attempted to access 110 others, sent threatening emails to voters, distributed a disinformation video about election infrastructure vulnerabilities, and gained access to a U.S. media company's network, according to law enforcement.

US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.