Security News

Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways and change the password of any user on its Smart Software Manager On-Prem license servers. Cisco Secure Email Gateways aim to protect businesses against emails laden with malware, malicious links and scams, and against exfiltration of sensitive data via email.

A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. Emo created a list of 500 million email addresses and fed it into the API to determine if they were linked to a Trello account.

Phishing attacks are one of the most common types of data breach attempts, with 31,000 phishing attacks launching every single day, according to cybersecurity firm SlashNext. 77% of cybersecurity professionals report being targeted by phishing attacks, proving just how widespread these attacks are.

A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month has exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analyzed the stolen data. In a separate incident notification published on its website, Neiman Marcus revealed that the data exposed in the attack included names, contact information, dates of birth, gift card info, transaction data, partial credit card and Social Security numbers, and employee identification numbers.

FIA, the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. Founded in 1904 as the Association Internationale des Automobile Clubs Reconnus, FIA is a non-profit international association that coordinates many auto racing championships, including Formula 1 and the World Rally Championship.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

While phishing emails can target individuals and businesses of all sizes, attackers may prefer to double down their aim at senior-level employees to increase their chances of catching a big bag. Popularly known as business email compromise, this type of email scam, which often involves impersonating executives or other high-level officials to trick employees into transferring money or revealing sensitive information, is a growing threat today, costing organizations billions of dollars annually.

Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor. Dubbed PHANTOM#SPIKE by Securonix, the...

"The last six months have been unprecedented - a state of polycrisis remains and everything from elections to warfare to law enforcement activity have accelerated cyber threat actor activity globally. We're seeing radical shifts in behavior," said John Fokker, Head of Threat Intelligence, Trellix. China-linked threat groups, like Volt Typhoon, remain the most prolific originator of advanced persistent threat activities, generating 68.3% of all detections.

A new phishing campaign uses HTML attachments that abuse the Windows search protocol to push batch files hosted on remote servers that deliver malware. The Windows Search protocol is a Uniform Resource Identifier that enables applications to open Windows Explorer to perform searches using specific parameters.