Security News
A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds. “Savvy Seahorse is a DNS threat actor who...
The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager (NTLM) hashes. The new attack chain “can be used for...
A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives. The attacks employ documents sent to targets that embed links masqueraded as "View document" buttons that take victims to phishing pages.
ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group, which they dubbed Blackwood. It leverages adversary-in-the-middle techniques to hijack update requests from legitimate software to deliver the implant.
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. The most critical security issue GitLab patched has the maximum severity score and is being tracked as CVE-2023-7028.
Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve...
Compromised Facebook business accounts are being used to run bogus ads that employ "revealing photos of young women" as lures to trick victims into downloading an updated version of a malware...
The FBI has warned owners of Barracuda Email Security Gateway appliances the devices are likely undergoing attack by snoops linked to China, and removing the machines from service remains the safest course of action. On Wednesday, the FBI pushed that recommendation in a flash alert [PDF] that stated it "Strongly advises all affected ESG appliances be isolated and replaced immediately."
LinkedIn users are being targeted in an ongoing account hijacking campaign, are getting locked out of their accounts; the hacked accounts are held for ransom.Users discussing their compromised LinkedIn accounts.
LinkedIn is being targeted in a wave of account hacks resulting in many accounts being locked out for security reasons or ultimately hijacked by attackers. As reported today by Cyberint, many LinkedIn users have been complaining about the account takeovers or lockouts and an inability to resolve the problems through LinkedIn support.