Security News

The Phishing as a Service platform 'LabHost' has been helping cybercriminals target North American banks, particularly financial institutes in Canada, causing a notable increase in activity. LabHost isn't a new provider, but its popularity surged after introducing custom phishing kits for Canadian banks in the first half of 2023.

The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability. The company removed all license restrictions last week so customers with expired licenses can secure their servers from ongoing attacks given that these two security bugs impact all ScreenConnect versions.

After ten years operating under the original model, and two years working to revise it, the National Institute of Standards and Technology has released version 2.0 of its Cybersecurity Framework. Unlike the original, which was designed with critical infrastructure sectors in mind, CSF 2.0's scope has been expanded to suitable security tips for organizations in any sector and of any size "Regardless of their degree of cybersecurity sophistication," NIST said.

Russian military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. APT28 is a notorious Russian hacking group found to be responsible for several high-profile cyber attacks since they first began operating.

Two new vulnerabilities impact ConnectWise ScreenConnect, remote desktop and access software used for support: CVE-2024-1709 and CVE-2024-1708, with the former being particularly dangerous for organizations. The CVE-2024-1709 vulnerability, which affects ScreenConnect 23.9.7 and prior, allows any remote attacker to bypass authentication to delete the ScreenConnect user database and get control of an admin user.

The story has been updated to clarify that the Hessen Consumer Center is not part of the government. The Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and temporarily disrupting its availability.

The German state of Hessen has been hit with a ransomware attack, causing the government to shut down IT systems and disrupting the availability of its consumer advice center. Hessen is a state in central Germany with over six million people that encompasses Frankfurt, the country's second-largest metropolitan area and a major financial center.

A credit card or PayPal account is required for purchase. You will be billed the total shown above and you will receive a receipt via email once your payment is processed.

A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the...

The White House is asking the technical community to switch to using memory-safe programming languages - such as Rust, Python, Swift, C#, Java, and Go - to prevent memory corruption vulnerabilities from entering the digital ecosystem. To help with the transition, the White House Office of the National Cyber Director has released a report outlining why memory-safe programming languages and memory-safe hardware is needed, and outlines formal methods to give software developers greater assurance that entire classes of vulnerabilities - not just memory safety bugs - are absent.