Security News
Singapore-based infosec firm Group-IB has detected a group that spent the last two months of 2023 stealing personal info from websites operated by jobs boards and retailers websites across Asia. The actors, dubbed "ResumeLooters" by Group-IB, used SQL injection and Cross-Site Scripting attacks to steal databases from the sites.
Nearly half of businesses reported a growth in synthetic identity fraud, while biometric spoofs and counterfeit ID fraud attempts also increased, according to AuthenticID. Consumers and businesses alike are facing new challenges in today's digital existence, from considering the ramifications of digital identity to grappling with the use and prevalence of new tools like generative AI. In the meantime, the explosion of AI has also pushed identity fraud into a new frontier that will become a potential global shift in the coming year. 68% of people said the threat of identity fraud and scams impacts how they make purchases, open accounts, and do business.
Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication. The...
The US government has placed an extra $5 million bounty on Hive ransomware gang members - its second such reward in a year. The FBI has also put up an additional $5 million award for information leading to the arrest and/or conviction of any person "Conspiring to participate in or attempting to participate in Hive ransomware activity."
Analysis The FBI's latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the Chinese government. During a US House subcommittee meeting last week on cyber threats from Beijing, FBI boss Christopher Wray told lawmakers that "702 is the greatest tool the FBI has to combat PRC hacking groups." PRC being People's Republic of China.
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks.For those unable to apply patches, you can mitigate the flaw by disabling SSL VPN on your FortiOS devices.
A screenshot of the fake LastPass app in the Apple App store. "Upon seeing the fake 'LassPass' app in the Apple App store, LastPass immediately began a coordinated and multi-faceted approach across our threat intelligence, legal and engineering teams to get the fraudulent app removed," Christofer Hoff, chief secure technology officer for LastPass, told The Register Thursday.
Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. This known issue impacts home users running Windows 10 22H2, Windows 11 22H2, and Windows 11 23H2. It doesn't affect managed devices because Copilot for Windows has yet to roll out on enterprise systems.
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data."Hyundai Motor Europe is experiencing IT issues, which the company is working to resolve as quickly as possible," Hyundai told BleepingComputer at the time.
Read on to compare LastPass Free and Premium plan features. Both the LastPass Free and Premium plans allow you to generate, save and autofill an unlimited number of passwords across websites and online applications in the LastPass Vault.