Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
New Mamba 2FA bypass service targets Microsoft 365 accounts
An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. Additionally, Mamba 2FA offers threat actors an adversary-in-the-middle (AiTM) mechanism to capture the victim’s authentication tokens and bypass multi-factor authentication (MFA) protections on their accounts. Mamba 2FA is currently sold to cybercriminals for […]
Ivanti warns of three more CSA zero-days exploited in attacks
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. As Ivanti revealed on Tuesday, attackers are chaining the three security flaws with another CSA zero-day patched in September. Successful exploitation of these vulnerabilities can let remote attackers run SQL statements via […]
Windows 11 KB5044284 and KB5044285 cumulative updates released
Microsoft has released the KB5044284 and KB5044285 Windows 11 cumulative updates for versions 24H2 and 22H2/23H2 to fix security vulnerabilities and resolve 27 bugs and performance issues. Both are mandatory cumulative updates containing the October 2024 Patch Tuesday security updates for vulnerabilities discovered in previous months. Windows 11 users can install them by going to Start > Settings > Windows […]
Windows 10 KB5044273 update released with 9 fixes, security updates
Microsoft has released the KB5044273 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes nine changes and fixes, including a new Windows Update opt-in notification shown when you log in to the operating system. The Windows 10 KB5044273 update is mandatory as it contains Microsoft’s October 2024 Patch Tuesday security updates. Windows users […]
Casio reports IT systems failure after weekend network breach
Japanese tech giant Casio has suffered a cyberattack after an unauthorized actor accessed its networks on October 5, causing system disruption that impacted some of its services. The disclosure comes from Casio Computer, the parent company of the Casio brand, widely known for its watches, calculators, musical instruments, cameras, and other electronics. “Casio Computer Co., Ltd. […]
American Water shuts down online services after cyberattack
American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack. In a filing with the U.S. Securities and Exchange Commission (SEC), American Water said it has already hired third-party cybersecurity experts to help contain and assess the incident’s impact. It […]
AT&T, Verizon reportedly hacked to target US govt wiretapping platform
Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports. The purpose of the attack appears to be for intelligence collection as the hackers might have had access to systems used by the U.S. federal government for court-authorized […]
Qualcomm patches high-severity zero-day exploited in attacks
Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. The security flaw (CVE-2024-43047) was reported by Google Project Zero’s Seth Jenkins and Amnesty International Security Lab’s Conghui Wang, and it is caused by a use-after-free weakness that can lead to memory corruption when […]
Ukrainian pleads guilty to operating Raccoon Stealer malware
Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware cybercrime operation. Sokolovsky and his conspirators distributed Raccoon Stealer under a MaaS (malware-as-a-service) model, allowing threat actors to rent it for $75 per week or $200 monthly. The malware steals a wide range of information from infected devices, including stored browser credentials and […]
LEGO’s website hacked to push cryptocurrency scam
On Friday night, cryptocurrency scammers briefly hacked the LEGO website to promote a fake Lego token that could be purchased with Ethereum. During the breach, the hacker replaced the main banner for the official LEGO website with an image showing crypto tokens branded with the “LEGO” logo and text stating, “Our new LEGO Coin is […]