Tech News
General news about the tech industry, trends, and major events.
Fidelity Investments says data breach affects over 77,000 people
Fidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August. As one of the largest asset managers in the world, with $14.1 trillion in assets under administration and $5.5 trillion under management, Fidelity employs over 75,000 associates across 11 countries in […]
Crypto-stealing malware campaign infects 28,000 people
Over 28,000 people from Russia, Turkey, Ukraine, and other countries in the Eurasian region were impacted by a large-scale cryptocurrency-stealing malware campaign. The malware campaign disguises itself as legitimate software promoted via YouTube videos and fraudulent GitHub repositories where victims download password-protected archives that initiate the infection. According to cybersecurity firm Dr. Web, the campaign […]
Recent Dr.Web cyberattack claimed by pro-Ukrainian hacktivists
A group of pro-Ukrainian hacktivists has claimed responsibility for the September breach of Russian security company Doctor Web (Dr.Web). Dr.Web confirmed last month that its network was breached on September 14, which forced it to disconnect all internal servers and stop pushing virus database updates to customers while investigating the incident. In a Tuesday Telegram post, DumpForums […]
Dutch police arrest admin of ‘Bohemia/Cannabia’ dark web market
An international law enforcement operation led to the arrest of one of the three administrators of the dual dark web market ‘Bohemia/Cannabia,’ known for hosting ads for drug sales and distributed denial of service (DDoS) attacks. The man was arrested at the Schiphol airport in Amsterdam on June 27, 2024, and electronic devices containing incriminating […]
Internet Archive hacked, data breach impacts 31 million users
Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached. […]
CISA says critical Fortinet RCE flaw now exploited in attacks
Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. The flaw (CVE-2024-23113) is caused by the fgfmd daemon accepting an externally controlled format string as an argument, which can let unauthenticated threat actors execute commands or arbitrary code on unpatched devices in low-complexity attacks that don’t […]
Palo Alto Networks warns of firewall hijack bugs with public exploit
Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. The flaws were found in Palo Alto Networks’ Expedition solution, which helps migrate configurations from other Checkpoint, Cisco, or supported vendors. They can be exploited to access sensitive data, such as […]
Microsoft fixes Remote Desktop issues caused by Windows Server update
Microsoft says this month’s Patch Tuesday cumulative updates fix a known issue that causes Windows servers to disrupt Remote Desktop connections in enterprise networks after installing the July Windows Server security updates. Redmond first confirmed this known issue following many reports from Windows admins that the RD Gateway service kept crashing every 30 minutes after installing the July updates. Admins can track […]
Mozilla fixes Firefox zero-day actively exploited in attacks
Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks. The vulnerability, tracked as CVE-2024-9680, and discovered by ESET researcher Damien Schaeffer, is a use-after-free in Animation timelines. This type of flaw occurs when memory that has been freed is still used […]
Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
Microsoft October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited. This Patch Tuesday fixed three critical vulnerabilities, all remote code execution flaws. The number of bugs in each vulnerability category is listed below: This count does not include three Edge flaws that […]