A phishing campaign dubbed ‘Phish n’ Ships’ has been underway since at least 2019, infecting over a thousand legitimate online stores to promote fake product listings for hard-to-find items. Unsuspecting users clicking on those products are redirected to a network of hundreds of fake web stores that steal their personal details and money without shipping […]
​Microsoft is investigating a new Windows 11 issue that causes the Task Manager to say there are zero running apps and background processes. However, while the Task Manager doesn’t display the correct number of active processes, this is just a reporting issue: the app is otherwise fully functional and will show the list of running […]
Microsoft has fixed a known issue that prevents some apps launched from non-admin accounts from starting on Windows 10 22H2 systems after installing the September preview cumulative update. These launch issues are caused by the affected apps’ child processes running with low Integrity levels instead of medium. “After installing the September 2024 preview update (KB5043131), released September […]
The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated site visitors to gain admin rights. LiteSpeed Cache is a caching plugin used by over six million WordPress sites, helping to speed up and improve user browsing experience. The newly discovered high-severity flaw […]
Microsoft announced today that Windows 10 home users can delay the switch to Windows 11 for one more year if they’re willing to pay $30 for Extended Security Updates (ESU). The company first announced that Windows 10 home users can buy Extended Security Updates in December 2023, but this is the first time that Microsoft put a […]
Hackers are attempting to exploit two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, business conferences, government, and courtroom settings. In April 2024, GreyNoise discovered CVE-2024-8956 and CVE-2024-8957 after its AI-powered threat detection tool, Sift, detected unusual activity on its honeypot network that did not match any known threats. Upon examination of […]
Microsoft warns that Chinese threat actors use the Quad7 botnet, compromised of hacked SOHO routers, to steal credentials in password-spray attacks. Quad7, also known as CovertNetwork-1658 or xlogin, is a botnet first discovered by security researcher Gi7w0rm that consists of compromised SOHO routers. Later reports by Sekoia and Team Cymru reported that the threat actors are targeting routers and networking devices from TP-Link, ASUS, Ruckus wireless […]
Sophos disclosed today a series of reports dubbed “Pacific Rim” that detail how the cybersecurity company has been sparring with Chinese threat actors for over 5 years as they increasingly targeted networking devices worldwide, including those from Sophos. For years, cybersecurity firms have warned enterprises that Chinese threat actors exploit flaws in edge networking devices […]
​Interbank, one of Peru’s leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online. Previously known as the International Bank of Peru (Banco Internacional del Perú), the company provides financial services to over 2 million customers. “We have identified that some data of a […]
QNAP has released security patches for a second zero-day bug exploited by security researchers during last week’s Pwn2Own hacking contest. This critical SQL injection (SQLi) vulnerability, tracked as CVE-2024-50387, was found in QNAP’s SMB Service and is now fixed in versions 4.15.002 or later and h4.15.002 and later. The zero-day flaw was patched one week after […]
