The proposed order by the FTC requires Global Tel*Link to implement a comprehensive data security program, notify customers of future breaches, and minimize the data it collects and retains, among other measures, to prevent further incidents.
The vulnerability (CVE-2023-37580) allowed for the execution of malicious scripts by tricking users into clicking on specially crafted URLs, reflecting the attack back to the user.
The command injection vulnerability, identified as CVE-2023-36553, is a variant of a previously fixed security issue and can lead to unauthorized data access, modification, or deletion.
The motive behind these cloned sites is likely to generate traffic for gambling operators, as they can serve third-party ads that publishers may be reluctant to carry on their own sites.
One of the vulnerabilities, known as “Reptar,” affects Intel CPUs and could lead to system instability or privilege escalation. The other vulnerability, CVE-2023-46835, could allow malicious code in a guest VM to compromise an AMD-based host.
These vulnerabilities, including critical and high-severity bugs, can enable attackers to compromise networks, deploy malware, and disrupt services, highlighting the need for improved security measures in OT and IoT devices.
Scammers are exploiting the trust placed in reputable accounts by creating fake accounts with similar names and spreading fabricated security breach claims to deceive users into clicking on malicious links and revealing their wallet information.
Russian-speaking affiliates of the ALPHV/BlackCat ransomware gang are using malvertising for popular software to distribute the Nitrogen malware and infect organizations with ransomware.
The Rhysida attackers exploit vulnerabilities like the lack of Multi-Factor Authentication (MFA) and the Zerologon vulnerability to gain initial access and maintain a presence within victims’ networks.
Hackers claiming responsibility for the breach have announced it on the Breach Forums. They allege to have stolen over 20GB of Plume’s Wi-Fi database, containing 15 million lines of information.