While the cyber threat landscape has seen this major shift, security software to manage these direct personal risks has not kept up to protect public-facing individuals and leaders the way large enterprise organizations have.
Last week, the election oversight body disclosed that its systems had been broken into, and the attackers had access to the servers that host the organization’s email, as well as copies of the electoral registers for the entire UK.
These security flaws in the widely used Avada theme and the Avada Builder plugin, uncovered by Patchstack’s security researcher Rafie Muhammad, expose a significant number of WordPress websites to potential breaches.
AdLoad malware is still infecting Mac systems and has been observed turning infected systems into a giant proxy botnet. AT&T Alien Labs has identified over 10,000 IPs behaving as proxy exit nodes, indicating a potentially widespread infection.
A nonprofit firm that administers government dental programs in Canada is notifying nearly 1.5 million individuals that their data, including banking information for some, was compromised in a ransomware incident last month.
Zscaler ThreatLabz has discovered a threat actor targeting FinTech users in the LATAM region with a malware called JanelaRAT. This malware uses tactics such as DLL side-loading and dynamic C2 infrastructure.
An unknown threat actor has been linked to a cyber attack on a power generation company in South Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack.
Cumbria police have admitted accidentally publishing the names and salaries of every one of its more than 2,000 employees and have apologized. The data breach happened in March and has not previously been publicized.
Security researchers at Akamai say they have identified a server-side template injection campaign aimed at Magneto 2 shops that have yet to address CVE-2022-24086, an input validation flaw with a CVSS score of 9.8.
The remote code execution bugs, in particular, could be abused to backdoor OT devices and interfere with the functioning of programmable logic controllers (PLCs) in a manner that could pave the way for information theft.