The council warned in a further message on its website for locals to watch out for phishing emails impersonating their bank and informing them of a new direct debit. That would suggest that the hackers have access to citizens’ personal information.
The APT group starts by sending a spear-phishing email, which consists of a DOC file embedded with a URL for a ZIP file download. Once the ZIP file gets downloaded, it contains an EXE file and a DLL file which are executed to infect malware.
The experts pointed out that the bug has been exploited for more than two months, but yet to be added to the CISA KEV catalog. The researchers discovered approximately 6,300 servers on Shodan and a bit more using the Censys search engine.
An attacker could exploit these vulnerabilities from guest machines running virtualization environments to perform a guest-to-host escape, as we’ve illustrated with previous vulnerabilities in NVIDIA graphics drivers.
Private equity powerhouse Thoma Bravo on Wednesday announced plans to merge the just-acquired ForgeRock with Ping Identity, combining two of the biggest names in the enterprise identity and access management market.
June saw three headline-grabbing incidents involving cryptocurrency companies: a $100 million hack of Atomic Wallet on June 2, as well as two June 22 attacks in which cybercriminals stole $60 million from Alphapo and $37 million from CoinsPaid.
Tracked as CVE-2023-32315, the high-severity flaw was discovered in Openfire’s administration console and is described as a path traversal bug via the setup environment that allows unauthenticated attackers to access restricted pages.
The University of Minnesota has contacted law enforcement and launched an investigation into a data breach that could impact millions of alumni. A hacker claimed to have collected 7 million Social Security numbers in July.
The assessments can encompass a wide range of individualized reviews and actions, from preventing cyber-enabled fraud schemes to combating ransomware attacks and other digital intrusions.
Google this week announced a Chrome 116 security update that patches five memory safety vulnerabilities reported by external researchers, including four issues rated ‘high severity’.