Mastodon users and administrators need to upgrade to the latest version to patch a critical vulnerability (CVE-2024-23832) that allows attackers to take over accounts remotely.
The backdoor, called Activator, employs a unique delivery method that backdoors the victim during the installation process, making it challenging to remove the infection even if the cracked software is removed.
The attackers stole source code and code signing certificates. AnyDesk responded by revoking security certificates, replacing systems, and reassuring customers that it is safe to use the software.
The attackers disguise the email to appear as if it’s from a legitimate brand, using social engineering techniques to lure recipients into clicking on what seems to be an embedded voicemail but is actually a credential harvesting page.
The regulatory fine resulted from complaints by French Uber drivers and a Paris-based civil society organization, highlighting the significance of user rights and privacy concerns.
According to Trustpair, 96% of US companies experienced at least one fraud attempt in the past year, with 83% seeing an increase in cyber fraud. Fraudsters used various tactics such as text messages, fake websites, and CEO/CFO impersonations.
A 22-year-old man from the US, Daniel James Junk, has been sentenced to 72 months in federal prison for his involvement in a fraudulent scheme that led to the theft of millions of dollars through SIM swapping.
A top U.S. banking lobbyist told a Senate panel Thursday there are limits to what financial institutions can do to stop scammers from draining individual banking accounts and called on regulators like the FCC to do more to combat caller ID spoofing.
The report, conducted by the Electronic Privacy Information Center and U.S. PIRG Education Fund, highlights the lack of strong enforcement provisions, transparency, and individual data rights in these laws.
The tool leverages various valuable sources, such as the CISA’s Known Exploited Vulnerabilities Catalog, Exploit Prediction Scoring System (EPSS), HackerOne CVE Discovery, and others, to provide comprehensive insights into vulnerabilities.