The British Library has confirmed that it was targeted in a ransomware attack on October 28. The attack caused a major technology outage, impacting phone lines, on-site services, access to digital collections, and its website.
Up to 10,000 people’s data on their sex lives was stolen in a ransomware attack on a British government department. It is unclear why the government was holding this data.
The National Telecommunication Monitoring Centre in Bangladesh exposed a database containing extensive personal information, including names, phone numbers, and passport details.
The proposed order by the FTC requires Global Tel*Link to implement a comprehensive data security program, notify customers of future breaches, and minimize the data it collects and retains, among other measures, to prevent further incidents.
The vulnerability (CVE-2023-37580) allowed for the execution of malicious scripts by tricking users into clicking on specially crafted URLs, reflecting the attack back to the user.
The command injection vulnerability, identified as CVE-2023-36553, is a variant of a previously fixed security issue and can lead to unauthorized data access, modification, or deletion.
The motive behind these cloned sites is likely to generate traffic for gambling operators, as they can serve third-party ads that publishers may be reluctant to carry on their own sites.
One of the vulnerabilities, known as “Reptar,” affects Intel CPUs and could lead to system instability or privilege escalation. The other vulnerability, CVE-2023-46835, could allow malicious code in a guest VM to compromise an AMD-based host.
These vulnerabilities, including critical and high-severity bugs, can enable attackers to compromise networks, deploy malware, and disrupt services, highlighting the need for improved security measures in OT and IoT devices.
Scammers are exploiting the trust placed in reputable accounts by creating fake accounts with similar names and spreading fabricated security breach claims to deceive users into clicking on malicious links and revealing their wallet information.