In an annual disclosure to investors, internet domain registrar GoDaddy said it is the victim of a three-year-long hacking campaign that installed malware on internal systems and obtained source code.
Researchers discovered a massive network of fake YouTube videos that cybercriminals are using to launch crypto scams. These fake videos advertise fraudulent web-based apps for USDT. To make the channels look legitimate, threat actors automated copy-pasting comments to videos. Many of these videos also encouraged victims to invite friends and family to participate, asking for a […]
“This is different from the plenty of attacks we’ve seen that spoof PayPal. This is a malicious invoice that comes directly from PayPal,” reads an advisory by Avanan published earlier today.
“The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password,” software supply chain security company Illustria said in a report.
“Burton recently experienced a cyber incident, which is impacting some of our operations. We are working closely with third-party specialists to investigate the incident and determine the full nature and scope,” Burton said.
Just as LockBit 3.0 replaced Conti in 2022, newcomers such as BlackBasta, BianLian, and new-kid-on-the-block Royal are now all seriously vying for LockBit’s crown in 2023.
There’s a new malware threat to Microsoft Internet Information Services (IIS) servers dubbed Frebniss. Discovered by Symantec’s Threat Hunter Team, the malware abuse ‘Failed Request Event Buffering’ (FREB) feature of IIS that is responsible for collecting request metadata such as IP addresses, HTTP headers, and cookies. By abusing the FREB component, it becomes relatively easier […]
Researchers at Unit42 laid bare a Mirai botnet variant dubbed V3G4 that compromised hosts by abusing several vulnerabilities in products from DrayTek, Geutebruck, FreePBX, Atlassian, and others. The botnet infected exposed servers and networking devices running on Linux OS. Successful exploitation of the bugs could let hackers take full control of the hosts and make […]
Out of a total of seven security defects, five are described as deserialization of untrusted data issues that could be exploited to achieve command execution. Four of them have a CVSS score of 8.8.
About 50 WordPress blogs have been backdoored with a plugin called fuser-master. This plugin is being triggered via popunder traffic from a large ad network. The WordPress sites are loaded on a separate page underneath and display a number of ads.