“On Dec. 1, the voice calling functionality of the 988 Lifeline was rendered unavailable as a result of a cybersecurity incident,” Danielle Bennett, a spokeswoman for the Substance Abuse and Mental Health Services Administration, said in an email.
Cyble observed the InTheBox threat actor selling over 1,800 web injects in its dark web shop, which can target users from Australia, Japan, Indonesia, the U.S., India, and other countries. The overlays support several Android banking trojans and impersonate apps operated by organizations across the globe. Due to the mass availability and low-cost web injects, […]
The hackers who reportedly hit more than 130 organizations last year and stole the credentials of almost 10,000 employees are still targeting several tech and video game companies, according to a report obtained by TechCrunch.
The Mustang Panda APT group loads the PlugX malware in the memory of legitimate software by employing a four-stage infection chain that leverages malicious shortcut (LNK) files, triggering execution via DLL search-order-hijacking.
Once the email attachment is opened, the target’s computer will reach out to the command-and-control (C&C) server hosting a BadaxxBot toolkit that acts as a redirector to the final phishing page.
A data breach involving Vice Media leaked the sensitive information and financial data of more than 1,700 individuals, according to filings with Maine’s Attorney General.
Despite its enormous potential, information security experts have raised concerns over the possible use of ChatGPT by threat actors to launch attacks, including malware development and convincing social engineering scams.
According to security researchers at Avanan, threat actors have been exploiting ClickFunnels’ ability to create pages with malicious links and ultimately conduct credential-harvesting attacks.
Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group, in particular, has demonstrated just how quick, easy, and lucrative it really is.
HPE noted a use-after-free vulnerability in its OneView infrastructure management platform that allows remote attackers to execute arbitrary code on targeted systems, leak data, or create conditions ripe for a DoS attack.