Cybersecurity

Experts see progress on federal cybersecurity

After grappling with multiple devastating cyberattacks, experts are applauding the progress made by the White House in the year since President Biden signed an executive order aimed to strengthen federal cybersecurity. They are particularly impressed with the improvements…

Firefox Browser Hacked In 8 Seconds Using 2 Critical Security Flaws

With Windows 11, Microsoft Teams, Ubuntu Desktop, and the Tesla Model 3 all falling victim to hackers in one week, you might be forgiven for not noticing that Mozilla Firefox was also hacked. In just eight seconds using two critical security vulnerabilities…

Elon Musk deep fakes promote new cryptocurrency scam

Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency. This fake BitVex cryptocurrency trading platform claims to be owned by…

Russian government procured powerful botnet to shift social media trending topics

A subcontractor for Russia’s Federal Security Service is accused of creating a powerful botnet that had the ability to not only launch damaging DDoS attacks but also manipulate trending topics on social media platforms, according to cybersecurity firm Nisos. In a report released…

Researchers Find Backdoor in School Management Plugin for WordPress

Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary complete control over vulnerable websites. The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier…

Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication

If you updated servers running Active Directory Certificate Services and Window domain controllers responsible for certificate-based authentication with Microsoft's May 10 Patch Tuesday update, you may need a re-do. The company said the original patch for…

PDF smuggles Microsoft Word doc to drop Snake Keylogger malware

Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. The choice of PDFs is unusual, as most malicious emails today arrive with DOCX or XLS…

Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild

Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks. Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an…

Chatbot Army Deployed in Latest DHL Shipping Phish

Phishing emails intended to look like a DHL communications are now coming loaded with a new twist — a version of a chatbot that helps drive targets to malicious links, according to a new report. That is to say, it behaves like a chatbot, but behind the scenes, the scripts are…

Google: Predator spyware infected Android devices using zero-days

Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox. In these attacks, part of three campaigns that started between August and October…