The UK’s National Cyber Security Centre (NCSC) collaborated with government agencies across the Atlantic to issue a new alert regarding Iranian cyber-threats last week. The security advice, issued in collaboration with the FBI, US Cyber Command – Cyber National…
Category: CySecurity News – Latest Information Security and Hacking Incidents
Critical Vulnerability in TI WooCommerce Wishlist Plugin Exposes 100K+ Sites to SQL Attacks
A critical vulnerability in the widely-used TI WooCommerce Wishlist plugin has been discovered, affecting over 100,000 WordPress sites. The flaw, labeled CVE-2024-43917, allows unauthenticated users to execute arbitrary SQL queries, potentially taking over the entire website. With a severity…
Pisces Introduces Innovative Tools KLogEXE and FPSpy
In a recent study, Unit 42 researchers discovered that the Sparkling Pisces (aka Kimsuky) threat group uses two malware samples. A keylogger named KLogEXE by its authors is included in the list of malware, as is a variant of…
Meta Penalized $101 Million for Storing Passwords in Plaintext, Faces Heightened EU Oversight
Meta, the parent company of Facebook, has been fined Euro 91 million (USD 101 million) by the Irish Data Protection Commission (DPC) following the revelation that the company stored millions of user passwords in plaintext. Plaintext refers to…
DCRat Malware Propagates via HTML Smuggling
Russian-speaking customers have been targeted in a new campaign aimed at distributing a commodity trojan known as DCRat (aka DarkCrystal RAT) using HTML smuggling. This is the first time the malware has been propagated via this technique, which differs…
Meta Fined €91 Million by EU Privacy Regulator for Improper Password Storage
On Friday, Meta was fined €91 million ($101.5 million) by the European Union’s primary privacy regulator for accidentally storing some user passwords without proper encryption or protection. The investigation began five years ago when Meta informed Ireland’s Data Protection…
Ransomware Gangs Targeting CEOs with Stolen Data
Ransomware gangs are now employing a terrifying tactic—using stolen data to coerce and threaten CEOs. Understanding Ransomware Attacks Ransomware is a type of malicious software that encrypts the victim’s data, rendering it inaccessible until a ransom is paid. Over the…
Embargo Ransomware Shifts Focus to Cloud Platforms
In a recent security advisory, Microsoft advised that the ransomware threat actor Storm-0501 has recently switched tactics, targeting hybrid cloud environments now to compromise the entire system of victimization. It is becoming increasingly apparent that cybercriminals are finding out…
Why SMBs Have Become Easy Prey for Cyber Criminals
The global phenomenon of cybercrime is emerging. And the soft targets in this regard are the small and medium-sized business enterprises. Day after day, while a few cyberattacks on big corporations capture the headlines in the news, many SMBs…
The Rising Threat of Payment Fraud: How It Impacts Businesses and Ways to Counter It
Payment fraud continues to be a significant and evolving threat to businesses, undermining their profitability and long-term sustainability. The FBI reports that between 2013 and 2022, companies lost around $50 billion to business email compromise, showing how prevalent this…