A critical vulnerability in the widely-used TI WooCommerce Wishlist plugin has been discovered, affecting over 100,000 WordPress sites. The flaw, labeled CVE-2024-43917, allows unauthenticated users to execute arbitrary SQL queries, potentially taking over the entire website. With a severity…
Tag: CySecurity News – Latest Information Security and Hacking Incidents
Pisces Introduces Innovative Tools KLogEXE and FPSpy
In a recent study, Unit 42 researchers discovered that the Sparkling Pisces (aka Kimsuky) threat group uses two malware samples. A keylogger named KLogEXE by its authors is included in the list of malware, as is a variant of…
Meta Penalized $101 Million for Storing Passwords in Plaintext, Faces Heightened EU Oversight
Meta, the parent company of Facebook, has been fined Euro 91 million (USD 101 million) by the Irish Data Protection Commission (DPC) following the revelation that the company stored millions of user passwords in plaintext. Plaintext refers to…
DCRat Malware Propagates via HTML Smuggling
Russian-speaking customers have been targeted in a new campaign aimed at distributing a commodity trojan known as DCRat (aka DarkCrystal RAT) using HTML smuggling. This is the first time the malware has been propagated via this technique, which differs…
Meta Fined €91 Million by EU Privacy Regulator for Improper Password Storage
On Friday, Meta was fined €91 million ($101.5 million) by the European Union’s primary privacy regulator for accidentally storing some user passwords without proper encryption or protection. The investigation began five years ago when Meta informed Ireland’s Data Protection…
Ransomware Gangs Targeting CEOs with Stolen Data
Ransomware gangs are now employing a terrifying tactic—using stolen data to coerce and threaten CEOs. Understanding Ransomware Attacks Ransomware is a type of malicious software that encrypts the victim’s data, rendering it inaccessible until a ransom is paid. Over the…
Embargo Ransomware Shifts Focus to Cloud Platforms
In a recent security advisory, Microsoft advised that the ransomware threat actor Storm-0501 has recently switched tactics, targeting hybrid cloud environments now to compromise the entire system of victimization. It is becoming increasingly apparent that cybercriminals are finding out…
Why SMBs Have Become Easy Prey for Cyber Criminals
The global phenomenon of cybercrime is emerging. And the soft targets in this regard are the small and medium-sized business enterprises. Day after day, while a few cyberattacks on big corporations capture the headlines in the news, many SMBs…
The Rising Threat of Payment Fraud: How It Impacts Businesses and Ways to Counter It
Payment fraud continues to be a significant and evolving threat to businesses, undermining their profitability and long-term sustainability. The FBI reports that between 2013 and 2022, companies lost around $50 billion to business email compromise, showing how prevalent this…
ChatGPT Vulnerability Exploited: Hacker Demonstrates Data Theft via ‘SpAIware
A recent cyber vulnerability in ChatGPT’s long-term memory feature was exposed, showing how hackers could use this AI tool to steal user data. Security researcher Johann Rehberger demonstrated this issue through a concept he named “SpAIware,” which exploited a…