A deadly cyber campaign has been working silently to undermine website security by exploiting popular WordPress plugins — infiltrating over a million websites and leaving administrators scrambling for solutions. In April 2023, Bleeping Computer and other tech outlets like TechRadar began circulating reports of cybercriminals successfully hacking WordPress websites. They were able to gain access…
Yesterday, we wrote about cybercrime charges that were finally unsealed for a massive cryptocurrency heist that was allegedly conducted over a three-year period starting back in 2011. Today’s long-term cybercrime justice story concerns the last member of the so-called Gozi Troika, three men who were originally charged in January 2013 for malware-related crimes that apparently…
Redmond’s monthly Patch Tuesday updates cover at least 70 documented vulnerabilities affecting the Windows ecosystem, including six critical issues that expose users to dangerous code execution attacks. According to Microsoft, none of the vulnerabilities have been publicly discussed or exploited in the wild. Windows network administrators are being urged to pay special attention to a…
Okta, Inc. (NASDAQ: OKTA), the leading independent identity partner, today announced the release of its international Secure Sign-In Trends Report. The report, which analyzes billions of monthly workforce customer logins to Okta Workforce Identity Cloud across more than 16 industries around the world, reveals that the use of multi-factor authentication (MFA) has nearly doubled since…
The company behind the MOVEit managed file transfer application is urging customers into a new round of emergency patching after identifying additional vulnerabilities. Progress Software in a Friday update said it had identified additional SQL injection vulnerabilities allowing attackers access to the MOVEit transfer database. “These newly discovered vulnerabilities are distinct from the previously reported…
The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) is an elevation of privilege issue that resides in the Win32k component. Win32k.sys is a system driver file in the Windows operating system. The driver is responsible for providing the interface between user-mode applications and the Windows graphical subsystem. The vulnerability is actively exploited in attacks. The…
An unknown threat actor has been observed targeting the U.S. aerospace industry with a new PowerShell-based malware called PowerDrop. “PowerDrop uses advanced techniques to evade detection such as deception, encoding, and encryption,” according to Adlumin, which found the malware implanted in an unnamed domestic aerospace defense contractor in May 2023. “The name is derived from…
A global sensation since its initial release at the end of last year, ChatGPT’s popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to…
Netskope, a leader in Secure Access Service Edge (SASE), has today announced that it has been selected by Transdev, global leader in mobility that operates public transportation networks across 19 countries and five continents, including France, Spain, Australia, Colombia, the US and the UK. Transdev has installed Netskope Private Access (Netskope’s ZTNA solution) and next…
KeePass has addressed the CVE-2023-32784 vulnerability, which allowed the retrieval of the clear-text master password from the client’s memory. KeePass is a free and open-source software used to securely manage passwords. It functions as a digital “safe” where users can store and organize their sensitive information, including passwords, credit card numbers, notes, and other sensitive…