Technology

Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts

Cybersecurity researchers have disclosed details of a now-patched bug in Box’s multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification. “Using this technique, an attacker could use stolen credentials to compromise an organization’s Box account and exfiltrate sensitive data without access to the victim’s phone,” Varonis researchers said

Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts Read More »

Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central

Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757, the shortcoming concerns an instance of authentication bypass that “may allow an attacker to read unauthorized data or write an

Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central Read More »

Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. “The list of its victims includes high-value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in

Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors Read More »

Dark Web’s Largest Marketplace for Stolen Credit Cards is Shutting Down

UniCC, the biggest dark web marketplace for stolen credit and debit cards, has announced that it’s shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. “Don’t build any conspiracy theories about us leaving,” the anonymous operators of UniCC said in a farewell posted on

Dark Web’s Largest Marketplace for Stolen Credit Cards is Shutting Down Read More »

Chrome Limits Websites’ Direct Access to Private Networks for Security Reasons

Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases consisting of releases Chrome 98 and Chrome 101 scheduled in the coming

Chrome Limits Websites’ Direct Access to Private Networks for Security Reasons Read More »

Ukrainian Government Officially Accuses Russia of Recent Cyberattacks

The government of Ukraine on Sunday formally accused Russia of masterminding the attacks that targeted websites of public institutions and government agencies this past week. “All the evidence points to the fact that Russia is behind the cyber attack,” the Ministry of Digital Transformation said in a statement. “Moscow continues to wage a hybrid war and is

Ukrainian Government Officially Accuses Russia of Recent Cyberattacks Read More »

High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites

Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. “This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site’s administrator into performing

High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites Read More »

A New Destructive Malware Targeting Ukrainian Government and Business Entities

Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. “The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable,”

A New Destructive Malware Targeting Ukrainian Government and Business Entities Read More »

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

A software bug introduced in Apple Safari 15’s implementation of the IndexedDB API could be abused by a malicious website to track users’ online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software company FingerprintJS, which reported the issue to the iPhone maker on November

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking Read More »