Email securityBrazil subjected to novel CHAVECLOAK trojan attacksSC StaffMarch 12, 2024Attackers leveraged phishing emails using contract-themed DocuSign lures that included PDF attachments.
IdentityOver 15K Roku accounts breachedSC StaffMarch 12, 2024Roku had accounts from 15,363 customers compromised following a credential stuffing attack between late December and late February.
Vulnerability ManagementDem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet and More – SWN #368March 12, 2024Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet, and More are on this edition of the Security Weekly News.
Network SecurityQNAP fixes three bugs on NAS devices, one critical authentication flawSteve ZurierMarch 11, 2024The critical flaw is an authentication bug could let users compromise the security of the system.
Vulnerability ManagementMicrosoft says Russia-backed Midnight Blizzard accessed its source codeSteve ZurierMarch 8, 2024Security pros say targeting source code will continue because it lets attackers identify new bugs and inject their own malware into the software supply chain.
IdentityAdvanced spearphishing attacks target US schoolsSC StaffMarch 8, 2024Both Tycoon and Storm-1575 have also been leveraging adversary-in-the-middle phishing to circumvent multifactor authentication protections.
RansomwareFBI: Cybercrime cost Americans over $12.5B in 2023Simon HenderyMarch 7, 2024Reported losses suffered by U.S. victims of ransomware attacks jumped 74% last year, according to the agency’s latest IC3 annual report.