Operators of the SpyNote Android banking trojan have updated the payload to impersonate legitimate cryptocurrency wallets and facilitate cryptocurrency exfiltration, which represents a significant shift from the malware's prior focus on account credentials, according to Hackread.
Major Minnesota-based regional internet service provider U.S. Internet had internal emails and emails from thousands of individuals served by its Securence division spanning over a decade exposed due to an unsecured server, according to Krebs on Security.
Attacks exploiting the critical Domain Name System Security Extensions vulnerability, tracked as CVE-2023-50387 and dubbed "KeyTrap," could be deployed against systems leveraging DNSSEC-validating DNS resolvers and facilitate a massive disruption of the internet, SecurityWeek reports.
BleepingComputer reports that organizations have been advised by Microsoft regarding the active exploitation of a critical Exchange Server zero-day flaw, tracked as CVE-2024-21410, prior to it being remediated as part of this month's Patch Tuesday.
This is almost a special episode on crazy new products. For the first half of the show, we discuss startup funding, market forces, acquisitions - stuff we usually discuss. Then we get into all the crazy new AI and non-AI products being announced and coming out. Have some disposable cash to pre-order crazy gadgets? This is the episode for you!
The U.S. Department of Defense has begun informing current and former employees, partners, and job applicants regarding the potential exposure of their personally identifiable information stemming from a service provider's inadvertent leak of several emails between Feb. 3 and Feb. 20, 2023, reports DefenseScoop.
Organizations have been warned by the Cybersecurity and Infrastructure Security Agency regarding ongoing attacks exploiting a cross-site scripting vulnerability impacting various versions of the Roundcube email server, tracked as CVE-2023-43770, reports BleepingComputer.
BleepingComputer reports that updated variants of the Android malware XLoader, also known as MoqHao, that allowed automated execution after installation have emerged.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.