Effectively managing security budgets in a recession
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. How can you effectively manage a security budget in a recession? An economic downturn will likely impact your team, so you must prepare […]
Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites
Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an
Owner of BreachForums Pleads Guilty to Cybercrime and Child Pornography Charges
Conor Brian Fitzpatrick, the owner of the now-defunct BreachForums website, has pleaded guilty to charges related to his operation of the cybercrime forum as well as having child pornography images. The development, first reported by DataBreaches.net last week, comes nearly four months after Fitzpatrick (aka pompompurin) was formally charged in the U.S. with conspiracy to commit access device
JumpCloud Blames ‘Sophisticated Nation-State’ Actor for Security Breach
A little over a week after JumpCloud reset API keys of customers impacted by a security incident, the company said the intrusion was the work of a sophisticated nation-state actor. The adversary “gained unauthorized access to our systems to target a small and specific set of our customers,” Bob Phan, chief information security officer (CISO) at JumpCloud, said in […]
Act now! In-the-wild Zimbra vulnerability needs a workaround
Security experts are warning Zimbra users that a vulnerability for which there is no patch is being actively exploited in the wild. In a security update about the vulnerability, the company offered a temporary workaround which users can apply while waiting for a patch to be created. Zimbra is an open source webmail application used […]
Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew
The language of a data breach, no matter what company gets hit, is largely the same. There’s the stolen data—be it email addresses, credit card numbers, or even medical records. There are the users—unsuspecting, everyday people who, through no fault of their own, mistakenly put their trust into a company, platform, or service to keep […]
NEAR APAC 2023: Vietnam’s Largest Blockchain Conference on the Horizon
By Waqas With a whopping 8,000 participants expected to attend, NEAR APAC will bring together a diverse community of stakeholders… This is a post from HackRead.com Read the original post: NEAR APAC 2023: Vietnam’s Largest Blockchain Conference on the Horizon
Xangle and Republic Crypto Collaborate to Boost Asian Web3 Adoption
By Waqas South Korean Web3 Leader Xangle Joins Forces with US Firm Republic Crypto in Strategic Partnership. This is a post from HackRead.com Read the original post: Xangle and Republic Crypto Collaborate to Boost Asian Web3 Adoption
Database Mess Up Exposed PII and Photos of 2.3M Dating App Users
By Habiba Rashid Alarmingly, the leaked data also contained 969,571 images of users, some of which were sexually explicit in nature. This is a post from HackRead.com Read the original post: Database Mess Up Exposed PII and Photos of 2.3M Dating App Users
Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps
Threat actors are taking advantage of Android’s WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information. “The attack began with victims receiving SMS messages suggesting the need to update a mobile banking application,” researchers from CSIRT KNF said in an analysis released last week. “The