Collaborate Disseminate
Mortgage company Mr. Cooper has confirmed that personal information of over 14.6 million customers has been exposed in its October 2023 data breach. The breach “On October 31, 2023, Mr. Cooper detected suspicious activity in certain network syste… Continue reading Mr. Cooper breach exposes sensitive info of over 14 million customers
After announcing a gradual elimination of third-party printer drivers on Windows earlier this year, Microsoft has now unveiled its plan for enhancing security by introducting Windows Protected Print Mode (WPP). The problem with the current Windows prin… Continue reading Microsoft is working on a more secure print system for Windows
The Qakbot botnet has been disrupted this summer, but cybercriminals are not ready to give up on the malware: Microsoft’s threat analysts have spotted a new phishing campaign attempting to deliver it to targets in the hospitality industry. Qakbot… Continue reading Qakbot returns in fresh assault on hospitality sector
Database management company MongoDB has suffered a breach: attackers have gained access to some of its corporate systems and customer data and metadata. The MongoDB breach “We detected suspicious activity on Wednesday (Dec. 13th, 2023) evening US… Continue reading MongoDB corporate systems breached, customer data exposed
Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. The targets APT 29 (a… Continue reading Russian hackers target unpatched JetBrains TeamCity servers
Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications OAuth is an open standard authentication protocol that uses tokens to grant app… Continue reading Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns
North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability (CVE-2021-44228) and novel malware written in DLang (i.e., the memory-safe D programming language). “This campaign consists of continued opportunistic target… Continue reading Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware
A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. Websites’ lax creation policies for passwords The researchers used an automat… Continue reading Many popular websites still cling to password creation policies from 1985
Meta is introducing default end-to-end encryption (E2EE) for chats and calls across Messenger and Facebook, the company revealed on Wednesday. Rolling out E2EE for Messenger and Facebook E2EE ensures that messages content is only visible to the person … Continue reading Meta introduces default end-to-end encryption for Messenger and Facebook
Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-147… Continue reading Atlassian fixes four critical RCE vulnerabilities, patch quickly!