News

  • ConnectWise Quietly Patches Flaw That Helps Phishers

    ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just weeks after the company quietly patched a vulnerability that makes it […]

    Read More

  • Hackers Target Colombia’s Healthcare System With Ransomware

    The attack disrupted IT operations, websites and scheduling of medical appointments Read More

    Read More

  • Spyware Vendor Variston Exploited N-Days in Chrome, Firefox, Windows

    The claims come from Google’s Threat Analysis Group, which published an advisory about the threat Read More

    Read More

  • WhatsApp Files on Dark Web Show Millions of Records For Sale

    The list went on sale for four days and is now being distributed for free among dark web users Read More

    Read More

  • Sirius XM Software Vulnerability

    This is new: Newly revealed research shows that a number of major car brands, including Honda, Nissan, Infiniti, and Acura, were affected by a previously undisclosed security bug that would have allowed a savvy hacker to hijack vehicles and steal user data. According to researchers, the bug was in the car’s Sirius XM telematics infrastructure […]

    Read More

  • Researchers found security pitfalls in IBM’s cloud infrastructure

    Security researchers recently probed IBM Cloud’s database-as-a-service infrastructure and found several security issues that granted them access to the internal server used to build database images for customer deployments. The demonstrated attack highlights some common security oversights that can lead to supply chain compromises in cloud infrastructure. Developed by researchers from security firm Wiz, the […]

    Read More

  • Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

    The way build artifacts are stored by the GitHub Actions platform could enable attackers to inject malicious code into software projects with CI/CD (continuous integration and continuous delivery) workflows that don’t perform sufficient filtering when downloading artifacts. Cybersecurity researchers have identified several popular artifacts download scripts used by thousands of repositories that are vulnerable to […]

    Read More

  • Unwrapping Some of the Holiday Season’s Biggest Scams

    Even with the holidays in full swing, scammers won’t let up. In fact, it’s high time for some of their nastiest cons as people travel, donate to charities, and simply try to enjoy their time with friends and family.  Unfortunate as it is, scammers see this time of year as a tremendous opportunity to profit. […]

    Read More

  • UK Extends NIS Regulations to IT Managed Service Providers

    The UK strengthens its regulations on Network and Information Systems (NIS) to better prevent software supply chain attacks Read More

    Read More

  • Eight Charged with $30m Unemployment Benefits Fraud

    Defendants allegedly used insider to obtain personal information Read More

    Read More