The Information Highway

The Information Highway

GitHub-headpic

GitHub comments abused to push malware via Microsoft repo URLs

Security

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy.

Continue reading
MITRE

MITRE says state hackers breached its network via Ivanti zero-days

Security

The MITRE Corporation says that a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.

Continue reading
palo-alto-networks

22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks

Security

Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024.

Continue reading
Roku

Roku warns 576,000 accounts hacked in new credential stuffing attacks

Security

Roku warns that 576,000 accounts were hacked in new credential stuffing attacks after disclosing another incident that compromised 15,000 accounts in early March.

Continue reading
LastPass-headpi_20240413-224058_1

LastPass: Hackers targeted employee in failed deepfake CEO call

Security

LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer.

Continue reading

UnitedHealth confirms it paid ransomware gang to stop data leak

United--Healthcare

The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February.

Continue reading
0
  85 Hits

LayerSlider SQL injection vulnerability

Threat-Advisory-Banne2r

Threat update

An unauthenticated Structured Query Language (SQL) injection vulnerability, known as CVE-2024-2879, has been found in the WordPress plugin LayerSlider.

Continue reading
0
  77 Hits

Malware dev lures child exploiters into honeytrap to extort them

hacker-arms-raised-brighter

You rarely root for a cybercriminal, but a new malware campaign targeting child exploiters doesn't make you feel bad for the victims.

Continue reading
0
  106 Hits

Critical Forminator plugin flaw impacts over 300k WordPress sites

back-2

The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.


Continue reading
0
  68 Hits

CrushFTP warns users to patch exploited zero-day “immediately”

CrushFTP_headpic

CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today, urging them to patch their servers immediately.

Continue reading
0
  86 Hits