Google has removed eight fake cryptomining apps from its Play Store, but researchers at security firm Trend Micro have flagged 120 other apps on users' phones purporting to also be cryptomining. Users paid for services the eight apps never delivered.
At least 38 million records have been leaked by hundreds of online portals that were unwittingly misconfigured by organizations using Power Apps, a Microsoft service to quickly spin up web apps. Microsoft has now changed default settings for Power Apps to prevent inadvertent data exposures.
Microsoft security researchers say the operators of the well-established Mozi IoT botnet have upgraded the malware, enabling it to achieve persistence on network gateways manufactured by Netgear, Huawei and ZTE.
The Cybersecurity and Infrastructure Security Agency is warning organizations to immediately patch the ProxyShell vulnerabilities in Microsoft Exchange email servers because security researchers say ransomware gangs are exploiting these flaws.
The U.S. and Singapore have announced three agreements to expand their collaborative efforts - including shoring up information sharing, research and training - to address global cybersecurity issues.
Researchers at Mnemonics Labs have found a vulnerability in the server name indication, or SNI, of the TLS Client Hello extension. Exploitation could enable attackers to bypass the security protocol of many security products, leading to stealthy exfiltration of data, researchers say.
Security firm Cloudflare says it detected and mitigated a 17.2 million request-per-second distributed denial-of-service attack, almost three times larger than any previously reported HTTP DDoS attack.
The Aggah APT group, believed to be of Pakistani origin, apparently was behind a recent spear-phishing campaign targeting manufacturing firms in Taiwan and South Korea, according to the Anomali Threat Research Team.
As ransomware-as-a-service operations continue to compete for affiliates, the operators behind LockBit have unveiled a new version of their crypto-locking malware boasting fresh features, some borrowed from rivals. Separately, a relatively unsophisticated newcomer called Hive has debuted.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the evolution of fraud trends and the challenges in implementing the "zero trust" framework in the OT environment.
The World Bank has launched a cybersecurity fund for low- and middle-income nations to support public sector efforts to conduct cybersecurity maturity assessments, offer technical assistance and support training and staff development.
Researchers at cybersecurity firm ClearSky say an Iranian APT group, dubbed "Siamesekitten," is targeting Israeli companies in a supply chain attack campaign. The attackers are luring victims with fake job offer emails that direct recipients to websites that download malware.
A hacker stole $97 million in cryptoassets from the Japan-based cryptocurrency exchange Liquid. The attack came just days after a hacker stole $612 million from the crypto platform Poly Network.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.