News in the Security category

Notepad++ wants your help in "parasite website" shutdown

The Notepad++ project is seeking the public's help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project. There is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam someday either deliberately or as a result of a hijack.
- Ax Sharma
- April 08, 2024
- 05:51 AM
- 5
Home Depot confirms third-party data breach exposed employee info

Home Depot has confirmed that it suffered a data breach after one of its SaaS vendors mistakenly exposed a small sample of limited employee data, which could potentially be used in targeted phishing attacks.
- Lawrence Abrams
- April 07, 2024
- 01:40 PM
- 0
US Health Dept warns hospitals of hackers targeting IT help desks

The U.S. Department of Health and Human Services (HHS) warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health (HPH) sector.
- Sergiu Gatlan
- April 06, 2024
- 11:09 AM
- 0
Over 92,000 exposed D-Link NAS devices have a backdoor account

A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.
- Bill Toulas
- April 06, 2024
- 10:16 AM
- 0
The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack

Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services.
- Lawrence Abrams
- April 05, 2024
- 05:59 PM
- 0
New Ivanti RCE flaw may impact 16,000 exposed VPN gateways

Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) flaw the vendor addressed earlier this week.
- Bill Toulas
- April 05, 2024
- 01:40 PM
- 0
Fake Facebook MidJourney AI page promoted malware to 1.2 million people

Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware.
- Bill Toulas
- April 05, 2024
- 12:47 PM
- 0
Acuity confirms hackers stole non-sensitive govt data from GitHub repos

Acuity, a federal contractor that works with U.S. government agencies, has confirmed that hackers breached its GitHub repositories and stole documents containing old and non-sensitive data.
- Sergiu Gatlan
- April 05, 2024
- 11:32 AM
- 0
Panera Bread week-long IT outage caused by ransomware attack

Panera Bread's recent week-long outage was caused by a ransomware attack, according to people familiar with the matter and emails seen by BleepingComputer.
- Lawrence Abrams
- April 05, 2024
- 09:52 AM
- 2
New Latrodectus malware replaces IcedID in network breaches

A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023.
- Bill Toulas
- April 04, 2024
- 04:38 PM
- 0
Visa warns of new JSOutProx malware variant targeting financial orgs

Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers.
- Bill Toulas
- April 04, 2024
- 03:29 PM
- 0
Microsoft fixes Outlook security alerts bug caused by December updates

Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening .ICS calendar files after installing the December 2023 Outlook Desktop security updates
- Sergiu Gatlan
- April 04, 2024
- 03:14 PM
- 0
Hoya’s optics production and orders disrupted by cyberattack

Hoya Corporation, one of the largest global manufacturers of optical products, says a "system failure" caused servers at some of its production plants and business divisions to go offline on Saturday.
- Sergiu Gatlan
- April 04, 2024
- 01:22 PM
- 0
US cancer center data breach exposes info of 827,000 patients

Cancer treatment and research center City of Hope is warning that a data breach exposed the sensitive information of over 820,000 patients.
- Bill Toulas
- April 04, 2024
- 12:57 PM
- 0
New HTTP/2 DoS attack can crash web servers with a single connection

Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.
- Bill Toulas
- April 04, 2024
- 11:28 AM
- 0
Sponsored Content
The Biggest Takeaways from Recent Malware Attacks

Recent high-profile malware attacks teach us lessons on limiting malware risks at organizations. Learn more from Blink Ops about what these attacks taught us.
- Sponsored by Blink Ops
- April 04, 2024
- 10:01 AM
- 0
Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack

The U.S. Department of Homeland Security's Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key.
- Ionut Ilascu
- April 03, 2024
- 08:21 PM
- 0
SurveyLama data breach exposes info of 4.4 million users

Data breach alerting service Have I Been Pwned (HIBP) warns that SurveyLama suffered a data breach in February 2024, which exposed the sensitive data of 4.4 million users.
- Bill Toulas
- April 03, 2024
- 06:28 PM
- 3
Omni Hotels confirms cyberattack behind ongoing IT outage

Omni Hotels & Resorts has confirmed a cyberattack caused a nationwide IT outage that is still affecting its locations.
- Sergiu Gatlan
- April 03, 2024
- 06:17 PM
- 1
Hosting firm's VMware ESXi servers hit by new SEXi ransomware

Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups.
- Lawrence Abrams
- April 03, 2024
- 05:58 PM
- 4