Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. orginal source link
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. orginal source link
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. orginal source link
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack. orginal source link
Xiaomi Phone Bug Allowed Payment Forgery
Mobile transactions could’ve been disabled, created and signed by attackers. orginal source link
Phishers Swim Around 2FA in Coinbase Account Heists
Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds. orginal source link
Open Redirect Flaw Snags Amex, Snapchat User Data
Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims. orginal source link
Universities Put Email Users at Cyber Risk
DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails. orginal source…
Securing Your Move to the Hybrid Cloud
Infosec expert Rani Osnat lays out security challenges and offers hope for organizations migrating their IT stack to the private and public cloud environments. orginal source link
Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office
Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads. orginal source link
IoT Botnets Fuels DDoS Attacks – Are You Prepared?
The increased proliferation of IoT devices paved the way for the rise of IoT botnets that amplifies DDoS attacks today. This is a dangerous warning that the possibility of a…
Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems
300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services. orginal source link
Authentication Risks Discovered in Okta Platform
Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction. orginal source link
Google Boots Multiple Malware-laced Android Apps from Marketplace
Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant. orginal source link
Large-Scale Phishing Campaign Bypasses MFA
Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets. orginal source link
‘Callback’ Phishing Campaign Impersonates Security Firms
Victims instructed to make a phone call that will direct them to a link for downloading malware. orginal source link
Google Patches Actively Exploited Chrome Bug
The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code. orginal source link
Leaky Access Tokens Exposed Amazon Photos of Users
Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents. orginal source link
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks. orginal source link
Google Warns Spyware Being Deployed Against Android, iOS Users
The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs. orginal source link
Kazakh Govt. Used Spyware Against Protesters
Researchers have discovered that a Kazakhstan government entity deployed sophisticated Italian spyware within its borders. orginal source link
Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again
Deja-Vu data from this year’s DBIR report feels like we are stuck in the movie ‘Groundhog Day.’ orginal source link
ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn. orginal source link
380K Kubernetes API Servers Exposed to Public Internet
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access. orginal source link
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites. orginal source link
MAINPIPE