As the United States of America enters the final days of the race for the White House, the FBI has warned that fraudsters are using the presidential election campaign to scam citizens out of their savings and personal data. According to a public service announcement published by the Internet Crime Complaint Center (IC3), scammers who … Read more
Oct 20, 2024Ravie LakshmananVulnerability / Email Security Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an unspecified … Read more
In analyzing 138 actively exploited vulnerabilities in 2023, Google Mandiant reported Oct. 15 that 70% of them were zero-days, indicating that threat actors are getting much better at identifying vulnerabilities in software. It’s a worrying trend in and of itself, but what caused even more concern among security analysts was that Google Mandiant also found … Read more
The Fog and Akira ransomware gangs have been observed exploiting a critical vulnerability that lets them run a remote code execution (RCE) on Veeam Backup and Replications servers. While Veeam disclosed this critical deserialization bug and released a patch for CVE-2024-40711 on Sept. 4, publication of the proof-of-concept (PoC) developed by watchTowr Labs was delayed … Read more
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to ship spoofed e mail login pages which can be designed to reap customers’ credentials. “Not like different phishing webpage distribution habits by means of HTML content material, these assaults use the response header despatched by a server, which happens … Read more
