The Breach News

Google Addresses Another Actively Exploited Chrome Zero-Day Vulnerability

Google Addresses Critical Security Flaws in Chrome Browser In a proactive response to ongoing security concerns, Google has deployed patches to rectify nine significant vulnerabilities in its Chrome web browser, one of which is a serious zero-day flaw that has reportedly been exploited in the wild. This vulnerability, designated as…

Read MoreGoogle Addresses Another Actively Exploited Chrome Zero-Day Vulnerability

Cybercriminals Leverage Phishing and EV Certificates to Distribute Ransomware

The cyber threat landscape continues to evolve as researchers from Trend Micro report that the perpetrators behind the RedLine and Vidar information stealers are shifting their tactics to include ransomware attacks. This alarming trend has been facilitated through phishing campaigns that distribute malware utilizing Extended Validation (EV) code signing certificates,…

Read MoreCybercriminals Leverage Phishing and EV Certificates to Distribute Ransomware

Three UK Local Council Websites Targeted by DDoS Cyber Attacks

DDoS Attack Disrupts Three UK Councils: NoSensitive Data Compromised In a recent cybersecurity incident, three councils in the United Kingdom—Salford, Portsmouth, and Middlesbrough—experienced significant disruptions due to a Distributed Denial of Service (DDoS) attack. These attacks led to temporary outages, rendering the councils’ websites inaccessible to users and hampering public…

Read MoreThree UK Local Council Websites Targeted by DDoS Cyber Attacks

Leading Financial and Cybersecurity Experts to Converge at ISMG’s NYC Summit

Finance & Banking, Industry Specific, Next-Generation Technologies & Secure Development Summit on Nov. 7 to Address Evolving Cyber Risks in Finance Chris Riotta (@chrisriotta) • November 4, 2024 Leading cybersecurity professionals will gather on November 7 for ISMG’s Financial Services Summit to address financial sector vulnerabilities. (Image: Shutterstock) The 2024…

Read MoreLeading Financial and Cybersecurity Experts to Converge at ISMG’s NYC Summit

Urgent: Zero-Day Vulnerability in CrushFTP Exploited in Targeted Attacks

CrushFTP Users Urged to Update Following Newly Discovered Vulnerability The CrushFTP enterprise file transfer software has been hit by a security vulnerability that is reportedly being exploited in active attacks. In a recent advisory, CrushFTP informed its users that versions of the software prior to 11.1 are susceptible to a…

Read MoreUrgent: Zero-Day Vulnerability in CrushFTP Exploited in Targeted Attacks

Fresh Wi-Fi Vulnerability Allows Network Eavesdropping Through Downgrade Attacks

New Wi-Fi Vulnerability Exposed: SSID Confusion Attack Poses Risk to All Networks Recent research has uncovered a significant security flaw related to the IEEE 802.11 Wi-Fi standard, identified as the SSID Confusion attack (CVE-2023-52424). This vulnerability can manipulate users into connecting to less secure wireless networks, enabling potential attackers to…

Read MoreFresh Wi-Fi Vulnerability Allows Network Eavesdropping Through Downgrade Attacks

Hundreds of Code Libraries on NPM Attempt to Install Malware on Developer Machines

A recent analysis by Phylum has uncovered a series of malicious packages, pointing to an IP address affiliated with a notable threat actor: This investigation reveals that, while the attackers aimed to obscure their infrastructure for second-stage infections, their strategy inadvertently left a digital breadcrumb trail of previously utilized…

Read MoreHundreds of Code Libraries on NPM Attempt to Install Malware on Developer Machines