FTC charged Avast with selling users’ browsing data to advertising companies
US FTC charged cyber security firm Avast with harvesting consumer web browsing data through its browser extension and antivirus and…
Security
“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud
Security researcher Salvatore Lombardo shared details about a new instance of Nigerian fraud that he called ‘Beyond the border scam.’…
New Image/Video Prompt Injection Attacks
Simon Willison has been playing with the video processing capabilities of the new Gemini Pro 1.5 model from Google, and…
Multiple XSS flaws in Joomla can lead to remote code execution
Joomla maintainers have addressed multiple vulnerabilities in the popular content management system (CMS) that can lead to execute arbitrary code.…
New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS
China-linked APT group Mustang Panda targeted various Asian countries with a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS.…
US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES
U.S. government offers rewards of up to $15 million for information that could lead to the identification or location of…
New Redis miner Migo uses novel system weakening techniques
A new malware campaign targets Redis servers to deploy the mining crypto miner Migo on compromised Linux hosts. Caro Security…
Details of a Phone Scam
First-person account of someone who fell for a scam, that started as a fake Amazon service rep and ended with…
Critical flaw found in deprecated VMware EAP. Uninstall it immediately
VMware urges customers to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the disclosure of a critical flaw CVE-2024-22245. VMware…
Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers
Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The vulnerability CVE-2024-21410 is a bypass…