The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8), a command injection bug that could result in the execution of arbitrary system commands when […]
Author Archives: Onsite Computing, Inc.
Meta Platforms on Monday announced that it’s bringing advertising to WhatsApp, but emphasized that the ads are “built with privacy in mind.” The ads are expected to be displayed on the Updates tab through its Stories-like Status feature, which allows ephemeral sharing of photos, videos, voice notes, and text for 24 hours. These efforts are […]
Unlike typical data-stealing malware, this attack tool targets data specific to corporate and cloud infrastructures in order to execute supply chain attacks. Go to Source Author: Jai Vijayan, Contributing Writer
Threat intelligence researchers are warning of hackers breaching multiple U.S. companies in the insurance industry using all the tactics observed with Scattered Spider activity. […] Go to Source Author: Ionut Ilascu
The threat of wiping files and servers clean gives Anubis affiliates yet another way to leverage ransomware victims who may be hesitant to pay to get their data back, Trend Micro said. Go to Source Author: Alexander Culafi, Senior News Writer, Dark Reading
Journalists’ Microsoft accounts were breached, which would have given attackers access to emails of staff reporters covering national security, economic policy, and China. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
A high-severity vulnerability in ASUS Armoury Crate software could allow threat actors to escalate their privileges to SYSTEM level on Windows machines. […] Go to Source Author: Bill Toulas
The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets allegedly linked to a global IT worker scheme orchestrated by North Korea. “For years, North Korea has exploited global remote IT contracting and cryptocurrency […]
The emerging threat group attacks the supply chain via weaponized repositories posing as legitimate pen-testing suites and other tools that are poisoned with malware. Go to Source Author: Elizabeth Montalbano, Contributing Writer
Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government. […] Go to Source Author: Bill Toulas