16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

Hackers target Chrome browser extensions 16 extensions being compromised Exposed over 600,000 users to data exposure and credential theft The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign Hackers used their access permissions to insert malicious code into legitimate extensions in order to steal cookies and user access…

Read More

Brazilian Hacker Charged for Selling Data Stolen From Hacked Computers

Junior Barros De Oliveira, a 29-year-old resident of Curitiba, Brazil, has been indicted in the United States for orchestrating an extortion scheme involving data stolen from the computer systems of a Brazilian subsidiary of a New Jersey-based company. U.S. Attorney Philip R. Sellinger announced the charges after the indictment was unsealed in Newark federal court. Allegations of…

Read More

Meta hit with $263 million fine in Europe over 2018 Data breach

The penalty adds to a series of GDPR fines against Meta, bringing the total to $3 billion. Meta has been fined $263.5 million (€251 million) by Ireland’s Data Protection Commission (DPC) for a 2018 Facebook security breach that exposed the sensitive data of 29 million users globally. The breach exploited a vulnerability in Facebook’s “view…

Read More

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit…

Read More

Deployed WezRat Malware known to Execute Attackers Commands

Cyber researchers discovered on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. The malware was first documented late last month by U.S. and Israeli cybersecurity agencies, describing it as an “exploitation tool for gathering information about an end point and running remote…

Read More

CISA warned of Cyberattackers Exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition

CISA recently warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS. This security flaw, tracked as CVE-2024-5910, was patched in July, and threat actors can remotely exploit it to reset application admin credentials on Internet-exposed Expedition…

Read More

Chinese hackers hijacked thousands of TP-Link WiFi routers for covert Cyberattacks

Microsoft observed that a covert Chinese botnet, relying on compromised TP-Link routers, commits stealthy password-spraying attacks, only attempting to access accounts once per day. This malicious operation was discovered in August 2023 and employed an average of 8,000 compromised devices at any given time, according to a new report by Microsoft Threat Intelligence. The botnet…

Read More

Fidelity Investments reports data breach, impacting more than 77,000 customers

Fidelity Investments has confirmed that it suffered a major data breach to US authorities. In its filing with the Office of the Maine Attorney General, the US-based asset manager said the incident, which occurred in August, exposed the personal information of more than 77,000 customers. Fidelity Investments added that it had commissioned external security experts…

Read More

Prasarana confirms cybersecurity breach, public transport operations unaffected

After a social media post went viral claiming that public transportation body Prasarana was facing a ransomware attack, the firm confirmed that it was facing a cybersecurity issue. In the statement posted on RapidKL’s social media, Prasarana said that it “confirms social media reports regarding a cybersecurity incident involving part of their internal systems.” Without…

Read More

Zoom Critical Vulnerabilities Let Attackers Escalate Privileges

  The vulnerabilities highlight significant risks for users across various platforms, including Windows, macOS, Linux, iOS, and Android. Zoom Video Communications has disclosed several critical vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients. These vulnerabilities, identified in multiple security bulletins, potentially allow attackers to escalate privileges on affected systems. The vulnerabilities highlight significant risks…

Read More