Malaysian Police Bust Massive Phishing-as-a-Service Platform BulletProftLink

The Royal Malaysian Police announced that they have seized the notorious BulletProftLink phishing-as-a-service (PhaaS) platform, which was a major source of cybercrime and credential theft. Phishing is a type of online fraud where attackers impersonate legitimate entities or individuals to trick victims into revealing sensitive information, such as passwords, bank account details, or credit card […]

ScreenConnect Used for Hack Yet Again, This Time for Pharmacy Management Systems

A new cyberattack campaign is targeting the pharmacy supply chain in the United States, using a remote access tool called ScreenConnect to compromise endpoints and deliver malicious payloads. The attackers are exploiting a vulnerability in the ScreenConnect software that is used by Transaction Data Systems (TDS), a company that provides pharmacy management systems and services […]

OpenAI Back Online Following DDoS Attack

OpenAI, the research organization behind the development of artificial intelligence models such as GPT-3 and DALL·E, has been experiencing “periodic outages” due to DDoS attacks targeting its API and ChatGPT services within the last 24 hours. DDoS attacks are malicious attempts to disrupt the normal traffic of a targeted server, service or network by overwhelming […]

Microsoft Addresses MFA Fatigue

Multi-factor authentication (MFA) is a security method that requires users to provide two or more pieces of evidence to verify their identity and access their accounts. MFA can enhance the protection of online accounts from hackers, who may try to steal passwords, personal information, or financial data. However, MFA is not foolproof, and hackers can […]

Microsoft Expands MFA Requirements for Admin.Microsoft.com Panel

Microsoft is taking steps to enhance the security of its cloud services by introducing Conditional Access policies that will require multifactor authentication (MFA) for certain scenarios. MFA is a method of verifying a user’s identity by asking for more than one piece of evidence, such as a password and a code sent to a phone […]

New OpenAI Capabilities to be Announced Today

OpenAI is holding a conference starting today! The conference signals OpenAI’s ambition to expand beyond a consumer sensation to becoming a provider of a hit developer platform, and CEO Sam Altman has teased attendees with the promise of “some great new stuff.” The one-day event, in a desolate area of San Francisco near City Hall, […]

Apple FindMy Hacked to Relay Messages Covertly

Apple’s Find My network is a feature that allows users to locate their lost or stolen Apple devices, such as iPhones, iPads, Macs, AirPods, and AirTags. The network uses Bluetooth signals from nearby Apple devices to relay the location of the missing device to the owner, even if it is offline or in sleep mode. […]

No One Knows Who Just Killed One of the World’s Most Effective Botnets

The Mozi botnet is now a shell of its former self, thanks to a de facto kill switch triggered in August. Active since September 2019, Mozi is a peer-to-peer (P2P) botnet that enables distributed denial-of-service (DDoS) attacks, as well as data exfiltration and payload execution. It infects Internet of Things (IoT) devices — using network […]

196 Servers Down in Ave Hardware Cyberattack

Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to restore 196 servers. The cyberattack occurred on Sunday morning, October 29, 2023, and affected many of the company’s key operating systems, including ACENET, its Warehouse Management Systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, […]

New CVSS 4.0 Vulnerability Severity Rating Standard Just Released

The Forum of Incident Response and Security Teams (FIRST) is a non-profit organization that aims to help computer security incident response teams across the world. FIRST is also the owner and manager of the Common Vulnerability Scoring System (CVSS), which is an open framework for communicating the characteristics and severity of software vulnerabilities1. CVSS provides a […]