Robert Boettger

Cybersecurity

Cyber News

Typing Terminal Text
Latest Hacking News | Cyber Security News, Hacking

LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere

Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience

LayerX, pioneer of the LayerX Browser Security platform, today announced $26 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors. Lior Litwak, Managing Partner at Glilot Capital and Head of Glilot+, and
Malwarebytes

Psychotherapy practice hacker gets jail time after extorting patients, publishing personal therapy notes online

On October 30, 2020, I started a article with the words:

“Hell is too nice a place for these people.”

The subject of this outrage focused on the cybercriminals behind an attack on Finnish psychotherapy practice Vastaamo. Because it was a psychotherapy practice, the records contained extremely sensitive and confidential information about some of the most vulnerable people.

Sadly, the attacker did not stop at extorting the clinic but also sent extortion messages to the patients, asking them to
Malwarebytes

Watch out for tech support scams lurking in sponsored search results

This blog post was written based on research carried out by Jérôme Segura.

A campaign using sponsored search results is targeting home users and taking them to tech support scams.

Sponsored search results are the ones that are listed at the top of search results and are labelled “Sponsored”. They’re often ads that are taken out by brands who want to get people to click through to their website. In the case of malicious sponsored ads, scammers tend to outbid the brands in order to be listed as
Malwarebytes

Dropbox Sign customer data accessed in breach

Dropbox is reporting a recent “security incident” in which an attacker gained unauthorized access to the Dropbox Sign (formerly HelloSign) production environment. During this access, the attacker had access to Dropbox Sign customer information.

Dropbox Sign is a platform that allows customers to digitally sign, edit, and track documents. The accessed customer information includes email addresses, usernames, phone numbers, and hashed passwords, in addition to general account settings and certain
The CyberWire

Dropbox sign breach exposes secrets.

Dropbox’s secure signature service suffers a breach. CISA is set to announce a voluntary pledge toward enhanced security. Five Eyes partners issue security recommendations for critical infrastructure. Microsoft acknowledges VPN issues after recent security updates. LockBit releases data from a hospital in France. One of REvil’s leaders gets 14 years in prison. An Phishing-as-a-Service provider gets taken down by international law enforcement. China limits Teslas over security concerns. In our Th
Cybersecurity and Infrastructure Security Agency C

CyberPower PowerPanel | CISA


• Vulnerabilities: Use of Hard-coded Password, Relative Path Traversal, Use of Hard-coded Credentials, Active Debug Code, Storing Passwords in a Recoverable Format, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Use of Hard-coded Cryptographic Key, Improper Authorization

Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication and gaining administrator privileges, forging JWT tokens to bypass authentication, wr
Cybersecurity and Infrastructure Security Agency C

Delta Electronics DIAEnergie | CISA

Successful exploitation of these vulnerabilities could allow an authenticated attacker with limited privileges to escalate privileges, retrieve confidential information, upload arbitrary files, backdoor the application, and compromise the system on which DIAEnergie is deployed.

The following versions of Delta Electronics DIAEnergie, an industrial energy management system, are affected:

3.2.1 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-89

Delta Elec
Latest Hacking News | Cyber Security News, Hacking

Judge0 Vulnerabilities Could Allow Sandbox Escape

A security researcher discovered a security vulnerability in the Judge0 system, which received a patch that could further be bypassed, leading to further vulnerabilities. While the developer eventually patched the issue after repeated exploits, the researcher still suspects the probability of another patch bypass.

As explained in a recent blog post, security researcher Daniel Cooper from Tanto Security discovered multiple security issues in the open-source software Judge0. Exploiting the vulner
Malwarebytes

Wireless carriers fined $200 million after illegally sharing customer location data

After four years of investigation, the Federal Communications Commission (FCC) has concluded that four of the major wireless carriers in the US violated the law in sharing access to customers’ location data.

The FCC fined AT&T, Sprint, T-Mobile, and Verizon a total of almost $200 million for “illegally sharing access to customers’ location information without consent and without taking reasonable measures to protect that information against unauthorized disclosure.”

The fines are divided up in
The CyberWire

Retirement plan breach shakes financial giant.

A breach at J.P. Morgan Chase exposes data of over 451,000 individuals. President Biden Signs a National Security Memorandum to Strengthen and Secure U.S. Critical Infrastructure. Verizon’s DBIR is out. Cornell researchers unveil a worm called Morris II. A prominent newspaper group sues OpenAI. Marriott admits to using inadequate encryption. A Finnish man gets six years in prison for hacking a psychotherapy center. Qantas customers had unauthorized access to strangers’ travel data. The Feds look
Malwarebytes

FBI warns online daters to avoid "free" online verification schemes that prove costly

The FBI has warned of fraudsters targeting users of dating websites and apps with “free” online verification service schemes that turn out to be very costly.

Instead of being free, as advertised, the verification schemes involve steep monthly subscription fees, and will steal personal information on the side.

The scammers collect the information entered by victims at registrations and use it to commit further fraudulent activity such as identity theft or selling the information on the dark web
Malwarebytes

Premium Security earns "Product of the Year" from AVLab

After blocking 100% of “in-the-wild” malware samples that were deployed in multiple, consecutive third-party tests conducted by the AVLab Cybersecurity Foundation, Malwarebytes Premium Security has earned “Product of the Year.”

The recognition cements Malwarebytes Premium Security’s perfect record of repeatable, trusted, and proven protection for users. It also comes alongside an additional AVLab certification for “Top Remediation Time.”

The latest results are part of AVLab’s regular “Advanced
The CyberWire

Ransomware is just a prescription for chaos.

UnitedHealth’s CEO testimony before congress reveals details of the massive data breach. Major US mobile carriers are hit with hefty fines for sharing customer data. Muddling Meerkat manipulates DNS. A report from Sophos says ransomware payments skyrocketed this past year. The DOE addresses risks and benefits of AI. LightSpy malware targets macOS. A crucial Kansas City weather and traffic system is disabled by a cyberattack. A Canadian pharmacy chain shuts down temporarily following a cyberattac
Cybersecurity and Infrastructure Security Agency C

Delta Electronics CNCSoft-G2 DOPSoft | CISA

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.

The following versions of Delta Electronics CNCSoft-G2, a Human-Machine Interface (HMI) software, are affected:

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2024-4192 has been assigned to this vu
Latest Hacking News | Cyber Security News, Hacking

Google Meet Now Offers Client-Side Encryption For All Calls

With the recent Google Meet update, Google has strengthened call security for its users. Google Meet users can now use the client-side encryption to secure their calls even with non-Google users.

According to a recent post on Google Workspace updates, Google has now rolled out call encryption for external users on Google Meet. While client-side encryption was already available, the new update allows users to join encrypted calls without a Google account.

As explained, the feature is available
Malwarebytes

A week in security (April 22 - April 28)


• Ring agrees to pay $5.6 million after cameras were used to spy on customers
• TikTok comes one step closer to a US ban
• “Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare breach
• Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09
• Billions of scraped Discord messages up for sale
• 5 key benefits of the ConnectWise Asio and ThreatDown Integration for MSPs
• Update now! CrushFTP vulnerability allows data theft an
Malwarebytes

Kaiser health insurance leaked patient data to advertisers

Health insurance giant Kaiser has announced it will notify millions of patients about a data breach after sharing patients’ data with advertisers.

Kaiser said that an investigation led to the discovery that “certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.”

In the required notice with the US government, Kaiser lists 13.4 million affected individuals. Among these third-party ad vendors ar
Load More