Linux-based malware uses 30 WordPress exploits to inject JavaScript
New Linux-based malware uses 30 vulnerabilities in WordPress plugins to inject malicious JavaScript.
Antivirus vendor Dr. Web reports that the malware comes in two variants capable of attacking Linux-based WordPress sites by exploiting outdated plugins. The first variant found, Linux.BackDoor.Wo... Read more
Thousands of Citrix ADC and Gateway endpoints still vulnerable
Thousands of Citrix ADC and Gateway endpoints are still vulnerable to two known vulnerabilities for which fixes already exist. This was recently discovered by security specialist Fox-IT in an investigation.
According to the security specialist, thousands of Citrix ADC and Gateway deployments wor... Read more
‘Google Ads increasingly used to spread malware’
Cybercriminals are increasingly using the Google Ads platform to spread malware as legitimate software. This is according to recent research by Guardio Labs, Trend Micro and others.
Cybercriminals are increasingly spreading malware masquerading as legitimate software. They create a clone of the ... Read more
US House of Representatives bans TikTok
According to the House's administration arm, the prevalent Chinese video app TikTok has indeed been banned across all US House of Representatives-managed devices, mirroring a regulation that will shortly go into effect prohibiting the service from US government devices.
The app is considered "hi... Read more
Critical Linux kernel zero-day needs patching
We have bad news for all Linux system administrators on vacation or planning to vacation: There is a critical Linux kernel security bug. The Zero Day Initiative (ZDI), a zero-day security research organization, revealed a new Linux kernel security problem.
This vulnerability allows authenticated... Read more
EU presents final text of NIS2 directive
The European Union recently published the final text of the updated Network and Information Security (NIS2) Directive. The directive, which will enter into force in three weeks, requires companies belonging to critical infrastructure to implement certain security measures.
The improved NIS direc... Read more
The Guardian struggles with IT incident ‘believed to be ransomware’
The UK-based newspaper is fighting an IT incident. "We believe this to be a ransomware attack but are continuing to consider all possibilities", editor-in-chief Katharine Viner said.
The Guardian regularly covers cyberincidents. This time, the newspaper reports on itself. An editor revealed th... Read more
Okta’s source code has been stolen
An internal memo indicates that Okta's source code has been stolen by one or more unauthorized users. The organization claims the breach does not affect customers.
BleepingComputer obtained the internal memo from an anonymous source. Okta CSO David Bradbury writes that one or more unauthorized ... Read more
Cyberattack hits industrial giant ThyssenKrupp
ThyssenKrupp, a German multinational industrial engineering and steel manufacturing company, is fighting a cyberattack.
One or more threat actors are targeting the firm's Materials Services division and corporate headquarters. The nature of the attack was not disclosed.
"Thyssenkrupp is cur... Read more
Researchers use ChatGPT to generate malware and phishing mails
Researchers used ChatGPT to write malware scripts and generate phishing emails. The AI model has since been updated to prevent abuse.
ChatGPT is in the spotlight. OpenAI, the model's developer, recently made the technology publicly available. ChatGPT generates texts and code based on queries. In... Read more