A vulnerability to an authenticated remote code execution flaw, which could allow attackers to run malicious code in a website has been discovered in the Elementor WordPress website builder plugin. Elementor has over five million active installations. A security patch to fix the issue has now been applied to the new 3.6.3 version of Elementor.
It has been reported that the banking trojan malware called ‘SharkBot’ was recently discovered hiding in 6 different fake antivirus apps in the Google Play Store. The malware, which steals credentials and banking information, was previously discovered in apps in the store back in October. Google has confirmed that SharkBot has now been wiped off on the Android app marketplace.
Following the discovery of a ‘zero-day’ vulnerability in its Chrome browser, Google has advised users to update Chrome to version 99.04844.84 or later. This security issue also affects the Microsoft’s Edge browser because it uses the same underlying technology as Chrome. Microsoft is, therefore, also advising users to install the latest Edge security updates.
The UK’s national fraud reporting centre, Action Fraud, says that it has received 196 reports of scam emails claiming to be raising funds for victims of the war in Ukraine. Facebook Post In a Meta / Facebook post on 18 March, Action Fraud reported: “We’ve received 196 reports about FAKE emails purporting to raise money for those affected by…
In this article, we look at the cyber-crime gang Lapsus$, how they operate and the details of some of their recent high-profile attacks. Cyber-Crime Gang Lapsus$ is reported to be a mostly teenage cyber-crime gang (hackers), mainly based in South America, yet with its alleged multi-millionaire teenage leader based in Oxford, UK. The gang, which typically uses ransomware and…
It is believed that a string of hacks carried out on identity and access management company Okta, were the work of teenage cyber-gang Lapsus$, believed to be led by a UK-based 16 year-old. The hacks are thought to have resulted in the theft of confidential information, which could affect thousands of companies. Lapsus$, which is reported to have previously breached Microsft’s…
Germany’s Federal Office for Information Security (BSI) has warned that Russia-based Kaspersky’s anti-virus software could be used for spying or launching cyber-attacks. Russian Companies Forced To Launch Cyber-Attacks? The warning was aimed at Russian IT businesses who, claims the BSI, could be used via the software to carry out offensive operations, or forced against their will to attack target…
A recent revision to the (draft) Online Safety Bill could mean that executives who don’t comply with the regulator’s information request could start facing penalties such as jail just two months after the bill becomes law. The Online Safety Bill The UK government’s Online Safety Bill, published in May 2021 and now introduced to parliament, is (draft) legislation that’s…
It has been reported that hackers have been using CAPTCHA verification tests to get around automated spam scanners and trick them into letting their phishing emails through, hiding hide malicious links in HTML files. This technique has been used before and the advice is to not open or click on links in any unsolicited and suspicious-looking emails.
A new feature to Chrome’s built-in password manager means that users will soon be able to store notes with their passwords. The feature, currently limited to Chrome’s latest Canary release, means that: – A “Notes” field will appear in Google Chrome’s password manager underneath the username and password fields. – The option will appear when either editing an existing…
