The Django web framework patched a high-severity vulnerability affecting its main branch and three other versions - 3.2, 4.0 and 4.1. Developers who match inputs against safelists are unaffected. There are more than 91,000 websites using the Django framework, many of them based in the United States.
The U.S. and Israel have agreed to a new joint cybersecurity program called BIRD Cyber to enhance the cyber resilience of both countries' critical infrastructures. Grants of up to $1.5 million will be given to entities who jointly develop advanced cybersecurity applications under this program.
The Twitter and YouTube accounts of the British Army were briefly taken over on Sunday evening by unidentified hackers who posted content related to cryptocurrency and NFTs. The situation has now been resolved, but the U.K. Ministry of Defense says the investigation is ongoing.
India's stock brokers and depository participants must now report all cyberattacks and breaches to the Securities and Exchange Board of India within six hours of detection under a mandate implementing what is likely the world's tightest breach reporting timeline requirement.
Unemployment benefits websites across the United States are offline after a malware attack was detected at third-party vendor Geographic Solutions Inc. The vendor, which serves dozens of state labor departments, says no personally identifiable information has been affected by the attack.
Emails shared with NFT marketplace OpenSea were disclosed to an unauthorized external party, the company is warning patrons. Anyone who shared an email address should be on guard for phishing attacks. The cause was a rogue employee at a third-party email delivery vendor.
Fraudsters compromised debit card numbers and associated PINs, and possibly names and addresses, of an undisclosed number of Bank of the West customers. Unknown thieves installed skimmers in a "small number of ATMs," the bank's COO, Karl Werwath, tells ISMG.
Ukraine says it has thwarted multiple Russian misinformation campaigns, including blocking attempts to penetrate the electronic systems of its TV channels on the eve of its Constitution Day holiday. It also flagged social media accounts spreading fake videos.
Hacking group Gonjeshke Darande, or Predatory Sparrow in Persian, is claiming responsibility for hacking Iranian manufacturer Khouzestan Steel Company. The company shut down operations, but semiofficial Mehr News Agency reports that the factory is expected to return to normal by the end of today.
Watch out for APT and state-sponsored hackers using the Log4Shell vulnerability to gain unauthorized entry into unpatched VMware Horizon Systems and Unified Access Gateway servers, says a joint advisory from CISA and the U.S. Coast Guard Cyber Command.
A report from the company behind the world's most ubiquitous operating system depicts active cyber scrimmage between Russia and Ukraine and Russia and a slew of other countries. Fighting it is the work of private-public collaboration, Microsoft President Brad Smith writes.
Personal data allegedly obtained during a cyberattack using BlackCat ransomware was published on a typosquatted open internet website. This new extortion technique shows an escalation by ransomware groups in their willingness to use personal data to bludgeon victims into paying extortion money.
An operator deploying BlackCat ransomware, also known as ALPHV, appears to have claimed the University of Pisa as its latest victim. University officials reportedly face a ransom demand of $4.5 million, a "discount price" that will jump to $5 million after Thursday.
The Nigerian Police Special Fraud Unit says it busted a criminal syndicate, preventing cyberattacks against at least 10 banks in the country. The alleged mastermind was caught by the police, along with two alleged gang members, and another alleged member absconded, the police say.
The Cuba ransomware group, which has previously targeted U.S. critical infrastructure firms, has updated its malware to "optimize" execution and "minimize" unintended system behavior, says Trend Micro. Researchers at Elastic Security Labs also share malware analysis, TTPs and detection techniques.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing fraudtoday.io, you agree to our use of cookies.
