Conor Brian Fitzpatrick, a 20-year-old man and founder of the now-defunct BreachForums, has been charged with conspiracy to commit access device fraud in the United States. Fitzpatrick, who went by the online name "pompompurin," may face up to five years in prison if found guilty. He was arrested on March 15, 2023. The charges come after an investigation by the Department of Justice (DoJ) led to...
Read More
Popular e-commerce plug-in, WooCommerce, used for WordPress-based online stores, has been found to contain a critical vulnerability that could allow attackers to take over websites. While technical details about the vulnerability have not been published, the WooCommerce team has released updates, and attackers could reverse-engineer the patch. The vulnerability allows for unauthenticated administrative takeover of websites. Website administrators using this plugin are advised to issue the...
Read More
Moyne Shire Council Detects and Halts Unauthorized Access Incident at Kindergarten. Officials at Moyne Shire Council, located in Victoria, have reported that they have identified and terminated an unauthorised access incident on a device at a council-run kindergarten. The council disclosed that the incident occurred on March 3 and targeted an "electronic device...
Read More
Aruba Networks Releases Patches for Eight Vulnerabilities in ClearPass Policy Manager Software. Aruba Networks, a leading provider of network access enforcement solutions, has recently disclosed a set of patches to address eight vulnerabilities in its ClearPass Policy Manager software. The software is used to enforce unified network access across wireless, wired, and VPN networks. The most severe vulnerability, CVE-2023-25589, was discovered by New Zealander pentester Daniel Jensen....
Read More
Microsoft Releases 76 Fixes in Latest Patch Tuesday Collection. Microsoft has released a collection of 76 fixes for various vulnerabilities as part of its Patch Tuesday update. Of these, two bugs are currently under active exploitation. One of the bugs, CVE-2023-23415, appears to be a “ping of death” and is an ICMP remote code execution (RCE) vulnerability with a CVSS score of 9.8. Attackers can exploit this...
Read More
NSW Health Data Breach: Payroll Information of Over 1,600 Staff Affected! NSW Health has recently confirmed that it has become the latest organisation to suffer a data breach in the Frontier Software cyber-attack at the end of 2021. According to an FAQ posted on its website, the breach has impacted staff or former staff who were employed by the Ministry of Health, as a senior executive...
Read More
Cybercriminals are increasingly turning to stolen credentials as a valuable commodity on the underground market. According to a report by cybersecurity firm Flashpoint, last year saw 4,518 data breaches reported, with attackers stealing or exposing 22.62 billion credentials and personal records. Over 60% of these were stolen from organizations in the information sector. Flashpoint's database of threat intelligence includes 575 million posts on illegal forums, 3.6...
Read More
Chinese online fashion retailer, Shein, has been found to have had a bug in an older version of its Android application that periodically captured and transmitted clipboard contents to a remote server. The issue was discovered by the Microsoft 365 Defender Research Team in version 7.9.2 of the app, which was released on December 16, 2021. The issue has since been addressed as of May...
Read More
LastPass Breach Resulted from Failure to Update Plex Software. A recent breach at LastPass, a popular password management service, has been attributed to the failure of one of its engineers to update Plex software on their home computer. This serves as a reminder of the importance of keeping software up-to-date to avoid potential security risks. The breach occurred when unidentified actors leveraged information stolen from a previous...
Read More
A new information stealer called SYS01stealer has been discovered by cybersecurity researchers, targeting critical government infrastructure employees, manufacturing companies, and other sectors. The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information. The Israeli cybersecurity company Morphisec reported that the campaign was initially tied to a financially motivated cybercriminal operation dubbed Ducktail by Zscaler. However, WithSecure, which...
Read More