Security researchers are warning of a critical-severity vulnerability in the Royal Elementor Addons and Templates WordPress plugin that has been exploited as a zero-day for more than a month. Developed by WP Royal, the plugin helps domain admins build their websites without any coding experience. Royal Elementor has more than 200,000 active installations on the ..
Tag : Cybercrime
UK-based cable manufacturing giant Volex (AIM: VLX) has been targeted in a cyberattack that involved unauthorized access to some of the company’s IT systems and data. In a statement issued on Monday, the power and data transmission product manufacturer said all of its sites remain operational and it does not expect any financial impact caused ..
Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, according to a warning from cybersecurity vendor Human Security. As part of the global cybercriminal operation called BadBox (PDF), Human Security found a threat actor relied on supply chain compromise to infect the firmware of more than 70,000 Android smartphones, CTV ..
The US, Ukraine, and Israel remain the most frequent targets of cyberespionage and cybercrime attacks out of a total of 120 attacked countries, Microsoft says in a new report. The observed attacks, the tech giant says, were fueled by nation-state spying and influence operations, and more than 40% of the observed attacks targeted critical infrastructure ..
Cloud computing giant AWS says an internal threat intel decoy system called MadPot has been used successfully to trap malicious activity, including nation state-backed APTs like Volt Typhoon and Sandworm. MadPot, the brainchild of AWS software engineer Nima Sharifi Mehr, is described as “a sophisticated system of monitoring sensors and automated response capabilities” that entraps malicious ..
SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present ..
Enterprise technology vendor Progress Software on Thursday shipped patches for critical-level security flaws in its WS_FTP file transfer software, warning that a pre-authenticated attacker could wreak havoc on the underlying operating system. An urgent bulletin from the Burlington, Mass. company documented at least eight security defects that could be exploited remotely and urged business customers ..
A Nigerian national residing in South Africa last week pleaded guilty in court in the United States to his role in a million-dollar business email compromise (BEC) fraud scheme. The man, Kosi Goodness Simon-Ebo, 29, was extradited to the US from Canada in April 2023. According to the plea agreement and other court documents, Simon-Ebo ..
MGM Resorts brought to an end a 10-day computer shutdown prompted by efforts to shield from a cyberattack data including hotel reservations and credit card processing, the casino giant said Wednesday, as analysts and academics measured the effects of the event. “We are pleased that all of our hotels and casinos are operating normally,” the ..
Authorities in Finland and Europol on Tuesday announced the seizure of Piilopuoti, a drugs marketplace operating on the Tor network since May 2022. Designed to facilitate free and anonymous internet browsing and communication, the Tor network is also used by cybercriminals to conduct illegal activities, including the sales of malware, drugs, weapons, and other illicit ..
