Americans lost record $10 billion to fraud in 2023, FTC warns
The U.S. Federal Trade Commission (FTC) says Americans over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year. [...]
Security warnings identify potential threats, unsafe configurations, or urgent weaknesses so organizations can assess risk and take protective action.
Search across headline titles and summaries.
Background for this topic.
Warning is a notification that a security-relevant condition may require attention, such as a newly disclosed vulnerability, suspicious authentication activity, malicious campaign, unsafe configuration, or deceptive message. In security news, the term commonly covers public advisories and threat-intelligence notices as well as operational alerts generated by defensive systems; it does not by itself prove that an attack or compromise has occurred.
Practitioners should assess the warning’s source, affected products or environments, evidence, severity, exploitability, and recommended action. Vulnerability warnings may require identifying exposed assets, applying a fix or mitigation, and checking for exploitation; campaign warnings may provide indicators for detection and investigation. Alerts should be triaged against logs and other evidence, with significant findings routed into incident response. Because attackers can imitate urgent security notices, recipients should verify requests and access instructions through trusted channels, while excessive or poorly tuned alerts can create fatigue and obscure genuinely important signals.
The U.S. Federal Trade Commission (FTC) says Americans over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year. [...]
Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild
Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. [...]
Recent Victims Include Pennsylvania Emergency Dispatch SystemU.S. federal authorities are again warning the healthcare sector about threats from the Akira ransomware group. The latest alert comes on the heels of several recent attacks by the gang, including one last month on Bucks County, Pennsylvania, which affected an IT system used by emergency responders.
The fake app looks similar to the legitimate LastPass app in its branding, and it could be stealing users' credentials.
LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. [...]
Dutch military intelligence warns that new malware, called "Coathanger," was found in multiple FortiGate devices during an incident response, and that Chinese-state actors are using the persistent RAT for espionage.
The US claims to have discovered Chinese Volt Typhoon intrusions in multiple critical infrastructure sectors
Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution. [...]
Officials Say Hackers Are Evading Detection on Critical Infrastructure NetworksThe U.S. Cybersecurity and Infrastructure Security Agency urged critical infrastructure owners to patch systems after publishing a warning that Chinese hackers are evading detection and maintaining persistent unauthorized access in U.S. information technology environments.
Don't Brush in Fear, as Supposed DDoS Dental Trauma Fails to Pass MusterBreathless reports claim 3 million IoT toothbrushes have been remotely compromised and used to target unsuspecting businesses via distributed denial-of-service attacks. Just one problem: This story has more holes in it than the teeth of kid with a 10-pack-a-day Gummy Bear habit.
Mispadu Trojan Is Compromising Windows Security, Posing Threat to Banking SystemsThe novel variant of the banking Trojan Mispadu is targeting Latin American countries, especially Mexico, by exploiting a flaw in Windows SmartScreen. In this latest distribution method, the attackers send spam emails that deliver deceptive URL files that circumvent the SmartScreen banner warning.
More than six million VPNs are now deployed on devices in the United Arab Emirates.
JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. [...]
Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information. [...]