Former Chelsea player Rati Aleksidze arrested in Germany for ‘gang-related investment fraud’

A former Chelsea striker played a possible minor role in a global investment crime gang, according to prosecutors investigating a cyber scam worth “billions”. Rati Aleksidze was temporarily held under a European arrest warrant in March. German prosecutors told Telegraph Sport Read More …

Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla

First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler ThreatLabz detected a threat campaign where threat actors leverage CVE-2017-11882 XLAM Read More …

Operation HAECHI IV: USD 300 million seized and 3,500 suspects arrested in international financial crime operation

LYON, FRANCE – A transcontinental police operation against online financial crime has concluded with almost 3,500 arrests and seizures of USD 300 million (approx. EUR 273 million) worth of assets across 34 countries. The six-month Operation HAECHI IV (July-December 2023) Read More …

Mr. Cooper leaks personal data of 14 million loan and mortgage customers

A major mortgage and loan company based in Dallas, working under the name Mr. Cooper Group Inc. has released more information on a recent breach. In a data breach notification, the company didn’t say what type of cyberattack caused the Read More …

Europol publishes IOCTA spotlight report on online fraud schemes

Europol’s spotlight report on online fraud highlights that online fraud schemes represent a major crime threat in the EU and beyond as online fraudsters generate multiple billions in illicit profits every year to the detriment of individuals, companies and public Read More …

A Log4Shell Retrospective – Overblown and Exaggerated

Two years ago, CVE-2021-44228 sent the security industry into a panic. The vulnerability, better known as Log4Shell, had security professionals working overtime through the holidays hunting down vulnerable log4j libraries. At the time, there was fear and confusion around what Read More …

Xfinity discloses a data breach but doesn’t say how many users are affected

Xfinity is notifying customers of a “data security incident” it says resulted in the theft of customer information, including usernames, passwords, contact information, and more. In a notice on Monday, Xfinity says “there was unauthorized access” to its systems from Read More …

Coverage Advisory for CVE-2023-50164: Apache Struts Path Traversal and File Upload Vulnerability

CVE-2023-50164 is a path traversal flaw that allows a remote attacker to upload malicious files to vulnerable servers. After successful exploitation, an attacker can achieve Remote Code Execution (RCE) on the target server. An attacker exploiting such a vulnerability can Read More …

#StopRansomware: Play Ransomware

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint CSA to disseminate the Play ransomware group’s IOCs and TTPs identified through FBI investigations Read More …