article thumbnail

Patch Tuesday, May 2024 Edition

Krebs on Security

“CVE-2024-30051 is used to gain initial access into a target environment and requires the use of social engineering tactics via email, social media or instant messaging to convince a target to open a specially crafted document file,” Narang said. Emerging in 2007 as a banking trojan, QakBot (a.k.a.

article thumbnail

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Security Affairs

The NextGEN Gallery is one of the most popular WordPress gallery plugins that is available since 2007. An attacker could trigger the flaws with social engineering techniques by tricking WordPress admins into clicking specially crafted links or attachments to perform malicious actions. The plugin receives over 1.5

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cyber News Rundown: Italian Banks Hit with Ursnif

Webroot

Over 100 banks in Italy have fallen victim to the Ursnif banking trojan, which has stolen thousands of login credentials since it was first discovered in 2007. The attack likely began as a malicious email using social engineering to trick users into clicking links. Telemarketer leaves thousands of records exposed.

Banking 111
article thumbnail

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. This script shows a social engineering message, such as a Flash update popup or a DNS error, and attempts to trick the victim into downloading a malicious file deploy a Cobalt Strike loader.

article thumbnail

Russia-Linked Turla APT uses new malware in watering hole attacks

Security Affairs

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. Kill (uninstall) the malware. . ” concludes the report.

Malware 145
article thumbnail

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

eSecurity Planet

As a matter of fact, the most-reported crime in the 2021 Internet Crime Report report was phishing , a social engineering scam wherein the victim receives a deceptive message from someone in an attempt to get the victim to reveal personal information or account credentials or to trick them into downloading malware. since Q3 of 2007.

article thumbnail

Top 8 Cybersecurity Podcasts of 2021

eSecurity Planet

Since 2007 (before podcasting in general had really taken off), Patrick Gray and his co-host Adam Boileau have covered a wide range of InfoSec topics with insight from fellow industry leaders. New episodes of The Privacy, Security, & OSINT Show air weekly on Fridays and are usually about 60 minutes long. Risky Business.