We’re Now Blocking 10,000 Requests Per Hour in Ukraine From Known Malicious IPs

48 hours ago we deployed our commercial real-time threat intelligence automatically, and for free, to all Ukrainian websites with the .UA top-level domain. That has made over 8,000 sites in Ukraine using the free version of Wordfence significantly more secure. At noon-UTC on March 2nd, those site...

Phishing Campaign Targeted Those Aiding Ukraine Refugees

Cyberattackers used a compromised Ukrainian military email address to phish EU government employees who’ve been involved in managing the logistics of refugees fleeing Ukraine, according to a new report. Ukraine has been at the center of an unprecedented wave of cyberattacks in recent weeks and...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.2 General Availability release images. This update provides security fixes, fixes bugs, and updates the container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

When War Struck, Ukraine Turned to Telegram

As Russian troops surround Kyiv, millions of Ukrainians have relied on the messaging platform for government information...

Hackers Try to Target European Officials to Get Info on Ukrainian Refugees, Supplies

Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region. Enterprise security company Proofpoint, which detected the malicious...

The Conti ransomware leaks

On February 27, an individual with insights into the Conti ransomware group started leaking a treasure trove of data beginning with internal chat messages. Conti is responsible for a number of high profile attacks, including one against the Irish Healthcare system which has cost more than $48...

eservices.dof.gov.my Cross Site Scripting vulnerability OBB-2384216

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Iran's MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks

Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat APT group in attacks targeting government and commercial networks worldwide. "MuddyWater actors are positioned both to provide stolen data and accesse...

canhsatpccc.vinhphuc.gov.vn Cross Site Scripting vulnerability OBB-2383471

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks

Summary Actions to Take Today to Protect Against Malicious Activity Search for indicators of compromise. Use antivirus software. Patch all systems. Prioritize patching known exploited vulnerabilities. Train users to recognize and report phishing attempts. Use multi-factor authentication. Note: th...

Iranian Government-Sponsored MuddyWater Actors Conducting Malicious Cyber Operations

CISA, the Federal Bureau of Investigation FBI, U.S. Cyber Command Cyber National Mission Force CNMF, the United Kingdom’s National Cyber Security Centre NCSC-UK, and the National Security Agency NSA have issued a joint Cybersecurity Advisory CSA detailing malicious cyber operations by Iranian...

icha.idaho.gov Cross Site Scripting vulnerability OBB-2382686

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The federal Zero Trust strategy and Microsoft’s deployment guidance for all

You’d be forgiven for missing the White House announcement on federal Zero Trust strategy on January 26, 2022.1 After all, on that day alone a Supreme Court Justice announced his intention to retire, the Federal Reserve announced its plan to raise interest rates, and the State Department was busy...

A New Cybersecurity “Social Contract”

The US National Cyber Director Chris Inglis wrote an essay outlining a new social contract for the cyber age: The United States needs a new social contract for the digital age -- one that meaningfully alters the relationship between public and private sectors and proposes a new set of obligations...

PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans

Numerous Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot. "PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot, and ...

All Vulnerabilities for eticapublica.mendoza.gov.ar Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| eticapublica.mendoza.gov.ar ---|--- Ope...

US Government sets forth Zero Trust architecture strategy and requirements

To help protect the United States from increasingly sophisticated cyber threats, the White House issued Executive Order EO 14028 on Improving the Nation’s Cybersecurity, which requires US Federal Government organizations to take action to strengthen national cybersecurity.1 Section 3 of EO 14028...

US Government sets forth Zero Trust architecture strategy and requirements

To help protect the United States from increasingly sophisticated cyber threats, the White House issued Executive Order EO 14028 on Improving the Nation’s Cybersecurity, which requires US Federal Government organizations to take action to strengthen national cybersecurity.1 Section 3 of EO 14028...

Possible Government Surveillance of the Otter.ai Transcription App

A reporter interviews a Uyghur human-rights advocate, and uses the Otter.ai transcription app. The next day, I received an odd note from Otter.ai, the automated transcription app that I had used to record the interview. It read: “Hey Phelim, to help us improve your Otter’s experience, what was th...

U.S. Says Russian Hackers Stealing Sensitive Data from Defense Contractors

State-sponsored actors backed by the Russian government regularly targeted the networks of several U.S. cleared defense contractors CDCs to acquire proprietary documents and other confidential information pertaining to the country's defense and intelligence programs and capabilities. The sustaine...