WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily. The enforcement is expected to come into effect starting October 1, 2024. “Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress…
Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to achieve persistence on infected systems and hide credit card skimmer code. The malware, attributed to a financially motivated threat actor, has been codenamed sedexp by Aon’s Stroz Friedberg incident response services team. “This advanced threat, active since 2022,…
YouTube Down: After Microsoft’s services went down across the world following a cybersecurity update from CrowdStrike, it now appears that Google’s video streamer YouTube is down across India. As per Downdetector, reports of YouTube outages have been flagged from major cities, including the likes of New Delhi, Kolkata, Mumbai, and Bengaluru. Team YouTube has said that…
CoinStats suffered a massive security breach that compromised 1,590 cryptocurrency wallets, with the attack suspected to have been carried out by North Korean threat actors. CoinStats is a comprehensive cryptocurrency portfolio management app with 1,500,000 users. It is used for investment tracking, real-time data, news aggregation, and custom alerts. It also allows users to create…
A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the “Always-on VPN” feature was enabled with the “Block connections without VPN” option. “Always-on VPN” is designed to start the VPN service when the device boots and keep it running while the device or profile is on. Enabling the “Block Connections…