Federal prosecutors have charged a man for an alleged “hack-to-trade” scheme that earned him millions of dollars by breaking into the Office365 accounts of executives at publicly traded companies.

NIST is seeking public feedback on the draft guidelines, which can be submitted via email until October 7. The goal is to promote sensible password practices that enhance security without burdening users or compromising their online identity.

The vulnerability, known as CVE-2024-7029, allows attackers to remotely execute commands on the compromised device. The targeted device is the AVM1203 surveillance camera from AVTECH.

Security researchers have identified a critical vulnerability affecting over 1.5 million Exim email servers, making them vulnerable to attacks that can deliver executable attachments to user accounts.

Over 384,000 websites, including those of major companies and government entities, are still linking to the polyfill[.]io code library that was recently acquired by a Chinese firm and used to perform a supply chain attack.

Attackers can use this vulnerability to bypass the protection provided by a previous critical code execution vulnerability and remotely execute arbitrary code on vulnerable machines.

The Yahoo Boys, a group of scammers primarily based in West Africa, openly operate on various social media platforms like Facebook, WhatsApp, and Telegram, engaging in fraudulent activities that range from romance fraud to business email compromise.

The TunnelVision attack is a newly discovered method that can compromise the security of most Virtual Private Network (VPN) applications by diverting traffic away from the encrypted tunnel, exposing it to potential interception.

The systems confirmed inoperable include tax and online property payments, issuance of marriage licenses, and inmate searches. In response, the Assessment, Collection and Recorder of Deeds offices at all county locations were closed.

The attack involves the automated forking of legitimate repositories, resulting in millions of malicious forks with names identical to the original ones, making detection and removal challenging for GitHub.