H January(270) February(364) March(400) April(276) May(343) June(373) July(296) August(388) September(0) October(0) November(0) December(0)
DATE | NAME | Info | CATEG. | WEB |
31.8.24 | Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence | Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor. | ||
31.8.24 | This issue of AI Pulse is all about agentic AI: what it is, how it works, and why security needs to be baked in from the start to prevent agentic AI systems from going rogue once they’re deployed. | |||
31.8.24 | Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool | Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool. | ||
31.8.24 | Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem | A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system. | ||
31.8.24 | CVE-2024-7928: FastAdmin Unauthenticated Path Traversal Vulnerability | The SonicWall Capture Labs threat research team became aware of an unauthenticated directory traversal vulnerability affecting FastAdmin installations. Identified as CVE-2024-7928 and with a moderate score of 5.3 CVSSv3, the vulnerability is more severe than it initially appears. | ||
31.8.24 | This week, the SonicWall Capture Labs threat research team observed an AutoIT-compiled executable that attempts to open Gmail login pages via MS Edge, Google Chrome and Mozilla Firefox. | |||
31.8.24 | TLD Tracker: Exploring Newly Released Top-Level Domains | We investigated 19 new top-level domains (TLDs) released in the past year, which revealed large-scale phishing campaigns, distribution of potentially unwanted programs, torrenting websites, and even pranking and meme campaigns. | ||
31.8.24 | The Emerging Dynamics of Deepfake Scam Campaigns on the Web | Our researchers discovered dozens of scam campaigns using deepfake videos featuring the likeness of various public figures, including CEOs, news anchors and top government officials. | ||
31.8.24 | Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic | To improve our detection of suspicious network activity, we leveraged a deep learning method to profile and detect malicious DNS traffic patterns. | ||
31.8.24 | Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments | Unit 42 researchers found an extortion campaign's cloud operation that successfully compromised and extorted multiple victim organizations. It did so by leveraging exposed environment variable files (.env files) that contained sensitive variables such as credentials belonging to various applications. | ||
31.8.24 | ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts | This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments. | ||
31.8.24 | Unmasking ViperSoftX: In-Depth Defense Strategies Against AutoIt-Powered Threats | Explore in-depth defense strategies against ViperSoftX with the Trellix suite, and unpack why AutoIt is an increasingly popular tool for malware authors | ||
31.8.24 | August 2024 Bug Report: Explore seven critical vulnerabilities—Ivanti vTM, Windows CLFS, Apache OFBiz, and more. Stay ahead of the threats, patch now! | |||
31.8.24 | In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis. | |||
31.8.24 | As we head into the final third of 2024, we caught up with Talos' Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern. | |||
31.8.24 | The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks | Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the code in its native environment. | ||
31.8.24 | Any vulnerability in an RTOS has the potential to affect many devices across multiple industries. | |||
31.8.24 | Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case | This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor. | ||
31.8.24 | Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver | This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server. | ||
31.8.24 | It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price. | |||
31.8.24 | Stealing cash using NFC relay – Week in Security with Tony Anscombe | The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become | ||
31.8.24 | Analysis of two arbitrary code execution vulnerabilities affecting WPS Office | |||
31.8.24 | ||||
31.8.24 | Exploring Android threats and ways to mitigate them | Unlocked 403 cybersecurity podcast (ep. 5) | |||
31.8.24 | Malware exploits 5-year-old zero-day to infect end-of-life IP cameras | The Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which have been discontinued for years and will not receive a patch. | Virus | |
31.8.24 | Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors | The Russian state-sponsored APT29 hacking group has been observed using the same iOS and Android exploits created by commercial spyware vendors in a series of cyberattacks between November 2023 and July 2024. | APT | |
31.8.24 | South Korean hackers exploited WPS Office zero-day to deploy malware | The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. | APT | |
31.8.24 | Employee arrested for locking Windows admins out of 254 servers in extortion plot | A former core infrastructure engineer at an industrial company headquartered in Somerset County, New Jersey, was arrested after locking Windows admins out of 254 servers in a failed extortion plot targeting his employer. | CyberCrime | |
31.8.24 | US offers $2.5 million reward for hacker linked to Angler Exploit Kit | The U.S. Department of State and the Secret Service have announced a reward of $2,500,000 for information leading to Belarusian national Volodymyr Kadariya (Владимир Кадария) for cybercrime activities. | BigBrothers | |
31.8.24 | PoorTry Windows driver evolves into a full-featured EDR wiper | The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for the operation of security solutions and making restoration harder. | Virus | |
31.8.24 | New Tickler malware used to backdoor US govt, defense orgs | The APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates. | APT | |
31.8.24 | Iranian hackers work with ransomware gangs to extort breached orgs | An Iran-based hacking group known as Pioneer Kitten is breaching defense, education, finance, and healthcare organizations across the United States and working with affiliates of several ransomware operations to extort the victims. | Ransom | |
31.8.24 | Google increases Chrome bug bounty rewards up to $250,000 | Google has more than doubled payouts for Google Chrome security flaws reported through its Vulnerability Reward Program, with the maximum possible reward for a single bug now exceeding $250,000. | Vulnerebility | |
31.8.24 | Fortra fixes critical FileCatalyst Workflow hardcoded password issue | Fortra is warning of a critical hardcoded password flaw in FileCatalyst Workflow that could allow attackers unauthorized access to an internal database to steal data and gain administrator privileges. | Vulnerebility | |
31.8.24 | DICK'S shuts down email, locks employee accounts after cyberattack | DICK'S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that sensitive information was exposed in a cyberattack detected last Wednesday. | Hack | |
31.8.24 | BlackSuit ransomware stole data of 950,000 from software vendor | Young Consulting is sending data breach notifications to 954,177 people who had their information exposed in a BlackSuit ransomware attack on April 10, 2024. | Ransom | |
31.8.24 | US Marshals Service disputes ransomware gang's breach claims | The U.S. Marshals Service (USMS) denies its systems were breached by the Hunters International ransomware gang after being listed as a new victim on the cybercrime group's leak site on Monday. | Ransom | |
31.8.24 | Windows 11 KB5041587 update adds sharing to Android devices | Microsoft has released the optional KB5041587 preview cumulative update for Windows 11 23H2 and 22H2, which adds sharing to Android devices and fixes multiple File Explorer issues. | OS | |
31.8.24 | Notion exits Russia and will terminate accounts in September | Notion has announced it will exit the Russian market and is terminating all workspaces and accounts identified linked to users in the country. | BigBrothers | |
31.8.24 | Malware infiltrates Pidgin messenger’s official plugin repository | The Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware commonly used to gain initial access to corporate networks. | Virus | |
31.8.24 | Windows Downdate tool lets you 'unpatch' Windows systems | SafeBreach security researcher Alon Leviev has released his Windows Downdate tool, which can be used for downgrade attacks that reintroduce old vulnerabilities in up-to-date Windows 10, Windows 11, and Windows Server systems. | OS | |
31.8.24 | Park’N Fly notifies 1 million customers of data breach | Park'N Fly is warning that a data breach exposed the personal and account information of 1 million customers in Canada after hackers breached its network. | Incindent | |
30.8.24 | Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign | Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control | APT | The Hacker News |
30.8.24 | Iranian Hackers Set Up New Network to Target U.S. Political Campaigns | Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities | APT | The Hacker News |
30.8.24 | New Malware Masquerades as Palo Alto VPN Targeting Middle East Users | Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that | Virus | The Hacker News |
30.8.24 | North Korean Hackers Target Developers with Malicious npm Packages | Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating | APT | The Hacker News |
30.8.24 | New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads | Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing | APT | The Hacker News |
30.8.24 | Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns | Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence | Vulnerebility | The Hacker News |
30.8.24 | Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32 | A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of | APT | The Hacker News |
30.8.24 | Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack | Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and | Exploit | The Hacker News |
29.8.24 | U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks | U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across | Ransom | The Hacker News |
29.8.24 | Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks | A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into | BotNet | The Hacker News |
29.8.24 | French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform | French prosecutors on Wednesday formally charged Telegram CEO Pavel Durov with facilitating a litany of criminal activity on the | BigBrothers | The Hacker News |
29.8.24 | Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability | Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain | Vulnerebility | The Hacker News |
28.8.24 | APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor | A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution | APT | The Hacker News |
28.8.24 | BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave | The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting | Ransom | The Hacker News |
28.8.24 | New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials | Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway | Phishing | The Hacker News |
28.8.24 | CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known | Vulnerebility | The Hacker News |
28.8.24 | Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution | A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute | Vulnerebility | The Hacker News |
28.8.24 | macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users | Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ | Virus | The Hacker News |
27.8.24 | Microsoft Sway abused in massive QR code phishing campaign | A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials. | Phishing | |
27.8.24 | Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs | The Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks. | APT | |
27.8.24 | Google tags a tenth Chrome zero-day as exploited this year | Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests. | Exploit | |
27.8.24 | Patelco notifies 726,000 customers of ransomware data breach | Patelco Credit Union warns customers it suffered a data breach after personal data was stolen in a RansomHub ransomware attack earlier this year. | Ransom | |
27.8.24 | Microsoft: Exchange Online mistakenly tags emails as malware | Microsoft is investigating an Exchange Online false positive issue causing emails containing images to be wrongly tagged as malicious and sent to quarantine. | Virus | |
27.8.24 | Uber fined $325 million for moving driver data from Europe to US | The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has imposed a fine of €290,000,000 ($325 million) on Uber Technologies Inc. and Uber B.V. over GDPR violations. | BigBrothers | |
27.8.24 | Versa fixes Director zero-day vulnerability exploited in attacks | Versa Networks has fixed a zero-day vulnerability exploited in the wild that allows attackers to upload malicious files by exploiting an unrestricted file upload flaw in the Versa Director GUI. | Exploit | |
27.8.24 | SonicWall warns of critical access control flaw in SonicOS | SonicWall's SonicOS is vulnerable to a critical access control flaw that could allow attackers to gain access unauthorized access to resources or cause the firewall to crash. | Vulnerebility | |
27.8.24 | Seattle-Tacoma Airport IT systems down due to a cyberattack | The Seattle-Tacoma International Airport has confirmed that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights over the weekend. | Incindent | |
27.8.24 | Audit finds notable security gaps in FBI's storage media management | An audit from the Department of Justice's Office of the Inspector General (OIG) identified "significant weaknesses" in FBI's inventory management and disposal of electronic storage media containing sensitive and classified information. | BigBrothers | |
27.8.24 | Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors | The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day | APT | The Hacker News |
27.8.24 | Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot | Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information | Vulnerebility | The Hacker News |
27.8.24 | Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation | Google has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser has | Vulnerebility | The Hacker News |
27.8.24 | SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access | SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant | Vulnerebility | The Hacker News |
26.8.24 | Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S. | The Dutch Data Protection Authority (DPA) has fined Uber a record €290 million ($324 million) for allegedly failing to comply with | BigBrothers | The Hacker News |
26.8.24 | Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms | Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery | Vulnerebility | The Hacker News |
26.8.24 | Critical Flaws in Traccar GPS System Expose Users to Remote Attacks | Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by | Vulnerebility | The Hacker News |
26.8.24 | New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards | Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit | Virus | The Hacker News |
25.8.24 | Stealthy 'sedexp' Linux malware evaded detection for two years | A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework. | Virus | |
25.8.24 | American Radio Relay League confirms $1 million ransom payment | The American Radio Relay League (ARRL) paid a $1 million ransom for a decryptor that helped restore systems encrypted in a May ransomware attack | Ransom | |
25.8.24 | Microsoft shares temp fix for Linux boot issues on dual-boot systems | Microsoft shared a workaround for Linux boot issues triggered by August security updates on dual-boot systems with Secure Boot enabled | OS | |
25.8.24 | New Windows 10 22H2 beta fixes memory leaks and crashes | Microsoft has released a new Windows 10 22H2 beta (KB5041582) with memory leak and crash fixes for Insiders in the Beta and Release Preview channels. | OS | |
25.8.24 | Hackers now use AppDomain Injection to drop CobaltStrike beacons | A wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows. | Hack | |
25.8.24 | US oil giant Halliburton confirms cyberattack behind systems shutdown | Halliburton, one of the world's largest providers of services to the energy industry, has confirmed a cyberattack that forced it to shut down some of its systems earlier this week. | Incindent | |
25.8.24 | Russian laundering millions for Lazarus hackers arrested in Argentina | The federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos Aires, who is facing money laundering charges related to cryptocurrency proceeds of the notorious North Korean hackers' Lazarus Group.' | CyberCrime | |
25.8.24 | Greasy Opal's CAPTCHA solver still serving cybercrime after 16 years | A developer that researchers now track as Greasy Opal, operating as a seemingly legitimate business, has been fueling the cybercrime-as-a-service industry with a tool that bypasses account security solutions and allows bot-led CAPTCHA solving at scale. | CyberCrime | |
25.8.24 | Hackers are exploiting critical bug in LiteSpeed Cache plugin | Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public. | Exploit | |
25.8.24 | Qilin ransomware now steals credentials from Chrome browsers | The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser. | Ransom | |
25.8.24 | Microsoft: August updates cause Windows Server boot issues, freezes | Microsoft has confirmed and fixed a known issue causing performance issues, boot problems, and freezes on Windows Server 2019 systems after installing the August 2024 security updates. | OS | |
25.8.24 | Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures | Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to | Social | The Hacker News |
25.8.24 | New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules | Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to | Virus | The Hacker News |
24.8.24 | CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known | BigBrothers | The Hacker News |
24.8.24 | New NGate Android malware uses NFC chip to steal credit card data | A new Android malware named NGate can steal money from payment cards by relaying to an attacker's device the data read by the near-field communication (NFC) chip. | Virus | |
24.8.24 | Microsoft confirms August updates break Linux boot in dual-boot systems | Microsoft has confirmed the August 2024 Windows security updates are causing Linux booting issues on dual-boot systems with Secure Boot enabled. | OS | |
24.8.24 | SolarWinds fixes hardcoded credentials flaw in Web Help Desk | SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. | Vulnerebility | |
24.8.24 | U.S. charges Karakurt extortion gang’s “cold case” negotiator | A member of the Russian Karakurt ransomware group has been charged in the U.S. for money laundering, wire fraud, and extortion crimes. | BigBrothers | |
24.8.24 | Man sentenced for hacking state registry to fake his own death | A 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. | CyberCrime | |
24.8.24 | Google fixes ninth Chrome zero-day tagged as exploited this year | Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability, the ninth one tagged as exploited this year. | Vulnerebility | |
24.8.24 | Hackers steal banking creds from iOS, Android users via PWA apps | Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. | OS | |
24.8.24 | Microsoft to roll out Windows Recall to Insiders in October | Microsoft announced today that it will start rolling out its AI-powered Windows Recall feature to Insiders with Copilot+ PCs in October. | OS | |
24.8.24 | QNAP adds NAS ransomware protection to latest QTS version | Taiwanese hardware vendor QNAP has added a Security Center with ransomware protection capabilities to the latest version of its QTS operating system for network-attached storage (NAS) devices. | Ransom | |
24.8.24 | Litespeed Cache bug exposes millions of WordPress sites to takeover attacks | A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. | Vulnerebility | |
24.8.24 | Phrack hacker zine publishes new edition after three years | Phrack #71 has been released online and is available to read for free. This issue is the first to be released since 2021, marking a new chapter in the influential online magazine's history. | Security | |
24.8.24 | GitHub Enterprise Server vulnerable to critical auth bypass flaw | A critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine. | Vulnerebility | |
24.8.24 | How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack | Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt. | Ransom blog | Trend Micro |
24.8.24 | Confidence in GenAI: The Zero Trust Approach | Enterprises have gone all-in on GenAI, but the more they depend on AI models, the more risks they face. Trend Vision One™ – Zero Trust Secure Access (ZTSA) – AI Service Access bridges the gap between access control and GenAI services to protect the user journey. | AI blog | |
24.8.24 | Securing the Power of AI, Wherever You Need It | Explore how generative AI is transforming cybersecurity and enterprise resilience | AI blog | |
24.8.24 | Rogue AI is the Future of Cyber Threats | This is the first blog in a series on Rogue AI. Later articles will include technical guidance, case studies and more. | AI blog | |
24.8.24 | Cisco Smart Software Manager On-Prem Account Takeover | The SonicWall Capture Labs threat research team became aware of an account takeover vulnerability in Cisco’s Smart Software Manager (SSM), assessed its impact and developed mitigation measures for the vulnerability. | Vulnerebility blog | SonicWall |
24.8.24 | Understanding CVE-2024-38063: How SonicWall Prevents Exploitation | CVE-2024-38063 is a critical remote code execution vulnerability in Windows systems with the IPv6 stack, carrying a CVSS score of 9.8. This zero-click, wormable flaw allows attackers to execute arbitrary code remotely via specially crafted IPv6 packets, potentially leading to full system compromise. | Vulnerebility blog | SonicWall |
24.8.24 | MoonPeak malware from North Korean actors unveils new details on attacker infrastructure | Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.” | Malware blog | Cisco Blog |
24.8.24 | How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions | An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions. | OS Blog | Cisco Blog |
24.8.24 | PWA phishing on Android and iOS – Week in security with Tony Anscombe | Phishing using PWAs? ESET Research's latest discovery might just ruin some users' assumptions about their preferred platform's security | Phishing blog | Eset |
24.8.24 | NGate Android malware relays NFC traffic to steal cash | Android malware discovered by ESET Research relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM | OS Blog | |
24.8.24 | How regulatory standards and cyber insurance inform each other | Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with | Ransom blog | |
24.8.24 | Be careful what you pwish for – Phishing in PWA applications | ESET analysts dissect a novel phishing method tailored to Android and iOS users | OS Blog | |
24.8.24 | New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads | Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with | Virus | The Hacker News |
24.8.24 | New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data | The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on | Ransom | The Hacker News |
23.8.24 | CannonDesign confirms Avos Locker ransomware data breach | The Cannon Corporation dba CannonDesign is sending notices of a data breach to more than 13,000 of current and former employees, informing that hackers breached and stole data from its network in an attack in early 2023. | Ransom | |
23.8.24 | Microchip Technology discloses cyberattack impacting operations | American chipmaker Microchip Technology Incorporated has disclosed that a cyberattack impacted its systems over the weekend, disrupting operations across multiple manufacturing facilities. | Incindent | |
23.8.24 | Hackers use PHP exploit to backdoor Windows systems with new malware | Unknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university's Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution vulnerability (CVE-2024-4577). | Exploit | |
23.8.24 | Oregon Zoo warns visitors their credit card details were stolen | Oregon Zoo is informing that visitors who purchased tickets online between December and June had their payment card information compromised. | Incindent | |
23.8.24 | August Windows security update breaks dual boot on Linux systems | According to user reports following this month's Patch Tuesday, the August 2024 Windows security updates are breaking dual boot on some Linux systems with Secure Boot enabled. | OS | |
23.8.24 | Hacker locks Unicoin staff out of Google accounts for 4 days | A hacker compromised Unicoin's Google Workspace (formerly G-Suite) account and changed the passwords for all company employees, locking them out of their corporate accounts for days. | Incindent | |
23.8.24 | US warns of Iranian hackers escalating influence operations | The U.S. government is warning of increased effort from Iran to influence upcoming elections through cyber operations targeting Presidential campaigns and the American public. | APT | |
23.8.24 | Windows driver zero-day exploited by Lazarus hackers to install rootkit | The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. | Exploit | |
23.8.24 | Toyota confirms third-party data breach impacting customers | Toyota confirmed that customer data was exposed in a third-party data breach after a threat actor leaked an archive of 240GB of stolen data on a hacking forum. | Incindent | |
23.8.24 | Ransomware rakes in record-breaking $450 million in first half of 2024 | Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level. | Ransom | |
23.8.24 | CISA warns of Jenkins RCE bug exploited in ransomware attacks | CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. | Exploit | |
23.8.24 | Hackers linked to $14M Holograph crypto heist arrested in Italy | Suspected hackers behind the heist of $14,000,000 worth of cryptocurrency from blockchain tech firm Holograph were arrested in Italy after living a lavish lifestyle for weeks in the country. | Cryptocurrency | |
23.8.24 | New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data | Cybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide | Virus | The Hacker News |
23.8.24 | Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group | A 33-year-old Latvian national living in Moscow, Russia, has been charged in the U.S. for allegedly stealing data, extorting victims, and | CyberCrime | The Hacker News |
23.8.24 | Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide | Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that | Virus | The Hacker News |
23.8.24 | Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk | SolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote | Vulnerebility | The Hacker News |
23.8.24 | Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control | Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in | Exploit | The Hacker News |
23.8.24 | New 'ALBeast' Vulnerability Exposes Weakness in AWS Application Load Balancer | As many as 15,000 applications using Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication are potentially | Vulnerebility | The Hacker News |
23.8.24 | Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild | Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under | Vulnerebility | The Hacker News |
22.8.24 | Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access | Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit | Vulnerebility | The Hacker News |
22.8.24 | GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges | GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug | Vulnerebility | The Hacker News |
22.8.24 | New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining | Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute- | Virus | The Hacker News |
22.8.24 | Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data | Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to | OS | The Hacker News |
21.8.24 | North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign | A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity | Virus | The Hacker News |
21.8.24 | Styx Stealer Creator's OPSEC Fail Leaks Client List and Profit Details | In what's a case of an operational security (OPSEC) lapse, the operator behind a new information stealer called Styx Stealer leaked | Virus | The Hacker News |
21.8.24 | New macOS Malware TodoSwift Linked to North Korean Hacking Groups | Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with | Virus | The Hacker News |
21.8.24 | FlightAware configuration error leaked user data for years | Flight tracking platform FlightAware is asking some users to reset their account login passwords due to a data security incident that may have exposed personal information. | Incindent | |
21.8.24 | Windows 11 preview update adds new Power mode options | Windows 11 Build 27686 has a few noteworthy improvements, such as 2TB support for FAT32 storage. It also improves Windows Sandbox and offers greater control over HDR settings, but there's an undocumented change - the ability to set power mode for two power states. | OS | |
21.8.24 | Chrome will redact credit cards, passwords when you share Android screen | Google is testing a new feature that redacts your credit card details, passwords and other sensitive information in Chrome when sharing or recording your screen on Android. | OS | |
21.8.24 | New Mad Liberator gang uses fake Windows update screen to hide data theft | A new data extortion group tracked as Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to distract while exfiltrating data from the target device. | CyberCrime | |
21.8.24 | Azure domains and Google abused to spread disinformation and malware | A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites. | CyberCrime | |
21.8.24 | National Public Data confirms breach exposing Social Security numbers | Background check service National Public Data confirms that hackers breached its systems after threat actors leaked a stolen database with millions of social security numbers and other sensitive personal information. | Social | |
21.8.24 | CISA warns critical SolarWinds RCE bug is exploited in attacks | CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. | BigBrothers | |
21.8.24 | Windows 11 will finally give you greater control over HDR features | Microsoft has released Windows 11 Build 27686 with some hidden HDR-related changes. | OS | |
21.8.24 | Microsoft removes FAT32 partition size limit in Windows 11 | Microsoft removed today an arbitrary 32GB size limit for FAT32 partitions in the latest Windows 11 Canary build, now allowing for a maximum size of 2TB. | OS | |
21.8.24 | Ransomware gang deploys new malware to kill security software | RansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks | Ransom | |
21.8.24 | Microsoft disables BitLocker security fix, advises manual mitigation | Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. | OS | |
21.8.24 | Russian who sold 300,000 stolen credentials gets 40 months in prison | Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of stolen logins, until its seizure in June 2021. | CyberCrime | |
21.8.24 | Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now | Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled. | Vulnerebility | |
21.8.24 | GitHub Actions artifacts found leaking auth tokens in popular projects | Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. | Security | |
21.8.24 | NIST releases first encryption tools to resist quantum computing | The U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards designed to resist future cyberattacks based on quantum computing technology. | BigBrothers | |
21.8.24 | Microsoft retires Windows updates causing 0x80070643 errors | Microsoft has retired several Windows security updates released during the January 2024 Patch Tuesday that have been causing 0x80070643 errors when installing Windows Recovery Environment (WinRE) updates. | OS | |
21.8.24 | AutoCanada discloses cyberattack impacting internal IT systems | Hackers targeted AutoCanada in a cyberattack last Sunday that impacted the automobile dealership group's internal IT systems, which may lead to disruptions. | Incindent | |
21.8.24 | SolarWinds fixes critical RCE bug affecting all Web Help Desk versions | A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today. | Vulnerebility | |
21.8.24 | New Windows SmartScreen bypass exploited as zero-day since March | Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday. | OS | |
21.8.24 | CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with | Phishing | The Hacker News |
21.8.24 | GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk | A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes | Vulnerebility | The Hacker News |
21.8.24 | Czech Mobile Users Targeted in New Banking Credential Theft Scheme | Mobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application (PWA) in an | Virus | The Hacker News |
21.8.24 | Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor | A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in | Exploit | The Hacker News |
21.8.24 | Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters | Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, | Hack | The Hacker News |
21.8.24 | Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware | Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent | APT | The Hacker News |
21.8.24 | Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America | Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in | Virus | The Hacker News |
20.8.24 | Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information | Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites | Exploit | The Hacker News |
20.8.24 | CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known | Ransom | The Hacker News |
20.8.24 | New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia | A new type of malware called UULoader is being used by threat actors to deliver next-stage payloads like Gh0st RAT and Mimikatz . | Virus | The Hacker News |
20.8.24 | Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware | Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a | Exploit | The Hacker News |
20.8.24 | Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks | Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send | Phishing | The Hacker News |
20.8.24 | Microsoft Patches Zero-Day Flaw Exploited by North Korea's Lazarus Group | A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group , a prolific state-sponsored actor | APT | The Hacker News |
20.8.24 | Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group | Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7 . The two | APT | The Hacker News |
18.8.24 | Critical SAP flaw allows remote attackers to bypass authentication | SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. | Vulnerebility | |
18.8.24 | Windows Server August updates fix Microsoft 365 Defender issue | The August 2024 Windows Server updates fix a known issue that breaks multiple Microsoft 365 Defender features after installing last month's security updates. | OS | |
18.8.24 | Google says it's focusing on privacy with Gemini AI on Android | Google says it is taking a privacy-minded approach to the integration of AI features like the Gemini assistant on Android devices, implementing end-to-end protection to secure data in transit while keeping the most sensitive data locally on the device. | AI | |
18.8.24 | Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited | Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. | OS | |
18.8.24 | Microsoft fixes issue that sent PCs into BitLocker recovery | Microsoft has fixed a known issue causing some Windows devices to boot into BitLocker recovery after installing last month's Windows security updates. | OS | |
18.8.24 | Windows 11 KB5041585 cumulative update released with fixes, new features | Microsoft has released the KB5041585 cumulative update for Windows 11 23H2, which includes many improvements and changes, including the ability to directly drag apps from the Pinned section of the Start menu and pin them to the taskbar. | OS | |
18.8.24 | Windows 10 KB5041580 update released with 14 fixes, security updates | Microsoft has released the KB5041580 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 14 changes and fixes, including BitLocker fixes and important security updates. | OS | |
18.8.24 | Ivanti warns of critical vTM auth bypass with public exploit | Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts. | Exploit | |
18.8.24 | 3AM ransomware stole data of 464,000 Kootenai Health patients | Kootenai Health has disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation. | Ransom | |
18.8.24 | Ransom Cartel, Reveton ransomware owner arrested, charged in US | Belarusian-Ukrainian national Maksim Silnikau was arrested in Spain and is now extradited to the USA to face charges for creating the Ransom Cartel ransomware operation in 2021 and running a malvertising operation from 2013 to 2022. | Ransom | |
18.8.24 | FBI disrupts the Dispossessor ransomware operation, seizes servers | The FBI announced on Monday that it seized the servers and websites of the Radar/Dispossessor ransomware operation following a joint international investigation. | BigBrothers | |
18.8.24 | South Korea says DPRK hackers stole spy plane technical data | South Korea's ruling party, People Power Party (PPP), has issued an announcement stating that North Korean hackers have stolen crucial information about K2 tanks, the country's main battle tank, as well as its "Baekdu" and "Geumgang" spy planes. | BigBrothers | |
18.8.24 | Hackers posing as Ukraine’s Security Service infect 100 govt PCs | Attackers impersonating the Security Service of Ukraine (SSU) have used malicious spam emails to target and compromise systems belonging to the country's government agencies. | BigBrothers | |
17.8.24 | OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda | OpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence operation that leveraged | AI | The Hacker News |
17.8.24 | Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign | A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible | Exploit | The Hacker News |
17.8.24 | Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web | A 27-year-old Russian national has been sentenced to over three years in prison in the U.S. for peddling financial information, login | CyberCrime | The Hacker News |
17.8.24 | Mario movie malware might maliciously mess with your machine | There are probably few among us who, never have they ever, downloaded questionable content. Whether it was a hit song in the Napster era or a Blockbuster movie you found on a “special” site online, you can probably think of at least one occasion when you got access to something from a, shall we say, less than reputable source. | Malware blog | Avast Blog |
17.8.24 | Microsoft Security Bulletin Coverage For August 2024 | Microsoft’s 2024 Patch Tuesday has 87 vulnerabilities, 36 of which are Elevation of Privilege vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of 2024 and has produced coverage for ten of the reported vulnerabilities | OS Blog | SonicWall |
17.8.24 | Harnessing LLMs for Automating BOLA Detection | This post presents our research on a methodology we call BOLABuster, which uses large language models (LLMs) to detect broken object level authorization (BOLA) vulnerabilities. By automating BOLA detection at scale, we will show promising results in identifying these vulnerabilities in open-source projects. | AI blog | Palo Alto |
17.8.24 | Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities | Server-Side Template Injection (SSTI) vulnerabilities refer to weaknesses in web applications which attackers can exploit to inject malicious code into server-side templates. This allows them to execute arbitrary commands on the server, potentially leading to unauthorized data access, server compromise, or exploitation of additional vulnerabilities. | Hacking blog | |
17.8.24 | Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove | Check Point Research (CPR) recently uncovered Styx Stealer, a new malware capable of stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency. Even though it only recently appeared, it has already been noticed in attacks, including those targeting our customers. | Malware blog | |
17.8.24 | Talos discovers 11 vulnerabilities between Microsoft, Adobe software disclosed on Patch Tuesday | Eight of the vulnerabilities affect the license update feature for CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11. | OS Blog | Cisco Blog |
17.8.24 | How a BEC scam cost a company $60 Million – Week in security with Tony Anscombe | Business email compromise (BEC) has once again proven to be a costly issue, with a company losing $60 million in a wire transfer fraud scheme | Spam blog | |
17.8.24 | Why scammers want your phone number | Your phone number is more than just a way to contact you – scammers can use it to target you with malicious messages and even exploit it to gain access to your bank account or steal corporate data | Spam blog | |
17.8.24 | The great location leak: Privacy risks in dating apps | What if your favorite dating, social media or gaming app revealed your exact coordinates to someone you’d rather keep at a distance? | Security blog | |
17.8.24 | Top 6 Craigslist scams: Don’t fall for these tricks | Here’s how to spot and dodge scams when searching for stuff on the classified ads website that offers almost everything under the sun | Spam blog | |
16.8.24 | Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware | Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to | APT | The Hacker News |
16.8.24 | Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics | Chinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT. "ValleyRAT is a multi-stage | Virus | The Hacker News |
16.8.24 | New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems | Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed | Virus | The Hacker News |
16.8.24 | Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk | A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used | Vulnerebility | The Hacker News |
16.8.24 | Australian gold producer Evolution Mining hit by ransomware | Evolution Mining has informed that it has been targeted by a ransomware attack on August 8, 2024, which impacted its IT systems. | Ransom | |
16.8.24 | Microsoft shares Outlook workaround for Gmail sign-in issues | Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from signing in or adding Gmail accounts using classic Outlook. | OS | |
16.8.24 | Chinese hacking groups target Russian government, IT firms | A series of targeted cyberattacks that started at the end of July 2024, targeting dozens of systems used in Russian government organizations and IT companies, are linked to Chinese hackers of the APT31 and APT 27 groups. | APT | |
16.8.24 | Fake X content warnings on Ukraine war, earthquakes used as clickbait | X has always had a bot problem, but now scammers are utilizing the Ukraine war and earthquake warnings in Japan to entice users into clicking on fake content warnings and videos that lead to scam adult sites, malicious browser extensions, and shady affiliate sites. | Social | |
16.8.24 | Hackers leak 2.7 billion data records with Social Security numbers | Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases. | Incindent | |
16.8.24 | Microsoft: Windows 11 22H2 reaches end of support in 60 days | Microsoft has reminded customers that multiple editions of Windows 11 21H2 and 22H2 will reach the end of servicing in 60 days, on October 8, 2024. | OS | |
16.8.24 | WWH-Club credit card market admins arrested after cash spending spree | U.S. law enforcement has arrested two suspected admins of the WWH-Club stolen credit card marketplace after they went on a cash spending spree in Florida. | CyberCrime | |
16.8.24 | Russia blocks Signal for 'violating' anti-terrorism laws | Russia's telecommunications watchdog Roskomnadzor has restricted access to the Signal encrypted messaging service for what it describes as violations of Russian anti-terrorism and anti-extremism legislation. | BigBrothers | |
16.8.24 | CSC ServiceWorks discloses data breach after 2023 cyberattack | CSC ServiceWorks, a leading provider of commercial laundry services, has disclosed a data breach after the personal information of an undisclosed number of individuals was exposed in a 2023 cyberattack. | Incindent | |
16.8.24 | New AMD SinkClose flaw helps install nearly undetectable malware | AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable. | Hack | |
16.8.24 | Microsoft discloses unpatched Office flaw that exposes NTLM hashes | Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. | Hack | |
16.8.24 | Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs | An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser's executables to hijack homepages and steal browsing history. | Virus | |
16.8.24 | US dismantles laptop farm used by undercover North Korean IT workers | The U.S. Justice Department arrested a Nashville man charged with helping North Korean IT workers obtain remote work at companies across the United States and operating a laptop farm they used to pose as U.S.-based individuals. | APT | |
16.8.24 | Cisco warns of critical RCE zero-days in end of life IP phones | Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. | Vulnerebility | |
15.8.24 | SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software | SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to | Vulnerebility | The Hacker News |
15.8.24 | Russian-Linked Hackers Target Eastern European NGOs and Media | Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental | APT | The Hacker News |
15.8.24 | RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks | A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint | Ransom | The Hacker News |
15.8.24 | GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover | A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain | Vulnerebility | The Hacker News |
15.8.24 | New Cyber Threat Targets Azerbaijan and Israel Diplomats, Stealing Sensitive Data | A previously unknown threat actor has been attributed to a spate of attacks targeting Azerbaijan and Israel with an aim to steal sensitive | BigBrothers | The Hacker News |
15.8.24 | New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining | Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to | BotNet | The Hacker News |
15.8.24 | Black Basta-Linked Attackers Target Users with SystemBC Malware | An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion | Ransom | The Hacker News |
15.8.24 | Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges | A coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of | BigBrothers | The Hacker News |
15.8.24 | DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals | Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar | Attack | The Hacker News |
15.8.24 | Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days | Microsoft on Tuesday shipped fixes to address a total of 90 security flaws , including 10 zero-days, of which six have come under active | Vulnerebility | The Hacker News |
15.8.24 | Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access | Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an | Vulnerebility | The Hacker News |
15.8.24 | China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and Africa | The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include | APT | The Hacker News |
15.8.24 | GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks | A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug | Vulnerebility | The Hacker News |
13.8.24 | Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service | Cybersecurity researchers have discovered two security flaws in Microsoft's Azure Health Bot Service that, if exploited, could permit a | AI | The Hacker News |
13.8.24 | FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany | The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent | BigBrothers | The Hacker News |
13.8.24 | Ukraine Warns of New Phishing Campaign Targeting Government Computers | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign that masquerades as the | BigBrothers | The Hacker News |
13.8.24 | Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems | Cybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms | Vulnerebility | The Hacker News |
13.8.24 | FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability | The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers | OS | The Hacker News |
13.8.24 | Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks | Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root | ICS | The Hacker News |
13.8.24 | EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files | The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of | BigBrothers | The Hacker News |
13.8.24 | Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys | Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as | Cryptocurrency | The Hacker News |
11.8.24 | CISA warns about actively exploited Apache OFBiz RCE flaw | The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. | Exploit | |
11.8.24 | Exploit released for Cisco SSM bug allowing admin password changes | Cisco warns that exploit code is now available for a maximum severity vulnerability that lets attackers change any user password on unpatched Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers. | Exploit | |
11.8.24 | CISA warns of hackers abusing Cisco Smart Install feature | CISA recommends disabling the legacy Cisco Smart Install feature after seeing it abused by threat actors in recent attacks to steal sensitive data, such as system configuration files. | Hack | |
11.8.24 | 18-year-old security flaw in Firefox and Chrome exploited in attacks | A vulnerability disclosed 18 years ago, dubbed "0.0.0.0 Day", allows malicious websites to bypass security in Google Chrome, Mozilla Firefox, and Apple Safari and interact with services on a local network. | Exploit | |
11.8.24 | ADT confirms data breach after customer info leaked on hacking forum | ADT Inc. disclosed via a Form 8-K filing at the U.S. Securities and Exchange Commission (SEC) that hackers have gained access to its systems, which hold customer order details. | Incindent | |
11.8.24 | Ronin Network hacked, $12 million returned by "white hat" hackers | Gambling blockchain Ronin Network suffered a security incident yesterday when white hat hackers exploited an undocumented vulnerability on the Ronin bridge to withdraw 4,000 ETH and 2 million USDC, totaling $12 million. | Incindent | |
11.8.24 | SEC ends probe into MOVEit attacks impacting 95 million people | The SEC concludes its investigation into Progress Software's handling of the widespread exploitation of a MOVEit Transfer zero-day flaw that exposed data of over 95 million people. | Exploit | |
11.8.24 | FBI: BlackSuit ransomware behind over $500 million in ransom demands | CISA and the FBI confirmed today that the Royal ransomware rebranded to BlackSuit and has demanded over $500 million from victims since it emerged more than two years ago. | BigBrothers | |
11.8.24 | New CMoon USB worm targets Russians in data theft attacks | A new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website | Virus | |
11.8.24 | Windows Update downgrade attack "unpatches" fully-updated systems | SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities | Attack | |
11.8.24 | McLaren hospitals disruption linked to INC ransomware attack | On Tuesday, IT and phone systems at McLaren Health Care hospitals were disrupted following an attack linked to the INC Ransom ransomware operation. | Ransom | |
11.8.24 | UK IT provider faces $7.7 million fine for 2022 ransomware breach | The UK's Information Commissioner's Office (ICO) has announced a provisional decision to impose a fine of £6.09M ($7.74 million) on Advanced Computer Software Group Ltd (Advanced) for its failure to protect the personal information of tens of thousands when it was hit by ransomware in 2022. | Ransom | |
11.8.24 | macOS Sequoia brings better Gatekeeper, stalkerware protections | Apple's macOS Sequoia, now in beta testing, will make it harder to bypass Gatekeeper warnings and add system alerts for potential stalkerware threats. | OS | |
11.8.24 | Critical Progress WhatsUp RCE flaw now under active exploitation | Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. | Vulnerebility | |
11.8.24 | Microsoft 365 anti-phishing feature can be bypassed with CSS | Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails.` | Security | |
11.8.24 | INTERPOL recovers over $40 million stolen in a BEC attack | A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore. | Spam | |
11.8.24 | Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault | Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. | Congress | |
11.8.24 | France's Grand Palais discloses cyberattack during Olympic games | The Grand Palais Réunion des musées nationaux (Rmn) in France is warning that it suffered a cyberattack on Saturday night, August 3, 2024. | Incindent | |
11.8.24 | Hacker wipes 13,000 devices after breaching classroom management platform | A hacker has breached Mobile Guardian, a digital classroom management platform used worldwide, and remotely wiped data from at least 13,000 student's iPads and Chromebooks. | Incindent | |
11.8.24 | Point of entry: Why hackers target stolen credentials for initial access | Stolen credentials are a big problem, commonly used to breach networks in attacks. Learn more from Specops Software about checking the password hygiene of your Active Directory. | Incindent | BleepingComputer |
11.8.24 | Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share | As many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could be | Vulnerebility | The Hacker News |
11.8.24 | New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions | An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a | Virus | The Hacker News |
10.8.24 | 60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States | The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It’s so big, in fact, that few people even notice it, like a fish can’t see the ocean. | IoT blog | BitDefender |
10.8.24 | Fighting Ursa Luring Targets With Car for Sale | A Russian threat actor we track as Fighting Ursa advertised a car for sale as a lure to distribute HeadLace backdoor malware. The campaign likely targeted diplomats and began as early as March 2024. | APT blog | |
10.8.24 | Ransomware Review: First Half of 2024 | Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week. Of the 53 ransomware groups whose leak sites we monitored, six of the groups accounted for more than half of the compromises observed. | Ransom blog | |
10.8.24 | Sustained Campaign Using Chinese Espionage Tools Targets Telcos | Attackers were heavily focused on telecoms operators in a single Asian country. | BigBrother blog | Symantec |
10.8.24 | Cloud Cover: How Malicious Actors Are Leveraging Cloud Services | In the past year, there has been a marked increase in the use of legitimate cloud services by attackers, including nation-state actors. | Malware blog | Symantec |
10.8.24 | Beware of Fake WinRar Websites: Malware Hosted on GitHub | A fake website seemingly distributing WinRar, a data compression, encryption, and archiving tool for Windows, has been seen also hosting malware. This fake website closely resembles the official website, uses typosquatting, and capitalizes on internet users who might incorrectly type the URL of this well-known archiving application. | Malware blog | |
10.8.24 | SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability | The SonicWall Capture Labs threat research team has discovered a pre-authentication remote code execution vulnerability in Apache OFBiz being tracked as CVE-2024-38856 with a CVSS score of 9.8. This is the second major flaw SonicWall has discovered in Apache OFBiz in recent months, the first coming in December 2023. | Vulnerebility blog | |
10.8.24 | Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747 | Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747 | Vulnerebility blog | |
10.8.24 | Protect Your Network: Mitigating the Latest Vulnerability (CVE-2024-5008) in Progress WhatsUp Gold | The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in Progress WhatsUp Gold, assessed its impact and developed mitigation measures. WhatsUp Gold is a software that monitors every connected device in the network, providing visibility into the IT infrastructure. It also has the functionality to swiftly pinpoint and resolve issues in the infrastructure by utilizing its intuitive workflows and system integrations. | Vulnerebility blog | SonicWall |
10.8.24 | No symbols? No problem! | This blog will share a tried and tested method for dealing with thousands of unknown functions in a given file to significantly decrease the time spent on analysis while improving accuracy. Once all theory is covered, an instance of the Golang based qBit stealer is analyzed with the demonstrated techniques to show what happens when the theory is put into practice. | Cyber blog | Trelix |
10.8.24 | Resilient Security Requires Mature Cyber Threat Intelligence Capabilities | We recently had the opportunity to support an important industry effort to advance threat intelligence, led by our partners at Intel 471. Trellix, along with 25+ cyber leaders, launched a new maturity model for cyber threat intelligence (CTI). | Cyber blog | Trelix |
10.8.24 | Black Hat USA 2024 recap – Week in security with Tony Anscombe | Unsurprisingly, many discussions focused on the implications of the recent CrowdStrike outage, including the lessons it may have offered for bad actors | Cyber blog | |
10.8.24 | Black Hat USA 2024: All eyes on election security | In this high-stakes year for democracy, the importance of robust election safeguards and national cybersecurity strategies cannot be understated | Cyber blog | |
10.8.24 | Black Hat USA 2024: How cyber insurance is shaping cybersecurity strategies | Cyber insurance is not only a safety net, but it can also be a catalyst for advancing security practices and standards | Cyber blog | |
10.8.24 | Why tech-savvy leadership is key to cyber insurance readiness | Having knowledgeable leaders at the helm is crucial for protecting the organization and securing the best possible cyber insurance coverage | Cyber blog | |
10.8.24 | Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure | Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of | Vulnerebility | The Hacker News |
10.8.24 | Experts Uncover Severe AWS Flaws Leading to RCE, Data Theft, and Full-Service Takeovers | Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, | Vulnerebility | The Hacker News |
10.8.24 | Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE | Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to | Vulnerebility | The Hacker News |
9.8.24 | Proton VPN adds ‘Discreet Icons’ to hide app on Android devices | Proton VPN has announced a series of updates to its Windows and Android apps to help users combat censorship, circumvent blocks, and protect themselves from authoritarian governments due to using forbidden tools. | BigBrothers | |
9.8.24 | Google fixes Android kernel zero-day exploited in targeted attacks | Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. | Exploit | |
9.8.24 | Ransomware gang targets IT workers with new SharpRhino malware | The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. | Ransom | |
9.8.24 | Crowdstrike: Delta Air Lines refused free help to resolve IT outage | The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices. | Security | |
9.8.24 | Windows Smart App Control, SmartScreen bypass exploited since 2018 | A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. | Exploit | |
9.8.24 | North Korean hackers exploit VPN update flaw to install malware | South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. | APT | |
9.8.24 | Keytronic reports losses of over $17 million after ransomware attack | Electronic manufacturing services provider Keytronic has revealed that it suffered losses of over $17 million due to a May ransomware attack. | Ransom | |
9.8.24 | New LianSpy malware hides by blocking Android security feature | A previously undocumented Android malware named 'LianSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. | Virus | |
9.8.24 | Countdown is on: Last chance for discount registration at Mandiant’s mWISE 2024 | There is only a few days left to get $300 off the standard conference price at mWISE. Learn more from mWise 2024 about how to get the discount and the upcoming cybersecurity sessions. | Security | |
9.8.24 | Surge in Magniber ransomware attacks impact home users worldwide | A massive Magniber ransomware campaign is underway, encrypting home users' devices worldwide and demanding thousand-dollar ransoms to receive a decryptor. | Ransom | |
9.8.24 | Linux kernel impacted by new SLUBStick cross-cache attack | A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers. | Attack | |
9.8.24 | Hackers breach ISP to poison software updates with malware | A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. | APT | |
9.8.24 | US sues TikTok for violating children privacy protection laws | The U.S. Department of Justice has filed a lawsuit against social media platform TikTok and its parent company, ByteDance, alleging widespread violations of children's privacy laws. | Social | |
9.8.24 | Fake AI editor ads on Facebook push password-stealing malware | A Facebook malvertising campaign targets users searching for AI image editing tools and steals their credentials by tricking them into installing fake apps that mimic legitimate software. | AI | |
9.8.24 | Cryptonator seized for laundering ransom payments, stolen crypto | U.S. and German law enforcement seized the domain of the crypto wallet platform Cryptonator, used by ransomware gangs, darknet marketplaces, and other illicit services, and indicted its operator. | Cryptocurrency | |
9.8.24 | DuckDuckGo blocked in Indonesia over porn, gambling search results | Privacy-focused search engine DuckDuckGo has been blocked in Indonesia by its government after citizens reportedly complained about pornographic and online gambling content in its search results | BigBrothers | |
9.8.24 | New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on Users | Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to | Vulnerebility | The Hacker News |
9.8.24 | DOJ Charges Nashville Man for Helping North Koreans Get U.S. Tech Jobs | The U.S. Department of Justice (DoJ) on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a | BigBrothers | The Hacker News |
9.8.24 | CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart | Exploit | The Hacker News |
8.8.24 | University Professors Targeted by North Korean Cyber Espionage Group | The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, | APT | The Hacker News |
8.8.24 | 0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices | Cybersecurity researchers have discovered a new " 0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability | Vulnerebility | The Hacker News |
8.8.24 | Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities | Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks | Attack | The Hacker News |
8.8.24 | New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links | Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links | Social | The Hacker News |
8.8.24 | FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 Million | The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom | Ransom | The Hacker News |
8.8.24 | Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now | A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users | Vulnerebility | The Hacker News |
7.8.24 | New Linux Kernel Exploit Technique 'SLUBStick' Discovered by Researchers | Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to | Exploit | The Hacker News |
7.8.24 | Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords | Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute | Vulnerebility | The Hacker News |
7.8.24 | New Go-based Backdoor GoGra Targets South Asian Media Organization | An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based | Virus | The Hacker News |
7.8.24 | CrowdStrike Reveals Root Cause of Global System Outages | Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that | Security | The Hacker News |
7.8.24 | Chameleon Android Banking Trojan Targets Users Through Fake CRM App | Cybersecurity researchers have lifted the lid on a new technique adopted by threat actors behind the Chameleon Android banking | Virus | The Hacker News |
7.8.24 | Apple's New macOS Sequoia Tightens Gatekeeper Controls to Block Unauthorized Software | Apple on Tuesday announced an update to its next-generation macOS version that makes it a little more difficult for users to | OS | The Hacker News |
6.8.24 | INTERPOL Recovers $41 Million in Largest Ever BEC Scam in Singapore | INTERPOL said it devised a "global stop-payment mechanism" that helped facilitate the largest-ever recovery of funds defrauded in a | Spam | The Hacker News |
| 6.8.24 | North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry | The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript | APT | The Hacker News |
6.8.24 | New Android Spyware LianSpy Evades Detection Using Yandex Cloud | Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least | Virus | The Hacker News |
| 6.8.24 | Google Patches New Android Kernel Vulnerability Exploited in the Wild | Google has addressed a high-severity security flaw impacting the Android kernel that it said has been actively exploited in the wild. The | OS | The Hacker News |
6.8.24 | New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution | A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source | Vulnerebility | The Hacker News |
5.8.24 | Researchers Uncover Flaws in Windows Smart App Control and SmartScreen | Cybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that could | Vulnerebility | The Hacker News |
5.8.24 | Kazakh Organizations Targeted by 'Bloody Wolf' Cyber Attacks | Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called | APT | The Hacker News |
5.8.24 | The Loper Bright Decision: How it Impacts Cybersecurity Law | The Loper Bright decision has yielded impactful results: the Supreme Court has overturned forty years of administrative law, leading to | Cyber | The Hacker News |
5.8.24 | Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access | A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be | ICS | The Hacker News |
5.8.24 | New Android Trojan "BlankBot" Targets Turkish Users' Financial Data | Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to steal | Virus | The Hacker News |
5.8.24 | China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates | The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider (ISP) to push malicious | APT | The Hacker News |
4.8.24 | CrowdStrike sued by investors over massive global IT outage | Cybersecurity company CrowdStrike has been sued by investors who say it provided false claims about its Falcon platform after a bad security update led to a massive global IT outage causing the stock price to tumble almost 38%. | Incindent | |
4.8.24 | Twilio kills off Authy for desktop, forcibly logs out all users | Twilio has finally killed off its Authy for Desktop application, forcibly logging users out of the desktop application. | Incindent | |
4.8.24 | Tech support scam ring leader gets 7 years in prison, $6M fine | The leader of a tech support fraud scheme was sentenced to seven years in prison after tricking at least 6,500 victims and generating more than $6 million. | Spam | |
4.8.24 | StackExchange abused to spread malicious PyPi packages as answers | Threat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platform. | Virus | |
4.8.24 | Hackers abuse free TryCloudflare to deliver remote access malware | Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs). | Virus | |
4.8.24 | UK takes down major 'Russian Coms' caller ID spoofing platform | The United Kingdom's National Crime Agency (NCA) has shut down Russian Coms, a major caller ID spoofing platform used by hundreds of criminals to make over 1.8 million scam calls. | BigBrothers | |
4.8.24 | Sitting Ducks DNS attacks let hackers hijack over 35,000 domains | Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner's account at the DNS provider or registrar. | Attack | |
4.8.24 | Cencora confirms patient health info stolen in February attack | Pharmaceutical giant Cencora has confirmed that patients' protected health information and personally identifiable information (PII) was exposed in a February cyberattack. | Incindent | |
4.8.24 | FBI warns of scammers posing as crypto exchange employees | The Federal Bureau of Investigation (FBI) warns of scammers posing as employees of cryptocurrency exchanges to steal funds from unsuspecting victims. | Cryptocurrency | |
4.8.24 | Credit card users get mysterious shopify-charge.com charges | People worldwide report seeing mysterious $1 or $0 charges from Shopify-charge.com appearing on their credit card bills, even when they did not attempt to purchase anything. | CyberCrime | |
4.8.24 | DigiCert to delay cert revocations for critical infrastructure | DigiCert urges critical infrastructure operators to request a delay if they cannot reissue their certificates, as required by an ongoing certificate mass-revocation process announced on Tuesday. | Security | |
4.8.24 | OneBlood's virtual machines encrypted in ransomware attack | OneBlood, a large not-for-profit blood center that serves hospitals and patients in the United States, is dealing with an IT systems outage caused by a ransomware attack. | Ransom | |
4.8.24 | CISA and FBI: DDoS attacks won’t impact US election integrity | CISA and the FBI said today that Distributed Denial of Service (DDoS) attacks targeting election infrastructure will, at most, hinder public access to information but will have no impact on the integrity or security of the 2024 U.S. general election processes. | BigBrothers | |
4.8.24 | Google ads push fake Google Authenticator site installing malware | Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware. | Virus | |
4.8.24 | World leading silver producer Fresnillo discloses cyberattack | Fresnillo PLC, the world's largest silver producer and a top global producer of gold, copper, and zinc, said attackers gained access to data stored on its systems during a recent cyberattack. | Hack | |
4.8.24 | New Android malware wipes your device after draining bank accounts | A new Android malware that researchers call 'BingoMod' can wipe devices after successfully stealing money from the victims' bank accounts using the on-device fraud technique. | Virus | |
4.8.24 | Fraud ring pushes 600+ fake web shops via Facebook ads | A malicious fraud campaign dubbed "ERIAKOS" promotes more than 600 fake web shops through Facebook advertisements to steal visitors' personal and financial information. | Social | |
4.8.24 | DOJ and FTC Sue TikTok for Violating Children's Privacy Laws | The U.S. Department of Justice (DoJ), along with the Federal Trade Commission (FTC), filed a lawsuit against popular video-sharing | BigBrothers | The Hacker News |
4.8.24 | Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool | Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured | Exploit | The Hacker News |
3.8.24 | GeoServer RCE Vulnerability (CVE-2024-36401) Being Exploited In the Wild | The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in GeoServer, assessed its impact and developed mitigation measures. GeoServer is a community-driven project that allows users to share and edit geospatial data | Vulnerebility blog | |
3.8.24 | Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747 | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-28747, a vulnerability in SmartPLC devices, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | |
3.8.24 | OneDrive Pastejacking | Phishing campaign exploits Microsoft OneDrive users with sophisticated social engineering, manipulating them into executing a malicious PowerShell script. | Hacking blog | Trelix |
3.8.24 | APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike | ShadowPad, widely considered the successor of PlugX, is a modular remote access trojan (RAT) only seen sold to Chinese hacking groups. | APT blog | Cisco Blog |
3.8.24 | Detecting evolving threats: NetSupport RAT campaign | In this first Deep Dive with NTDR, we explore how defenders can leverage Snort for the detection of evasive malware threats. | Malware blog | Cisco Blog |
3.8.24 | There is no real fix to the security issues recently found in GitHub and other similar software | The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software. | Vulnerebility blog | Cisco Blog |
3.8.24 | Where to find Talos at BlackHat 2024 | This year marks the 10th anniversary of Cisco Talos, as the Talos brand was officially launched in August 2014 at Black Hat. | Cyber blog | Cisco Blog |
3.8.24 | Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues | A binary in Apple macOS could allow an adversary to execute an arbitrary binary that bypasses SIP. | OS Blog | Cisco Blog |
3.8.24 | AI and automation reducing breach costs – Week in security with Tony Anscombe | Organizations that leveraged AI and automation in security prevention cut the cost of a data breach by US$2.22 million compared to those that didn't deploy these technologies, according to IBM | AI blog | |
3.8.24 | The cyberthreat that drives businesses towards cyber risk insurance | Many smaller organizations are turning to cyber risk insurance, both to protect against the cost of a cyber incident and to use the extensive post-incident services that insurers provide | Cyber blog | |
3.8.24 | Phishing targeting Polish SMBs continues via ModiLoader | ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families | Malware blog | |
3.8.24 | Beware of fake AI tools masking very real malware threats | Ever attuned to the latest trends, cybercriminals distribute malicious tools that pose as ChatGPT, Midjourney and other generative AI assistants | AI blog | |
3.8.24 | Microsoft says massive Azure outage was caused by DDoS attack | Microsoft confirmed today that a nine-hour outage on Tuesday, which took down and disrupted multiple Microsoft 365 and Azure services worldwide, was triggered by a distributed denial-of-service (DDoS) attack. | Attack | |
3.8.24 | Massive SMS stealer campaign infects Android devices in 113 countries | A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords (OTPs) for over 600 services. | Virus | |
3.8.24 | Dark Angels ransomware receives record-breaking $75 million ransom | A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz. | Ransom | |
3.8.24 | CISA warns of VMware ESXi bug exploited in ransomware attacks | CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. | Ransom | |
3.8.24 | Black Basta ransomware switches to more evasive custom malware | The Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to evade detection and spread throughout a network. | Ransom | |
3.8.24 | Google Chrome adds app-bound encryption to block infostealer malware | Google Chrome has added app-bound encryption for better cookie protection on Windows systems and improved defenses against information-stealing malware attacks. | Virus | |
3.8.24 | Columbus investigates whether data was stolen in ransomware attack | The City of Columbus, Ohio, says it's investigating whether personal data was stolen in a ransomware attack on July 18, 2024 that disrupted the City's services. | Ransom | |
3.8.24 | DigiCert mass-revoking TLS certificates due to domain validation bug | DigiCert is warning that it will be mass-revoking SSL/TLS certificates due to a bug in how the company verified if a customer owned or operated a domain and requires impacted customers to reissue certificates within 24 hours. | Vulnerebility | |
3.8.24 | UK govt links 2021 Electoral Commission breach to Exchange server | The United Kingdom's Information Commissioner's Office (ICO) revealed today that the Electoral Commission was breached in August 2021 because it failed to patch its on-premise Microsoft Exchange Server against ProxyShell vulnerabilities. | BigBrothers | |
3.8.24 | Android spyware 'Mandrake' hidden in apps on Google Play since 2022 | A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. | Virus | |
3.8.24 | New Specula tool uses Outlook for remote code execution in Windows | Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named "Specula," released today by cybersecurity firm TrustedSec. | Exploit | |
3.8.24 | Apple iOS 18.1 Beta previews Apple Intelligence for the first time | Apple has released the iOS 18.1 Beta to developers, allowing them to test some of its upcoming AI-powered Apple Intelligence features before they are released for testing in the public previews. | OS | |
3.8.24 | Former Avaya employee gets 4 years for $88M license piracy scheme | Three individuals who orchestrated a massive-scale pirate operation involving the sale of Avaya business telephone system software licenses worth over $88,000,000 have received imprisonment sentences. | CyberCrime | |
3.8.24 | Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks | Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. | Ransom | |
3.8.24 | HealthEquity says data breach impacts 4.3 million people | HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. | Incindent | |
3.8.24 | Proofpoint settings exploited to send millions of phishing emails daily | A massive phishing campaign dubbed "EchoSpoofing" exploited a security gap in Proofpoint's email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies. | Phishing | |
3.8.24 | Misconfigured Selenium Grid servers abused for Monero mining | Threat actors are exploiting a misconfiguration in Selenium Grid, a popular web app testing framework, to deploy a modified XMRig tool for mining Monero cryptocurrency. | Cryptocurrency | BleepingComputer |
2.8.24 | APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack | A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation- | APT | The Hacker News |
2.8.24 | APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure | A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular | APT | The Hacker News |
2.8.24 | Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal | Enterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and | BotNet | The Hacker News |
2.8.24 | New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication | Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature | Virus | The Hacker News |
2.8.24 | U.S. Releases High-Profile Russian Hackers in Diplomatic Prisoner Exchange | In a historic prisoner exchange between Belarus, Germany, Norway, Russia, Slovenia, and the U.S., two Russian nationals serving time for | BigBrothers | The Hacker News |
2.8.24 | Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware | Cybersecurity companies are warning about an uptick in the abuse of Clouflare's TryCloudflare free service for malware delivery. The | Virus | The Hacker News |
1.8.24 | Over 1 Million Domains at Risk of 'Sitting Ducks' Domain Hijacking Technique | Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. The | Hack | The Hacker News |
1.8.24 | Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform | In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light | Virus | The Hacker News |
1.8.24 | New Android Banking Trojan BingoMod Steals Money, Wipes Devices | Cybersecurity researchers have uncovered a new Android remote access trojan (RAT) called BingoMod that not only performs | Virus | The Hacker News |
1.8.24 | Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware | Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to | Virus | The Hacker News |
1.8.24 | Facebook Ads Lead to Fake Websites Stealing Credit Card Information | Facebook users are the target of a scam e-commerce network that uses hundreds of fake websites to steal personal and financial data | Social | The Hacker News |
1.8.24 | DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight | Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight | CyberCrime | The Hacker News |
1.8.24 | North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS | The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS | APT | The Hacker News |
1.8.24 | Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware | Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and | Virus | The Hacker News |
1.8.24 | Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes | A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least | Virus | The Hacker News |
1.8.24 | Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova | Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group | BigBrothers | The Hacker News |