H January(270) February(364) March(400) April(276) May(343) June(373) July(336) August(388) September(287) October(58) November(67) December(107)
DATE | NAME | Info | CATEG. | WEB |
|
31.12.24 | New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy | The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to | BigBrothers | |
|
31.12.24 | Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents | The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. "On December 8, 2024, | APT | |
|
31.12.24 | Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation | Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various | Exploit | |
|
30.12.24 | New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits | The United States Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare | BigBrothers | |
|
30.12.24 | When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions | News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to | Hack | |
|
30.12.24 | 16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft | A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to | Virus | |
|
28.12.24 | 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials | A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The | Vulnerebility | |
|
28.12.24 | North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign | North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie . | APT | |
|
28.12.24 | Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia | The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns | Virus | |
|
28.12.24 | Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately | Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible | Vulnerebility | |
|
28.12.24 | FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks | Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant | Vulnerebility | |
|
28.12.24 | Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization | The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework | Vulnerebility | |
|
26.12.24 | Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts | A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company's network in March 2020. Junior | Cryptocurrency | |
|
26.12.24 | Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now | The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an | Vulnerebility | |
|
26.12.24 | Ruijie Networks' Cloud Platform Flaws Could've Exposed 50,000 Devices to Remote Attacks | Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker | Incindent | |
|
26.12.24 | Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware | The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian | Virus | |
|
26.12.24 | Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts | Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with | Hack | |
|
26.12.24 | North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin | Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to | Cryptocurrency | |
|
26.12.24 | CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems | Vulnerebility | |
|
26.12.24 | Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks | The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE- | Vulnerebility | |
|
26.12.24 | Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service | An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named | Phishing | |
|
26.12.24 | U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case | Meta Platforms-owned WhatsApp scored a major legal victory in its fight against Israeli commercial spyware vendor NSO Group after a federal judge in the U.S. | Social | |
|
26.12.24 | Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations | Italy's data protection authority has fined ChatGPT maker OpenAI a fine of €15 million ($15.66 million) over how the generative artificial intelligence application | BigBrothers | The Hacker News |
|
22.12.24 | Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks | APT group Earth Koshchei, suspected to be sponsored by the SVR, executed a large-scale rogue RDP campaign using spear-phishing emails, red team tools, and sophisticated anonymization techniques to target high-profile sectors. | APT blog | |
|
22.12.24 | MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks | Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance. | Exploit blog | |
|
22.12.24 | FedRAMP ATO Boosts Zero Trust for Federal Agencies | Trend Vision One™ for Government has obtained a FedRAMP Authorization to Operate (ATO). This milestone enables Federal government customers to leverage Trend’s platform to rapidly stop adversaries and control their cybersecurity risk posture. | BigBrother blog | |
|
22.12.24 | Python-Based NodeStealer Version Targets Facebook Ads Manager | In this blog entry, Trend Micro’s Managed XDR team discuss their investigation into how the latest variant of NodeStealer is delivered through spear-phishing attacks, potentially leading to malware execution, data theft, and the exfiltration of sensitive information via Telegram. | Malware blog | |
|
22.12.24 | Link Trap: GenAI Prompt Injection Attack | Prompt injection exploits vulnerabilities in generative AI to manipulate its behavior, even without extensive permissions. This attack can expose sensitive data, making awareness and preventive measures essential. Learn how it works and how to stay protected. | AI blog | Trend Micro |
|
22.12.24 | Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration | Unit 42 researchers have discovered new security vulnerabilities in the Azure Data Factory Apache Airflow integration. Attackers can exploit these flaws by gaining unauthorized write permissions to a directed acyclic graph (DAG) file or using a compromised service principal. | Vulnerebility blog | |
|
22.12.24 | Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation | This article analyzes a new packer-as-a-service (PaaS) called HeartCrypt, which is used to protect malware. It has been in development since July 2023 and began sales in February 2024. We have identified examples of malware samples created by this service based on strings found in several development samples the operators used to test their work. | Malware blog | |
|
22.12.24 | Network Abuses Leveraging High-Profile Events: Suspicious Domain Registrations and Other Scams | Threat actors frequently exploit trending events like global sporting championships to launch attacks, including phishing and scams. Because of this, proactive monitoring of event-related domain abuse is crucial for cybersecurity teams. | Phishing blog | |
|
22.12.24 | Threat Assessment: Howling Scorpius (Akira Ransomware) | Emerging in early 2023, the Howling Scorpius ransomware group is the entity behind the Akira ransomware-as-a-service (RaaS), which has consistently ranked in recent months among the top five most active ransomware groups. Its double extortion strategy significantly amplifies the threat it poses. Unit 42 researchers have been monitoring the Howling Scorpius ransomware group over the past year. | Ransom blog | |
|
22.12.24 | Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware | Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius. Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. | Ransom blog | |
|
22.12.24 | Lynx Ransomware: A Rebranding of INC Ransomware | In July 2024, researchers from Palo Alto Networks discovered a successor to INC ransomware named Lynx. Since its emergence, the group behind this ransomware has actively targeted organizations in various sectors such as retail, real estate, architecture, and financial and environmental services in the U.S. and UK. | Ransom blog | |
|
22.12.24 | Remote Code Execution Vulnerability in WhatsUp Gold (CVE-2024-46909): Analysis and Mitigation | OverviewThe SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in Progress WhatsUp Gold, assessed its impact and developed mitigation measures. WhatsUp G... | Vulnerebility blog | |
|
22.12.24 | Strela Stealer Targeting Ukraine Alongside Other European Countries | OverviewThe SonicWall Capture Labs threat research team has been tracking Strela Stealer for a long time. Our research shows that Strela Stealer remained active throughout 2024. We recently identified... | Malware blog | |
|
22.12.24 | Critical SQL Injection Vulnerability in SuiteCRM (CVE-2024-36412) | OverviewSonicWall Capture Labs threat research team became aware of the threat CVE-2024-36412, assessed its impact and developed mitigation measures for this vulnerability.CVE-2024-36412 is a critical... | Vulnerebility blog | |
|
22.12.24 | Trojan Disguised as VPN Client Exploits Users with Fake Cisco AnyConnect Installer | This week, the SonicWall Capture Labs threat research team analyzed a PDF file with a link to download a copy of a well-known VPN client. This PDF file appears to have been distributed via spam email and has a link to download Cisco AnyConnect. However, no VPN client was installed upon execution – instead, it downloaded a Trojan that constantly connected to various remote servers. | Malware blog | |
|
22.12.24 | Russian Ransomware Known As "Assignment" Leaves Victims Helpless | The SonicWall Capture Labs threats research team has been tracking a recently released Russian ransomware known as “Assignment”. The malware is written in Go and contains a large amount of debugging information that was left in by the author. As expected, the malware encrypts files and demands payment for file retrieval. The cost of decryption is 0.222 bitcoin— which is roughly $21,500.00 at the time of writing this alert. However, there is no way to contact the operator to obtain a decryptor. | Ransom blog | |
|
22.12.24 | HTML Phishing On the Rise: Analyzing New Threat Vectors | This week, the SonicWall Capture Labs Threat Research Team observed a significant increase in HTML phishing threats. The prevalence of phishing campaigns targeting Microsoft Office and Adobe Cloud users is rising, with attackers focusing on stealing individual account passwords within various organizations. Many of these campaigns primarily targeted Chinese-speaking users. | Hacking blog | |
|
22.12.24 | Inside Akira Ransomware’s Rust Experiment | Check Point Research analyzed the construction and control flow of Akira ransomware’s Rust version that circulated in early 2024, which has specific features uniquely targeting ESXi server. Our analysis demonstrates how Rust idioms, boilerplate code, and compiler strategies come together to account for the complicated assembly. | Ransom blog | |
|
22.12.24 | Gaming Engines: An Undetected Playground for Malware Loaders | Check Point Research discovered a new technique taking advantage of Godot Engine, a popular open-source game engine, to execute crafted GDScript, code which triggers malicious commands and delivers malware. The technique remains undetected by almost all antivirus engines in VirusTotal. | Malware blog | |
|
22.12.24 | Malware Spotlight: A Deep-Dive Analysis of WezRat | Check Point Research (CPR) provides a comprehensive analysis of a custom modular infostealer, tracked as WezRat, after the FBI, the US Department of Treasury, and the Israeli National Cybersecurity Directorate (INCD) released a joint Cybersecurity Advisory and attributed the malware to the Iranian cyber group Emennet Pasargad. The group has been held responsible for several recent cyber operations in the US, France, Sweden, and Israel. | Malware blog | |
|
22.12.24 | Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity | Check Point Research has been tracking ongoing activity of WIRTE threat actor, previously associated with the Hamas-affiliated group Gaza Cybergang, despite the ongoing war in the region. | BigBrother blog | |
|
22.12.24 | CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits | Check Point Research is tracking an ongoing, large scale and sophisticated phishing campaign deploying the newest version of the Rhadamanthys stealer (0.7). We dubbed this campaign CopyRh(ight)adamantys. | Malware blog | |
|
22.12.24 | Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT | APT36, also known as Transparent Tribe, is a Pakistan-based threat actor notorious for persistently targeting Indian government organizations, diplomatic personnel, and military facilities. APT36 has conducted numerous cyber-espionage campaigns against Windows, Linux, and Android systems. | APT blog | |
|
21.12.24 | The evolution and abuse of proxy networks | Proxy and anonymization networks have been dominating the headlines, this piece discusses its origins and evolution on the threat landscape with specific focus on state sponsored abuse. | Security blog | |
|
21.12.24 | Exploring vulnerable Windows drivers | This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about malicious Windows drivers. | Vulnerebility blog | |
|
21.12.24 | Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities | The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” | Vulnerebility blog | |
|
21.12.24 | Acrobat out-of-bounds and Foxit use-after-free PDF reader vulnerabilities found | Cisco Talos’ Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader. These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular a | Vulnerebility blog | |
|
21.12.24 | Something to Read When You Are On Call and Everyone Else is at the Office Party | Its mid-December, if you’re on-call or working to defend networks, this newsletter is for you. Martin discusses the widening gap between threat and defences as well as the growing problem of home devices being recruited to act as proxy servers for criminals. | Cyber blog | |
|
21.12.24 | MC LR Router and GoCast unpatched vulnerabilities | Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been patched at time of this posting. For Snort coverage that can detect the explo | Vulnerebility blog | |
|
21.12.24 | The adventures of an extroverted cyber nerd and the people Talos helps to fight the good fight | Ever wonder what an extroverted strategy security nerd does? Wonder no longer! This week, Joe pontificates on his journey at Talos, and then is inspired by the people he gets to meet and help. | Cyber blog | |
|
21.12.24 | Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform | By Philippe Laulheret ClipSP (clipsp.sys) is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems. Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of p | Vulnerebility blog | Cisco Blog |
|
21.12.24 | ESET Research Podcast: Telekopye, again | Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths' | Cyber blog | |
|
21.12.24 | Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (ep. 9) | ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud | Cyber blog | |
|
21.12.24 | Cybersecurity is never out-of-office: Protecting your business anytime, anywhere | While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year | Cyber blog | |
|
21.12.24 | ESET Threat Report H2 2024: Key findings | Cyber blog | ||
|
21.12.24 | ESET Threat Report H2 2024 | A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts | Cyber blog | |
|
21.12.24 | Black Hat Europe 2024: Hacking a car – or rather, its infotainment system | Our ‘computers on wheels’ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow | Cyber blog | |
|
21.12.24 | Black Hat Europe 2024: Why a CVSS score of 7.5 may be a 'perfect' 10 in your organization | Aggregate vulnerability scores don’t tell the whole story – the relationship between a flaw’s public severity rating and the specific risks it poses for your company is more complex than it seems | Cyber blog | |
|
21.12.24 | Black Hat Europe 2024: Can AI systems be socially engineered? | Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally? | Cyber blog | |
|
21.12.24 | How cyber-secure is your business? | Unlocked 403 cybersecurity podcast (ep. 8) | As cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats? | Cyber blog | |
|
21.12.24 | Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks | Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost | Cyber blog | |
|
21.12.24 | Philip Torr: AI to the people | Starmus Highlights | We’re on the cusp of a technological revolution that is poised to transform our lives – and we hold the power to shape its impact | AI blog | |
|
21.12.24 | Achieving cybersecurity compliance in 5 steps | Cybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements | Cyber blog | |
|
21.12.24 |
CVE-2024-55956: Zero-Day Vulnerability in Cleo Software Could Lead to Data Theft |
A zero-day vulnerability, tracked as CVE-2024-55956, has been discovered in 3 Cleo products and is being exploited by CL0P ransomware group, leading to potential data theft | ||
|
21.12.24 |
Your Data Is Under New Lummanagement: The Rise of LummaStealer |
In this Threat Analysis report, Cybereason investigates the rising activity of the malware LummaStealer. | ||
|
21.12.24 |
In this Threat Analysis report, Cybereason investigates incidents relating to the Andromeda backdoor and a new cluster of C2 servers |
|||
|
21.12.24 |
Scientology spies were trained in all covert operations techniques: surveillance, recruiting agents, infiltrating enemy lines, and blackmail. However, a suspicious librarian and a determined FBI agent brought the largest single spy operation in US government history to an end. |
|||
|
21.12.24 |
In this Threat Analysis report, Cybereason investigates the Ransomware-as-a-Service (RaaS) known as Beast and how to defend against it through the Cybereason Defense Platform. | |||
|
21.12.24 |
In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques. |
|||
|
21.12.24 |
In 1963, the FDA raided the headquarters of a budding new and esoteric religion - The Church of Scientology. In response to this and similar incidents to come, the church's founder - an eccentric science fiction author named L. Ron Hubbard - would go on to lead the single largest known government infiltration operation in United States history. |
|||
|
21.12.24 |
CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective |
In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques. |
||
|
21.12.24 |
As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. |
|||
|
21.12.24 |
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit |
Earlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered, and the hypothesized ITW exploit strategy gleaned from the logs. | ||
|
21.12.24 |
This is a short blog post about some recent improvements I've been making to the OleView.NET tool which has been released as part of version 1.16. The tool is designed to discover the attack surface of Windows COM and find security vulnerabilities such as privilege escalation and remote code execution. |
|||
|
21.12.24 |
Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst |
Recently, one of the projects I was involved in had to do with video decoding on Apple platforms, specifically AV1 decoding. On Apple devices that support AV1 video format (starting from Apple A17 iOS / M3 macOS), decoding is done in hardware | ||
|
21.12.24 |
Safeguarding Election Integrity: Threat Hunting for the U.S. Elections |
With 2024 being a major election year globally, the stakes for election security were and remain high. More than 60 countries, including the United States, Mexico, India, and Indonesia, held elections and engaged nearly 2 billion voters. The U.S. general election on November 5th, 2024, drew significant attention due to concerns over potential interference and cybersecurity threats. |
||
|
21.12.24 |
Hacktivist Groups: The Shadowy Links to Nation-State Agendas |
The recent conflicts between Ukraine and the Middle East have seen a surge in hacktivist activity, with groups aligned with both sides engaging in cyberattacks. In this blog we will cover a large set of Hacktivist groups. | ||
|
21.12.24 |
During proactive hunting, Trellix Advanced Research Center found samples belonging to Celestial Stealer, a JavaScript-based infostealer which is packaged either as an Electron application or as a NodeJS single application for Windows 10 and Windows 11 operating system. It is a Malware-as-a-Service (MaaS) advertised on the Telegram platform. The stealer is marketed as a FUD (fully undetectable). |
|||
|
21.12.24 |
Phobos: Stealthy Ransomware That Operated Under the Radar - Until Now |
On November 18th, the US Justice Department unsealed criminal charges against a Russian national for allegedly administering the sale, distribution, and operation of Phobos ransomware. Phobos is considered an evolution of Dharma Ransomware (aka CrySIS). Code similarities and ransom notes suggest that the creators are either the same or closely connected. |
||
|
21.12.24 |
When Guardians Become Predators: How Malware Corrupts the Protectors |
We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? |
||
| 21.12.24 | LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages | A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. | Ransom | The Hacker News |
| 21.12.24 | DigiEver Fix That IoT Thing! | A vulnerability in DigiEver DS-2105 Pro DVRs is being exploited to spread malware. | IoT | Akamai |
| 21.12.24 | cShell DDoS Bot Attack Case Targeting Linux SSH Server (screen and hping3) | AhnLab SEcurity intelligence Center (ASEC) monitors attacks against poorly managed Linux servers using multiple honeypots. Among the prominent honeypots are SSH services using weak credential information, which are targeted by numerous DDoS and CoinMiner threat actors. | Hack | asec Ahnlab |
| 21.12.24 | Counterfeit ESLint and Node 'types' libraries downloaded thousands of times abuse Pastebin | The legitimate ESLint packages on the npmjs.com registry are called "typescript-eslint" and "@typescript-eslint/eslint-plugin." This has unscrupulous actors publishing a typosquat named "@typescript_eslinter/eslint" that very closely resembles the names of the real libraries, but is up to no good. | Hack | Sonatype |
| 21.12.24 | Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware | A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers. | Cryptocurrency | Socket.dev |
| 21.12.24 | Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware | The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection | APT | |
| 21.12.24 | Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack | The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli , were compromised in a software supply chain | Cryptocurrency | |
| 21.12.24 | Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation | Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow | Vulnerebility | |
| 21.12.24 | Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools | A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote | Vulnerebility | |
| 21.12.24 | CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access | Exploit | |
| 21.12.24 | Thousands Download Malicious npm Libraries Impersonating Legitimate Tools | Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up | Virus | |
| 21.12.24 | Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords | Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that | BotNet | |
| 21.12.24 | Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits | Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive | Vulnerebility | |
| 21.12.24 | CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to | BigBrothers | |
| 21.12.24 | Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency | The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers | BigBrothers | |
| 21.12.24 | UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App | The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country | BigBrothers | |
| 18.12.24 | HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft | Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take | Phishing | |
| 18.12.24 | Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected | Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The | Exploit | |
| 18.12.24 | APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP | The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious | APT | |
| 18.12.24 | BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products | BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the | Vulnerebility | |
| 18.12.24 | INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse | INTERPOL is calling for a linguistic shift that aims to put to an end to the term " pig butchering ," instead advocating for the use of "romance baiting" to refer to online | BigBrothers | |
| 18.12.24 | Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts | Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach | BigBrothers | |
| 18.12.24 | Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware | A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate . "An attacker used | Virus | |
| 18.12.24 | Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks | A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. | Phishing | |