H January(270) February(364) March(400) April(276) May(343) June(373) July(4) August(0) September(0) October(0) November(0) December(0)
DATE | NAME |
Info |
CATEG. |
WEB |
29.2.24 |
UnitedHealth subsidiary Optum hack linked to BlackCat ransomware |
A cyberattack on UnitedHealth Group subsidiary Optum that led to an ongoing outage impacting the Change Healthcare payment exchange platform was linked to the BlackCat ransomware group by sources familiar with the investigation. |
||
29.2.24 |
New IDAT loader version uses steganography to push Remcos RAT |
A hacking group tracked as 'UAC-0184' was observed utilizing steganographic image files to deliver the Remcos remote access trojan (RAT) onto the systems of a Ukrainian entity operating in Finland |
||
29.2.24 |
White House urges devs to switch to memory-safe programming languages |
The White House Office of the National Cyber Director (ONCD) urged tech companies today to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities. |
||
29.2.24 |
Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning |
Threat actors are exploiting a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams. |
||
29.2.24 |
Members of the Five Eyes (FVEY) intelligence alliance warned today that APT29 Russian Foreign Intelligence Service (SVR) hackers are now switching to attacks targeting their victims' cloud services. |
|||
29.2.24 |
Steel giant ThyssenKrupp confirms cyberattack on automotive division |
Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort. |
||
29.2.24 |
Hijacked subdomains of major brands used in massive spam campaign |
A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising. |
||
29.2.24 |
LockBit ransomware returns, restores servers after police disruption |
The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector. |
||
29.2.24 |
PayPal has filed a patent application for a novel method that can identify when "super-cookie" is stolen, which could improve the cookie-based authentication mechanism and limit account takeover attacks. |
|||
29.2.24 |
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware |
At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886 , have been attributed to the |
||
29.2.24 |
President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations |
U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The |
||
29.2.24 |
Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense Sectors |
An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, |
||
28.2.24 |
FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks |
The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as |
||
28.2.24 |
TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users |
Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows |
||
28.2.24 |
Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat |
In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take |
||
28.2.24 |
WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk |
A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their |
||
28.2.24 |
Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub |
An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it easily accessible to other actors at |
||
28.2.24 |
Five Eyes Agencies Expose APT29's Evolving Cloud Attack Tactics |
Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state- |
||
28.2.24 |
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks |
Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the |
||
27.2.24 |
WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites |
A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. |
||
27.2.24 |
New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT |
Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos |
||
27.2.24 |
8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation |
More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated |
||
27.2.24 |
North Korean Hackers Targeting Developers with Malicious npm Packages |
A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings |
||
27.2.24 |
Banking Trojans Target Latin America and Europe Through Google Cloud Run |
Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver |
||
27.2.24 |
LockBit Ransomware Group Resurfaces After Law Enforcement Takedown |
The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law |
||
25.2.24 |
Authorities Claim LockBit Admin "LockBitSupp" Has Engaged with Law Enforcement |
LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "has |
||
25.2.24 |
The Royal Canadian Mounted Police (RCMP), Canada's national police force has disclosed that it recently faced a cyber attack targeting its networks. The federal body has started its criminal investigation into the matter as it works to determine the scope of the security breach. |
|||
25.2.24 |
Apple is adding to the iMessage instant messaging service a new post-quantum cryptographic protocol named PQ3, designed to defend encryption from quantum attacks. |
|||
25.2.24 |
Insomniac Games alerts employees hit by ransomware data breach |
Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November. |
||
25.2.24 |
LockBit ransomware gang has over $110 million in unspent bitcoin |
The LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation. |
||
25.2.24 |
U-Haul says hacker accessed customer records using stolen creds |
U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. |
||
25.2.24 |
UnitedHealth confirms Optum hack behind US healthcare billing outage |
Healthcare giant UnitedHealth Group confirmed that its subsidiary Optum was forced to shut down IT systems and various services after a cyberattack by "nation-state" hackers on the Change Healthcare platform. |
||
25.2.24 |
Microsoft is testing support for Wi-Fi 7 in Windows 11, which offers multi-gigabit speeds and improved throughput, latency, and reliability compared to previous Wi-Fi generations. |
|||
25.2.24 |
Microsoft now force installing Windows 11 23H2 on eligible PCs |
Microsoft has started force installing Windows 11 23H2 on eligible devices that have reached or are close to their end-of-servicing date. |
||
25.2.24 |
The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. |
|||
25.2.24 |
Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns |
On Feb. 16, 2024, someone uploaded data to GitHub that included possible internal company communications, sales-related materials and product manuals belonging to the Chinese IT security services company i-Soon, also known as Anxun Information Technology. |
||
25.2.24 |
Dynamic-link library (DLL) hijacking is one of the oldest techniques that both threat actors and offensive security professionals continue to use today. |
|||
25.2.24 |
2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics |
Our annual survey of incident data from more than 250 organizations and more than 600 incidents provides a Unit 42 perspective on the current state of security exposures. |
||
25.2.24 |
Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) |
Feb. 13, 2024, ConnectWise was notified of two vulnerabilities impacting their remote desktop software application ScreenConnect. These vulnerabilities were first reported through their vulnerability disclosure channel in the ConnectWise Trust Center. |
||
25.2.24 |
Rising Threats: Cybersecurity landscape faces an unprecedented surge in ransomware attacks, with 1 in every 10 organizations globally being targeted in 2023. |
|||
25.2.24 |
TinyTurla-NG in-depth tooling and command and control analysis |
Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed. |
||
25.2.24 |
How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity |
While distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context. |
||
25.2.24 |
Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns |
Since September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans. |
||
25.2.24 |
PSYOP campaigns targeting Ukraine – Week in security with Tony Anscomber |
Coming in two waves, the campaign sought to demoralize Ukrainians and Ukrainian speakers abroad with disinformation messages about war-related subjects |
||
25.2.24 |
||||
25.2.24 |
Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war |
|||
25.2.24 |
Watching out for the fakes: How to spot online disinformation |
|||
25.2.24 |
Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies |
Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six |
||
24.2.24 |
Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. |
|||
24.2.24 |
FTC to ban Avast from selling browsing data for advertising purposes |
The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes. |
||
24.2.24 |
LockBit ransomware secretly building next-gen encryptor before takedown |
LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week. |
||
24.2.24 |
Joomla fixes XSS flaws that could expose sites to RCE attacks |
Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites. |
||
24.2.24 |
Microsoft expands free logging capabilities after May breach |
Microsoft has expanded free logging capabilities for all Purview Audit standard customers, including U.S. federal agencies, six months after disclosing that Chinese hackers stole U.S. government emails undetected in an Exchange Online breach between May and June 2023. |
||
24.2.24 |
Hackers abuse Google Cloud Run in massive banking trojan campaign |
Security researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban. |
||
24.2.24 |
Fraudsters tried to scam Apple out of 5,000 iPhones worth over $3 million |
Two Chinese nationals face 20 years in prison after being caught and convicted of submitting over 5,000 fake iPhones worth more than $3 million to Apple with the goal of having them replaced with genuine devices. |
||
24.2.24 |
New SSH-Snake malware steals SSH keys to spread across the network |
A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure. |
||
24.2.24 |
CISA, the FBI, and the Environmental Protection Agency (EPA) shared a list of defense measures U.S. water utilities should implement to better defend their systems against cyberattacks |
|||
24.2.24 |
ScreenConnect critical bug now under attack as exploit code emerges |
Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software. |
||
24.2.24 |
US offers $15 million bounty for info on LockBit ransomware gang |
The U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information about LockBit ransomware gang members and their associates. |
||
24.2.24 |
VMware urges admins to remove deprecated, vulnerable auth plug-in |
VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. |
||
24.2.24 |
VoltSchemer attacks use wireless chargers to inject voice commands, fry phones |
A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. |
||
24.2.24 |
New Migo malware disables protection features on Redis servers |
Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency. |
||
24.2.24 |
Dormant PyPI Package Compromised to Spread Nova Sentinel Malware |
A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer |
||
23.2.24 |
ConnectWise urges ScreenConnect admins to patch critical RCE flaw |
ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution (RCE) attacks. |
||
23.2.24 |
Knight ransomware source code for sale after leak site shuts down |
The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation. |
||
23.2.24 |
Ransomware Groups, Targeting Preferences, and the Access Economy |
The cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime. |
||
23.2.24 |
Critical infrastructure software maker confirms ransomware attack |
PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure. |
||
23.2.24 |
Police arrest LockBit ransomware members, release decryptor in global crackdown |
Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation. |
||
23.2.24 |
Law enforcement agencies from 10 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ''Operation Cronos." |
|||
23.2.24 |
North Korean hackers linked to defense sector supply-chain attack |
In an advisory today Germany's federal intelligence agency (BfV) and South Korea's National Intelligence Service (NIS) warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government. |
||
23.2.24 |
Cactus ransomware claim to steal 1.5TB of Schneider Electric data |
The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month. |
||
23.2.24 |
Over 28,500 Exchange servers vulnerable to actively exploited bug |
Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting. |
||
23.2.24 |
Hackers exploit critical RCE flaw in Bricks WordPress site builder |
Hackers are actively exploiting a critical remote code execution (RCE) flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites. |
||
23.2.24 |
Wyze camera glitch gave 13,000 users a peek into other homes |
Wyze shared more details on a security incident that impacted thousands of users on Friday and said that at least 13,000 customers could get a peek into other users' homes. |
||
23.2.24 |
Anatsa Android malware downloaded 150,000 times via Google Play |
The Anatsa banking trojan has been targeting users in Europe by infecting Android devices through malware droppers hosted on Google Play. |
||
23.2.24 |
Hacker arrested for selling bank accounts of US, Canadian users |
Ukraine's cyber police arrested a 31-year-old for running a cybercrime operation that gained access to bank accounts of American and Canadian users and sold them on the dark web. |
||
23.2.24 |
KeyTrap attack: Internet access disrupted with one DNS packet |
A serious vulnerability named KeyTrap in the Domain Name System Security Extensions (DNSSEC) feature could be exploited to deny internet access to applications for an extended period. |
||
23.2.24 |
New Google Chrome feature blocks attacks against home networks |
Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks. |
||
23.2.24 |
ALPHV ransomware claims loanDepot, Prudential Financial breaches |
The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. |
||
23.2.24 |
Wyze Labs is investigating a security issue while experiencing a service outage that has been causing connectivity issues since this morning. |
|||
23.2.24 |
SolarWinds fixes critical RCE bugs in access rights audit solution |
SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation. |
||
23.2.24 |
Alpha ransomware linked to NetWalker operation dismantled in 2021 |
Security researchers analyzing the Alpha ransomware payload and modus operandi discovered overlaps with the now-defunct Netwalker ransomware operation. |
||
23.2.24 |
North Korean hackers now launder stolen crypto via YoMix tumbler |
The North Korean hacker collective Lazarus, infamous for having carried out numerous large-scale cryptocurrency heists over the years, has switched to using YoMix bitcoin mixer to launder stolen proceeds. |
||
23.2.24 |
Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison |
Ukrainian national Vyacheslav Igorevich Penchukov, one of the heads of the notorious JabberZeus cybercrime gang, has pleaded guilty to charges related to his leadership roles in the Zeus and IcedID malware groups. |
||
23.2.24 |
Microsoft Releases PyRIT - A Red Teaming Tool for Generative AI |
Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in |
||
23.2.24 |
Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability |
Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive |
||
23.2.24 |
FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data |
The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to |
||
23.2.24 |
Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessage |
Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging |
||
22.2.24 |
Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks |
A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a |
||
22.2.24 |
In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. |
|||
22.2.24 |
Russian Government Software Backdoored to Deploy Konni RAT Malware |
An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote |
||
22.2.24 |
U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders |
The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders |
||
22.2.24 |
New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers |
Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices |
||
21.2.24 |
Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS |
The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed |
||
21.2.24 |
New 'VietCredCare' Stealer Targeting Facebook Advertisers in Vietnam |
Facebook advertisers in Vietnam are the target of a previously unknown information stealer dubbed VietCredCare at least since August 2022. The |
||
21.2.24 |
Signal Introduces Usernames, Allowing Users to Keep Their Phone Numbers Private |
End-to-end encrypted (E2EE) messaging app Signal said it's piloting a new feature that allows users to create unique usernames (not to be confused |
||
21.2.24 |
Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks |
Cybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-related |
||
21.2.24 |
Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know |
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. |
||
21.2.24 |
VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk |
VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as |
||
21.2.24 |
New Migo Malware Targeting Redis Servers for Cryptocurrency Mining |
A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on |
||
20.2.24 |
LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released |
The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as intelligence pertaining to its |
||
20.2.24 |
New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics |
Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a |
||
20.2.24 |
New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide |
North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a joint |
||
20.2.24 |
Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now |
ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a |
||
20.2.24 | WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites |
A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible |
||
20.2.24 |
Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative |
Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This |
||
20.2.24 |
LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid |
Update: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details . An international law |
||
19.2.24 |
Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices |
Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates |
||
19.2.24 |
Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries |
The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed |
||
19.2.24 |
Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws |
Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross- |
||
19.2.24 |
Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor |
The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new |
||
18.2.24 |
Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon) |
Insidious Taurus (aka Volt Typhoon) is identified by U.S. government agencies and international government partners as People’s Republic of China (PRC) state-sponsored cyber actors. |
||
18.2.24 |
This article provides technical analysis on a zero-day vulnerability affecting QNAP Network Attached Storage (NAS) devices. |
|||
18.2.24 |
THE RISKS OF THE #MONIKERLINK BUG IN MICROSOFT OUTLOOK AND THE BIG PICTURE |
Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. |
||
18.2.24 |
This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation. |
|||
18.2.24 |
How are attackers using QR codes in phishing emails and lure documents? |
QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after. |
||
18.2.24 |
Cyber-insurance and vulnerability scanning – Week in security with Tony Anscombe |
Here's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals |
||
18.2.24 |
||||
18.2.24 |
The art of digital sleuthing: How digital forensics unlocks the truth |
|||
18.2.24 |
Deepfakes in the global election year of 2024: A weapon of mass deception? |
|||
18.2.24 |
Microsoft says it fixed a Windows Metadata server issue that’s still broken |
Microsoft claims to have fixed Windows Metadata connection issues which continue to plague customers, causing problems for users trying to manage their printers and other hardware. |
||
18.2.24 |
US offers up to $15 million for tips on ALPHV ransomware gang |
The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. |
||
18.2.24 |
RansomHouse gang automates VMware ESXi attacks with new MrAgent tool |
The RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors. |
||
18.2.24 |
FBI disrupts Russian Moobot botnet infecting Ubiquiti routers |
The FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks. |
||
18.2.24 |
OpenAI has removed accounts used by state-sponsored threat groups from Iran, North Korea, China, and Russia, that were abusing its artificial intelligence chatbot, ChatGPT. |
|||
18.2.24 |
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs |
Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched. |
||
18.2.24 |
Three critical application security flaws scanners can’t detect |
In this article, Outpost24 explains three key limitations of automated vulnerability scanners, emphasizing the significance of manual pen testing in enhancing security. |
||
18.2.24 |
Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data. |
|||
18.2.24 |
New Qbot malware variant uses fake Adobe installer popup for evasion |
The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December. |
||
18.2.24 |
New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraud |
A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. |
||
18.2.24 |
Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. |
|||
18.2.24 |
The LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "confidential" documents if a ransom is not paid. |
|||
18.2.24 |
Zoom patches critical privilege elevation flaw in Windows apps |
The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network. |
||
18.2.24 |
New critical Microsoft Outlook RCE bug is trivial to exploit |
Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View. |
||
18.2.24 |
Microsoft Exchange update enables Extended Protection by default |
Microsoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update (aka CU14). |
||
18.2.24 |
German battery maker Varta halts production after cyberattack |
Battery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants. |
||
18.2.24 |
Ubuntu 'command-not-found' tool can be abused to spread malware |
A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. |
||
18.2.24 |
Trans-Northern Pipelines investigating ALPHV ransomware attack claims |
Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang. |
||
18.2.24 |
The DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices. |
|||
18.2.24 |
Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. |
|||
18.2.24 |
Hackers used new Windows Defender zero-day to drop DarkMe malware |
Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT). |
||
18.2.24 |
FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty |
A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. |
||
17.2.24 |
Hackers used new Windows Defender zero-day to drop DarkMe malware |
Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT). |
||
17.2.24 |
Windows 10 KB5034763 update released with new fixes, changes |
Microsoft has released the KB5034763 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes a small number of changes, including the continued rollout of changes to comply with Europe's Digital Markets Act (DMA). |
||
17.2.24 |
200,000 Facebook Marketplace user records leaked on hacking forum |
A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users. |
||
17.2.24 |
Integris Health says data breach impacts 2.4 million patients |
Integris Health has reported to U.S. authorities that the data breach it suffered last November exposed personal information belonging to almost 2.4 million people. |
||
17.2.24 |
Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws |
Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days. |
||
17.2.24 |
Microsoft has released the KB5034765 cumulative update for Windows versions 23H2 and 22H2 to fix several bugs in the OS, including an issue that causes problems with the Start menu. |
|||
17.2.24 |
Hackers mint 1.79 billion crypto tokens from PlayDapp gaming platform |
Hackers are believed to have used a stolen private key to mint and steal over 1.79 billion PLA tokens, a cryptocurrency used within the PlayDapp ecosystem. |
||
17.2.24 |
The Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns. |
|||
17.2.24 |
Microsoft Teams is susceptible to a growing number of cybersecurity threats as its massive user base is an attractive target for cybercriminals. Learn more from Adaptive Shield on how to increase your Microsoft Teams security posture. |
|||
17.2.24 |
Bank of America warns customers of data breach after vendor hack |
Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year. |
||
17.2.24 |
FBI seizes Warzone RAT infrastructure, arrests malware vendor |
The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation. |
||
17.2.24 |
FCC orders telecom carriers to report PII data breaches within 30 days |
Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. |
||
17.2.24 |
Ongoing Microsoft Azure account hijacking campaign targets executives |
A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives. |
||
17.2.24 |
CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks. |
|||
17.2.24 |
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor |
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. |
||
17.2.24 |
Free Rhysida ransomware decryptor for Windows exploits RNG flaw |
South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free. |
||
17.2.24 |
Ransomware attack forces 100 Romanian hospitals to go offline |
100 hospitals across Romania have taken their systems offline after a ransomware attack hit their healthcare management system. |
||
17.2.24 |
ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. |
|||
17.2.24 |
Google Open Sources Magika: AI-Powered File Identification Tool |
Efficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction |
||
17.2.24 |
CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive |
||
17.2.24 |
RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job Offers |
Multiple companies operating in the cryptocurrency sector are the target of an ongoing malware campaign that involves a newly discovered Apple |
||
17.2.24 |
Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks |
A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon |
||
16.2.24 |
U.S. State Government Network Breached via Former Employee's Account |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network |
||
16.2.24 |
U.S. Government Disrupts Russian-Linked Botnet Engaged in Cyber Espionage |
The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that |
||
16.2.24 |
Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor |
The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign |
||
16.2.24 |
Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries |
A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring |
||
16.2.24 |
Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks |
A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, |
||
15.2.24 |
Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation |
Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a |
||
15.2.24 |
Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks |
Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models |
||
15.2.24 |
Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages |
Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their |
||
15.2.24 |
Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses |
The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new |
||
15.2.24 |
DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability |
A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called |
||
15.2.24 |
Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days |
Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, |
||
15.2.24 |
Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit |
The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface ( UEFI ) bootkit |
||
15.2.24 |
PikaBot Resurfaces with Streamlined Code and Deceptive Tactics |
The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of |
||
15.2.24 |
Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures |
Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a |
||
15.2.24 |
Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube |
||
12.2.24 |
Rhysida Ransomware Cracked, Free Decryption Tool Released |
|||
12.2.24 |
CISA and OpenSSF Release Framework for Package Repository Security |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it's partnering with the Open Source Security Foundation (OpenSSF) |
||
12.2.24 |
Microsoft Introduces Linux-Like 'sudo' Command to Windows 11 |
Microsoft said it's introducing Sudo for Windows 11 as part of an early preview version to help users execute commands with administrator |
||
12.2.24 |
U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders |
The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the |
||
12.2.24 |
U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators |
The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) |
||
10.2.24 |
Raspberry Robin malware evolves with early access to Windows exploits |
Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. |
||
10.2.24 |
UK to replace physical biometric immigration cards with e-visas |
By 2025, Britain is set to ditch physical immigration documents like Biometric Residence Permits (BRPs) and Biometric Residence Cards (BRCs) in a bid to make its borders digital, in-line with developed countries like Australia. Understand what these Home Office changes mean for existing BRP and BRC holders, and what you need to do. |
||
10.2.24 |
CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday. |
|||
10.2.24 |
The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars. |
|||
10.2.24 |
Microsoft: Outlook clients not syncing over Exchange ActiveSync |
Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. |
||
10.2.24 |
New RustDoor macOS malware impersonates Visual Studio update |
A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang. |
||
10.2.24 |
Americans lost record $10 billion to fraud in 2023, FTC warns |
The U.S. Federal Trade Commission (FTC) says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year. |
||
10.2.24 |
New Fortinet RCE flaw in SSL VPN likely exploited in attacks |
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. |
||
10.2.24 |
Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. |
|||
10.2.24 |
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. |
|||
10.2.24 |
The ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups. |
|||
10.2.24 |
Two new 1-day LPE exploits were used by the Raspberry Robin worm before they were publicly disclosed, which means that Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time. |
|||
10.2.24 |
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization |
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.” |
||
10.2.24 |
You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can 'log on' with valid account details, and outline our recommendations for defense. |
|||
10.2.24 |
OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges |
Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with Ve |
||
10.2.24 |
Ransomware payments hit a record high in 2023 – Week in security with Tony Anscombe |
Called a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous year |
||
10.2.24 |
||||
10.2.24 |
Left to their own devices: Security for employees using personal devices for work |
|||
10.2.24 |
Could your Valentine be a scammer? How to avoid getting caught in a bad romance |
|||
10.2.24 |
Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS Devices |
Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023. The backdoor, |
||
10.2.24 |
Raspberry Robin Malware Upgrades with Discord Spread and New Exploits |
The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be |
||
9.2.24 |
Ivanti: Patch new Connect Secure auth bypass bug immediately |
Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. |
||
9.2.24 |
Microsoft unveils new 'Sudo for Windows' feature in Windows 11 |
Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals. |
||
9.2.24 |
Android XLoader malware can now auto-execute after installation |
A new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch. |
||
9.2.24 |
US offers $10 million for tips on Hive ransomware leadership |
The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang. |
||
9.2.24 |
LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. |
|||
9.2.24 |
Data breaches at Viamedis and Almerys impact 33 million in France |
Data breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country. |
||
9.2.24 |
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure |
Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution. |
||
9.2.24 |
Facebook ads push new Ov3r_Stealer password-stealing malware |
A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. |
||
9.2.24 |
Denmark orders schools to stop sending student data to Google |
The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools. |
||
9.2.24 |
Chinese hackers hid in US infrastructure network for 5 years |
The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies. |
||
9.2.24 |
Google tests blocking side-loaded Android apps with risky permissions |
Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions. |
||
9.2.24 |
Critical Cisco bug exposes Expressway gateways to CSRF attacks |
Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks. |
||
9.2.24 |
No, 3 million electric toothbrushes were not used in a DDoS attack |
A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack. |
||
9.2.24 |
Critical Cisco bug exposes Expressway gateways to CSRF attacks |
Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks. |
||
9.2.24 |
No, 3 million electric toothbrushes were not used in a DDoS attack |
A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack. |
||
9.2.24 |
Critical flaw in Shim bootloader impacts major Linux distros |
A critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms. |
||
9.2.24 |
With cyberattacks happening everyday, how can we apply zero trust principles towards keeping our Active Directory secure? Learn more from Specops Software on how to apply zero trust principles. |
|||
9.2.24 |
MoqHao Android Malware Evolves with Auto-Execution Capability |
Threat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiring |
||
9.2.24 |
New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack |
Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote . "This malware utilizes the |
||
9.2.24 |
Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation |
Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 |
||
9.2.24 |
Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways |
Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow |
||
9.2.24 |
Stealthy Zardoor Backdoor Targets Saudi Islamic Charity Organization |
An unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop a |
||
8.2.24 |
Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade |
The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some |
||
8.2.24 |
HijackLoader Evolves: Researchers Decode the Latest Evasion Methods |
The threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to be |
||
8.2.24 |
Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in Singapore |
Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to |
||
8.2.24 |
Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea |
The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called |
||
8.2.24 |
Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products |
Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited |
||
8.2.24 |
After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back |
The threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands to |
||
7.2.24 |
Chinese Volt Typhoon state hackers failed to revive a botnet recently taken down by the FBI, which was previously used in attacks targeting critical infrastructure across the United States. |
|||
7.2.24 |
Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs. |
|||
7.2.24 |
Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error |
It turns out that critical Fortinet FortiSIEM vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 are not new and have been published this year in error. |
||
7.2.24 |
A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands. |
|||
7.2.24 |
Data breach at French healthcare services firm puts millions at risk |
French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country. |
||
7.2.24 |
JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. |
|||
7.2.24 |
Google says spyware vendors behind most zero-days it discovers |
Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide. |
||
7.2.24 |
Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information. |
|||
7.2.24 |
Hackers steal data of 2 million in SQL injection, XSS attacks |
A threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site scripting (XSS) attacks. |
||
7.2.24 |
Microsoft Outlook December updates trigger ICS security alerts |
Microsoft is investigating an issue that triggers Outlook security alerts when trying to open .ICS calendar files after installing December 2023 Patch Tuesday Office security updates. |
||
7.2.24 |
Secretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States. |
|||
7.2.24 |
HPE investigates new breach after data for sale on hacking forum |
Hewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information. |
||
7.2.24 |
An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers. |
|||
7.2.24 |
Microsoft is bringing the Linux sudo command to Windows Server |
Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications. |
||
7.2.24 |
Microsoft is bringing the Linux sudo command to Windows Server |
Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications. |
||
7.2.24 |
Leaky Vessels flaws allow hackers to escape Docker, runc containers |
Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. |
||
7.2.24 |
Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux Distros |
The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code |
||
7.2.24 |
Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse |
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, |
||
7.2.24 |
Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network |
Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This |
||
7.2.24 |
Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now |
JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) |
||
6.2.24 |
Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials |
Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer |
||
6.2.24 |
High Severity Flaws Found in Azure HDInsight Spark, Kafka, and Hadoop Services |
Three new security vulnerabilities have been discovered in Azure HDInsight's Apache Hadoop , Kafka , and Spark services that could be exploited to |
||
6.2.24 |
Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data |
Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented |
||
6.2.24 |
Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation |
A recently disclosed server-side request forgery ( SSRF ) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come |
||
6.2.24 |
U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware Surveillance |
The U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of |
||
6.2.24 |
Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering |
A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to |
||
5.2.24 |
Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware |
The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote |
||
5.2.24 |
Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan |
The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO |
||
5.2.24 |
New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw |
The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to |
||
4.2.24 |
Clorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident. |
|||
4.2.24 |
Check if you're in Google Chrome's third-party cookie phaseout test |
Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. |
||
4.2.24 |
Mastodon vulnerability allows attackers to take over accounts |
Mastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account. |
||
4.2.24 |
The Week in Ransomware - February 2nd 2024 - No honor among thieves |
Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. |
||
4.2.24 |
AnyDesk says hackers breached its production servers, reset passwords |
AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. |
||
4.2.24 |
Lurie Children's Hospital took systems offline after cyberattack |
Lurie Children's Hospital in Chicago was forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances. |
||
4.2.24 |
BTC-e server admin indicted for laundering ransom payments, stolen crypto |
Aliaksandr Klimenka, a Belarusian and Cypriot national, has been indicted in the U.S. for his involvement in an international cybercrime money laundering operation. |
||
4.2.24 |
Interpol operation Synergia takes down 1,300 servers used for cybercrime |
An international law enforcement operation code-named 'Synergia' has taken down over 1,300 command and control servers used in ransomware, phishing, and malware campaigns. |
||
4.2.24 |
FTC orders Blackbaud to boost security after massive data breach |
Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. |
||
4.2.24 |
Cloudflare disclosed today that its internal Atlassian server was breached by a suspected 'nation state attacker' who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system. |
|||
4.2.24 |
Microsoft fixes connection issue affecting Outlook email apps |
Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. |
||
4.2.24 |
More Android apps riddled with malware spotted on Google Play |
An Android remote access trojan (RAT) known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. |
||
4.2.24 |
The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. |
|||
4.2.24 |
Google has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update. |
|||
4.2.24 |
Free unofficial patches are available for a new Windows zero-day vulnerability dubbed 'EventLogCrasher' that lets attackers remotely crash the Event Log service on devices within the same Windows domain. |
|||
4.2.24 |
Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019. We found this activity as part of the Unit 42 Managed Threat Hunting offering. |
|||
4.2.24 |
ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign |
Unit 42 researchers discovered a large-scale campaign we call ApateWeb that uses a network of over 130,000 domains to deliver scareware, potentially unwanted programs (PUPs) and other scam pages. |
||
4.2.24 |
Unit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most active groups based on leak site data we’ve gathered. |
|||
4.2.24 |
During our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. |
|||
4.2.24 |
Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter. |
|||
4.2.24 |
OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges |
Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with Ve |
||
4.2.24 |
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers |
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system. |
||
4.2.24 |
Grandoreiro banking malware disrupted – Week in security with Tony Anscombe |
The banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windows |
||
4.2.24 |
||||
4.2.24 |
ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora |
|||
4.2.24 |
ESET takes part in global operation to disrupt the Grandoreiro banking trojan |
|||
4.2.24 |
||||
4.2.24 |
Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony Anscombe |
|||
4.2.24 |
||||
4.2.24 |
NSPX30: A sophisticated AitM-enabled implant evolving since 2005 |
|||
4.2.24 |
Break the fake: The race is on to stop AI voice cloning scams |
|||
3.2.24 |
CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday |
CISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday. |
||
3.2.24 |
Hackers push USB malware payloads via news, media hosting sites |
A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. |
||
3.2.24 |
Police seize record 50,000 Bitcoin from now-defunct piracy site |
The police in Saxony, eastern Germany, have seized 50,000 Bitcoin from the former operator of the pirate site movie2k.to through a voluntary deposit to a state-controlled wallet. |
||
3.2.24 |
Europcar denies data breach of 50 million users, says data is fake |
Car rental company Europcar says it has not suffered a data breach and that shared customer data is fake after a threat actor claimed to be selling the personal info of 50 million customers. |
||
3.2.24 |
Exploit released for Android local elevation flaw impacting 7 OEMs |
A proof-of-concept (PoC) exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers (OEMs) is now publicly available on GitHub. However, as the exploit requires local access, its release will mostly be helpful to researchers. |
||
3.2.24 |
CISA warns of patched iPhone kernel bug now exploited in attacks |
CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks. |
||
3.2.24 |
FBI disrupts Chinese botnet by wiping malware from infected routers |
The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. |
||
3.2.24 |
CISA: Vendors must secure SOHO routers against Volt Typhoon attacks |
CISA has urged manufacturers of small office/home office (SOHO) routers to ensure their devices' security against ongoing attacks attempting to hijack them, especially those coordinated by Chinese state-backed hacking group Volt Typhoon (Bronze Silhouette). |
||
3.2.24 |
Johnson Controls says ransomware attack cost $27 million, data stolen |
Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data. |
||
3.2.24 |
Ivanti warns of new Connect Secure zero-day exploited in attacks |
Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation. |
||
3.2.24 |
New Linux glibc flaw lets attackers get root on major distros |
Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc). |
||
3.2.24 |
Online ransomware decryptor helps recover partially encrypted files |
CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption. |
||
3.2.24 |
The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack. |
|||
3.2.24 |
Vastaamo hacker traced via ‘untraceable’ Monero transactions, police says |
Julius Aleksanteri Kivimäki, the suspect believed to be behind an attack against one of Finland's largest psychotherapy clinics, Vastaamo, was allegedly identified by tracing what has been believed to be untraceable Monero transactions. |
||
3.2.24 |
A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. |
|||
3.2.24 |
Microsoft Teams phishing pushes DarkGate malware via group chats |
New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems. |
||
3.2.24 |
Citibank sued over failure to defend customers against hacks, fraud |
New York Attorney General Letitia James sued Citibank over its alleged failure to defend customers against hacks and scams and refusal to reimburse victims after allowing fraudsters to steal millions from their accounts. |
||
3.2.24 |
Police disrupt Grandoreiro banking malware operation, make arrests |
The Federal Police of Brazil and cybersecurity researchers have disrupted the Grandoreiro banking malware operation, which has been targeting Spanish-speaking countries with financial fraud since 2017. |
||
3.2.24 |
Keenan warns 1.5 million people of data breach after summer cyberattack |
Keenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack. |
||
3.2.24 |
U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks |
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian |
||
3.2.24 |
Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account |
The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. |
||
3.2.24 |
AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset |
Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German |
||
3.2.24 |
Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks |
Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, |
||
3.2.24 |
DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking |
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain |
||
3.2.24 |
Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents |
A former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New York |
||
3.2.24 |
INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs |
An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP |
||
3.2.24 |
Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs |
Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized |
||
2.2.24 |
45k Jenkins servers exposed to RCE attacks using public exploits |
Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation. |
||
2.2.24 |
Keenan warns 1.5 million people of data breach after summer cyberattack |
Keenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack. |
||
2.2.24 |
Energy giant Schneider Electric hit by Cactus ransomware attack |
Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. |
||
2.2.24 |
Microsoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account. |
|||
2.2.24 |
FBI: Tech support scams now use couriers to collect victims' money |
Today, the FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams. |
||
2.2.24 |
Ransomware payments drop to record low as victims refuse to pay |
The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware. |
||
2.2.24 |
DHS employees jailed for stealing data of 200K U.S. govt workers |
Three former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees. |
||
2.2.24 |
Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. |
|||
2.2.24 |
The Week in Ransomware - January 26th 2024 - Govts strike back |
Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. |
||
2.2.24 |
Kansas City public transportation authority hit by ransomware |
The Kansas City Area Transportation Authority (KCATA) announced it was targeted by a ransomware attack on Tuesday, January 23. |
||
2.2.24 |
Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. |
|||
2.2.24 |
FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network |
The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to |
||
2.2.24 |
Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking Campaign |
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat . |
||
2.2.24 |
U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO Routers |
The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) |
||
2.2.24 |
HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining |
Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world |
||
2.2.24 |
Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities |
Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups |
||
2.2.24 |
CISA Warns of Active Exploitation of Flaw in Apple iOS and macOS |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, |
||
1.2.24 |
Microsoft has launched flighting for Windows Server systems enrolled in its Windows Insider open software testing program. |
|||
1.2.24 |
Ukraine: Hack wiped 2 petabytes of data from Russian research center |
The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data. |
||
1.2.24 |
Microsoft reveals how hackers breached its Exchange Online accounts |
Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. |
||
1.2.24 |
Role of Wazuh in building a robust cybersecurity architecture |
Leveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits. Learn more from Wazuh about the benefits of open source solutions. |
||
1.2.24 |
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice |
The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. |
Congress |
|
1.2.24 |
23andMe data breach: Hackers stole raw genotype data, health reports |
Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. |
||
1.2.24 |
Blackwood hackers hijack WPS Office update to install malware |
A previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals. |
||
1.2.24 |
Russian TrickBot malware dev sentenced to 64 months in prison |
Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide. |
||
1.2.24 |
iPhone apps abuse iOS push notifications to collect user data |
Numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking. |
||
1.2.24 |
Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo |
Security researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition. |
Congress |
|
1.2.24 |
Cisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue. |
|||
1.2.24 |
Hackers target WordPress database plugin active on 1 million sites |
Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours. |
||
1.2.24 |
HPE: Russian hackers breached its security team’s email accounts |
Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. |
||
1.2.24 |
VexTrio TDS: Inside a massive 70,000-domain cybercrime operation |
A previously unknown traffic distribution system (TDS) named 'VexTrio' has been active since at least 2017, aiding 60 affiliates in their cybercrime operations through a massive network of 70,000 sites. |
||
1.2.24 |
Over 5,300 GitLab servers exposed to zero-click account takeover attacks |
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month. |
||
1.2.24 |
The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware. |
|||
1.2.24 |
Global fintech firm EquiLend offline after recent cyberattack |
New York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in a Monday cyberattack. |
||
1.2.24 |
How to secure AD passwords without sacrificing end-user experience |
To increase password security, regulatory bodies recommend longer and unique passwords. Despite this, many still stick to using the same easy-to-guess passwords for the sake of convenience. |
||
1.2.24 |
Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024 |
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits. |
Congress |
|
1.2.24 |
Windows 11 KB5034204 update fixes Bluetooth audio issues, 24 bugs |
Microsoft released the January 2024 preview update for Windows 11 versions 22H2 and 23H2, which comes with Bluetooth audio bug fixes and addresses 24 known issues. |
||
1.2.24 |
Microsoft: Recent updates cause Sysprep Windows validation errors |
Microsoft says admins are seeing 0x80073cf2 errors when using the System Preparation (Sysprep) tool to validate Windows installations for deployment after installing recent Windows 10 updates. |
||
1.2.24 |
RunC Flaws Enable Container Escapes, Granting Attackers Host Access |
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the |
||
1.2.24 |
Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation |
Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. |
||
1.2.24 |
Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware |
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for |
||
1.2.24 |
The SEC Won't Let CISOs Be: Understanding New SaaS Cybersecurity Rules |
The SEC isn't giving SaaS a free pass. Applicable public companies, known as "registrants," are now subject to cyber incident disclosure and cybersecurity |
||
1.2.24 |
Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware |
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in |
||
1.2.24 |
Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware |
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust- |
||
1.2.24 |
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros |
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka |
||