H January(270) February(364) March(400) April(276) May(343) June(373) July(4) August(0) September(0) October(0) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
31.1.24 |
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal. |
|||
31.1.24 |
Water services giant Veolia North America hit by ransomware attack |
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. |
||
31.1.24 |
Trello API abused to link email addresses to 15 million accounts |
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. |
||
31.1.24 |
X, formerly Twitter, announced today that iOS users in the United States can now log into their accounts using passkeys. |
|||
31.1.24 |
Kasseika ransomware uses antivirus driver to kill other antiviruses |
A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. |
||
31.1.24 |
Microsoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act (DMA) compliance in the European Economic Area (EEA) to allow European users to uninstall all apps in Windows by March 6. |
|||
31.1.24 |
Jason’s Deli says customer data exposed in credential stuffing attack |
Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks. |
||
31.1.24 |
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now |
Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user. |
||
31.1.24 |
US, UK, Australia sanction REvil hacker behind Medibank data breach |
The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. |
||
31.1.24 |
The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. |
|||
31.1.24 |
Cracked macOS apps drain wallets using scripts fetched from DNS records |
Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts. |
||
31.1.24 |
Malicious web redirect scripts stealth up to hide on hacked sites |
Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms. |
||
31.1.24 |
Apple fixes first zero-day bug exploited in attacks this year |
Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. |
||
31.1.24 |
Ivanti: VPN appliances vulnerable if pushing configs after mitigation |
Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. |
||
31.1.24 |
loanDepot cyberattack causes data breach for 16.6 million people |
Mortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier this month. |
||
31.1.24 |
Trezor support site breach exposes personal data of 66,000 customers |
Trezor issued an alert following a security breach on January 17, 2024, when unauthorized access was gained to their third-party support ticketing portal. |
||
31.1.24 |
Hackers start exploiting critical Atlassian Confluence RCE flaw |
Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers. |
||
31.1.24 |
Tietoevry ransomware attack causes outages for Swedish firms, cities |
Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered an Akira ransomware attack impacting cloud hosting customers in one of its data centers in Sweden. |
||
31.1.24 |
Watch out for "I can't believe he is gone" Facebook phishing posts |
A widespread Facebook phishing campaign stating, "I can't believe he is gone. I'm gonna miss him so much," leads unsuspecting users to a website that steals your Facebook credentials. |
||
31.1.24 |
Brave to end 'Strict' fingerprinting protection as it breaks websites |
Brave Software has announced plans to deprecate the 'Strict' fingerprinting protection mode in its privacy-focused Brave Browser because it causes many sites to function incorrectly. |
||
31.1.24 |
Brazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top Operatives |
A Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil |
||
31.1.24 |
URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite |
GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to |
||
31.1.24 |
China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz |
The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin |
||
31.1.24 |
Italian Data Protection Watchdog Accuses ChatGPT of Privacy Violations |
Italy's data protection authority (DPA) has notified ChatGPT-maker OpenAI of supposedly violating privacy laws in the region. "The available evidence pointed |
||
31.1.24 |
New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility |
Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure was |
||
30.1.24 |
Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws |
Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to |
||
30.1.24 |
Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords |
A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when |
||
30.1.24 |
Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and Golang |
Cybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust . Fortinet FortiGuard Labs, which |
||
29.1.24 |
NSA Admits Secretly Buying Your Internet Browsing Data without Warrants |
The U.S. National Security Agency (NSA) has admitted to buying internet browsing records from data brokers to identify the websites and apps |
||
29.1.24 |
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines |
Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information |
||
27.1.24 |
AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks |
Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access |
||
26.1.24 |
Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom |
|||
26.1.24 |
Malicious Ads on Google Target Chinese Users with Fake Messaging Apps |
Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising |
||
26.1.24 |
Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs |
Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have |
||
26.1.24 |
Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree |
40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot |
||
26.1.24 |
Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems |
Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could |
||
26.1.24 |
From Megabits to Terabits: Gcore Radar Warns of a New Era of DDoS Attacks |
As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track |
||
26.1.24 |
SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks |
Cybersecurity researchers have shed light on the command-and-control (C2) server workings of a known malware family called SystemBC . "SystemBC can |
||
26.1.24 |
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP! |
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved |
||
26.1.24 |
LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks |
Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks. The findings |
||
25.1.24 |
China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware |
A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from |
||
25.1.24 |
New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits |
A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised |
||
24.1.24 |
Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach |
Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud email |
||
24.1.24 |
Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters |
Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors |
||
24.1.24 |
Kasseika Ransomware Using BYOVD Trick to Disarm Security Pre-Encryption |
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver ( BYOVD ) attack to disarm security- |
||
24.1.24 |
U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach |
Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware |
||
23.1.24 |
VexTrio: The Uber of Cybercrime - Brokering Malware for 60+ Affiliates |
The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of |
||
23.1.24 |
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub |
Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from |
||
23.1.24 |
"Activator" Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets |
Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system |
||
23.1.24 |
BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time |
Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of |
||
23.1.24 |
~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation |
Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence |
||
23.1.24 |
Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now |
Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active |
||
23.1.24 |
North Korean Hackers Weaponize Research Lures to Deliver RokRAT Backdoor |
Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known |
||
23.1.24 |
MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries |
Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply |
||
22.1.24 |
NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers |
Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from |
||
22.1.24 |
FTC Bans InMarket for Selling Precise User Location Without Consent |
The U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location |
||
22.1.24 |
Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks |
Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver |
||
21.1.24 |
Court charges dev with hacking after cybersecurity issue disclosure |
A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorized access to external computer systems and spying on data. |
||
21.1.24 |
Researchers link 3AM ransomware to Conti, Royal cybercrime gangs |
Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang. |
||
21.1.24 |
Meta won't remove fake Instagram profiles that are clearly catfishing |
Meta seems to be falling short of effectively tackling fake Instagram profiles even when there are sufficient signs to indicate that a profile is misusing someone else's photos and identity. |
||
21.1.24 |
Russian hackers stole Microsoft corporate emails in month-long breach |
Microsoft warned Friday night that some of its corporate email accounts were breached and data stolen by a Russian state-sponsored hacking group known as Midnight Blizzard. |
||
21.1.24 |
BreachForums hacking forum admin sentenced to 20 years supervised release |
Conor Brian Fitzpatrick was sentenced to 20 years of supervised release today in the Eastern District of Virginia for operating the notorious BreachForums hacking forum, known for the sale and leaking of personal data for hundreds of millions of people worldwide. |
||
21.1.24 |
Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. |
|||
21.1.24 |
CISA emergency directive: Mitigate Ivanti zero-days immediately |
CISA issued this year's first emergency directive ordering Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate two Ivanti Connect Secure and Ivanti Policy Secure zero-day flaws in response to |
||
21.1.24 |
FTC bans one more data broker from selling your location info |
The U.S. Federal Trade Commission (FTC) continues to target data brokers, this time in a settlement with InMarket Media, which bans the company from selling Americans' precise location data. |
||
21.1.24 |
Chinese hackers exploit VMware bug as zero-day for two years |
A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021. |
||
21.1.24 |
Vans, North Face owner says ransomware breach affects 35 million people |
VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35 million customers had their personal information stolen in a December ransomware attack. |
||
21.1.24 |
VMware confirms critical vCenter flaw now exploited in attacks |
VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation. |
||
21.1.24 |
TeamViewer abused to breach networks in new ransomware attacks |
Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. |
||
21.1.24 |
Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years |
An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been |
||
20.1.24 |
This campaign is unique in its methodology, employing a source spoofing technique to target a broad spectrum of token holders. It specifically focuses on more than 100 highly popular projects, aiming its attacks at token holders. |
|||
20.1.24 |
A traffic direction system (TDS) nicknamed Parrot TDS has been publicly reported as active since October 2021. Websites with Parrot TDS have malicious scripts injected into existing JavaScript code hosted on the server. |
|||
20.1.24 |
Why many CISOs consider quitting – Week in security with Tony Anscombe |
The job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failings |
||
20.1.24 |
||||
20.1.24 |
Is Temu safe? What to know before you ‘shop like a billionaire’ |
|||
20.1.24 |
The 7 deadly cloud security sins and how SMBs can do things better |
|||
20.1.24 |
CISA: Critical Ivanti auth bypass bug now actively exploited |
CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) and MobileIron Core device management software (patched in August 2023) is now under active exploitation. |
||
20.1.24 |
Kansas State University cyberattack disrupts IT network and services |
Kansas State University (K-State) announced it is managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services on Canvas and Mediasite. |
||
20.1.24 |
Appliances giant Haier reportedly issued a takedown notice to a software developer for creating Home Assistant integration plugins for the company's home appliances and releasing them on GitHub. |
|||
20.1.24 |
US govt wants BreachForums admin sentenced to 15 years in prison |
The United States government has recommended that Conor Brian Fitzpatrick, the creator and lead administrator of the now-defunct BreachForums hacking forums, receive a sentence of 15 years in prison. |
||
20.1.24 |
Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets |
Learn how threat actors utilize credentials to break into privileged IT infrastructure to create data breaches and distribute ransomware. |
||
20.1.24 |
Google: Russian FSB hackers deploy new Spica backdoor malware |
Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool. |
||
20.1.24 |
A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy. |
|||
20.1.24 |
Have I Been Pwned adds 71 million emails from Naz.API stolen account list |
Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. |
||
20.1.24 |
Microsoft: Iranian hackers target researchers with new MediaPl malware |
Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. |
||
20.1.24 |
Bigpanzi botnet infects 170,000 Android TV boxes with malware |
A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. |
||
20.1.24 |
CISA pushes federal agencies to patch Citrix RCE within a week |
Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks. |
||
20.1.24 |
iShutdown scripts can help detect iOS spyware on your iPhone |
Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events. |
||
20.1.24 |
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks |
A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. |
||
20.1.24 |
GitHub rotates keys to mitigate impact of credential-exposing flaw |
GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. |
||
20.1.24 |
CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch |
||
20.1.24 |
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack |
Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from |
||
20.1.24 |
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware |
The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families |
||
19.1.24 |
MacOS info-stealers quickly evolve to evade XProtect detection |
Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently. |
||
19.1.24 |
Citrix warns of new Netscaler zero-days exploited in attacks |
Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities. |
||
19.1.24 |
Google fixes first actively exploited Chrome zero-day of 2024 |
Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. |
||
19.1.24 |
The Calvià City Council in Majorca announced it was targeted by a ransomware attack on Saturday, which impacted municipal services. |
|||
19.1.24 |
FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials |
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. |
||
19.1.24 |
PixieFail flaws impact PXE network boot in enterprise systems |
A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers. |
||
19.1.24 |
Atlassian warns of critical RCE flaw in older Confluence versions |
Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. |
||
19.1.24 |
Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) appliances are now under mass exploitation. |
|||
19.1.24 |
US court docs expose fake antivirus renewal phishing tactics |
In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails. |
||
19.1.24 |
Microsoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability. |
|||
19.1.24 |
Windows SmartScreen flaw exploited to drop Phemedrone malware |
A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files. |
||
19.1.24 |
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks |
Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks. |
||
19.1.24 |
Latest Adblock update causes massive YouTube performance hit |
Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension. |
||
19.1.24 |
Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software |
Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected |
||
19.1.24 |
Npm Trojan Bypasses UAC, Installs AnyDesk with "Oscompatible" Package |
A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The |
||
19.1.24 |
U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile |
||
19.1.24 |
New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic |
Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the |
||
19.1.24 |
Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware |
The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever |
||
19.1.24 |
TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks |
Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could |
||
19.1.24 |
In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard |
|||
19.1.24 |
PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft |
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified |
||
18.1.24 |
Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts |
High-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S. |
||
18.1.24 |
PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions |
The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat |
||
18.1.24 |
Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the |
||
18.1.24 |
New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone |
Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, |
||
18.1.24 |
GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials |
GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials |
||
17.1.24 |
Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP! |
Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are |
||
17.1.24 |
Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability |
Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as |
||
17.1.24 |
Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now |
Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause |
||
17.1.24 |
The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South |
|||
16.1.24 |
Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims |
The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and |
||
16.1.24 |
Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer |
Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called |
||
16.1.24 |
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows |
Cybersecurity researchers have disclosed a now-patched security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be.. |
||
15.1.24 |
Windows 11 is gearing up to introduce an array of exciting new features in 2024 aimed at enhancing user experience across various aspects of the operating system. |
|||
15.1.24 |
GrapheneOS: Frequent Android auto-reboots block firmware exploits |
GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws |
||
15.1.24 |
Hacker spins up 1 million virtual servers to illegally mine crypto |
A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency. |
||
15.1.24 |
High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners |
Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if |
||
15.1.24 |
Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability |
Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector . First |
||
15.1.24 |
DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023 |
The environmental services industry witnessed an "unprecedented surge" in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half |
||
14.1.24 |
New Findings Challenge Attribution in Denmark's Energy Sector Cyberattacks |
The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new |
||
14.1.24 |
Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. |
|||
14.1.24 |
During our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. |
|||
14.1.24 |
Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer |
Malware, like many complex software systems, relies on the concept of software configuration. Configurations establish guidelines for malware behavior and they are a common feature among the various malware families we examine. |
||
14.1.24 |
For a malware researcher, analyst, or reverse engineer, the ability to alter the functionality of certain parts of code is a crucial step, often necessary to reach a meaningful result during the analysis process. |
|||
14.1.24 |
New decryptor for Babuk Tortilla ransomware variant released |
Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. |
||
14.1.24 |
Lessons from SEC's X account hack – Week in security with Tony Anscombe |
The cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC's X account right ahead of the much-anticipated decision about Bitcoin ETFs |
||
14.1.24 |
A peek behind the curtain: How are sock puppet accounts used in OSINT? |
|||
14.1.24 |
Attack of the copycats: How fake messaging apps and app mods could bite you |
|||
14.1.24 |
Love is in the AI: Finding love online takes on a whole new meaning |
Is AI companionship the future of not-so-human connection – and even the cure for loneliness? |
||
14.1.24 |
||||
14.1.24 |
Cybersecurity trends and challenges to watch out for in 2024 |
|||
14.1.24 |
||||
14.1.24 |
Say what you will? Your favorite speech-to-text app may be a privacy risk |
|||
13.1.24 |
Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches |
Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, |
||
13.1.24 |
29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services |
A 29-year-old Ukrainian national has been arrested in connection with running a "sophisticated cryptojacking scheme," netting them over $2 million (€1.8 |
||
13.1.24 |
The Week in Ransomware - January 12th 2024 - Targeting homeowners' data |
Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked. |
||
13.1.24 |
CISA: Critical Microsoft SharePoint bug now actively exploited |
CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution. |
||
13.1.24 |
GitLab warns of critical zero-click account hijacking vulnerability |
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. |
||
13.1.24 |
Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families |
As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day |
||
12.1.24 |
Juniper warns of critical RCE bug in its firewalls and switches |
Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. |
||
12.1.24 |
Ivanti Connect Secure zero-days exploited to deploy custom malware |
Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. |
||
12.1.24 |
Framework discloses data breach after accountant gets phished |
Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. |
||
12.1.24 |
Over 150k WordPress sites at takeover risk via vulnerable plugin |
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. |
||
12.1.24 |
Halara probes breach after hacker leaks data for 950,000 people |
Popular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum. |
||
12.1.24 |
Microsoft testing Windows 11 USB 80Gbps support, Copilot on login |
Microsoft is now testing support for the USB4 Version 2.0 specification in Windows 11, enabling transfer speeds of up to 80 Gbps over USB Type-C cables. |
||
12.1.24 |
Bitwarden adds passkey support to log into web password vaults |
The open-source Bitwarden password manager has announced that all users can now log in to their web vaults using a passkey instead of the standard username and password pairs. |
||
12.1.24 |
Microsoft shares script to update Windows 10 WinRE with BitLocker fixes |
Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass. |
||
12.1.24 |
A new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign. |
|||
12.1.24 |
Finland warns of Akira ransomware wiping NAS and tape backup devices |
The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups. |
||
12.1.24 |
Medusa Ransomware on the Rise: From Data Leaks to Physical Threats |
The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web |
||
12.1.24 |
Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks |
Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency |
||
12.1.24 |
Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its |
||
12.1.24 |
Threat Actors Increasingly Abusing GitHub for Malicious Purposes |
The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads |
||
12.1.24 |
Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy |
Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute 1 , "only 59% of organizations say |
||
12.1.24 |
New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems |
Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source |
||
12.1.24 |
New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms |
A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS |
||
11.1.24 |
Mandiant's X account hacked by crypto Drainer-as-a-Service gang |
Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack." |
||
11.1.24 |
Cisco says critical Unity Connection bug lets attackers get root |
Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. |
||
11.1.24 |
Fidelity National Financial: Hackers stole data of 1.3 million people |
Fidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers. |
||
11.1.24 |
Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack |
A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. |
||
11.1.24 |
Ivanti warns of Connect Secure zero-days exploited in attacks |
Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. |
||
11.1.24 |
Fake 401K year-end statements used to steal corporate credentials |
Threat actors are using communication about personal pension accounts (the 401(k) plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials. |
||
11.1.24 |
Windows 10 KB5034441 security update fails with 0x80070643 errors |
Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. |
||
11.1.24 |
Microsoft Exchange 2019 has reached end of mainstream support |
Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. |
||
11.1.24 |
ShinyHunters member gets 3 years in prison for breaching 60 firms |
The U.S. District Court in Seattle sentenced ShinyHunters member Sebastien Raoult to three years in prison and ordered a restitution of $5,000,000. |
||
11.1.24 |
Nigerian gets 10 years for laundering millions stolen from elderly |
A Nigerian man was sentenced on Monday to 10 years and one month in prison for conspiring to launder millions stolen from elderly victims in internet fraud schemes. |
||
11.1.24 |
US SEC’s X account hacked to announce fake Bitcoin ETF approval |
The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. |
||
11.1.24 |
China claims it cracked Apple's AirDrop to find numbers, email addresses |
A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. |
||
11.1.24 |
Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. |
|||
11.1.24 |
Today, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes. |
|||
11.1.24 |
Windows 10 KB5034122 update released with fix for shut down bug |
Microsoft has released the KB5034122 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes only a small number of fixes due to the holiday season. |
||
11.1.24 |
CISA warns agencies of fourth flaw used in Triangulation spyware attacks |
The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla. |
||
11.1.24 |
Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs |
Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities. |
||
11.1.24 |
Windows 11 KB5034123 update released with security and Wi-Fi fixes |
Microsoft has released the Windows 11 KB5034123 cumulative update for versions 23H2 and 22H2 to fix a variety of issues, including a potential Wi-Fi bug that was fixed in a KIR last month. |
||
11.1.24 |
Hackers target Microsoft SQL servers in Mimic ransomware attacks |
A group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware. |
||
11.1.24 |
Decryptor for Babuk ransomware variant released after hacker arrested |
Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator. |
||
11.1.24 |
Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach |
The Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company's business division. |
||
11.1.24 |
Criminal IP and Tenable Partner for Swift Vulnerability Detection |
Cyber Threat Intelligence (CTI) search engine Criminal IP has established a technical partnership with Tenable. Learn more from Criminal IP about how this partnership can assist in real-time vulnerability and maliciousness scans. |
||
11.1.24 |
Users of the Firefox browser for Android have been reporting that they are seeing a blank page when trying to load the main Google Search site. |
|||
11.1.24 |
Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload |
Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors |
||
11.1.24 |
The compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a |
|||
11.1.24 |
Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure |
A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to |
||
11.1.24 |
Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software |
Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary |
||
11.1.24 |
NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining |
A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. "The capabilities of |
||
10.1.24 |
Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware Victims |
A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain |
||
10.1.24 |
FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data |
The U.S. Federal Trade Commission (FTC) on Tuesday prohibited data broker Outlogic , which was previously known as X-Mode Social , from sharing or |
||
10.1.24 |
Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities |
Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are |
||
10.1.24 |
CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing |
||
10.1.24 |
Alert: Water Curupira Hackers Actively Distributing PikaBot Loader Malware |
A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. "PikaBot's |
||
10.1.24 |
Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe |
Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing |
||
9.1.24 |
The year 2023 marks a significant milestone for Windows 11 with the introduction of several new features and improvements. This includes drag and drop for the taskbar, AI, and more. |
|||
9.1.24 |
Toronto Zoo: Ransomware attack had no impact on animal wellbeing |
Toronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations. |
||
9.1.24 |
Netgear, Hyundai latest X accounts hacked to push crypto drainers |
The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. |
||
9.1.24 |
Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos |
The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers (ISPs), and Kurdish websites. |
||
9.1.24 |
Twilio will ditch its Authy desktop 2FA app in August, goes mobile only |
The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication (2FA) app. |
||
9.1.24 |
Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption. |
|||
9.1.24 |
Capital Health attack claimed by LockBit ransomware, risk of data leak |
The Lockbit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow. |
||
9.1.24 |
Securing helpdesks from hackers: What we can learn from the MGM breach |
In the wake of the MGM Resorts service desk hack, it's clear that organizations need to rethink their approach to securing their help desks. Learn more from Specops Software on how to prevent such incidents. |
||
9.1.24 |
Mortgage firm loanDepot cyberattack impacts IT systems, payment portal |
U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. |
||
9.1.24 |
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months |
A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains. |
||
9.1.24 |
Multiple implementations of the Kyber key encapsulation mechanism for quantum-safe encryption, are vulnerable to a set of flaws collectively referred to as KyberSlash, which could allow the recovery of secret keys. |
|||
9.1.24 |
Google: Malware abusing API is standard token theft, not an API issue |
Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. |
||
9.1.24 |
Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams. |
|||
9.1.24 |
Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager |
A security flaw has been disclosed in Kyocera's Device Manager product that could be exploited by bad actors to carry out malicious activities on affected |
||
9.1.24 |
Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer |
Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information |
||
9.1.24 |
Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals |
Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that's equipped to bypass |
||
7.1.24 |
Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy |
Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, "only 59% of organizations say their |
||
7.1.24 |
NIST Warns of Security and Privacy Risks from Rapid AI System Deployment |
The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of |
||
7.1.24 |
DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud |
The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace , which is estimated to |
||
7.1.24 |
North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023 |
Threat actors affiliated with the Democratic People's Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency |
||
7.1.24 |
Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies |
Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands |
||
6.1.24 |
The Week in Ransomware - January 5th 2024 - Secret decryptors |
With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. |
||
6.1.24 |
US charged 19 suspects linked to xDedic cybercrime marketplace |
The U.S. Department of Justice announced the end of a transnational investigation into the dark web xDedic cybercrime marketplace, charging 19 suspects for their involvement in running and using the market's services. |
||
6.1.24 |
BreachForums admin jailed again for using a VPN, unmonitored PC |
The administrator behind the notorious BreachForums hacking forum has been arrested again for breaking pretrial release conditions, including using an unmonitored computer and a VPN. |
||
6.1.24 |
Hackers target Apache RocketMQ servers vulnerable to RCE attacks |
Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. |
||
6.1.24 |
Web3 security firm CertiK's X account hacked to push crypto drainer |
The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. |
||
6.1.24 |
Memorial University recovers from cyberattack, delays semester start |
The Memorial University of Newfoundland (MUN) continues to deal with the effects of a cyberattack that occurred in late December and postponed the start of classes in one campus. |
||
6.1.24 |
Crypto wallet founder loses $125,000 to fake airdrop website |
A crypto wallet service co-founder shares with the world his agony after losing $125,000 to a crypto scam. The startup CEO, who at the time believed he was on a legitimate cryptocurrency airdrop website, |
||
6.1.24 |
Ivanti warns critical EPM bug lets hackers hijack enrolled devices |
Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server. |
||
6.1.24 |
Russian hackers wiped thousands of systems in KyivStar attack |
The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped all systems on the telecom operator's core network. |
||
6.1.24 |
Hackers hijack govt and business accounts on X for crypto scams |
Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams, phishing sites, and sites with crypto drainers. |
||
6.1.24 |
Zeppelin ransomware source code sold for $500 on hacking forum |
A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. |
||
6.1.24 |
FTC offers $25,000 prize for detecting AI-enabled voice cloning |
The U.S. Federal Trade Commission (FTC) has started accepting submissions for its Voice Cloning Challenge, a public competition with a $25,000 top prize for ideas that protect consumers from the danger of AI-enabled voice cloning for fraudulent activity. |
||
6.1.24 |
'everything' blocks devs from removing their own npm packages |
Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. |
||
6.1.24 |
'everything' blocks devs from removing their own npm packages |
The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. |
||
6.1.24 |
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware |
The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice . The findings come from |
||
5.1.24 |
SpectralBlur: New macOS Backdoor Threat from North Korean Hackers |
Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has |
||
5.1.24 |
Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware |
Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator |
||
5.1.24 |
Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution |
Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could |
||
5.1.24 |
Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months |
Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator |
||
5.1.24 |
New Bandook RAT Variant Resurfaces, Targeting Windows Machines |
A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows |
||
5.1.24 |
Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners |
Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a |
||
5.1.24 |
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT |
The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from |
||
4.1.24 |
Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack |
American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an.. |
||
4.1.24 |
The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. |
|||
4.1.24 |
Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. |
|||
4.1.24 |
A Nigerian national was arrested in Ghana and is facing charges related to business email compromise (BEC) attacks that caused a charitable organization in the United States to lose more than $7.5 million. |
|||
4.1.24 |
PornHub blocks North Carolina, Montana over new age verification laws |
Adult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Carolina as new age verifications laws go into effect. |
||
4.1.24 |
LastPass now requires 12-character master passwords for better security |
LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. |
||
4.1.24 |
Data breach at healthcare tech firm impacts 4.5 million patients |
HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. |
||
4.1.24 |
Nearly 11 million SSH servers vulnerable to new Terrapin attacks |
Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. |
||
4.1.24 |
CISA warns of actively exploited bugs in Chrome and Excel parsing library |
The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information |
||
4.1.24 |
Steam is no longer supported on Windows 7, Windows 8, and Windows 8.1 as of January 1, with the company recommending users upgrade to a newer operating system. |
|||
4.1.24 |
Orbit Chain loses $86 million in the last fintech hack of 2023 |
Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin. |
||
4.1.24 |
Online museum collections down after cyberattack on service provider |
Museum software solutions provider Gallery Systems has disclosed that its ongoing IT outages were caused by a ransomware attack last week. |
||
4.1.24 |
Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data |
The U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers, and a limited amount of personal information might have been exposed, according to an announcement by the parent company, Xerox Corporation. |
||
4.1.24 |
Google has officially announced it's ceasing support for Usenet groups on its Google Groups platform, a move partly attributed to the platform's increasing struggle with spam content. |
|||
4.1.24 |
Victoria court recordings exposed in reported ransomware attack |
Australia's Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack. |
||
4.1.24 |
In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. |
|||
4.1.24 |
2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. |
|||
3.1.24 |
Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset |
Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user.. |
||
3.1.24 |
SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails |
A new exploitation technique called Simple Mail Transfer Protocol ( SMTP ) smuggling can be weaponized by threat actors to send spoofed emails.. |
||
3.1.24 |
DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation |
The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it.. |
||
3.1.24 |
Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode' |
Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought.. |
||
1.1.24 |
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections |
Security researchers have detailed a new variant of a dynamic link library ( DLL ) search order hijacking technique that could be used by threat actors.. |
||
1.1.24 |
New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security |
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell ( SSH ) cryptographic network protocol that.. |
||
1.1.24 |
New JinxLoader Targeting Users with Formbook and XLoader Malware |
A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor.. |