H January(270) February(364) March(400) April(276) May(343) June(373) July(4) August(0) September(0) October(0) November(0) December(0)
DATE | NAME | Info | CATEG. | WEB |
31.3.24 | AT&T confirms data for 73 million customers leaked on hacker forum | AT&T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them. | ||
31.3.24 | Vultur banking malware for Android poses as McAfee Security app | Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism. | ||
31.3.24 | Activision: Enable 2FA to secure accounts recently stolen by malware | An infostealer malware campaign has reportedly collected millions of logins from users of various gaming websites, including players that use cheats, pay-to-cheat services. | ||
31.3.24 | Red Hat warns of backdoor in XZ tools used by most Linux distros | Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries. | ||
31.3.24 | Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords | A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command. | ||
31.3.24 | Retail chain Hot Topic hit by new credential stuffing attacks | American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data. | ||
31.3.24 | PyPI suspends new user registration to block malware campaign | The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. | ||
31.3.24 | Cisco warns of password-spraying attacks targeting VPN services | Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. | ||
31.3.24 | New Darcula phishing service targets iPhone users via iMessage | A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. | ||
31.3.24 | Windows 11 22H2 Home and Pro get preview updates until June 26 | Microsoft reminded customers today that the Windows 11 22H2 Home and Pro editions will continue to receive non-security preview updates until June 26. | ||
31.3.24 | Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition. | |||
31.3.24 | INC Ransom threatens to leak 3TB of NHS Scotland stolen data | The INC Ransom extortion gang is threatening to publish three terabytes of data allegedly stolen after breaching the National Health Service (NHS) of Scotland. | ||
31.3.24 | On March 28, 2024, Red Hat Linux announced CVE-2024-3094 with a critical CVSS score of 10. This vulnerability is a result of a supply chain compromise impacting the versions 5.6.0 and 5.6.1 of XZ Utils. XZ Utils is data compression software included in major Linux distributions. | |||
31.3.24 | Unit 42 researchers have discovered a new Broken Object Level Authorization (BOLA) vulnerability that impacts Grafana versions from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5. | |||
31.3.24 | RDP remains a security concern – Week in security with Tony Anscombe | Much has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a result | ||
31.3.24 | Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world | |||
31.3.24 | ||||
31.3.24 | Cybersecurity starts at home: Help your children stay safe online with open conversations | |||
31.3.24 | Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware | Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting | ||
30.3.24 | CISA tags Microsoft SharePoint RCE bug as actively exploited | CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks. | ||
30.3.24 | KuCoin charged with AML violations that let cybercriminals launder billions | The U.S. Department of Justice (DoJ) has charged global cryptocurrency exchange KuCoin and two of its founders for failing to adhere to anti-money laundering (AML) requirements, allowing threat actors to use the platform to launder money. | ||
30.3.24 | Ransomware as a Service and the Strange Economics of the Dark Web | Ransomware is quickly changing in 2024, with massive disruptions and large gangs shutting down. Learn from Flare how affiliate competition is changing in 2024, and what might come next. | ||
30.3.24 | Google: Spyware vendors behind 50% of zero-days exploited in 2023 | Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients. | ||
30.3.24 | Windows 11 KB5035942 update enables Moment 5 features for everyone | Microsoft has released the March 2024 non-security KB5035942 preview update for Windows 11 23H2, which enables Moment 5 features by default and fixes 18 known issues. | ||
30.3.24 | Windows 10 KB5035941 update released with lock screen widgets | Microsoft has released the optional KB5035941 preview cumulative update for Windows 10 22H2, introducing widgets on the lock screen, Windows Spotlight on the desktop, and 21 other fixes or changes. | ||
30.3.24 | Finland confirms APT31 hackers behind 2021 parliament breach | The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021. | ||
30.3.24 | $700 cybercrime software turns Raspberry Pi into an evasive fraud tool | Cybercriminals are selling custom Raspberry Pi software called 'GEOBOX' on Telegram, which allows inexperienced hackers to convert the mini-computers into anonymous cyberattack tools. | ||
30.3.24 | Germany warns of 17K vulnerable Microsoft Exchange servers exposed online | The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities. | ||
30.3.24 | Hackers exploit Ray framework flaw to breach servers, hijack resources | A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies. | ||
30.3.24 | Free VPN apps on Google Play turned Android phones into proxies | Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots. | ||
30.3.24 | The Black Lotus Labs team at Lumen Technologies has identified a multi-year campaign targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices, associated with an updated version of “TheMoon” malware. | |||
30.3.24 | Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros | RedHat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils | ||
30.3.24 | Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds | Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to | ||
30.3.24 | TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy | A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office | ||
30.3.24 | New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking | Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially | ||
29.3.24 | PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers | The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of | ||
29.3.24 | Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries | A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and | ||
29.3.24 | Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack | The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber | ||
29.3.24 | New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs | Cybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM (dynamic random-access) | ||
29.3.24 | Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection | A sophisticated phishing-as-a-service (PhaaS) platform called Darcula has set its sights on organizations in over 100 countries by | ||
29.3.24 | Telegram Offers Premium Subscription in Exchange for Using Your Number to Send OTPs | In June 2017, a study of more than 3,000 Massachusetts Institute of Technology (MIT) students published by the National Bureau for | ||
28.3.24 | Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite | Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified | ||
28.3.24 | CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting Microsoft Sharepoint Server | ||
28.3.24 | Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions | A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users' | ||
28.3.24 | Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining | Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an | ||
28.3.24 | Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice | A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger | ||
28.3.24 | Making Sense of Operational Technology Attacks: The Past, Present, and Future | When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume | ||
27.3.24 | TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service | A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office (SOHO) routers and IoT devices in 88 countries. | ||
27.3.24 | Panera Bread experiencing nationwide IT outage since Saturday | Since Saturday, U.S. food chain giant Panera Bread has been experiencing a nationwide outage that has impacted its IT systems, including online ordering, POS systems, phones, and various internal systems. | ||
27.3.24 | US sanctions crypto exchanges used by Russian darknet market, banks | The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned three cryptocurrency exchanges for working with OFAC-designated Russian dark web markets and banks. | ||
27.3.24 | CISA urges software devs to weed out SQL injection vulnerabilities | CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection (SQLi) security vulnerabilities before shipping. | ||
27.3.24 | Hackers poison source code from largest Discord bot platform | The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers with malware that steals sensitive information. | ||
27.3.24 | New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts | Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. | ||
27.3.24 | US sanctions APT31 hackers behind critical infrastructure attacks | The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks against U.S. critical infrastructure organizations. | ||
27.3.24 | Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips. | |||
27.3.24 | Google's new AI search results promotes sites pushing malware, scams | Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams. | ||
27.3.24 | Over 100 US and EU orgs targeted in StrelaStealer malware attacks | A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials. | ||
27.3.24 | Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries | Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated | ||
27.3.24 | Sketchy NuGet Package Likely Linked to Industrial Espionage Targets Developers | Threat hunters have identified a suspicious package in the NuGet package manager that's likely designed to target developers | ||
27.3.24 | U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation | The U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement | ||
27.3.24 | Crafting Shields: Defending Minecraft Servers Against DDoS Attacks | Minecraft, with over 500 million registered users and 166 million monthly players, faces significant risks from distributed denial-of- | ||
27.3.24 | U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions | The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for | ||
26.3.24 | CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited | ||
26.3.24 | Hackers Hijack GtHub Accounts in Supply Chain Attack Affecting Top-gg and Others | Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well | ||
26.3.24 | Key Lesson from Microsoft's Password Spray Hack: Secure Every Account | In January 2024, Microsoft discovered they'd been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard | ||
26.3.24 | New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys | A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic | ||
26.3.24 | Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks | The Iran-affiliated threat actor tracked as MuddyWater (aka Mango Sandstorm or TA450) has been linked to a new phishing campaign in March 2024 that aims to deliver a legitimate Remote Monitoring | ||
24.3.24 | Opera sees big jump in EU users on iOS, Android after DMA update | Opera has reported a substantial 164% increase in new European Union users on iOS devices after Apple introduced a new feature to comply with the EU's Digital Markets Act (DMA). | ||
24.3.24 | Microsoft to shut down 50 cloud services for Russian businesses | Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December. | ||
24.3.24 | Microsoft has released emergency out-of-band (OOB) updates to fix a known issue causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates. | |||
24.3.24 | Russian hackers target German political parties with WineLoader malware | Researchers are warning that a notorious hacking group linked to Russia's Foreign Intelligence Service (SVR) is targeting political parties in Germany for the first time, shifting their focus away from the typical targeting of diplomatic missions. | ||
24.3.24 | Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own | Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. | ||
24.3.24 | The German police have seized infrastructure for the darknet Nemesis Market cybercrime marketplace in Germany and Lithuania, disrupting the site's operation. | |||
24.3.24 | N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks | The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting | ||
24.3.24 | German Police Seize 'Nemesis Market' in Major International Darknet Raid | German authorities have announced the takedown of an illicit underground marketplace called Nemesis Market that peddled | ||
23.3.24 | New GoFetch attack on Apple Silicon CPUs can steal crypto keys | A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache. | ||
23.3.24 | Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver | Pwn2Own Vancouver 2024 has ended with security researchers collecting $1,132,500 after demoing 29 zero-days (and some bug collisions). | ||
23.3.24 | Microsoft continues to add new features to the Windows Notepad, today announcing a preview release with built-in spellchecking and an autocorrect feature. | |||
23.3.24 | KDE advises extreme caution after theme wipes Linux user's files | On Wednesday, the KDE team warned Linux users to exercise "extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance. | ||
23.3.24 | Unsaflok flaw can let hackers unlock millions of hotel doors | Security vulnerabilities in over 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide allowed researchers to easily unlock any door in a hotel by forging a pair of keycards. | ||
23.3.24 | Evasive Sign1 malware campaign infects 39,000 WordPress sites | A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads. | ||
23.3.24 | Exploit released for Fortinet RCE bug used in attacks, patch now | Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks. | ||
23.3.24 | What the Latest Ransomware Attacks Teach About Defending Networks | Recent ransomware attacks have shared valuable lessons on how to limit risk to your own networks. Learn from Blink Ops about how organizations can limit their ransomware risk. | ||
23.3.24 | Microsoft confirms Windows Server issue behind domain controller crashes | Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. | ||
23.3.24 | Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver | On the first day of Pwn2Own Vancouver 2024, contestants demoed 19 zero-day vulnerabilities in Windows 11, Tesla, Ubuntu Linux and other devices and software to win $732,500 and a Tesla Model 3 car. | ||
23.3.24 | New Windows Server updates cause domain controller crashes, reboots | The March 2024 Windows Server updates are causing some domain controllers to crash and restart, according to widespread reports from Windows administrators. | ||
23.3.24 | Spa Grand Prix email account hacked to phish banking info from fans | Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. | ||
23.3.24 | StrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server. Upon a successful attack, the threat actor would gain access to the victim's email login information, which they can then use to perform further attacks. | |||
23.3.24 | Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention | This article reviews the recently discovered FalseFont backdoor, which was used by a suspected Iranian-affiliated threat actor that Unit 42 tracks as Curious Serpens. Curious Serpens (aka Peach Sandstorm) is a known espionage group that has previously targeted the aerospace and energy sectors. | ||
23.3.24 | Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor | This article announces the publication of our first collaborative effort with the State Cyber Protection Centre of the State Service of Special Communications and Information Protection of Ukraine (SCPC SSSCIP). | ||
23.3.24 | ETHEREUM’S CREATE2: A DOUBLE-EDGED SWORD IN BLOCKCHAIN SECURITY | Ethereum’s CREATE2 function is being exploited by attackers to compromise the security of digital wallets, bypassing traditional security measures and facilitating unauthorized access to funds. | ||
23.3.24 | New details on TinyTurla’s post-compromise activity reveal full kill chain | We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises. | ||
23.3.24 | Netgear wireless router open to code execution after buffer overflow vulnerability | There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak. | ||
23.3.24 | The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions | Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later. | ||
23.3.24 | Threat actors leverage document publishing sites for ongoing credential and session token theft | Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks. | ||
23.3.24 | “Pig butchering” is an evolution of a social engineering tactic we’ve seen for years | In the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package. | ||
23.3.24 | Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word | Research conducted by Cisco Talos last year uncovered multiple vulnerabilities rated as low severity despite their ability to allow for full arbitrary code execution. | ||
23.3.24 | There are a few reasons why we’re so ready to jump to the “it’s a cyber attack!” | |||
23.3.24 | Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft | March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.” | ||
23.3.24 | It’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April. | |||
23.3.24 | AceCryptor attacks surge in Europe – Week in security with Tony Anscombe | The second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RAT | ||
23.3.24 | ||||
23.3.24 | A prescription for privacy protection: Exercise caution when using a mobile health app | |||
23.3.24 | New ‘Loop DoS’ attack may impact up to 300,000 online systems | A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic. | ||
23.3.24 | GitHub’s new AI-powered tool auto-fixes vulnerabilities in your code | GitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. This feature is in public beta and automatically enabled on all private repositories for GitHub Advanced Security (GHAS) customers | ||
23.3.24 | Ivanti fixes critical Standalone Sentry bug reported by NATO | Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers. | ||
23.3.24 | Flipper Zero makers respond to Canada’s ‘harmful’ ban proposal | The makers of Flipper Zero have responded to the Canadian government's plan to ban the device in the country, arguing that it is wrongfully accused of facilitating car thefts. | ||
23.3.24 | Here's why Twitter sends you to a different site than what you clicked | Users of the social media platform X (Twitter) have often been left puzzled when they click on a post with an external link but arrive at an entirely unexpected website from the one displayed. A Twitter ad spotted below by a security researcher shows forbes.com as its destination but instead takes you to a Telegram account. | ||
23.3.24 | Misconfigured Firebase instances leaked 19 million plaintext passwords | Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. | ||
23.3.24 | U.S. National Security Advisor Jake Sullivan and Environmental Protection Agency (EPA) Administrator Michael Regan warned governors today that hackers are "striking" critical infrastructure across the country's water sector. | |||
23.3.24 | US Defense Dept received 50,000 vulnerability reports since 2016 | The Cyber Crime Center (DC3) of the U.S. Department of Defense (DoD) says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016. | ||
23.3.24 | Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties | The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been | ||
22.3.24 | New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. | Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as | ||
22.3.24 | AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking | Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for | ||
22.3.24 | China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws | A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable | ||
22.3.24 | Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects | A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections | ||
22.3.24 | U.S. Justice Department Sues Apple Over Monopoly and Messaging Security | The U.S. Department of Justice (DoJ), along with 16 other state and district attorneys general, on Thursday accused Apple of illegally maintaining a | ||
22.3.24 | Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware | The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from | ||
22.3.24 | Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems | The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in | ||
21.3.24 | CISA shares critical infrastructure defense tips against Chinese hackers | CISA, the NSA, the FBI, and several other agencies in the U.S. and worldwide warned critical infrastructure leaders to protect their systems against the Chinese Volt Typhoon hacking group | ||
21.3.24 | FTC warns scammers are impersonating its employees to steal money | The U.S. Federal Trade Commission (FTC) warned today that scammers are impersonating its employees to steal thousands of dollars from Americans. | ||
21.3.24 | Ukraine arrests hackers trying to sell 100 million stolen accounts | The Ukrainian cyber police, in collaboration with investigators from the national police (ГУНП), have arrested three individuals who are accused of hijacking over 100 million emails and Instagram accounts worldwide. | ||
21.3.24 | Oracle warns that macOS 14.4 update breaks Java on Apple CPUs | Oracle warned Apple customers to delay installing the latest macOS 14.4 Sonoma update because it will break Java on Apple silicon CPUs. | ||
21.3.24 | A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices. | |||
21.3.24 | Chinese Earth Krahang hackers breach 70 orgs in 23 countries | A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat (APT) group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. | ||
21.3.24 | Microsoft announces deprecation of 1024-bit RSA keys in Windows | Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security (TLS) to provide increased security. | ||
21.3.24 | Apex Legends players worried about RCE flaw after ALGS hacks | Electronic Arts has postponed the North American (NA) finals of the ongoing Apex Legends Global Series (ALGS) after hackers compromised players mid-match during the tournament. | ||
21.3.24 | Japanese tech giant Fujitsu discovered that several of its systems were infected by malware and warns that the hackers stole customer data. | |||
21.3.24 | NIST just-released its Cybersecurity Framework (CSF) 2.0, which seems to have SaaS security in mind. Learn more from Adaptive Shield about how the NIST 2.0 framework can help detect SaaS threats. | |||
21.3.24 | AT&T says leaked data of 70 million people is not from its systems | AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. | ||
21.3.24 | New acoustic attack determines keystrokes from typing patterns | Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise. | ||
21.3.24 | Over 800 npm Packages Found with Discrepancies, 18 Exploitable to 'Manifest Confusion' | New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been | ||
21.3.24 | AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials | Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive | ||
21.3.24 | GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws | GitHub on Wednesday announced that it's making available a feature called code scanning autofix in public beta for all Advanced Security customers to | ||
21.3.24 | Making Sense of Operational Technology Attacks: The Past, Present, and Future | When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is | ||
21.3.24 | U.S. Sanctions Russians Behind 'Doppelganger' Cyber Influence Campaign | The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals | ||
21.3.24 | Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability | Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as | ||
21.3.24 | Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug | Atlassian has released patches for more than two dozen security flaws , including a critical bug impacting Bamboo Data Center and Server that could | ||
21.3.24 | New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems | A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting | ||
20.3.24 | TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks | Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, | ||
20.3.24 | New BunnyLoader Malware Variant Surfaces with Modular Attack Features | Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various | ||
20.3.24 | Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts | The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users | ||
20.3.24 | U.S. EPA Forms Task Force to Protect Water Systems from Cyberattacks | The U.S. Environmental Protection Agency (EPA) said it's forming a new "Water Sector Cybersecurity Task Force" to devise methods to counter the | ||
19.3.24 | From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks | Large language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of | ||
19.3.24 | Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks | Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet | ||
19.3.24 | Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices | A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The | ||
19.3.24 | New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT | A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity | ||
19.3.24 | E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials | A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that | ||
19.3.24 | New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics | A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive | ||
18.3.24 | Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool | Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated | ||
18.3.24 | Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites | Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a | ||
18.3.24 | WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw | WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following | ||
18.3.24 | APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme | The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating | ||
17.3.24 | The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. | |||
17.3.24 | International Monetary Fund email accounts hacked in cyberattack | The International Monetary Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year. | ||
17.3.24 | US moves to recover $2.3 million from "pig butchers" on Binance | The U.S. Department of Justice (DoJ) is recovering $2.3 million worth of cryptocurrency linked to a "pig butchering" fraud scheme that victimized at least 37 people across the United States. | ||
17.3.24 | PornHub has now added Texas to its blocklist, preventing users in the state from accessing its site in protest of age verification laws. | |||
17.3.24 | Microsoft announces Office LTSC 2024 preview starting next month | Microsoft announced that Office LTSC 2024, the next Office LTSC release, will enter a commercial preview phase starting next month and will be generally available later this year. | ||
17.3.24 | Admin of major stolen account marketplace gets 42 months in prison | Moldovan national Sandu Boris Diaconu has been sentenced to 42 months in prison for operating E-Root, a major online marketplace that sold access to hacked computers worldwide. | ||
17.3.24 | This article will focus on the newly released BunnyLoader 3.0, as well as historically observed BunnyLoader infrastructure and an overview of its capabilities. BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims. | |||
17.3.24 | Healthcare still a prime target for cybercrime gangs – Week in security with Tony Anscombe | Healthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in | ||
17.3.24 | Threat intelligence explained | Unlocked 403: A cybersecurity podcast | |||
17.3.24 | ||||
17.3.24 | Election cybersecurity: Protecting the ballot box and building trust in election integrity | |||
17.3.24 | Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer | Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer | ||
16.3.24 | A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts. | |||
16.3.24 | McDonald's restaurants are suffering global IT outages that prevent employees from taking orders and accepting payments, causing some stores to close for the day. | |||
16.3.24 | StopCrypt: Most widely distributed ransomware evolves to evade detection | A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools. | ||
16.3.24 | SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models. | |||
16.3.24 | Tech support firms Restoro, Reimage fined $26 million for scare tactics | Tech support companies Restoro and Reimage will pay $26 million to settle charges that they used scare tactics to trick their customers into paying for unnecessary computer repair services. | ||
16.3.24 | Google Chrome gets real-time phishing protection later this month | Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. | ||
16.3.24 | French unemployment agency data breach impacts 43 million people | France Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals. | ||
16.3.24 | Nissan confirms ransomware attack exposed data of 100,000 people | Nissan Oceania is warning of a data breach impacting 100,000 people after suffering a cyberattack in December 2023 that was claimed by the Akira ransomware operation. | ||
16.3.24 | Hackers exploit Windows SmartScreen flaw to drop DarkGate malware | A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. | ||
16.3.24 | US govt probes if ransomware gang stole Change Healthcare data | The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group (UHG) subsidiary Optum, which operates the Change Healthcare platform, in late February. | ||
16.3.24 | A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed | |||
15.3.24 | Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking | |||
15.3.24 | Google Introduces Enhanced Real-Time URL Protection for Chrome Users | Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users | ||
15.3.24 | Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers | Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and | ||
14.3.24 | LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada | A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware | ||
14.3.24 | Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover | Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code | ||
14.3.24 | RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage | The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility | ||
14.3.24 | Fortinet warns of critical RCE bug in endpoint management software | Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers. | ||
14.3.24 | The latest version of the PixPirate banking trojan for Android employs a previously unseen method to hide from the victim while remaining active on the infected device even if its dropper app has been removed. | |||
14.3.24 | Bitcoin Fog mixer operator convicted for laundering $400 million | Russian-Swedish national Roman Sterlingov was convicted by a federal jury in Washington, D.C., for operating Bitcoin Fog between 2011 and 2021. | ||
14.3.24 | LockBit ransomware affiliate gets four years in jail, to pay $860k | Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation. | ||
14.3.24 | Windows KB5035849 update failing to install with 0xd000034 errors | The KB5035849 cumulative update released during today's Patch Tuesday fails to install on Windows 10 and Windows Server systems with 0xd0000034 errors. | ||
14.3.24 | Stanford: Data of 27,000 people stolen in September ransomware attack | Stanford University says the personal information of 27,000 individuals was stolen in a ransomware attack impacting its Department of Public Safety (SUDPS) network. | ||
14.3.24 | Acer confirms Philippines employee data leaked on hacking forum | Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum. | ||
14.3.24 | Ande Loader Malware Targets Manufacturing Sector in North America | The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like | ||
14.3.24 | DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day Attack | A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using | ||
14.3.24 | Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software | Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected | ||
13.3.24 | PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users | The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest | ||
13.3.24 | Researchers Highlight Google's Gemini AI Susceptibility to LLM Threats | Google's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful | ||
13.3.24 | Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub | A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java- | ||
13.3.24 | Microsoft has released the KB5035853 cumulative update for Windows 11 23H3 and 22H2, with 21 fixes and changes, including fixing a bug causing 0x800F0922 errors when installing updates. | |||
13.3.24 | Windows 10 KB5035845 update released with 9 new changes, fixes | Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes. | ||
13.3.24 | Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs | Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. | ||
13.3.24 | Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship | The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight. | ||
13.3.24 | Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. | |||
13.3.24 | Over 12 million auth secrets and keys leaked on GitHub in 2023 | GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. | ||
13.3.24 | Tuta Mail adds new quantum-resistant encryption to protect email | Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. | ||
13.3.24 | Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service. | |||
13.3.24 | Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. | |||
13.3.24 | Researchers expose Microsoft SCCM misconfigs usable in cyberattacks | Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. | ||
13.3.24 | Equilend warns employees their data was stolen by ransomware gang | New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack. | ||
13.3.24 | Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware | Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. | ||
13.3.24 | Fake Leather wallet app on Apple App Store is a crypto drainer | The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets. | ||
13.3.24 | Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware | Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. | ||
13.3.24 | Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws | Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues | ||
12.3.24 | Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets | Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic | ||
12.3.24 | Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites | A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. | ||
12.3.24 | South Korean Citizen Detained in Russia on Cyber Espionage Charges | Russia has detained a South Korean national for the first time on cyber espionage charges and transferred from Vladivostok to Moscow for further | ||
12.3.24 | New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics | Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF | ||
11.3.24 | BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks | The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their | ||
11.3.24 | Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability | Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software | ||
11.3.24 | Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT | A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically | ||
10.3.24 | Magnet Goblin hackers use 1-day flaws to drop custom Linux malware | A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. | ||
10.3.24 | The Week in Ransomware - March 8th 2024 - Waiting for the BlackCat rebrand | We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. | ||
10.3.24 | Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. | |||
10.3.24 | QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. | |||
10.3.24 | UnitedHealth brings some Change Healthcare pharmacy services back online | Optum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. | ||
10.3.24 | Microsoft says Russian hackers breached its systems, accessed source code | Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack. | ||
10.3.24 | The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment. | |||
10.3.24 | Switzerland: Play ransomware leaked 65,000 government documents | The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. | ||
10.3.24 | Windows 10 KB5001716 update fails with 0x80070643 errors, how to fix | Microsoft is pushing out a Windows 10 KB5001716 update used to improve Windows Update that is ironically failing to install, showing 0x80070643 errors. | ||
10.3.24 | MiTM phishing attack can let attackers unlock and steal a Tesla | Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. | ||
10.3.24 | AnyCubic fixes exploited 3D printer zero day flaw with new firmware | AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide. | ||
10.3.24 | Google engineer caught stealing AI tech secrets for Chinese firms | The U.S. Department of Justice (DoJ) has announced the unsealing of an indictment against Linwei (Leon) Ding, 38, a former software engineer at Google, suspected of stealing Google AI trade secrets for Chinese companies. | ||
10.3.24 | FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion. | |||
10.3.24 | PetSmart warns of credential stuffing attacks trying to hack accounts | Pet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts. | ||
10.3.24 | Critical TeamCity flaw now widely exploited to create admin accounts | Hackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday. | ||
10.3.24 | Hacked WordPress sites use visitors' browsers to hack other sites | Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. | ||
10.3.24 | A gang of hackers specialized in business email compromise (BEC) attacks and tracked as TA4903 has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes. | |||
9.3.24 | Muddled Libra stands at the intersection of devious social engineering and nimble technology adaptation. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses. | |||
9.3.24 | MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES | Magnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector. At least in one case of Ivanti Connect Secure VPN (CVE-2024-21887), the exploit entered the group’s arsenal as fast as within 1 day after a POC for it was published. | ||
9.3.24 | GhostSec’s joint ransomware operation and evolution of their arsenal | Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware. | ||
9.3.24 | The 3 most common post-compromise tactics on network infrastructure | We discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. These include modifying the device’s firmware, uploading customized/weaponized firmware, and bypassing security measures. | ||
9.3.24 | The bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand adversaries’ motivation and tactics. | |||
9.3.24 | APT attacks taking aim at Tibetans – Week in security with Tony Anscombe | Evasive Panda has been spotted targeting Tibetans in several countries and territories with payloads that included a previously undocumented backdoor ESET has named Nightdoor | ||
9.3.24 | ESET researchers uncover strategic web compromise and supply-chain attacks targeting Tibetans | |||
9.3.24 | Top 10 scams targeting seniors – and how to keep your money safe | |||
9.3.24 | Irresistible: Hooks, habits and why you can’t put down your phone | Struggle to part ways with your tech? You’re not alone. Here’s why your devices are your vices. | ||
9.3.24 | Duvel says it has "more than enough" beer after ransomware attack | Duvel Moortgat Brewery was hit by a ransomware attack late last night, bringing to a halt the beer production in the company's bottling facilities | ||
9.3.24 | Canada's anti-money laundering agency offline after cyberattack | The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has announced that a "cyber incident" forced it to take its corporate systems offline as a precaution. | ||
9.3.24 | VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion | VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system. | ||
9.3.24 | Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware | Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. | ||
9.3.24 | NSA shares zero-trust guidance to limit adversaries on the network | The National Security Agency is sharing new guidance to help organizations limit an adversary's movement on the internal network by adopting zero-trust framework principles. | ||
9.3.24 | Apple fixes two new iOS zero-days exploited in attacks on iPhones | Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. | ||
9.3.24 | New WogRAT malware abuses online notepad service to store malware | A new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code. | ||
9.3.24 | New WogRAT malware abuses online notepad service to store malware | Microsoft has unexpectedly announced they are ending support for the Windows Subsystem for Android next year on March 5th. | ||
9.3.24 | Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets | Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to | ||
8.3.24 | Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA Regulations | Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital | ||
8.3.24 | Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client | Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor | ||
8.3.24 | QEMU Emulator Exploited as Tunneling Tool to Breach Company Network | Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an | ||
8.3.24 | CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On- | ||
7.3.24 | Android and Windows RATs Distributed Via Online Meeting Lures | Beginning in December 2023, Zscaler’s ThreatLabz discovered a threat actor creating fraudulent Skype, Google Meet, and Zoom websites to spread malware. | ||
7.3.24 | Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks | Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. | ||
7.3.24 | Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks | The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since | ||
7.3.24 | Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China | The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident of allegedly stealing | ||
7.3.24 | New Python-Based Snake Info Stealer Spreading Through Facebook Messages | Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that's designed to capture credentials and | ||
7.3.24 | Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware | Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a | ||
7.3.24 | Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining | Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as | ||
7.3.24 | Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout | The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law | ||
6.3.24 | Microsoft is killing off the Android apps in Windows 11 feature | Microsoft has unexpectedly announced they are ending support for the Windows Subsystem for Android next year on March 5th. | ||
6.3.24 | U.S. sanctions Predator spyware operators for spying on Americans | The U.S. has imposed sanctions on two individuals and five entities linked to the development and distribution of the Predator commercial spyware used to target Americans, including government officials and journalists. | ||
6.3.24 | Hackers abuse QEMU to covertly tunnel network traffic in cyberattacks | Malicious actors were detected abusing the open-source hypervisor platform QEMU as a tunneling tool in a cyberattack against a large company. | ||
6.3.24 | BlackCat ransomware shuts down in exit scam, blames the "feds" | The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates' money by pretending the FBI seized their site and infrastructure. | ||
6.3.24 | Passwords are Costing Your Organization Money - How to Minimize Those Costs | Getting rid of passwords completely isn't a realistic option for most orgs, but there are things you can do to make them more secure. Learn more from Specops Software on maximizing security while mitigating costs. | ||
6.3.24 | Exploit available for new critical TeamCity auth bypass bug, patch now | A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. | ||
6.3.24 | ScreenConnect flaws exploited to drop new ToddlerShark malware | The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark. | ||
6.3.24 | Hackers steal Windows NTLM authentication hashes in phishing attacks | The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks. | ||
6.3.24 | BlackCat ransomware turns off servers amid claim they stole $22 million ransom | The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million. | ||
6.3.24 | Ukraine claims it hacked Russian Ministry of Defense servers | The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents. | ||
6.3.24 | North Korea hacks two South Korean chip firms to steal engineering data | The National Intelligence Service (NIS) in South Korea warns that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks. | ||
6.3.24 | American Express credit cards exposed in third-party data breach | American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked. | ||
6.3.24 | Stealthy GTPDOOR Linux malware targets mobile operator networks | Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks. | ||
6.3.24 | Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs | Starting next month, Microsoft nag screens pushing Windows 11 will also show up on non-managed enterprise devices running Windows 10 Pro and Pro Workstation. | ||
6.3.24 | U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists | The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa | ||
6.3.24 | VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws | VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code | ||
6.3.24 | Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries | The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker . "TheGhostSec and Stormous | ||
6.3.24 | New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities | A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. | ||
6.3.24 | Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws | Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the | ||
6.3.24 | Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware | North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called | ||
5.3.24 | Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, is proud to announce the launch of its new report Hi-Tech Crime Trends 2023/2024, the latest edition of the company’s annual round-up of the most pressing global cyber threats to organizations and individuals. | |||
5.3.24 | Cybercriminals Using Novel DNS Hijacking Technique for Investment Scams | A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds. | ||
5.3.24 | Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets | More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between | ||
5.3.24 | Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes | The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager ( | ||
5.3.24 | Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers | A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to | ||
4.3.24 | How Cybercriminals are Exploiting India's UPI for Money Laundering Operations | Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering | ||
4.3.24 | Over 100 Malicious AI/ML Models Found on Hugging Face Platform | As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These include | ||
4.3.24 | Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure | U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure | ||
3.3.24 | News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian... | BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices. | ||
3.3.24 | Hackers target FCC, crypto firms in advanced Okta phishing attacks | A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals. | ||
3.3.24 | Windows Kernel bug fixed last month exploited as zero-day since August | Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. | ||
3.3.24 | The Week in Ransomware - March 1st 2024 - Healthcare under siege | Ransomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA. | ||
3.3.24 | CISA warns of Microsoft Streaming bug exploited in malware attacks | CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks. | ||
3.3.24 | Germany takes down cybercrime market with over 180,000 users | The Düsseldorf Police in Germany have seized Crimemarket, a massive German-speaking illicit trading platform with over 180,000 users, arresting six people, including one of its operators. | ||
3.3.24 | Microsoft fixes Outlook clients not syncing over Exchange ActiveSync | Microsoft has fixed an issue causing some Microsoft 365 users' Outlook desktop clients to stop connecting to email servers via Exchange ActiveSync. | ||
3.3.24 | Microsoft has pulled the Microsoft Edge 122.0.2365.63 update after users reported receiving "Out of memory" errors when browsing the web or accessing the browser settings. | |||
3.3.24 | Palo Alto Networks customers are better protected from the malware samples in this tutorial through Cortex XDR and XSIAM. | |||
3.3.24 | The Art of Domain Deception: Bifrost's New Tactic to Deceive Users | First identified in 2004, Bifrost is a remote access Trojan (RAT) that allows an attacker to gather sensitive information, like hostname and IP address. In this article, along with exploring Bifrost, we’ll also showcase a notable spike in Bifrost’s Linux variants during the past few months. | ||
3.3.24 | We explore cloud lateral movement techniques in all three major cloud providers: Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, highlighting their differences compared to similar techniques in on-premises environments. | |||
3.3.24 | TimbreStealer campaign targets Mexican users with financial lures | Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023. | ||
3.3.24 | Deceptive AI content and 2024 elections – Week in security with Tony Anscombe | As the specter of AI-generated disinformation looms large, tech giants vow to crack down on fabricated content that could sway voters and disrupt elections taking place around the world this year | ||
3.3.24 | Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses | |||
3.3.24 | ||||
3.3.24 | ||||
3.3.24 | U.S. charges Iranian for hacks on defense orgs, offers $10M for info | The U.S. Department of Justice (DoJ) has unveiled an indictment against Alireza Shafie Nasab, a 39-year-old Iranian national, for his role in a cyber-espionage campaign targeting U.S. government and defense entities. | ||
3.3.24 | Golden Corral restaurant chain data breach impacts 183,000 people | The Golden Corral American restaurant chain disclosed a data breach after attackers behind an August cyberattack stole the personal information of over 180,000 people. | ||
3.3.24 | New Bifrost malware for Linux mimics VMware domain for evasion | A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware. | ||
3.3.24 | Brave browser launches privacy-focused AI assistant on Android | Brave Software is the next company to jump into AI, announcing a new privacy-preserving AI assistant called "Leo" is rolling out on the Android version of its browser through the latest release, version 1.63. | ||
3.3.24 | CISA cautions against using hacked Ivanti VPN gateways even after factory resets | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets. | ||
3.3.24 | Windows 10 KB5034843 update released with 9 new changes, fixes | Microsoft has released the optional KB5034843 Preview cumulative update for Windows 10 22H2 with an updated sharing experience and eight other fixes or changes. | ||
3.3.24 | Microsoft has released the optional KB5034848 Preview cumulative update for Windows 11 23H2 and 22H2, which brings new features, including USB 80Gbps and nineteen other changes and fixes. | |||
3.3.24 | GitHub enables push protection by default to stop secrets leak | GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code. | ||
3.3.24 | Citrix and Sophos products have been impacted by leap year flaws, leading to unexpected problems in their products. | |||
3.3.24 | Windows 11 'Moment 5' update released, here are the new features | Microsoft has released the Windows 11 'Moment 5' update for versions 23H2 and 22H2, starting the rollout of new features, such as Windows Copilot skills and plugins, Voice Access, AI enhancements for ClipChamp and Photos, and Narrator improvements. | ||
3.3.24 | Microsoft rolls back decision to stop Windows 11 22H2 preview updates | Microsoft says that systems running Windows 11 22H2 will continue to receive non-security preview updates after initially stating they would no longer receive them after February 2024. | ||
3.3.24 | 20 million Cutout.Pro user records leaked on data breach forum | AI service Cutout.Pro has suffered a data breach exposing the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names. | ||
3.3.24 | Anycubic 3D printers hacked worldwide to expose security flaw | According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks. | ||
3.3.24 | Malicious AI models on Hugging Face backdoor users’ machines | At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor. | ||
3.3.24 | New executive order bans mass sale of personal data to China, Russia | U.S. President Joe Biden has signed an executive order that aims to ban the bulk sale and transfer of Americans' private data to "countries of concern" such as China, Russia, Iran, North Korea, Cuba, and Venezuela. | ||
3.3.24 | Rhysida ransomware wants $3.6 million for children’s stolen data | The Rhysida ransomware gang has claimed the cyberattack on Lurie Children's Hospital in Chicago at the start of the month. | ||
2.3.24 | Kali Linux has released version 2024.1, the first version of 2024, with four new tools, a theme refresh, and desktop changes. | |||
2.3.24 | Ransomware gang claims they stole 6TB of Change Healthcare data | The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform. | ||
2.3.24 | LockBit ransomware returns to attacks with new encryptors, servers | The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption. | ||
2.3.24 | Lazarus hackers exploited Windows zero-day to gain Kernel privileges | North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques. | ||
2.3.24 | Epic Games: "Zero evidence" we were hacked by Mogilevich gang | Epic Games said they found zero evidence of a cyberattack or data theft after the Mogilevich extortion group claimed to have breached the company's servers. | ||
2.3.24 | Japan warns of malicious PyPi packages created by North Korean hackers | Japan's Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware. | ||
2.3.24 | Need to Know: Key Takeaways from the Latest Phishing Attacks | This article takes a look at some lessons from recent phishing attacks and highlights actionable tips to limit the risks of phishing affecting your company. | ||
2.3.24 | Savvy Seahorse gang uses DNS CNAME records to power investor scams | A threat actor named Savvy Seahorse is abusing CNAME DNS records Domain Name System to create a traffic distribution system that powers financial scam campaigns. | ||
2.3.24 | Pharmaceutical giant Cencora says data was stolen in a cyberattack | Pharmaceutical giant Cencora says they suffered a cyberattack where threat actors stole data from corporate IT systems. | ||
2.3.24 | FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks | Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. | ||
2.3.24 | LabHost cybercrime service lets anyone phish Canadian bank users | The Phishing as a Service (PhaaS) platform 'LabHost' has been helping cybercriminals target North American banks, particularly financial institutes in Canada, causing a notable increase in activity. | ||
2.3.24 | Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks | The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability. | ||
2.3.24 | Russian hackers hijack Ubiquiti routers to launch stealthy attacks | Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. | ||
2.3.24 | The Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and temporarily disrupting its availability. | |||
2.3.24 | Malicious code in Tornado Cash governance proposal puts user funds at risk | Malicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months. | ||
2.3.24 | Windows February 2024 updates fail to install with 0x800F0922 errors | Microsoft says the February 2024 updates fail to install on Windows 11 22H2 and 23H2 systems, with 0x800F0922 errors and downloads stopping at 96%. | ||
2.3.24 | U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp | A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant's | ||
2.3.24 | U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture | The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber- | ||
2.3.24 | New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users | A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed | ||
2.3.24 | New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion | Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive | ||
1.3.24 | Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities | The Five Eyes (FVEY) intelligence alliance has issued a new cybersecurity advisory warning of cyber threat actors exploiting known security flaws in | ||
1.3.24 | GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories | GitHub on Thursday announced that it's enabling secret scanning push protection by default for all pushes to public repositories. "This means that | ||
1.3.24 | New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems | Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have | ||
1.3.24 | GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks | Threat hunters have discovered a new Linux malware called GTPDOOR that's designed to be deployed in telecom networks that are adjacent to | ||
1.3.24 | Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks | The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level | ||
1.3.24 | New Backdoor Targeting European Officials Linked to Indian Diplomatic Events | A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic | ||
1.3.24 | Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems | The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of | ||