H January(270) February(364) March(400) April(276) May(343) June(373) July(296) August(388) September(160) October(0) November(0) December(0)
DATE | NAME | Info | CATEG. | WEB |
14.9.24 | Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities | In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671. | Vulnerebility blog | |
14.9.24 | Earth Preta Evolves its Attacks with New Malware and Strategies | In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign. | Malware blog | |
14.9.24 | CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective | In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques | APT blog | Cybereason |
14.9.24 | Chinese APT Abuses VSCode to Target Government in Asia | Unit 42 researchers recently found that Stately Taurus abused the popular Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. Stately Taurus is a Chinese advanced persistent threat (APT) group that carries out cyberespionage attacks. | APT blog | Palo Alto |
14.9.24 | Key Group Russian Ransomware Gang Uses Extensive Multi-purpose Telegram Channel | The SonicWall Capture Labs threat research team has been recently tracking ransomware known as Key Group. Key Group is a Russian-based malware threat group that was formed in early 2023. | Ransom blog | |
14.9.24 | Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers | While investigating CVE-2024-5932, a code injection vulnerability in the GiveWP WordPress plugin, our team encountered a malicious Proof of Concept (POC) targeting cybersecurity professionals. This has become a growing threat to cybersecurity professionals from threat actors to achieve their motives, such as crypto mining, data exfiltration and backdoor installation | Vulnerebility blog | |
14.9.24 | Microsoft Security Bulletin Coverage For September 2024 | Microsoft’s September 2024 Patch Tuesday has 79 vulnerabilities, of which 30 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2024 and has produced coverage for 9 of the reported vulnerabilities. | OS Blog | SonicWall |
14.9.24 | Targeted Iranian Attacks Against Iraqi Government Infrastructure | Check Point Research discovered a new set of malware called Veaty and Spearal that was used in attacks against different Iraqi entities including government networks. | APT blog | Checkpoint |
14.9.24 | DragonRank, a Chinese-speaking SEO manipulator service provider | Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation | APT blog | |
14.9.24 | The 2024 Threat Landscape State of Play | Talos' Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer attention to infostealers. | Security blog | |
14.9.24 | Vulnerability in Tencent WeChat custom browser could lead to remote code execution | While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor. | Vulnerebility blog | |
14.9.24 | Watch our new documentary, "The Light We Keep: A Project PowerUp Story" | The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country. | Security blog | |
14.9.24 | We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders | A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America. | Security blog | |
14.9.24 | Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API | CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges. | Vulnerebility blog | |
14.9.24 | Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score | September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical. | Vulnerebility blog | |
14.9.24 | The best and worst ways to get users to improve their account security | In my opinion, mandatory enrollment is best enrollment. | Security blog | |
14.9.24 | Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads | The threat of VBA macros has diminished since Microsoft prevented the execution of macros in Microsoft Office documents downloaded from the internet, but not all users are using the latest up-to-date Office versions and can still be vulnerable. | Malware blog | Cisco Blog |
14.9.24 | CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe | ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends | Ransom blog | |
14.9.24 | 6 common Geek Squad scams and how to defend against them | Learn about the main tactics used by scammers impersonating Best Buy’s tech support arm and how to avoid falling for their tricks | Spam blog | |
14.9.24 | CosmicBeetle steps up: Probation period at RansomHub | CosmicBeetle, after improving its own ransomware, tries its luck as a RansomHub affiliate | Ransom blog | |
14.9.24 | WordPress.org to require 2FA for plugin developers by October | Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor authentication (2FA) on their accounts. | Safety | |
14.9.24 | Chinese hackers linked to cybercrime syndicate arrested in Singapore | Six Chinese nationals and a Singaporean have been arrested on Monday in Singapore for their alleged role in malicious cyber activities committed in connection with a "global syndicate." | CyberCrime | |
14.9.24 | Microsoft fixes Windows Server performance issues from August updates | Microsoft says this month's Patch Tuesday cumulative updates also fix a known issue causing Windows Server 2019 boot problems, freezes, and performance issues after installing the August 2024 security updates. | OS | |
14.9.24 | Ivanti fixes maximum severity RCE bug in Endpoint Management software | Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. | Vulnerebility | |
14.9.24 | New PIXHELL acoustic attack leaks secrets from LCD screen noise | A novel acoustic attack named 'PIXHELL' can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to. | Attack | |
14.9.24 | RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software | The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to attempt disabling endpoint detection and response (EDR) services on target systems. | Ransom | |
14.9.24 | Windows 10 KB5043064 update released with 6 fixes, security updates | Microsoft has released the KB5043064 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 6 changes and fixes, including a fix for Bluetooth devices that stop working due to a memory leak. | OS | |
14.9.24 | Microsoft fixes Windows Smart App Control zero-day exploited since 2018 | Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018. | OS | |
14.9.24 | Windows 11 KB5043076 cumulative update released with 19 changes | Microsoft has released the mandatory Windows 11 23H2 KB5043076 cumulative update to fix security vulnerabilities and make 19 improvements. | OS | |
14.9.24 | Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws | Today is Microsoft's September 2024 Patch Tuesday, which includes security updates for 79 flaws, including three actively exploited and one publicly disclosed zero-days. | OS | |
14.9.24 | Wix to block Russian users starting September 12 | Wix.com has announced it will stop providing services to Russian users on September 12, 2024, with all accounts from Russia, including free and premium, to be blocked and their websites taken down | BigBrothers | |
14.9.24 | Microsoft to start force-upgrading Windows 22H2 systems next month | Microsoft announced that Windows 11 installs reaching the end of support next month, on October 8, will be force-upgraded to Windows 11 23H2. | OS | |
14.9.24 | Navigating Endpoint Privilege Management: Insights for CISOs and Admins | Understanding endpoint privilege management is key to defending organizations from advanced attacks. Learn more from ThreatLocker on using endpoint privilege management to better secure your org's systems. | Security | |
14.9.24 | Flipper Zero releases Firmware 1.0 after three years of development | After three years of development, the Flipper Zero team has announced the release of the first major firmware version for the portable, customizable digital hacking device. | Security | |
14.9.24 | NoName ransomware gang deploying RansomHub malware in recent attacks | The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate. | Ransom | BleepingComputer |
14.9.24 | Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability | Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 | Vulnerebility | The Hacker News |
13.9.24 | Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers | Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully | Exploit | The Hacker News |
13.9.24 | 17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London | British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for | CyberCrime | The Hacker News |
13.9.24 | TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud | Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new | Virus | The Hacker News |
13.9.24 | Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw | Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in | Exploit | The Hacker News |
13.9.24 | New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency | Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining | Cryptocurrency | The Hacker News |
12.9.24 | New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram | Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at | Virus | The Hacker News |
12.9.24 | Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution | GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an | Vulnerebility | The Hacker News |
12.9.24 | Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide | Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 | Virus | The Hacker News |
12.9.24 | Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking | Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. | Cryptocurrency | The Hacker News |
12.9.24 | Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack | Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state- | APT | The Hacker News |
12.9.24 | Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe | The Irish Data Protection Commission (DPC) has announced that it has commenced a "Cross-Border statutory inquiry" into Google's | AI | The Hacker News |
12.9.24 | WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers | WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes | Security | The Hacker News |
12.9.24 | Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances | The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN | BotNet | The Hacker News |
12.9.24 | DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe | A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe | APT | The Hacker News |
11.9.24 | Fake recruiter coding tests target devs with malicious Python packages | RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers. | APT | ReversingLabs |
11.9.24 | Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate | The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged | CyberCrime | The Hacker News |
11.9.24 | Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware | Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of | APT | The Hacker News |
11.9.24 | Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws | Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active | Vulnerebility | The Hacker News |
11.9.24 | Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities | Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical | Vulnerebility | The Hacker News |
11.9.24 | CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub | The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and | Ransom | The Hacker News |
11.9.24 | Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia | A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as | APT | The Hacker News |
11.9.24 | New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers | A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the "audio gap" and | Attack | The Hacker News |
11.9.24 | Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments | The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and | APT | The Hacker News |
11.9.24 | New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks | A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data | Attack | The Hacker News |
10.9.24 | Critical SonicWall SSLVPN bug exploited in ransomware attacks | Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks. | Ransom | |
10.9.24 | Quad7 botnet targets more SOHO and VPN routers, media servers | The Quad7 botnet is expanding its targeting scope with the addition of new clusters and custom implants that now also target Zyxel VPN appliances and Ruckus wireless routers. | BotNet | |
10.9.24 | Chinese hackers use new data theft malware in govt attacks | New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks. | APT | |
10.9.24 | Highline Public Schools closes schools following cyberattack | Highline Public Schools, a K-12 district in Washington state, has shut down all schools and canceled school activities after its technology systems were compromised in a cyberattack. | Hack | |
10.9.24 | Meta fixes easily bypassed WhatsApp ‘View Once’ privacy feature | A privacy flaw in WhatsApp, an instant messenger with over 2 billion users worldwide, is being exploited by attackers to bypass the app's "View once" feature and view messages again. | Social | |
10.9.24 | Payment gateway data breach affects 1.7 million credit card owners | Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. | Incindent | |
10.9.24 | Progress LoadMaster vulnerable to 10/10 severity RCE flaw | Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device. | Vulnerebility | |
9.9.24 | Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT | The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized | Virus | The Hacker News |
9.9.24 | Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks | The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code | APT | The Hacker News |
9.9.24 | Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor | Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that | Vulnerebility | The Hacker News |
9.9.24 | New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys | Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat | Virus | The Hacker News |
9.9.24 | TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign | A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers | BigBrothers | The Hacker News |
9.9.24 | U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks | The U.S. government and a coalition of international partners have officially attributed a Russian hacking group tracked as Cadet | BigBrothers | The Hacker News |
8.9.24 | Sextortion scam now use your "cheating" spouse’s name as a lure | A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. | Spam | |
8.9.24 | New RAMBO attack steals data using RAM in air-gapped computers | A novel side-channel attack dubbed "RAMBO" (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device's RAM to send data from air-gapped computers. | Attack | |
8.9.24 | Transport for London staff faces systems disruptions after cyberattack | Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack. | Incindent | |
8.9.24 | Car rental giant Avis discloses data breach impacting customers | American car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information. | Incindent | |
8.9.24 | Microsoft Office 2024 to disable ActiveX controls by default | After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. | Security | |
8.9.24 | SpyAgent Android malware steals your crypto recovery phrases from images | A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. | OS | |
8.9.24 | SonicWall SSLVPN access control flaw is now exploited in attacks | SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible. | Vulnerebility | |
8.9.24 | Apache fixes critical OFBiz remote code execution vulnerability | Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. | Vulnerebility | |
8.9.24 | Microsoft removes revenge porn from Bing search using new tool | Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media. | Security | |
8.9.24 | Russian military hackers linked to critical infrastructure attacks | The United States and its allies have linked a group of Russian hackers (tracked as Cadet Blizzard and Ember Bear) behind global critical infrastructure attacks to Unit 29155 of Russia's Main Directorate of the General Staff of the Armed Forces (also known as GRU). | BigBrothers | |
8.9.24 | LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks | Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. | Hack | |
8.9.24 | Musician charged with $10M streaming royalties fraud using AI and bots | North Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme. | AI | |
8.9.24 | Veeam warns of critical RCE flaw in Backup & Replication software | Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. | Vulnerebility | |
8.9.24 | Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords | Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. | CyberCrime | |
8.9.24 | Planned Parenthood confirms cyberattack as RansomHub claims breach | Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage. | Ransom | |
8.9.24 | Microchip Technology confirms data was stolen in cyberattack | American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang. | Incindent | |
8.9.24 | Red team tool ‘MacroPack’ abused in attacks to deploy Brute Ratel | The MacroPack framework, initially designed for Red Team exercises, is being abused by threat actors to deploy malicious payloads, including Havoc, Brute Ratel, and PhatomCore. | Hack | |
8.9.24 | US cracks down on Russian disinformation before 2024 election | The FBI seized 32 web domains used by the Doppelgänger Russian-linked influence operation network in a disinformation campaign targeting the American public ahead of this year's presidential election. | BigBrothers | |
8.9.24 | Cisco fixes root escalation vulnerability with public exploit code | Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileges to root on vulnerable systems. | Exploit | |
8.9.24 | New Eucleak attack lets threat actors clone YubiKey FIDO keys | A new "EUCLEAK" flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico's YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys and clone the FIDO device. | Attack | |
8.9.24 | Cisco warns of backdoor admin account in Smart Licensing Utility | Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. | Virus | |
8.9.24 | Hackers inject malicious JS in Cisco store to steal credit cards, credentials | Cisco's site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout. | CyberCrime | |
8.9.24 | Google backports fix for Pixel EoP flaw to other Android devices | Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation of privilege flaw that was previously fixed on Pixel devices. | OS | |
8.9.24 | Criminal IP Earns PCI DSS v4.0 Certification for Top-Level Security | AI Spera has achieved PCI DSS v4.0 certification for its threat intel search engine solution, Criminal IP. Learn more from the Criminal IP cyber threat intelligence search engine. | Safety | |
8.9.24 | Revival Hijack supply-chain attack threatens 22,000 PyPI packages | Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. | Hack | |
8.9.24 | FTC: Over $110 million lost to Bitcoin ATM scams in 2023 | The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. | BigBrothers | |
8.9.24 | Zyxel warns of critical OS command injection flaw in routers | Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. | Vulnerebility | |
8.9.24 | New Windows PowerToy launches, repositions apps to saved layouts | Microsoft has released a new Workspaces PowerToy that helps launch sets of applications using custom desktop layouts and configurations with a mouse click. | OS | |
8.9.24 | North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams | Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake | APT | The Hacker News |
8.9.24 | FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals | Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that | BigBrothers | The Hacker News |
7.9.24 | TIDRONE Targets Military and Satellite Industries in Taiwan | Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones. | BigBrother blog | |
7.9.24 | Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command | Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection. | Malware blog | |
7.9.24 | Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion | While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign. | Malware blog | |
7.9.24 | CVE-2024-23119: Critical SQL Injection Vulnerability in Centreon | Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-23119, assessed its impact and developed mitigation measures for this vulnerability. CVE-2024-23119 is a high-severity SQL Injection vulnerability in Centreon, impacting Centreon | Vulnerebility blog | SonicWall |
7.9.24 | Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe | The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams | Spam blog | |
7.9.24 | ESET Research Podcast: HotPage | ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver | Malware blog | |
7.9.24 | The key considerations for cyber insurance: A pragmatic approach | Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options | Cyber blog | |
7.9.24 | In plain sight: Malicious ads hiding in search results | Sometimes there’s more than just an enticing product offer hiding behind an ad | Malware blog | |
7.9.24 | FBI warns crypto firms of aggressive social engineering attacks | The FBI warns of North Korean hackers aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks, aiming to deploy malware that steals their crypto assets. | Cryptocurrency | |
7.9.24 | Clearview AI fined €30.5 million for unlawful data collection | The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) on Clearview AI for unlawful data collection using facial recognition, including photos of Dutch citizens. | AI | |
7.9.24 | D-Link says it is not fixing four RCE flaws in DIR-846W routers | D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. | Vulnerebility | |
7.9.24 | Halliburton confirms data stolen in recent cyberattack | Oil and gas giant Halliburton has confirmed in a filing today to the Securities and Exchange Commission (SEC) that data was stolen in the recent attack linked to the RansomHub ransomware gang. | Incindent | |
7.9.24 | Transport for London discloses ongoing “cyber security incident” | Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services. | Incindent | |
7.9.24 | Admins of MFA bypass service plead guilty to fraud | Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K. | Safety | |
7.9.24 | Verkada to pay $2.95 million for alleged CAN-SPAM Act violations | The Federal Trade Commission (FTC) requires security camera vendor Verkada to create a comprehensive information security program as part of a settlement after multiple security failures enabled hackers to access live video feeds from internet-connected cameras. | BigBrothers | |
7.9.24 | Business services giant CBIZ discloses customer data breach | CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach that involves unauthorized access of client information stored in specific databases. | Incindent | |
7.9.24 | Linux version of new Cicada ransomware targets VMware ESXi servers | A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide. | Ransom | |
7.9.24 | GitHub comments abused to push password stealing malware masked as fixes | GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. | Virus | |
7.9.24 | SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation | SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The | Vulnerebility | The Hacker News |
7.9.24 | GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware | A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver | BotNet | The Hacker News |
7.9.24 | GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code | Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading | Vulnerebility | The Hacker News |
6.9.24 | Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress | Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could | Vulnerebility | The Hacker News |
6.9.24 | Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution | A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code | Vulnerebility | The Hacker News |
6.9.24 | Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity | Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a | BigBrothers | The Hacker News |
6.9.24 | Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East | Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat | APT | The Hacker News |
6.9.24 | Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues | Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical | Vulnerebility | The Hacker News |
5.9.24 | U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown | The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda | BigBrothers | The Hacker News |
5.9.24 | Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore | Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco | Virus | The Hacker News |
5.9.24 | New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm | The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber | Virus | The Hacker News |
5.9.24 | Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks | Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow | Vulnerebility | The Hacker News |
5.9.24 | North Korean Hackers Targets Job Seekers with Fake FreeConference App | North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to | APT | The Hacker News |
5.9.24 | Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw | Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has | Virus | The Hacker News |
5.9.24 | Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack | A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to | Hack | The Hacker News |
4.9.24 | Google Confirms CVE-2024-32896 Exploited in the Wild, Releases Android Security Patch | Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has | Exploit | The Hacker News |
4.9.24 | Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers | A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to | Virus | The Hacker News |
4.9.24 | Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers | Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions | Vulnerebility | The Hacker News |
4.9.24 | Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database | The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) against facial recognition firm | AI | The Hacker News |
4.9.24 | Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack | A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader | Virus | The Hacker News |
4.9.24 | Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus | A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and | Exploit | The Hacker News |
4.9.24 | New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems | Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities | Ransom | The Hacker News |
4.9.24 | Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users | Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This | Virus | The Hacker News |
4.9.24 | New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access | Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges | Exploit | The Hacker News |
4.9.24 | Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt | A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his | CyberCrime | The Hacker News |
4.9.24 | RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors | Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in | Ransom | The Hacker News |
4.9.24 | Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers' Systems | Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again | Virus | The Hacker News |
1.9.24 | GitHub comments abused to spread Lumma Stealer malware as fake fixes | GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. | Virus | |
1.9.24 | Docker-OSX image used for security research hit by Apple DMCA takedown | The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright. | Virus | |
1.9.24 | Microsoft is trying to reduce Windows 11's desktop spotlight clutter | Windows 11's Spotlight feature is a pretty nice way to jazz up your desktop background with different wallpapers and fun facts when you hover over the image icon, but it takes up a lot of space. Microsoft is working on a new change that reduces this clutter in the Windows 11 Spotlight feature. | OS | |
1.9.24 | Researchers find SQL injection to bypass airport TSA security checks | Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits. | Incindent | |
1.9.24 | New Voldemort malware abuses Google Sheets to store stolen data | A campaign that started on August 5, 2024, is spreading a previously undocumented malware named "Voldemort" to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia. | Virus | |
1.9.24 | North Korean hackers exploit Chrome zero-day to deploy rootkit | North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. | Exploit | |
1.9.24 | Halliburton cyberattack linked to RansomHub ransomware gang | The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company's IT systems and business operations. | Ransom | |
1.9.24 | FBI: RansomHub ransomware breached 210 victims since February | Since surfacing in February 2024, RansomHub ransomware affiliates have breached over 200 victims from a wide range of critical U.S. infrastructure sectors. | Ransom | |
1.9.24 | Fake Palo Alto GlobalProtect used as lure to backdoor enterprises | Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further. | Virus | |
1.9.24 | Windows 10 KB5041582 update released with 5 changes and fixes | Microsoft has released the August 2024 preview update for Windows 10, version 22H2, with fixes for issues causing system freezes and memory leaks. | OS | |
1.9.24 | North Korean threat actor Citrine Sleet exploiting Chromium zero-day | Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). | Exploit blog | Microsoft Blog |
1.9.24 | North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit | A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North | Exploit | The Hacker News |