H January(270) February(364) March(400) April(276) May(343) June(373) July(296) August(388) September(287) October(0) November(0) December(0)
DATE | NAME | Info | CATEG. | WEB |
27.9.24 | Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers | A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to | Vulnerebility | The Hacker News |
26.9.24 | Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates | Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could | Hack | The Hacker News |
26.9.24 | N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks | Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity | APT | The Hacker News |
26.9.24 | Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware | As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest | Virus | The Hacker News |
26.9.24 | U.S. govt agency CMS says data breach impacted 3.1 million people | The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year. | Incindent | |
26.9.24 | Infostealer malware bypasses Chrome’s new cookie-theft defenses | Infostealer malware developers released updates claiming to bypass Google Chrome's recently introduced feature App-Bound Encryption to protect sensitive data such as cookies. | Virus | |
26.9.24 | Critical Ivanti vTM auth bypass bug now exploited in attacks | CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks. | Vulnerebility | |
26.9.24 | Hackers deploy AI-written malware in targeted attacks | While cybercriminals have used generative AI technology to create convincing emails, government agencies have warned about the potential abuse of AI tools to creating malicious software, despite the safeguards and restrictions that vendors implemented. | AI | |
26.9.24 | Generative AI Security: Getting ready for Salesforce Einstein Copilot | Salesforce's Einstein Copilot can provide insights and perform tasks help streamline daily processes. However, it also comes with risks that you should takes steps to mitigate. Learn more from Varonis on how to prepare for Salesforce Einstein Copilot, | AI | |
26.9.24 | MoneyGram confirms a cyberattack is behind dayslong outage | Money transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday. | Hack | |
26.9.24 | From 12 to 21: how we discovered connections between the Twelve and BlackJack groups | An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group. | APT | Securelist |
26.9.24 | Web tracking report: who monitored users’ online activities in 2023–2024 the most | Web tracking has become a pervasive aspect of our online experience. Whether we’re browsing social media, playing video games, shopping for products, or simply reading news articles, trackers are silently monitoring our online behavior, fueling the ceaseless hum of countless data centers worldwide. In this article, | Safety | Securelist |
26.9.24 | Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities | An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential | APT | The Hacker News |
26.9.24 | Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign | Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage | APT | The Hacker News |
25.9.24 | Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52% | Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the | Vulnerebility | The Hacker News |
25.9.24 | Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent | Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection | Security | The Hacker News |
25.9.24 | Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool | Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto | Exploit | The Hacker News |
25.9.24 | ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function | A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term | AI | The Hacker News |
25.9.24 | Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware | Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of | Virus | The Hacker News |
25.9.24 | CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic | Vulnerebility | The Hacker News |
25.9.24 | Necro Android Malware Found in Popular Camera and Browser Apps on Play Store | Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of | Virus | The Hacker News |
24.9.24 | U.S. Proposes Ban on Connected Vehicles Using Chinese and Russian Tech | The U.S. Department of Commerce (DoC) said it's proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the | BigBrothers | The Hacker News |
24.9.24 | Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns | Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective | Security | The Hacker News |
24.9.24 | New Octo Android malware version impersonates NordVPN, Google Chrome | A new version of the Octo Android malware, named "Octo2," has been seen spreading across Europe under the guise of NordVPN, Google Chrome, and an app called Europe Enterprise. | Virus | |
24.9.24 | US proposes ban on connected vehicle tech from China, Russia | Today, the Biden administration announced new proposed measures to defend the United States' national security from potential threats linked to connected vehicle technologies originating from China and Russia. | APT | |
24.9.24 | Telegram now shares users’ IP and phone number on legal requests | Telegram will now share users' phone numbers and IP addresses with law enforcement if they are found to be violating the platform's rules following a valid legal request. | Social | |
24.9.24 | New Mallox ransomware Linux variant based on leaked Kryptina code | An affiliate of the Mallox ransomware operation, also known as TargetCompany, was spotted using a slightly modified version of the Kryptina ransomware to attack Linux systems. | Ransom | |
24.9.24 | Kaspersky deletes itself, installs UltraAV antivirus without warning | Starting Thursday, Kaspersky deleted its anti-malware software from computers across the United States and replaced it with UltraAV's antivirus solution without warning. | Security | |
24.9.24 | Android malware 'Necro' infects 11 million devices via Google Play | A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks. | Virus | |
24.9.24 | New Google Chrome feature will translate complex pages in real time | Google is testing a new API that uses machine learning models to offer real-time language translation for inputted text and to make it easier to translate web pages. | Cyber | BleepingComputer |
24.9.24 | New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities | Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved | Virus | The Hacker News |
24.9.24 | Telegram Agrees to Share User Data With Authorities for Criminal Investigations | In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to | Social | The Hacker News |
23.9.24 | Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk | A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead | IoT | The Hacker News |
23.9.24 | Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls | Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted (E2EE) protocol to | Social | The Hacker News |
23.9.24 | New PondRAT Malware Hidden in Python Packages Targets Software Developers | Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called | Virus | The Hacker News |
23.9.24 | Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware | A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other | Virus | The Hacker News |
22.9.24 | Global infostealer malware operation targets crypto users, gamers | A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named "Marko Polo." | Virus | |
22.9.24 | Microsoft ends development of Windows Server Update Services (WSUS) | Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel. | OS | |
22.9.24 | Windows Server 2025 previews security updates without restarts | Microsoft announced today that Hotpatching is now available in public preview for Windows Server 2025, allowing installation of security updates without restarting. | OS | |
22.9.24 | Disney ditching Slack after massive July data breach | The Walt Disney Company is reportedly ditching Slack after a July data breach exposed over 1TB of confidential messages and files posted to the company's internal communication channels. | Incindent | |
22.9.24 | Ukraine bans Telegram on military, govt devices over security risks | Ukraine's National Coordination Centre for Cybersecurity (NCCC) has restricted the use of the Telegram messaging app within government agencies, military units, and critical infrastructure, citing national security concerns. | BigBrothers | |
22.9.24 | Dell investigates data breach claims after hacker leaks employee info | Dell has confirmed to BleepingComputer that they are investigating recent claims that it suffered a data breach after a threat actor leaked the data for over 10,000 employees. | Incindent | |
21.9.24 | Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks | A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber | APT | The Hacker News |
21.9.24 | Ukraine Bans Telegram Use for Government and Military Personnel | Ukraine has restricted the use of the Telegram messaging app by government officials, military personnel, and other defense and | BigBrothers | The Hacker News |
21.9.24 | macOS Sequoia change breaks networking for VPN, antivirus software | Users of macOS 15 'Sequoia' are reporting network connection errors when using certain endpoint detection and response (EDR) or virtual private network (VPN) solutions, and web browsers. | OS | BleepingComputer |
21.9.24 | Clickbaity or genius? 'BF cheated on you' QR codes pop up across UK | A new wave of QR codes has popped up across UK claiming to share a video of a boyfriend who "cheated" on a girl named Emily last night. Clickbaity or genius? | Security | |
21.9.24 | Suspects behind $230 million cryptocurrency theft arrested in Miami | Two suspects were arrested in Miami this week and charged with conspiracy to steal and launder over $230 million in cryptocurrency using crypto exchanges and mixing services. | Cryptocurrency | |
21.9.24 | CISA warns of actively exploited Apache HugeGraph-Server bug | The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server. | BigBrothers | |
21.9.24 | Tor says it’s "still safe" amid reports of police deanonymizing users | The Tor Project is attempting to assure users that the network is still safe after a recent investigative report warned that law enforcement from Germany and other countries are working together to deanonymize users through timing attacks. | Security | |
21.9.24 | Ivanti warns of another critical CSA flaw exploited in attacks | Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. | Exploit | |
21.9.24 | Google Password Manager now automatically syncs your passkeys | Google announced that starting today, passkeys added to Google Password Manager will automatically sync between Windows, macOS, Linux, Android, and ChromeOS devices for logged-in users. | Safety | |
21.9.24 | Police dismantles phone unlocking ring linked to 483,000 victims | A joint law enforcement operation has dismantled an international criminal network that used the iServer automated phishing-as-a-service platform to unlock the stolen or lost mobile phones of 483,000 victims worldwide. | BigBrothers | |
21.9.24 | Germany seizes 47 crypto exchanges used by ransomware gangs | German law enforcement seized 47 cryptocurrency exchange services hosted in the country that facilitated illegal money laundering activities for cybercriminals, including ransomware gangs. | BigBrothers | |
21.9.24 | Unexplained ‘Noise Storms’ flood the Internet, puzzle experts | Internet intelligence firm GreyNoise reports that it has been tracking large waves of "Noise Storms" containing spoofed internet traffic since January 2020. However, despite extensive analysis, it has not concluded its origin and purpose. | Cyber | |
21.9.24 | Clever 'GitHub Scanner' campaign abusing repos to push malware | A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. | Virus | |
21.9.24 | Discord rolls out end-to-end encryption for audio, video calls | Discord has introduced the DAVE protocol, a custom end-to-end encryption (E2EE) protocol designed to protect audio and video calls on the platform from unauthorized interceptions. | Safety | |
21.9.24 | Europol takes down "Ghost" encrypted messaging platform used for crime | Europol and law enforcement from nine countries successfully dismantled an encrypted communications platform called "Ghost," which was used by organized crime such as drug trafficking and money laundering. | BigBrothers | |
21.9.24 | X hacking spree fuels "$HACKED" crypto token pump-and-dump | Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. | Ransom | BleepingComputer |
21.9.24 | Cracked Software or Cyber Trap? The Rising Danger of AsyncRAT Malware | Authored by Neil Tyagi In cybersecurity, threats constantly evolve, and new ways to exploit unsuspecting users are... | Malware blog | |
21.9.24 | How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections | Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions. | Ransom blog | |
21.9.24 | Identifying Rogue AI | This is the third blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights | AI blog | |
21.9.24 | Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC | We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China. | APT blog | |
21.9.24 | Vulnerabilities in Cellular Packet Cores Part IV: Authentication | Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC), both of which have now been resolved and are discussed in this blog post. | Vulnerebility blog | |
21.9.24 | Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability (CVE-2024-20017) Threatens Routers and Smartphones | Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-20017, assessed its impact and developed mitigation measures for the vulnerability. CVE-2024-20017 is a critical zero-click vulnerability with a CVSS 3.0 score | Vulnerebility blog | SonicWall |
21.9.24 | Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool | This article discusses the discovery of a new post-exploitation red team tool called Splinter that we found on customer systems using Advanced WildFire’s memory scanning tools. Penetration testing toolkits and adversary simulation frameworks are often useful for identifying potential security issues in a company's network. | Exploit blog | Palo Alto |
21.9.24 | FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe | With just weeks to go before the US presidential election, the FBI and the CISA are warning about attempts to sow distrust in the electoral process | BigBrother blog | |
21.9.24 | Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6) | How do analyst relations professionals 'sort through the noise' and help deliver the not-so-secret sauce for a company's success? We spoke with ESET's expert to find out | Social blog | |
21.9.24 | Understanding cyber-incident disclosure | Proper disclosure of a cyber-incident can help shield your business from further financial and reputational damage, and cyber-insurers can step in to help | Cyber blog | |
21.9.24 | ESET Research Podcast: EvilVideo | ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos | Malware blog | |
21.9.24 | AI security bubble already springing leaks | Artificial intelligence is just a spoke in the wheel of security – an important spoke but, alas, only one | AI blog | |
21.9.24 | The Iranian Cyber Capability | In this blog, we will provide an overview of the Iranian threat landscape and discuss the tools, tactics and techniques used by these groups. | APT blog | Trelix |
21.9.24 | Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware | Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. | Ransom | BleepingComputer |
21.9.24 | X hacking spree fuels "$HACKED" crypto token pump-and-dump | An X account hacking spree has fueled a successful pump-and-dump scheme for the $HACKED Solana token, with people rushing to buy the coin. | Social | |
21.9.24 | Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware | Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. | Ransom | |
21.9.24 | GitLab releases fix for critical SAML authentication bypass flaw | GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE). | Vulnerebility | |
21.9.24 | Microsoft may have revealed Windows 11 24H2 is coming this month | Microsoft may have accidentally confirmed that Windows 11 24H2 (Windows 11 2024 Update) is arriving on September 24 as part of the optional preview update, with it rolling out to more people as part of the mandatory October Patch Tuesday updates. | OS | |
21.9.24 | Apple pulls iPadOS 18 update bricking M4 iPad Pro devices | Apple has paused the rollout of iPadOS 18 on iPad Pro tablets with the M4 chip after numerous owners reported the update is "bricking" their devices, with no way to turn them on after performing the update. | OS | |
21.9.24 | Chinese botnet infects 260,000 SOHO routers, IP cameras with malware | The FBI and cybersecurity researchers have disrupted a massive Chinese botnet called "Raptor Train" that infected over 260,000 networking devices to target critical infrastructure in the US and in other countries. | BotNet | |
21.9.24 | Russian security firm Dr.Web disconnects all servers after breach | On Tuesday, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend. | Incindent | |
21.9.24 | Temu denies breach after hacker claims theft of 87 million data records | Temu denies it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information. | Incindent | |
21.9.24 | Broadcom fixes critical RCE bug in VMware vCenter Server | Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet. | Vulnerebility | BleepingComputer |
21.9.24 | Construction firms breached in brute force attacks on accounting software | Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to breach corporate networks. | Incindent | |
21.9.24 | AT&T pays $13 million FCC settlement over 2023 data breach | The Federal Communications Commission (FCC) has reached a $13 million settlement with AT&T to resolve a probe into whether the telecom giant failed to protect customer data after a vendor's cloud environment was breached three years ago. | Incindent | |
21.9.24 | CISA urges software devs to weed out XSS vulnerabilities | CISA and the FBI urged tech companies to review their software and eliminate cross-site scripting (XSS) vulnerabilities before shipping. | BigBrothers | |
20.9.24 | Ransomware gangs now abuse Microsoft Azure tool for data theft | Ransomware gangs like BianLian and Rhysida increasingly use Microsoft's Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage. | Ransom | |
20.9.24 | PKfail Secure Boot bypass remains a significant risk two months later | Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks. | Incindent | |
20.9.24 | Over 1,000 ServiceNow instances found leaking corporate KB data | Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors. | Security | |
20.9.24 | CISA warns of Windows flaw used in infostealer malware attacks | CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. | BigBrothers | |
20.9.24 | Exploit code released for critical Ivanti RCE flaw, patch now | A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. | Exploit | |
20.9.24 | Microsoft rolls out Office LTSC 2024 for Windows and Mac | Microsoft has announced that Office LTSC (Long Term Servicing Channel) 2024, a volume-licensed and perpetual version of Office for Windows and macOS users, is now available for commercial and government customers. | OS | |
20.9.24 | US cracks down on spyware vendor Intellexa with more sanctions | Today, the U.S. Department of the Treasury has sanctioned five executives and one entity linked to the Intellexa Consortium for developing and distributing Predator commercial spyware. | BigBrothers | BleepingComputer |
20.9.24 | Chrome switching to NIST-approved ML-KEM quantum encryption | Google announced updates in the post-quantum cryptographic key encapsulation mechanism used in the Chrome browser, specifically, the swap of Kyber used in hybrid key exchanges with Module Lattice Key Encapsulation Mechanism (ML-KEM). | Safety | |
20.9.24 | D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers | D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. | Vulnerebility | |
20.9.24 | Windows vulnerability abused braille “spaces” in zero-day attacks | A recently fixed "Windows MSHTML spoofing vulnerability" tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group. | APT | BleepingComputer |
20.9.24 | Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials | Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to | BigBrothers | The Hacker News |
20.9.24 | Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East | An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to | APT | The Hacker News |
20.9.24 | Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature | Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, | Safety | The Hacker News |
20.9.24 | Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks | Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the | Vulnerebility | The Hacker News |
20.9.24 | Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms | Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software , according to | Hack | The Hacker News |
19.9.24 | New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails | A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a | Virus | The Hacker News |
19.9.24 | New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit | The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server | Cryptocurrency | The Hacker News |
19.9.24 | Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector | Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first | Ransom | The Hacker News |
19.9.24 | GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions | GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result | Vulnerebility | The Hacker News |
19.9.24 | New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide | Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and | IoT | The Hacker News |
19.9.24 | Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military | A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain | APT | The Hacker News |
18.9.24 | North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware | A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in | APT | The Hacker News |
18.9.24 | Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing | Google has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when | Safety | The Hacker News |
18.9.24 | GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging | The GSM Association (GSMA), the governing body that oversees the development of the Rich Communications Services (RCS) protocol, | BigBrothers | The Hacker News |
18.9.24 | Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution | Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for | Vulnerebility | The Hacker News |
17.9.24 | Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense | Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to | Safety | The Hacker News |
17.9.24 | U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation | The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa | BigBrothers | The Hacker News |
17.9.24 | Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users | Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with | Cryptocurrency | The Hacker News |
17.9.24 | SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks | SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical | Vulnerebility | The Hacker News |
16.9.24 | Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution | A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve | Vulnerebility | The Hacker News |
16.9.24 | North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware | Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on | APT | The Hacker News |
16.9.24 | Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure | Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk | OS | The Hacker News |
16.9.24 | Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks | Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver | Phishing | The Hacker News |
15.9.24 | YARA 4.5.2 Release | YARA 4.5.2 was released with 3 small changes and 4 bugfixes. | SANS | |
15.9.24 | Finding Honeypot Data Clusters Using DBSCAN: Part 2 | In an earlier diary, I reviewed how using tools like DBSCAN can be useful to group similar data. I used DBSCAN to try and group similar commands submitted to Cowrie and URL paths submitted to the DShield web honeypot. | SANS | |
15.9.24 | Python Libraries Used for Malicious Purposes | Since I’m interested in malicious Python scripts, I found multiple samples that rely on existing libraries. | SANS | |
15.9.24 | FBI tells public to ignore false claims of hacked voter data | The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks. | BigBrothers | |
15.9.24 | Malware locks browser in kiosk mode to steal Google credentials | A malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. | Virus | |
15.9.24 | Port of Seattle hit by Rhysida ransomware in August attack | Port of Seattle, the United States government agency overseeing Seattle's seaport and airport, confirmed on Friday that the Rhysida ransomware operation was behind a cyberattack impacting its systems over the last three weeks. | Ransom | |
15.9.24 | TfL requires in-person password resets for 30,000 employees after hack | Transport for London (TfL) says that all staff (roughly 30,000 employees) must attend in-person appointments to verify their identities and reset passwords following a cybersecurity incident disclosed almost two weeks ago. | CyberCrime | |
15.9.24 | 23andMe to pay $30 million in genetics data breach settlement | DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. | Incindent | |
15.9.24 | Ivanti warns high severity CSA flaw is now exploited in attacks | Ivanti confirmed on Friday that a high severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks. | Exploit | |
15.9.24 | New Linux malware Hadooken targets Oracle WebLogic servers | Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named "Hadooken," which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks | Virus | |
15.9.24 | RansomHub claims Kawasaki cyberattack, threatens to leak stolen data | Kawasaki Motors Europe has announced that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data. | Ransom | |
15.9.24 | New Vo1d malware infects 1.3 million Android streaming boxes | Threat actors have infected over 1.3 million TV streaming boxes running Android with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices. | Virus | |
15.9.24 | FBI: Reported cryptocurrency losses reached $5.6 billion in 2023 | The FBI says that 2023 was a record year for cryptocurrency fraud, with total losses exceeding $5.6 billion, based on nearly 70,000 reports received through the Internet Crime Complaint Center (IC3). | Cryptocurrency | |
15.9.24 | Fortinet confirms data breach after hacker claims to steal 440GB of files | Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server. | Incindent | |
15.9.24 | UK arrests teen linked to Transport for London cyber attack | U.K.'s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city's public transportation agency. | CyberCrime | |
15.9.24 | Hackers targeting WhatsUp Gold with public exploit since August | Hackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software. | Exploit | |
15.9.24 | Transport for London confirms customer data stolen in cyberattack | Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses. | Incindent | |
15.9.24 | GitLab warns of critical pipeline execution vulnerability | GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. | Vulnerebility | |
15.9.24 | Fake password manager coding test used to hack Python developers | Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. | Hack | |
15.9.24 | Adobe fixes Acrobat Reader zero-day with public PoC exploit | A cybersecurity researcher is urging users to upgrade Adobe Acrobat Reader after a fix was released yesterday for a remote code execution zero-day with a public in-the-wild proof-of-concept exploit. | Exploit | |
14.9.24 | Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities | In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671. | Vulnerebility blog | |
14.9.24 | Earth Preta Evolves its Attacks with New Malware and Strategies | In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign. | Malware blog | |
14.9.24 | CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective | In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques | APT blog | Cybereason |
14.9.24 | Chinese APT Abuses VSCode to Target Government in Asia | Unit 42 researchers recently found that Stately Taurus abused the popular Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. Stately Taurus is a Chinese advanced persistent threat (APT) group that carries out cyberespionage attacks. | APT blog | Palo Alto |
14.9.24 | Key Group Russian Ransomware Gang Uses Extensive Multi-purpose Telegram Channel | The SonicWall Capture Labs threat research team has been recently tracking ransomware known as Key Group. Key Group is a Russian-based malware threat group that was formed in early 2023. | Ransom blog | |
14.9.24 | Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers | While investigating CVE-2024-5932, a code injection vulnerability in the GiveWP WordPress plugin, our team encountered a malicious Proof of Concept (POC) targeting cybersecurity professionals. This has become a growing threat to cybersecurity professionals from threat actors to achieve their motives, such as crypto mining, data exfiltration and backdoor installation | Vulnerebility blog | |
14.9.24 | Microsoft Security Bulletin Coverage For September 2024 | Microsoft’s September 2024 Patch Tuesday has 79 vulnerabilities, of which 30 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2024 and has produced coverage for 9 of the reported vulnerabilities. | OS Blog | SonicWall |
14.9.24 | Targeted Iranian Attacks Against Iraqi Government Infrastructure | Check Point Research discovered a new set of malware called Veaty and Spearal that was used in attacks against different Iraqi entities including government networks. | APT blog | Checkpoint |
14.9.24 | DragonRank, a Chinese-speaking SEO manipulator service provider | Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation | APT blog | |
14.9.24 | The 2024 Threat Landscape State of Play | Talos' Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer attention to infostealers. | Security blog | |
14.9.24 | Vulnerability in Tencent WeChat custom browser could lead to remote code execution | While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor. | Vulnerebility blog | |
14.9.24 | Watch our new documentary, "The Light We Keep: A Project PowerUp Story" | The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country. | Security blog | |
14.9.24 | We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders | A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America. | Security blog | |
14.9.24 | Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API | CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges. | Vulnerebility blog | |
14.9.24 | Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score | September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical. | Vulnerebility blog | |
14.9.24 | The best and worst ways to get users to improve their account security | In my opinion, mandatory enrollment is best enrollment. | Security blog | |
14.9.24 | Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads | The threat of VBA macros has diminished since Microsoft prevented the execution of macros in Microsoft Office documents downloaded from the internet, but not all users are using the latest up-to-date Office versions and can still be vulnerable. | Malware blog | Cisco Blog |
14.9.24 | CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe | ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends | Ransom blog | |
14.9.24 | 6 common Geek Squad scams and how to defend against them | Learn about the main tactics used by scammers impersonating Best Buy’s tech support arm and how to avoid falling for their tricks | Spam blog | |
14.9.24 | CosmicBeetle steps up: Probation period at RansomHub | CosmicBeetle, after improving its own ransomware, tries its luck as a RansomHub affiliate | Ransom blog | |
14.9.24 | WordPress.org to require 2FA for plugin developers by October | Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor authentication (2FA) on their accounts. | Safety | |
14.9.24 | Chinese hackers linked to cybercrime syndicate arrested in Singapore | Six Chinese nationals and a Singaporean have been arrested on Monday in Singapore for their alleged role in malicious cyber activities committed in connection with a "global syndicate." | CyberCrime | |
14.9.24 | Microsoft fixes Windows Server performance issues from August updates | Microsoft says this month's Patch Tuesday cumulative updates also fix a known issue causing Windows Server 2019 boot problems, freezes, and performance issues after installing the August 2024 security updates. | OS | |
14.9.24 | Ivanti fixes maximum severity RCE bug in Endpoint Management software | Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. | Vulnerebility | |
14.9.24 | New PIXHELL acoustic attack leaks secrets from LCD screen noise | A novel acoustic attack named 'PIXHELL' can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to. | Attack | |
14.9.24 | RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software | The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to attempt disabling endpoint detection and response (EDR) services on target systems. | Ransom | |
14.9.24 | Windows 10 KB5043064 update released with 6 fixes, security updates | Microsoft has released the KB5043064 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 6 changes and fixes, including a fix for Bluetooth devices that stop working due to a memory leak. | OS | |
14.9.24 | Microsoft fixes Windows Smart App Control zero-day exploited since 2018 | Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018. | OS | |
14.9.24 | Windows 11 KB5043076 cumulative update released with 19 changes | Microsoft has released the mandatory Windows 11 23H2 KB5043076 cumulative update to fix security vulnerabilities and make 19 improvements. | OS | |
14.9.24 | Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws | Today is Microsoft's September 2024 Patch Tuesday, which includes security updates for 79 flaws, including three actively exploited and one publicly disclosed zero-days. | OS | |
14.9.24 | Wix to block Russian users starting September 12 | Wix.com has announced it will stop providing services to Russian users on September 12, 2024, with all accounts from Russia, including free and premium, to be blocked and their websites taken down | BigBrothers | |
14.9.24 | Microsoft to start force-upgrading Windows 22H2 systems next month | Microsoft announced that Windows 11 installs reaching the end of support next month, on October 8, will be force-upgraded to Windows 11 23H2. | OS | |
14.9.24 | Navigating Endpoint Privilege Management: Insights for CISOs and Admins | Understanding endpoint privilege management is key to defending organizations from advanced attacks. Learn more from ThreatLocker on using endpoint privilege management to better secure your org's systems. | Security | |
14.9.24 | Flipper Zero releases Firmware 1.0 after three years of development | After three years of development, the Flipper Zero team has announced the release of the first major firmware version for the portable, customizable digital hacking device. | Security | |
14.9.24 | NoName ransomware gang deploying RansomHub malware in recent attacks | The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate. | Ransom | BleepingComputer |
14.9.24 | Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability | Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 | Vulnerebility | The Hacker News |
13.9.24 | Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers | Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully | Exploit | The Hacker News |
13.9.24 | 17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London | British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for | CyberCrime | The Hacker News |
13.9.24 | TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud | Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new | Virus | The Hacker News |
13.9.24 | Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw | Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in | Exploit | The Hacker News |
13.9.24 | New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency | Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining | Cryptocurrency | The Hacker News |
12.9.24 | New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram | Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at | Virus | The Hacker News |
12.9.24 | Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution | GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an | Vulnerebility | The Hacker News |
12.9.24 | Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide | Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 | Virus | The Hacker News |
12.9.24 | Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking | Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. | Cryptocurrency | The Hacker News |
12.9.24 | Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack | Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state- | APT | The Hacker News |
12.9.24 | Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe | The Irish Data Protection Commission (DPC) has announced that it has commenced a "Cross-Border statutory inquiry" into Google's | AI | The Hacker News |
12.9.24 | WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers | WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes | Security | The Hacker News |
12.9.24 | Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances | The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN | BotNet | The Hacker News |
12.9.24 | DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe | A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe | APT | The Hacker News |
11.9.24 | Fake recruiter coding tests target devs with malicious Python packages | RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers. | APT | ReversingLabs |
11.9.24 | Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate | The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged | CyberCrime | The Hacker News |
11.9.24 | Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware | Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of | APT | The Hacker News |
11.9.24 | Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws | Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active | Vulnerebility | The Hacker News |
11.9.24 | Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities | Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical | Vulnerebility | The Hacker News |
11.9.24 | CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub | The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and | Ransom | The Hacker News |
11.9.24 | Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia | A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as | APT | The Hacker News |
11.9.24 | New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers | A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the "audio gap" and | Attack | The Hacker News |
11.9.24 | Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments | The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and | APT | The Hacker News |
11.9.24 | New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks | A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data | Attack | The Hacker News |
10.9.24 | Critical SonicWall SSLVPN bug exploited in ransomware attacks | Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks. | Ransom | |
10.9.24 | Quad7 botnet targets more SOHO and VPN routers, media servers | The Quad7 botnet is expanding its targeting scope with the addition of new clusters and custom implants that now also target Zyxel VPN appliances and Ruckus wireless routers. | BotNet | |
10.9.24 | Chinese hackers use new data theft malware in govt attacks | New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks. | APT | |
10.9.24 | Highline Public Schools closes schools following cyberattack | Highline Public Schools, a K-12 district in Washington state, has shut down all schools and canceled school activities after its technology systems were compromised in a cyberattack. | Hack | |
10.9.24 | Meta fixes easily bypassed WhatsApp ‘View Once’ privacy feature | A privacy flaw in WhatsApp, an instant messenger with over 2 billion users worldwide, is being exploited by attackers to bypass the app's "View once" feature and view messages again. | Social | |
10.9.24 | Payment gateway data breach affects 1.7 million credit card owners | Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. | Incindent | |
10.9.24 | Progress LoadMaster vulnerable to 10/10 severity RCE flaw | Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device. | Vulnerebility | |
9.9.24 | Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT | The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized | Virus | The Hacker News |
9.9.24 | Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks | The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code | APT | The Hacker News |
9.9.24 | Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor | Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that | Vulnerebility | The Hacker News |
9.9.24 | New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys | Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat | Virus | The Hacker News |
9.9.24 | TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign | A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers | BigBrothers | The Hacker News |
9.9.24 | U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks | The U.S. government and a coalition of international partners have officially attributed a Russian hacking group tracked as Cadet | BigBrothers | The Hacker News |
8.9.24 | Sextortion scam now use your "cheating" spouse’s name as a lure | A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. | Spam | |
8.9.24 | New RAMBO attack steals data using RAM in air-gapped computers | A novel side-channel attack dubbed "RAMBO" (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device's RAM to send data from air-gapped computers. | Attack | |
8.9.24 | Transport for London staff faces systems disruptions after cyberattack | Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack. | Incindent | |
8.9.24 | Car rental giant Avis discloses data breach impacting customers | American car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information. | Incindent | |
8.9.24 | Microsoft Office 2024 to disable ActiveX controls by default | After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. | Security | |
8.9.24 | SpyAgent Android malware steals your crypto recovery phrases from images | A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. | OS | |
8.9.24 | SonicWall SSLVPN access control flaw is now exploited in attacks | SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible. | Vulnerebility | |
8.9.24 | Apache fixes critical OFBiz remote code execution vulnerability | Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. | Vulnerebility | |
8.9.24 | Microsoft removes revenge porn from Bing search using new tool | Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media. | Security | |
8.9.24 | Russian military hackers linked to critical infrastructure attacks | The United States and its allies have linked a group of Russian hackers (tracked as Cadet Blizzard and Ember Bear) behind global critical infrastructure attacks to Unit 29155 of Russia's Main Directorate of the General Staff of the Armed Forces (also known as GRU). | BigBrothers | |
8.9.24 | LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks | Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. | Hack | |
8.9.24 | Musician charged with $10M streaming royalties fraud using AI and bots | North Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme. | AI | |
8.9.24 | Veeam warns of critical RCE flaw in Backup & Replication software | Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. | Vulnerebility | |
8.9.24 | Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords | Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. | CyberCrime | |
8.9.24 | Planned Parenthood confirms cyberattack as RansomHub claims breach | Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage. | Ransom | |
8.9.24 | Microchip Technology confirms data was stolen in cyberattack | American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang. | Incindent | |
8.9.24 | Red team tool ‘MacroPack’ abused in attacks to deploy Brute Ratel | The MacroPack framework, initially designed for Red Team exercises, is being abused by threat actors to deploy malicious payloads, including Havoc, Brute Ratel, and PhatomCore. | Hack | |
8.9.24 | US cracks down on Russian disinformation before 2024 election | The FBI seized 32 web domains used by the Doppelgänger Russian-linked influence operation network in a disinformation campaign targeting the American public ahead of this year's presidential election. | BigBrothers | |
8.9.24 | Cisco fixes root escalation vulnerability with public exploit code | Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileges to root on vulnerable systems. | Exploit | |
8.9.24 | New Eucleak attack lets threat actors clone YubiKey FIDO keys | A new "EUCLEAK" flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico's YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys and clone the FIDO device. | Attack | |
8.9.24 | Cisco warns of backdoor admin account in Smart Licensing Utility | Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. | Virus | |
8.9.24 | Hackers inject malicious JS in Cisco store to steal credit cards, credentials | Cisco's site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout. | CyberCrime | |
8.9.24 | Google backports fix for Pixel EoP flaw to other Android devices | Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation of privilege flaw that was previously fixed on Pixel devices. | OS | |
8.9.24 | Criminal IP Earns PCI DSS v4.0 Certification for Top-Level Security | AI Spera has achieved PCI DSS v4.0 certification for its threat intel search engine solution, Criminal IP. Learn more from the Criminal IP cyber threat intelligence search engine. | Safety | |
8.9.24 | Revival Hijack supply-chain attack threatens 22,000 PyPI packages | Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. | Hack | |
8.9.24 | FTC: Over $110 million lost to Bitcoin ATM scams in 2023 | The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. | BigBrothers | |
8.9.24 | Zyxel warns of critical OS command injection flaw in routers | Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. | Vulnerebility | |
8.9.24 | New Windows PowerToy launches, repositions apps to saved layouts | Microsoft has released a new Workspaces PowerToy that helps launch sets of applications using custom desktop layouts and configurations with a mouse click. | OS | |
8.9.24 | North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams | Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake | APT | The Hacker News |
8.9.24 | FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals | Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that | BigBrothers | The Hacker News |
7.9.24 | TIDRONE Targets Military and Satellite Industries in Taiwan | Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones. | BigBrother blog | |
7.9.24 | Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command | Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection. | Malware blog | |
7.9.24 | Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion | While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign. | Malware blog | |
7.9.24 | CVE-2024-23119: Critical SQL Injection Vulnerability in Centreon | Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-23119, assessed its impact and developed mitigation measures for this vulnerability. CVE-2024-23119 is a high-severity SQL Injection vulnerability in Centreon, impacting Centreon | Vulnerebility blog | SonicWall |
7.9.24 | Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe | The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams | Spam blog | |
7.9.24 | ESET Research Podcast: HotPage | ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver | Malware blog | |
7.9.24 | The key considerations for cyber insurance: A pragmatic approach | Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options | Cyber blog | |
7.9.24 | In plain sight: Malicious ads hiding in search results | Sometimes there’s more than just an enticing product offer hiding behind an ad | Malware blog | |
7.9.24 | FBI warns crypto firms of aggressive social engineering attacks | The FBI warns of North Korean hackers aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks, aiming to deploy malware that steals their crypto assets. | Cryptocurrency | |
7.9.24 | Clearview AI fined €30.5 million for unlawful data collection | The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) on Clearview AI for unlawful data collection using facial recognition, including photos of Dutch citizens. | AI | |
7.9.24 | D-Link says it is not fixing four RCE flaws in DIR-846W routers | D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. | Vulnerebility | |
7.9.24 | Halliburton confirms data stolen in recent cyberattack | Oil and gas giant Halliburton has confirmed in a filing today to the Securities and Exchange Commission (SEC) that data was stolen in the recent attack linked to the RansomHub ransomware gang. | Incindent | |
7.9.24 | Transport for London discloses ongoing “cyber security incident” | Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services. | Incindent | |
7.9.24 | Admins of MFA bypass service plead guilty to fraud | Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K. | Safety | |
7.9.24 | Verkada to pay $2.95 million for alleged CAN-SPAM Act violations | The Federal Trade Commission (FTC) requires security camera vendor Verkada to create a comprehensive information security program as part of a settlement after multiple security failures enabled hackers to access live video feeds from internet-connected cameras. | BigBrothers | |
7.9.24 | Business services giant CBIZ discloses customer data breach | CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach that involves unauthorized access of client information stored in specific databases. | Incindent | |
7.9.24 | Linux version of new Cicada ransomware targets VMware ESXi servers | A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide. | Ransom | |
7.9.24 | GitHub comments abused to push password stealing malware masked as fixes | GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. | Virus | |
7.9.24 | SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation | SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The | Vulnerebility | The Hacker News |
7.9.24 | GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware | A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver | BotNet | The Hacker News |
7.9.24 | GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code | Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading | Vulnerebility | The Hacker News |
6.9.24 | Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress | Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could | Vulnerebility | The Hacker News |
6.9.24 | Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution | A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code | Vulnerebility | The Hacker News |
6.9.24 | Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity | Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a | BigBrothers | The Hacker News |
6.9.24 | Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East | Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat | APT | The Hacker News |
6.9.24 | Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues | Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical | Vulnerebility | The Hacker News |
5.9.24 | U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown | The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda | BigBrothers | The Hacker News |
5.9.24 | Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore | Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco | Virus | The Hacker News |
5.9.24 | New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm | The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber | Virus | The Hacker News |
5.9.24 | Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks | Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow | Vulnerebility | The Hacker News |
5.9.24 | North Korean Hackers Targets Job Seekers with Fake FreeConference App | North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to | APT | The Hacker News |
5.9.24 | Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw | Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has | Virus | The Hacker News |
5.9.24 | Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack | A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to | Hack | The Hacker News |
4.9.24 | Google Confirms CVE-2024-32896 Exploited in the Wild, Releases Android Security Patch | Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has | Exploit | The Hacker News |
4.9.24 | Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers | A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to | Virus | The Hacker News |
4.9.24 | Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers | Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions | Vulnerebility | The Hacker News |
4.9.24 | Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database | The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) against facial recognition firm | AI | The Hacker News |
4.9.24 | Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack | A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader | Virus | The Hacker News |
4.9.24 | Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus | A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and | Exploit | The Hacker News |
4.9.24 | New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems | Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities | Ransom | The Hacker News |
4.9.24 | Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users | Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This | Virus | The Hacker News |
4.9.24 | New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access | Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges | Exploit | The Hacker News |
4.9.24 | Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt | A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his | CyberCrime | The Hacker News |
4.9.24 | RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors | Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in | Ransom | The Hacker News |
4.9.24 | Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers' Systems | Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again | Virus | The Hacker News |
1.9.24 | GitHub comments abused to spread Lumma Stealer malware as fake fixes | GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. | Virus | |
1.9.24 | Docker-OSX image used for security research hit by Apple DMCA takedown | The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright. | Virus | |
1.9.24 | Microsoft is trying to reduce Windows 11's desktop spotlight clutter | Windows 11's Spotlight feature is a pretty nice way to jazz up your desktop background with different wallpapers and fun facts when you hover over the image icon, but it takes up a lot of space. Microsoft is working on a new change that reduces this clutter in the Windows 11 Spotlight feature. | OS | |
1.9.24 | Researchers find SQL injection to bypass airport TSA security checks | Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits. | Incindent | |
1.9.24 | New Voldemort malware abuses Google Sheets to store stolen data | A campaign that started on August 5, 2024, is spreading a previously undocumented malware named "Voldemort" to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia. | Virus | |
1.9.24 | North Korean hackers exploit Chrome zero-day to deploy rootkit | North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. | Exploit | |
1.9.24 | Halliburton cyberattack linked to RansomHub ransomware gang | The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company's IT systems and business operations. | Ransom | |
1.9.24 | FBI: RansomHub ransomware breached 210 victims since February | Since surfacing in February 2024, RansomHub ransomware affiliates have breached over 200 victims from a wide range of critical U.S. infrastructure sectors. | Ransom | |
1.9.24 | Fake Palo Alto GlobalProtect used as lure to backdoor enterprises | Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further. | Virus | |
1.9.24 | Windows 10 KB5041582 update released with 5 changes and fixes | Microsoft has released the August 2024 preview update for Windows 10, version 22H2, with fixes for issues causing system freezes and memory leaks. | OS | |
1.9.24 | North Korean threat actor Citrine Sleet exploiting Chromium zero-day | Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). | Exploit blog | Microsoft Blog |
1.9.24 | North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit | A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North | Exploit | The Hacker News |