H January(270) February(364) March(400) April(276) May(343) June(373) July(336) August(45) September(0) October(0) November(0) December(0)
DATE | NAME | Info | CATEG. | WEB |
|
31.7.24 | Meta Settles for $1.4 Billion with Texas Over Illegal Biometric Data Collection | Meta, the parent company of Facebook, Instagram, and WhatsApp, agreed to a record $1.4 billion settlement with the U.S. state of Texas | ||
|
31.7.24 | New Mandrake Spyware Found in Google Play Store Apps After Two Years | A new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for | ||
|
31.7.24 | Cybercriminals Target Polish Businesses with Agent Tesla and Formbook Malware | Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses (SMBs) in | ||
|
31.7.24 | New SideWinder Cyber Attacks Target Maritime Facilities in Multiple Countries | The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and | ||
|
31.7.24 | OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script | Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of | ||
|
31.7.24 | VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access | A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain | ||
|
31.7.24 | Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild | Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product | ||
|
29.7.24 | Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails | An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email | ||
|
29.7.24 | 'Stargazer Goblin' Creates 3,000 Fake GitHub Accounts for Malware Spread | A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service | ||
|
29.7.24 | Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site | The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part | ||
|
28.7.24 |
Windows 11 taskbar has a hidden "End Task" feature, how to turn it on |
Microsoft has added a feature to Windows 11 that allows you to end tasks directly from the taskbar. | ||
|
28.7.24 |
X begins training Grok AI with your posts, here's how to disable |
X has quietly begun training its Grok AI chat platform using members' public posts without first alerting anyone that it is doing it by default. Here's how to block Grok from using your data. |
||
|
28.7.24 |
WhatsApp for Windows lets Python, PHP scripts execute with no warning |
A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. | ||
|
28.7.24 |
Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed. | |||
|
28.7.24 |
Google fixes Chrome Password Manager bug that hides credentials |
Google has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours. |
||
|
28.7.24 |
Debt collection agency Financial Business and Consumer Solutions (FBCS) has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. |
|||
|
28.7.24 |
July Windows Server updates break Remote Desktop connections |
Microsoft has confirmed that July's security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. |
||
|
28.7.24 |
Acronis warns of Cyber Infrastructure default password abused in attacks |
Acronis warned customers to patch a critical Cyber Infrastructure security flaw that lets attackers bypass authentication on vulnerable servers using default credentials. | ||
|
28.7.24 |
Russian ransomware gangs account for 69% of all ransom proceeds |
Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. |
||
|
28.7.24 |
PKfail Secure Boot bypass lets attackers install UEFI malware |
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. |
||
|
28.7.24 |
Critical ServiceNow RCE flaws actively exploited to steal credentials |
Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. |
||
|
28.7.24 |
Microsoft has released the optional KB5040527 preview cumulative update for Windows 11 23H2 and 22H2, which includes fixes for Windows Backup and upgrade failures. |
|||
|
28.7.24 |
US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks |
The U.S. State Department is offering a reward of up to $10 million for information that could help capture a North Korean military hacker. |
Virus | The Hacker News |
|
28.7.24 |
Meta nukes massive Instagram sextortion network of 63,000 accounts |
Meta has removed 63,000 Instagram accounts from Nigeria that were involved in sextortion scams, including a coordinated network of 2,500 accounts linked to 20 individuals targeting primarily adult men in the United States. |
AI | The Hacker News |
|
28.7.24 |
French Authorities Launch Operation to Remove PlugX Malware from Infected Systems |
French judicial authorities, in collaboration with Europol, have launched a so-called "disinfection operation" to rid compromised |
BigBrothers | The Hacker News |
|
27.7.24 |
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. |
Cryptocurrency | The Hacker News | |
|
27.7.24 |
French police push PlugX malware self-destruct payload to clean PCs |
The French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France. | Phishing | The Hacker News |
|
27.7.24 |
Over 3,000 GitHub accounts used by malware distribution service |
Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. |
Virus | |
|
27.7.24 |
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. | Incindent | ||
|
27.7.24 |
Microsoft fixes bug behind Windows 10 Connected Cache delivery issues |
Microsoft has fixed a known Windows 10 update issue that broke Microsoft Connected Cache (MCC) node discovery on enterprise networks. |
Virus | |
|
27.7.24 |
KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack |
American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices. | Incindent | |
|
27.7.24 |
Google Chrome now asks for passwords to scan protected archives |
Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. |
Security | |
|
27.7.24 |
CrowdStrike: 'Content Validator' bug let faulty update pass checks |
CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024. | BigBrothers | |
|
27.7.24 |
Windows July security updates send PCs into BitLocker recovery |
Microsoft warned that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates. |
Ransom | |
|
27.7.24 |
The entire database for the notorious BreachForums v1 hacking forum was released on Telegram Tuesday night, exposing a treasure trove of data, including members' information, private messages, cryptocurrency addresses, and every post on the forum. |
BigBrothers | ||
|
27.7.24 |
The Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware. | Social | ||
|
27.7.24 |
Hamster Kombat’s 250 million players targeted in malware attacks |
Hamster Kombat’s 250 million players targeted in malware attacks | Ransom | |
|
27.7.24 |
Windows 10 KB5040525 fixes WDAC issues causing app failures, memory leak |
Microsoft has released the July 2024 preview update for Windows 10, version 22H2, with fixes for Windows Defender Application Control (WDAC) issues causing app crashes and system memory exhaustion. |
BigBrothers | |
|
27.7.24 |
Decentralized finance (DeFi) crypto exchange dYdX announced on Tuesday that the website for its older v3 trading platform has been compromised. | Vulnerebility | The Hacker News | |
|
27.7.24 |
BreachForums v1 hacking forum data leak exposes members’ info |
The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users. |
Ransom | The Hacker News |
|
26.7.24 | Meta Removes 63,000 Instagram Accounts Linked to Nigerian Sextortion Scams | Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target | Social | The Hacker News |
|
26.7.24 | Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform | Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions | Vulnerebility | The Hacker News |
|
26.7.24 | Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins | Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization | Vulnerebility | The Hacker News |
|
26.7.24 | CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software | The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet | ICS | The Hacker News |
|
26.7.24 | New Chrome Feature Scans Password-Protected Files for Malicious Content | Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web | Virus | The Hacker News |
|
25.7.24 | Telegram App Flaw Exploited to Spread Malware Hidden in Videos | A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised | Social | The Hacker News |
|
25.7.24 | Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool | The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel | Hack | The Hacker News |
|
25.7.24 | CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices | Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash | Security | The Hacker News |
|
25.7.24 | Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers | A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver | Exploit | The Hacker News |
|
25.7.24 | CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The | BigBrothers | The Hacker News |
|
24.7.24 | Chinese Hackers Target Taiwan and US NGO with MgBot Malware | Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state- | BigBrothers | The Hacker News |
|
24.7.24 | New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure | Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been | ICS | The Hacker News |
|
24.7.24 | Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files | Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest | CyberCrime | The Hacker News |
|
24.7.24 | Meta Given Deadline to Address E.U. Concerns Over 'Pay or Consent' Model | Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its "pay or | Social | The Hacker News |
|
24.7.24 | Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware | The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research | BigBrothers | The Hacker News |
|
23.7.24 | Google Abandons Plan to Phase Out Third-Party Cookies in Chrome | Google on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years | Security | The Hacker News |
|
23.7.24 | Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking | The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese | Hack | The Hacker News |
|
23.7.24 | PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing | A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud | Virus | The Hacker News |
|
23.7.24 | SocGholish Malware Exploits BOINC Project for Covert Cyberattacks | The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called | Virus | The Hacker News |
|
23.7.24 | New Linux Variant of Play Ransomware Targeting VMware ESXi Systems | Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) | Ransom | The Hacker News |
|
22.7.24 | Microsoft releases Windows repair tool to remove CrowdStrike driver | Microsoft has released a custom WinPE recovery tool to find and remove the faulty CrowdStrike update that crashed an estimated 8.5 million Windows devices on Friday. | Security | |
|
22.7.24 | Fake CrowdStrike fixes target companies with malware, data wipers | Threat actors are exploiting the massive business disruption from CrowdStrike's glitchy update on Friday to target companies with data wipers and remote access tools. | Virus | |
|
22.7.24 | UK arrests suspected Scattered Spider hacker linked to MGM attack | UK police have arrested a 17-year-old boy suspected of being involved in the 2023 MGM Resorts ransomware attack and a member of the Scattered Spider hacking collective. | CyberCrime | |
|
22.7.24 | Microsoft confirms CrowdStrike update also hit Windows 365 PCs | Microsoft says the faulty CrowdStrike Falcon update, which caused widespread outages by crashing Windows systems worldwide, also resulted in Windows 365 Cloud PCs getting stuck in reboot loops, rendering them unusable. | Cyber | |
|
21.7.24 | Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware | Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows | Virus | The Hacker News |
|
21.7.24 | 17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in U.K. | Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious | CyberCrime | The Hacker News |
|
20.7.24 | ClickFix Deception: A Social Engineering Tactic to Deploy Malware | McAfee Labs has discovered a highly unusual method of malware delivery, referred to by researchers as the “Clickfix” infection chain. The attack chain begins with users being lured to visit seemingly legitimate but compromised websites. | Malware blog | McAfee |
|
20.7.24 | CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks | Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched. | Vulnerebility blog | Trend Micro |
|
20.7.24 | Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike | On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike. | Cyber blog | Trend Micro |
|
20.7.24 | Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma | Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more. | Ransom blog | Trend Micro |
|
20.7.24 | The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409 | We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems. | Vulnerebility blog | Trend Micro |
|
20.7.24 | Teaming up with IBM to secure critical SAP workloads | Trend Micro partners with IBM to offer advanced threat detection and response for protecting critical infrastructures running on IBM Power servers | Cyber blog | Trend Micro |
|
20.7.24 | An In-Depth Look at Crypto-Crime in 2023 Part 2 | In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise. | Cryptocurrency blog | Trend Micro |
|
20.7.24 | Container Breakouts: Escape Techniques in Cloud Environments | Container escapes are a notable security risk for organizations, because they can be a critical step of an attack chain that can allow malicious threat actors access. We previously published one such attack chain in an article about a runC vulnerability. | Vulnerebility blog | Palo Alto |
|
20.7.24 | Beware of BadPack: One Weird Trick Being Used Against Android Devices | This article discusses recent samples of BadPack Android malware and examines how this threat’s tampered headers can obstruct malware analysis. We also review the effectiveness of various freely available tools for analyzing BadPack Android Package Kit (APK) files. | Malware blog | Palo Alto |
|
20.7.24 | NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS | MuddyWater, an Iranian threat group affiliated with the Ministry of Intelligence and Security (MOIS), has significantly increased its activities in Israel since the beginning of the Israel-Hamas war in October 2023. This parallels with activities against targets in Saudi Arabia, Turkey, Azerbaijan, India and Portugal. | Malware blog | Checkpoint |
|
20.7.24 | It's best to just assume you’ve been involved in a data breach somehow | Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers. | Incident blog | Cisco Blog |
|
20.7.24 | HotPage: Story of a signed, vulnerable, ad-injecting driver | A study of a sophisticated Chinese browser injector that leaves more doors open! | Malware blog | Eset |
|
20.7.24 | Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills | These five formidable bits of kit that can assist cyber-defenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurity | Cyber blog | Eset |
|
20.7.24 | Hello, is it me you’re looking for? How scammers get your phone number | Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters. | Security blog | Eset |
|
20.7.24 | Should ransomware payments be banned? – Week in security with Tony Anscombe | Blanket bans on ransomware payments are a much-debated topic in cybersecurity and policy circles. What are the implications of outlawing the payments, and would the ban be effective? | Ransom blog | Eset |
|
20.7.24 | MediSecure: Ransomware gang stole data of 12.9 million people | MediSecure, an Australian prescription delivery service provider, revealed that roughly 12.9 million people had their personal and health information stolen in an April ransomware attack. | Ransom | |
|
20.7.24 | CrowdStrike update crashes Windows systems, causes outages worldwide | A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. | Security | |
|
20.7.24 | Russians plead guilty to involvement in LockBit ransomware attacks | Two Russian individuals admitted to participating in many LockBit ransomware attacks, which targeted victims worldwide and across the United States. | Ransom | |
|
20.7.24 | Revolver Rabbit gang registers 500,000 domains for malware campaigns | A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems. | Virus | |
|
20.7.24 | SolarWinds fixes 8 critical bugs in access rights audit software | SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices. | Vulnerebility | BleepingComputer |
|
20.7.24 | Critical Cisco bug lets hackers add root users on SEG devices | Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. | Vulnerebility | |
|
20.7.24 | Microsoft: Windows 11 23H2 now available for all eligible devices | Microsoft says the Windows 11 2023 Update has entered the broad deployment phase and is now available to all seekers on eligible systems. | OS | |
|
20.7.24 | Notorious FIN7 hackers sell EDR killer to other threat actors | The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. | APT | |
|
20.7.24 | Exchange Online adds Inbound DANE with DNSSEC for security boost | Microsoft is rolling out inbound SMTP DANE with DNSSEC for Exchange Online in public preview, a new capability to boost email integrity and security. | Security | |
|
20.7.24 | Cisco SSM On-Prem bug lets hackers change any user's password | Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. | Vulnerebility | |
|
20.7.24 | Over 400,000 Life360 user phone numbers leaked via unsecured API | A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. | Incindent | |
|
19.7.24 | Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide | Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty | Security | |
|
19.7.24 | Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware | A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed | Virus | The Hacker News |
|
19.7.24 | APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K. | Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in | APT | |
|
19.7.24 | SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software | SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to | Vulnerebility | The Hacker News |
|
19.7.24 | WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach | Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in | Cryptocurrency | |
|
18.7.24 | Alert: HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver | Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily | Virus | The Hacker News |
|
18.7.24 | SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks | Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying | AI | The Hacker News |
|
18.7.24 | TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks | Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting | APT | |
|
18.7.24 | Meta Halts AI Use in Brazil Following Data Protection Authority's Ban | Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a | AI | The Hacker News |
|
18.7.24 | Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager | Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On- | Vulnerebility | |
|
18.7.24 | North Korean Hackers Update BeaverTail Malware to Target MacOS Users | Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic | APT | The Hacker News |
|
18.7.24 | Yacht giant MarineMax data breach impacts over 123,000 people | MarineMax, self-described as the world's largest recreational boat and yacht retailer, is notifying over 123,000 customers whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang. | Incindent | BleepingComputer |
|
18.7.24 | Kaspersky offers free security software for six months in U.S. goodbye | Kaspersky is offering free security products for six months and tips for staying safe as a parting gift to consumers in the United States. | BigBrothers | |
|
18.7.24 | CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks | CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks. | Vulnerebility | |
|
18.7.24 | Email addresses of 15 million Trello users leaked on hacking forum | A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. | Incindent | |
|
18.7.24 | Rite Aid says June data breach impacts 2.2 million people | Rite Aid, the third-largest drugstore chain in the United States, says that 2.2 million customers' personal information was stolen last month in what it described as a "data security incident." | Incindent | |
|
18.7.24 | Microsoft links Scattered Spider hackers to Qilin ransomware attacks | Microsoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacks. | Ransom | |
|
18.7.24 | Microsoft finally fixes Outlook alerts bug caused by December updates | Microsoft has finally fixed a known Outlook issue, confirmed in February, which was triggering incorrect security alerts after installing the December security updates for Outlook Desktop. | OS | |
|
18.7.24 | Kaspersky is shutting down its business in the United States | Russian cybersecurity company and antivirus software provider Kaspersky Lab will start shutting down operations in the United States on July 20. | BigBrothers | |
|
18.7.24 | New BugSleep malware implant deployed in MuddyWater attacks | The Iranian-backed MuddyWater hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems. | Virus | |
|
18.7.24 | SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks | The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks. | Ransom | |
|
18.7.24 | June Windows Server updates break Microsoft 365 Defender features | Microsoft has confirmed that Windows Server updates from last month's Patch Tuesday break some Microsoft 365 Defender features that use the network data reporting service. | Security | |
|
17.7.24 | FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums | The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground | APT | |
|
17.7.24 | China-linked APT17 Targets Italian Companies with 9002 RAT Malware | A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant | APT | The Hacker News |
|
17.7.24 | Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks | The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into | Ransom | |
|
17.7.24 | Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP | Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to | Vulnerebility | The Hacker News |
|
16.7.24 | 'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins | Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a | Virus | |
|
16.7.24 | Malicious npm Packages Found Using Image Files to Hide Backdoor Code | Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute | Virus | The Hacker News |
|
16.7.24 | Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks | The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent | APT | |
|
16.7.24 | Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer | An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the | APT | The Hacker News |
|
16.7.24 | Kaspersky Exits U.S. Market Following Commerce Department Ban | Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a | BigBrothers | |
|
16.7.24 | CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer | Exploit | The Hacker News |
|
16.7.24 | GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks | Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the | Hack | |
|
15.7.24 | Facebook ads for Windows desktop themes push info-stealing malware | Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. | Virus | |
|
15.7.24 | Banks in Singapore to phase out one-time passwords in 3 months | The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months. | Security | |
|
15.7.24 | Hackers use PoC exploits in attacks 22 minutes after release | Threat actors are quick to weaponize available proof-of-concept (PoC) exploits in actual attacks, sometimes as quickly as 22 minutes after exploits are made publicly available. | Exploit | |
|
15.7.24 | Microsoft fixes bug causing Windows Update automation issues | Microsoft has resolved a known issue caused by the June 2024 KB5039302 preview update, causing update problems when using Windows Update automation scripts on Windows 11 systems. | Vulnerebility | |
|
15.7.24 | Critical Exim bug bypasses security filters on 1.5 million mail servers | Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters. | Vulnerebility | |
|
15.7.24 | Rite Aid confirms data breach after June ransomware attack | Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. | Ransom | |
|
15.7.24 | 10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit | Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting, | Virus | The Hacker News |
|
15.7.24 | CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool | A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect | Hack | |
|
15.7.24 | Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months | Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication | Security | The Hacker News |
|
15.7.24 | New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection | Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new | Ransom | |
|
14.7.24 | DNS hijacks target crypto platforms registered with Squarespace | A wave of coordinated DNS hijacking attacks targets decentralized finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing sites hosting wallet drainers. | Cryptocurrency | |
|
14.7.24 | Netgear warns users to patch auth bypass, XSS router flaws | Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. | Vulnerebility | |
|
14.7.24 | Massive AT&T data breach exposes call logs of 109 million customers | AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company's Snowflake account. | Incindent | |
|
14.7.24 | ARRL finally confirms ransomware gang stole data in cyberattack | The American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident." | Incindent | |
|
14.7.24 | Signal downplays encryption key flaw, fixes it after X drama | Signal is finally tightening its desktop client's security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018. | Social | |
|
14.7.24 | Google increases bug bounty rewards five times, up to $151K | Google has announced a fivefold increase in payouts for bugs found in its systems and applications reported through its Vulnerability Reward Program, with a new maximum bounty of $151,515 for a single security flaw. | Security | |
|
14.7.24 | Dallas County: Data of 200,000 exposed in 2023 ransomware attack | Dallas County is notifying over 200,000 people that the Play ransomware attack, which occurred in October 2023, exposed their personal data to cybercriminals. | Ransom | |
|
14.7.24 | CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool | A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers deployed. | Incindent | |
|
14.7.24 | Advance Auto Parts data breach impacts 2.3 million people | Advance Auto Parts is sending data breach notifications to over 2.3 million people whose personal data was stolen in recent Snowflake data theft attacks. | Incindent | |
|
14.7.24 | Huione Guarantee exposed as a $11 billion marketplace for cybercrime | The seemingly legitimate online marketplace Huione Guarantee is being used as a platform for laundering money from online scams, especially "pig butchering" investment fraud, researchers say. | CyberCrime | |
|
14.7.24 | GitLab: Critical bug lets attackers run pipelines as other users | GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user. | Vulnerebility | |
|
13.7.24 | ViperSoftX malware covertly runs PowerShell using AutoIT scripting | The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection. | Virus | |
|
13.7.24 | CISA urges devs to weed out OS command injection vulnerabilities | CISA and the FBI urged software companies on Wednesday to review their products and eliminate path OS command injection vulnerabilities before shipping. | BigBrothers | |
|
13.7.24 | Japan warns of attacks linked to North Korean Kimsuky hackers | Japan's Computer Emergency Response Team Coordination Center (JPCERT/CC) is warning that Japanese organizations are being targeted in attacks by the North Korean 'Kimsuky' threat actors. | APT | |
|
13.7.24 | Windows MSHTML zero-day used in malware attacks for over a year | Microsoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features. | Virus | |
|
13.7.24 | Microsoft fixes Windows 11 bug causing reboot loops, taskbar freezes | Microsoft has fixed a known issue causing restart loops and taskbar problems on Windows 11 systems after installing the June KB5039302 preview update. | OS | |
|
13.7.24 | Ticket Heist fraud gang uses 700 domains to sell fake Olympics tickets | A large-scale fraud campaign with over 700 domain names is likely targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris. | Incindent | |
|
13.7.24 | Google Advanced Protection Program gets passkeys for high-risk users | Google announced today that passkeys are now available for high-risk users when enrolling in the Advanced Protection Program, which provides the strongest level of account security | Safety | |
|
13.7.24 | US disrupts AI-powered bot farm pushing Russian propaganda on X | Almost a thousand Twitter accounts controlled by a large bot farm pushing Russian propaganda and domains used to register the bots were taken down in a joint international law enforcement operation led by the U.S. Justice Department. | AI | |
|
13.7.24 | New Blast-RADIUS attack bypasses widely-used RADIUS authentication | Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. | Attack | |
|
13.7.24 | Fujitsu confirms customer data exposed in March cyberattack | Fujitsu confirms that information related to some individuals and customers' business has been compromised during the data breach detected earlier this year. | Incindent | |
|
13.7.24 | Windows 10 KB5040427 update released with Copilot changes, 12 other fixes | Microsoft has released the KB5040427 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 13 changes, including Microsoft Copilot now behaving like an app, providing more flexibility on how it is displayed. | OS | |
|
13.7.24 | Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days | Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days. | OS | |
|
13.7.24 | Windows 11 KB5040442 update released with 31 fixes, changes | Microsoft is rolling out the KB5040442 cumulative update for Windows 11 23H2, which includes up to thirty-one improvements and changes. The changes include a new feature that adds back the "Show Desktop" button, which Copilot replaced. | OS | BleepingComputer |
|
13.7.24 | AT&T Confirms Data Breach Affecting Nearly All Wireless Customers | American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its | Incindent | The Hacker News |
|
13.7.24 | DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign | Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the | Virus | |
|
13.7.24 | Application Security report: 2024 update | Cloudflare’s updated 2024 view on Internet cyber security trends spanning global traffic insights, bot traffic insights, API traffic insights, and client-side risks... | Cyber blog | Cloudflare |
|
13.7.24 | Euro 2024’s impact on Internet traffic: a closer look at finalists Spain and England | Here we examine how UEFA Euro 2024 football matches have influenced Internet traffic patterns in participating countries, with a special focus on the two finalists, Spain and England, on their journey to the final... | BigBrother blog | Cloudflare |
|
13.7.24 | Cloudflare Zaraz adds support for server-side rendering of X and Instagram embeds | We are thrilled to announce Cloudflare Zaraz support for server-side rendering of embeds from X and Instagram. This allows for secure, privacy-preserving, and performant embedding without third-party JavaScript or cookies, enhancing security, privacy, and performance on your website... | Social blog | Cloudflare |
|
13.7.24 | DDoS threat report for 2024 Q2 | Welcome to the 18th edition of the Cloudflare DDoS Threat Report. Released quarterly, these reports provide an in-depth analysis of the DDoS threat landscape as observed across the Cloudflare network. This edition focuses on the second quarter of 2024... | Attack blog | Cloudflare |
|
13.7.24 | RADIUS/UDP vulnerable to improved MD5 collision attack | The RADIUS protocol is commonly used to control administrative access to networking gear. Despite its importance, RADIUS hasn’t changed much in decades. We discuss an attack on RADIUS as a case study for why it’s important for legacy protocols to keep up with advancements in cryptography... | Attack blog | Cloudflare |
|
13.7.24 | French elections: political cyber attacks and Internet traffic shifts | Check the dynamics of the 2024 French legislative elections, the surprising election results’ impact on Internet traffic changes, and the cyber attacks targeting political parties... | BigBrother blog | Cloudflare |
|
13.7.24 | UK election day 2024: traffic trends and attacks on political parties | Here, we explore the dynamics of Internet traffic and cybersecurity during the UK’s 2024 general election, highlighting late-day traffic changes and a post-vote attack on a political party... | BigBrother blog | Cloudflare |
|
13.7.24 | Cloudflare 1.1.1.1 incident on June 27, 2024 | On June 27, 2024, a small number of users globally may have noticed that 1.1.1.1 was unreachable or degraded. The root cause was a mix of BGP (Border Gateway Protocol) hijacking and a route leak... | Incident blog | Cloudflare |
|
13.7.24 | First round of French election: party attacks and a modest traffic dip | How Cloudflare mitigated DDoS attacks targeting French political parties during the 2024 legislative elections, as detailed in our ongoing election coverage... | Attack blog | Cloudflare |
|
13.7.24 | Declare your AIndependence: block AI bots, scrapers and crawlers with a single click | To help preserve a safe Internet for content creators, we’ve just launched a brand new “easy button” to block all AI bots. It’s available for all customers, including those on our free tier... | AI blog | Cloudflare |
|
13.7.24 | HardBit Ransomware version 4.0 | In this Threat Analysis report, Cybereason Security Services investigates HardBit Ransomware version 4.0, a new version observed in the wild. | Ransom blog | Cybereason |
|
13.7.24 | Cactus Ransomware: New strain in the market | Cactus is another variant in the ransomware family. It exploits VPN vulnerability(CVE-2023-38035) to enter into an internal organization network and deploys varies payloads for persistence(Scheduled Task/Job), C2 connection via RMM tools(Anydesk.exe) and encryption. | Ransom blog | Trelix |
|
13.7.24 | The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution | ViperSoftX uses CLR to embed and execute PowerShell commands within AutoIt, seamlessly integrating malicious functions while evading detection with an AMSI bypass. | Malware blog | Trelix |
|
13.7.24 | Cracking Cobalt Strike: Taking Down Malicious Cybercriminal Infrastructure with Threat Intelligence | Trellix and global law enforcement dismantle malicious Cobalt Strike infrastructure, enhancing cybersecurity and protecting critical sectors. Learn about our fight against cybercrime. | APT blog | Trelix |
|
13.7.24 | Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate Variant | The SonicWall RTDMI ™ engine has recently protected users against the distribution of the “6.6” variant of DarkGate malware by a phishing email campaign containing PDF files as an attachment. DarkGate is an advanced Remote Access Trojan that has been widely active since 2018. The RAT has been marketed as Malware-as-a-Service in underground forums, and threat actors are actively updating its code. The malware supports a wide range of features, including (Anti-VM Anti-AV Delay Execution multi-variant support and process hollowing, etc.), which are controlled by flags in the configuration data. | Malware blog | SonicWall |
|
13.7.24 | Microsoft Security Bulletin Coverage for July 2024 | Microsoft’s July 2024 Patch Tuesday has 138 vulnerabilities, 59 of which are Remote Code Execution. The SonicWall Capture Lab’s threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2024 and has produced coverage for 7 of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
|
13.7.24 | Adobe Commerce Unauthorized XXE Vulnerability | The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords. Successful exploitation could lead to arbitrary code execution, security feature bypass, and privilege escalation. | Vulnerebility blog | SonicWall |
|
13.7.24 | An In-Depth Look at Crypto-Crime in 2023 Part 2 | In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise. | Cryptocurrency blog | Trend Micro |
|
13.7.24 | Network detection & response: the SOC stress reliever | Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important. | Cyber blog | Trend Micro |
|
13.7.24 | An In-Depth Look at Crypto-Crime in 2023 Part 1 | Cybersecurity is a growing concern in today's digital age, as more sensitive information is stored and transmitted online. With the rise of cryptocurrencies, there has also been a rise in crypto-crimes, which pose a significant threat to the security of both individuals and businesses. | Cryptocurrency blog | Trend Micro |
|
13.7.24 | The Top 10 AI Security Risks Every Business Should Know | With every week bringing news of another AI advance, it’s becoming increasingly important for organizations to understand the risks before adopting AI tools. This look at 10 key areas of concern identified by the Open Worldwide Application Security Project (OWASP) flags risks enterprises should keep in mind through the back half of the year. | AI blog | Trend Micro |
|
13.7.24 | DarkGate: Dancing the Samba With Alluring Excel Files | This article reviews a DarkGate malware campaign from March-April 2024 that uses Microsoft Excel files to download a malicious software package from public-facing SMB file shares. This was a relatively short-lived campaign that illustrates how threat actors can creatively abuse legitimate tools and services to distribute their malware. | Malware blog | Palo Alto |
|
13.7.24 | Dissecting GootLoader With Node.js | This article shows how to circumvent anti-analysis techniques from GootLoader malware while using Node.js debugging in Visual Studio Code. This evasion technique used by GootLoader JavaScript files can present a formidable challenge for sandboxes attempting to analyze the malware. | Malware blog | Palo Alto |
|
13.7.24 | The Contrastive Credibility Propagation Algorithm in Action: Improving ML-powered Data Loss Prevention | The Contrastive Credibility Propagation (CCP) algorithm is a novel approach to semi-supervised learning (SSL) developed by AI researchers at Palo Alto Networks to improve model task performance with imbalanced and noisy labeled and unlabeled data. | AI blog | Palo Alto |
|
13.7.24 | EXPLORING COMPILED V8 JAVASCRIPT USAGE IN MALWARE | In recent months, CPR has been investigating the usage of compiled V8 JavaScript by malware authors. Compiled V8 JavaScript is a lesser-known feature in V8, Google’s JavaScript engine, that enables the compilation of JavaScript into low-level bytecode. This technique assists attackers in evading static detections and hiding their original source code, rendering it almost impossible to analyze statically. | Exploit blog | Checkpoint |
|
13.7.24 | RESURRECTING INTERNET EXPLORER: THREAT ACTORS USING ZERO-DAY TRICKS IN INTERNET SHORTCUT FILE TO LURE VICTIMS (CVE-2024-38112) | Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution. | Vulnerebility blog | Checkpoint |
|
13.7.24 | Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs | Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers. | Ransom blog | Cisco Blog |
|
13.7.24 | Impact of data breaches is fueling scam campaigns | Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time. | Incident blog | Cisco Blog |
|
13.7.24 | Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling | Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments. | Spam blog | Cisco Blog |
|
13.7.24 | How do cryptocurrency drainer phishing scams work? | In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials. | Cryptocurrency blog | Cisco Blog |
|
13.7.24 | Checking in on the state of cybersecurity and the Olympics | Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos. | Cyber blog | Cisco Blog |
|
13.7.24 | 15 vulnerabilities discovered in software development kit for wireless routers | Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router. | Vulnerebility blog | Cisco Blog |
|
13.7.24 | Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities | This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities. | Vulnerebility blog | Cisco Blog |
|
13.7.24 | Understanding IoT security risks and how to mitigate them | Cybersecurity podcast | As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds? | IoT blog | Eset |
|
13.7.24 | 5 common Ticketmaster scams: How fraudsters steal the show | Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account | Spam blog | Eset |
|
12.7.24 | Australian Defence Force Private and Husband Charged with Espionage for Russia |
Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a |
BigBrothers | The Hacker News |
|
12.7.24 |
Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments |
A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious |
||
|
12.7.24 |
U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation |
The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that |
||
|
12.7.24 |
Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool |
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 |
||
|
12.7.24 |
60 New Malicious Packages Uncovered in NuGet Supply Chain Attack |
Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an |
||
|
11.7.24 | Hackers target WordPress calendar plugin used by 150,000 sites | Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely. | Vulnerebility | |
|
11.7.24 | City of Philadelphia says over 35,000 hit in May 2023 breach | The City of Philadelphia revealed that a May 2024 disclosed in October impacted more than 35,000 individuals' personal and protected health information. | Incindent | |
|
11.7.24 | Chinese APT40 hackers hijack SOHO routers to launch attacks | An advisory by CISA and multiple international cybersecurity agencies highlights the tactics, techniques, and procedures (TTPs) of APT40 (aka "Kryptonite Panda"), a state-sponsored Chinese cyber-espionage actor. | APT | |
|
11.7.24 | Evolve Bank says data breach impacts 7.6 million Americans | Evolve Bank & Trust (Evolve) is sending notices of a data breach to 7.6 million Americans whose data was stolen during a recent LockBit ransomware attack. | Incindent | |
|
11.7.24 | Computer maker Zotac exposed customers' RMA info on Google Search | Computer hardware maker Zotac has exposed return merchandise authorization (RMA) requests and related documents online for an unknown period, exposing sensitive customer information. | Incindent | |
|
11.7.24 | Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events | In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters. | Incindent | |
|
11.7.24 | Neiman Marcus data breach: 31 million email addresses found exposed | A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month has exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analyzed the stolen data. | Incindent | |
|
11.7.24 | Microsoft: Windows 11 22H2 reaches end of service in October | Microsoft reminded customers today that multiple editions of Windows 11, version 22H2, will reach the end of servicing (EOS) in three months, on October 8, 2024. | OS | |
|
11.7.24 | Avast releases free decryptor for DoNex ransomware and past variants | Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free. | Ransom | |
|
11.7.24 | Russia forces Apple to remove dozens of VPN apps from App Store | Apple has removed 25 virtual private network (VPN) apps from the Russian App Store at the request of Roskomnadzor, Russia's telecommunications watchdog. | BigBrothers | |
|
11.7.24 | RCE bug in widely used Ghostscript library now exploited in attacks | A remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in attacks. | Vulnerebility | |
|
11.7.24 | CloudSorcerer hackers abuse cloud services to steal Russian govt data | A new advanced persistent threat (APT) group named CloudSorcerer abuses public cloud services to steal data from Russian government organizations in cyberespionage attacks. | APT | |
|
11.7.24 | Roblox vendor data breach exposes dev conference attendee info | Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees. | Incindent | |
|
11.7.24 | Europol says Home Routing mobile encryption feature aids criminals | Europol is proposing solutions to avoid challenges posed by privacy-enhancing technologies in Home Routing that hinder law enforcement's ability to intercept communications during criminal investigations. | BigBrothers | |
|
11.7.24 | Shopify denies it was hacked, links stolen data to third-party app | E-commerce platform Shopify denies it suffered a data breach after a threat actor began selling customer data they claim was stolen from the company's network. | Incindent | |
|
11.7.24 | Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk | The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" | APT | |
|
11.7.24 | New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign | Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called | Virus | |
|
11.7.24 | PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks | Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, | Exploit | |
|
11.7.24 | GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs | GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug | Vulnerebility | |
|
11.7.24 | New Ransomware Group Exploiting Veeam Backup Software Vulnerability | A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation | Ransom | |
|
10.7.24 | Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited | Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have | OS | |
|
10.7.24 | Google Adds Passkeys to Advanced Protection Program for High-Risk Users | Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection | Safety | |
|
10.7.24 | HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia | Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in | Cryptocurrency | |
|
10.7.24 | ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks | The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the | Virus | |
|
10.7.24 | New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk | Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code | Vulnerebility | |
|
9.7.24 |
RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks |
Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that |
||
|
9.7.24 |
Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks |
Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console |
||
|
9.7.24 | GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel |
Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data- |
||
|
9.7.24 |
Cybersecurity Agencies Warn of China-linked APT40's Rapid Exploit Adaptation |
Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a |
||
|
9.7.24 |
Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories |
Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be |
||
|
8.7.24 |
New APT Group "CloudSorcerer" Targets Russian Government Entities |
A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and- |
||
|
8.7.24 |
Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites |
An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of |
||
|
8.7.24 |
New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems |
An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and |
||
|
8.7.24 | Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries | Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according to | Virus | The Hacker News |
|
8.7.24 | Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service | Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that | Vulnerebility | The Hacker News |
|
8.7.24 | Apple Removes VPN Apps from Russian App Store Amid Government Pressure | Apple removed a number of virtual private network (VPN) apps in Russia from its App Store on July 4, 2024, following a request by | OS | The Hacker News |
|
6.7.24 | Cloudflare blames recent outage on BGP hijacking incident | Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak. | Hack | |
|
6.7.24 | Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion | Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events would be leaked if a $2 million extortion demand is not paid. | Incindent | |
|
6.7.24 | New Eldorado ransomware targets Windows, VMware ESXi VMs | A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows. | Ransom | |
|
6.7.24 | Ethereum mailing list breach exposes 35,000 to crypto draining attack | A threat actor compromised Ethereum's mailing list provider and sent to over 35,000 addresses a phishing email with a link to a malicious site running a crypto drainer. | Cryptocurrency | |
|
6.7.24 | Hackers attack HFS servers to drop malware and Monero miners | Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software. | Virus | |
|
6.7.24 | HealthEquity data breach exposes protected health information | Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. | Incindent | |
|
6.7.24 | OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers | French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 | Attack | The Hacker News |
|
6.7.24 |
Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective |
In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly. | ||
|
6.7.24 |
Mekotio Banking Trojan Threatens Financial Systems in Latin America |
We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we'll provide an overview of the trojan and what it does. | ||
|
6.7.24 |
The SonicWall Capture Labs threat research team became aware of a path traversal vulnerability in SolarWinds Serv-U, assessed its impact and developed mitigation measures. |
|||
|
6.7.24 |
Not If, But When: The Need for a SOC and Introducing the SonicWall European SOC |
When you think about cyber threats or attacks, what comes to mind? It’s easy to associate cyberattacks with large enterprises since those are the attacks that frequently make the news. |
||
|
6.7.24 |
The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time. | |||
|
6.7.24 |
In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. We also share examples of malicious Cobalt Strike samples that use Malleable C2 configuration profiles derived from the same profile hosted on a public code repository. |
|||
|
6.7.24 |
Cryptographic attacks, even more advanced ones, are often made more difficult to understand than they need to be. Sometimes it’s because the explanation is “too much too soon” — it skips the simple general idea and goes straight to real world attacks with all their messy details. |
|||
|
6.7.24 |
Social media and teen mental health – Week in security with Tony Anscombe |
Social media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick? |
||
|
6.7.24 |
No room for error: Don’t get stung by these common Booking.com scams |
|||
|
6.7.24 | ||||
|
6.7.24 |
Hijacked: How hacked YouTube channels spread scams and malware | |||
|
6.7.24 |
Key trends shaping the threat landscape in H1 2024 – Week in security with Tony Anscombe |
|||
|
5.7.24 |
OVHcloud blames record-breaking DDoS attack on MikroTik botnet |
OVHcloud, a global cloud services provider and one of the largest of its kind in Europe, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year that reached an unprecedented packet rate of 840 million packets per second (Mpps). |
||
|
5.7.24 |
Hackers abused API to verify millions of Authy MFA phone numbers |
Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. | ||
|
5.7.24 |
Formula 1 governing body discloses data breach after email hacks |
FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. | ||
|
5.7.24 |
Infostealer malware logs used to identify child abuse website members |
Thousands of pedophiles who download and share child sexual abuse material (CSAM) were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations. |
||
|
5.7.24 |
Europol takes down 593 Cobalt Strike servers used by cybercriminals |
Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks. |
||
|
5.7.24 |
Proton launches free, privacy-focused Google Docs alternative |
Proton has launched 'Docs in Proton Drive,' a free and open-source end-to-end encrypted web-based document editing and collaboration tool. |
||
|
5.7.24 |
Google has launched kvmCTF, a new vulnerability reward program (VRP) first announced in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor that comes with $250,000 bounties for full VM escape exploits. |
|||
|
5.7.24 |
Patelco shuts down banking systems following ransomware attack |
Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact. |
||
|
5.7.24 |
Buy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust (Evolve). |
|||
|
5.7.24 |
Prudential Financial now says 2.5 million impacted by data breach |
Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach. |
||
|
5.7.24 |
CDK Global says that its dealer management system (DMS), impacted by a massive IT outage following a June 18th ransomware attack, will be back online by Thursday for all car dealerships |
|||
|
5.7.24 |
An Australian man was charged by Australia's Federal Police (AFP) for allegedly conducting an 'evil twin' WiFi attack on various domestic flights and airports in Perth, Melbourne, and Adelaide to steal other people's email or social media credentials. |
|||
|
5.7.24 | GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks | The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised | Virus | The Hacker News |
|
5.7.24 | Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies | The supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findings | Hack | The Hacker News |
|
5.7.24 | New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks | Cybersecurity researchers have uncovered a new botnet called Zergeca that's capable of conducting distributed denial-of-service | BotNet | The Hacker News |
|
5.7.24 | Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus | Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, | ICS | The Hacker News |
|
4.7.24 | Brazil Halts Meta's AI Data Processing Amid Privacy Concerns | Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing | AI | The Hacker News |
|
4.7.24 | Global Police Operation Shuts Down 600 Cybercrime Servers Linked to Cobalt Strike | A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal | CyberCrime | The Hacker News |
|
4.7.24 | Twilio's Authy App Breach Exposes Millions of Phone Numbers | Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in | Incindent | The Hacker News |
|
4.7.24 | Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool | Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool | Virus | The Hacker News |
|
3.7.24 | FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks | The loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using the | Virus | The Hacker News |
|
3.7.24 | Israeli Entities Targeted by Cyberattack Using Donut and Sliver Frameworks | Cybersecurity researchers have discovered an attack campaign that targets various Israeli entities with publicly-available frameworks like | Hack | The Hacker News |
|
3.7.24 | South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware | An unnamed South Korean enterprise resource planning (ERP) vendor's product update server has been found to be compromised | Virus | The Hacker News |
|
2.7.24 | New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data | Modern CPUs from Intel, including Raptor Lake and Alder Lake, have been found vulnerable to a new side-channel attack that could be | Attack | The Hacker News |
|
2.7.24 | Cisco warns of NX-OS zero-day exploited to deploy custom malware | Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. | Exploit | |
|
2.7.24 | Latest Intel CPUs impacted by new Indirector side-channel attack | Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU. | Attack | |
|
2.7.24 | New regreSSHion OpenSSH RCE bug gives root on Linux servers | A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems. | Vulnerebility | |
|
2.7.24 | Router maker's support portal hacked, replies with MetaMask phishing | BleepingComputer has verified that the helpdesk portal of a router manufacturer is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise. | Phishing | |
|
2.7.24 | Google Chrome to let Isolated Web App access sensitive USB devices | Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. | Security | |
|
2.7.24 | Juniper releases out-of-cycle fix for max severity auth bypass flaw | Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products. | Vulnerebility | |
|
2.7.24 | Dev rejects CVE severity, makes his GitHub repo read-only | The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. | Vulnerebility | |
|
2.7.24 | Fake IT support sites push malicious PowerShell scripts as Windows fixes | Fake IT support sites promote malicious PowerShell "fixes" for common Windows errors, like the 0x80070643 error, to infect devices with information-stealing malware. | OS | |
|
2.7.24 | Meta's 'Pay or Consent' Approach Faces E.U. Competition Rules Scrutiny | Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the | Social | The Hacker News |
|
2.7.24 | Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware | A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in | Vulnerebility | The Hacker News |
|
2.7.24 | Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights | An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user | Hack | The Hacker News |
|
2.7.24 | Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks | A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that | Vulnerebility | The Hacker News |
|
1.7.24 | CapraRAT Spyware Disguised as Popular Apps Threatens Android Users | The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering | Virus | The Hacker News |
|
1.7.24 | Indian Software Firm's Products Hacked to Spread Data-Stealing Malware | Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to | Virus | The Hacker News |
|
1.7.24 | New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems | OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. | Vulnerebility | The Hacker News |
|
1.7.24 | Juniper Networks Releases Critical Security Update for Routers | Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication | Vulnerebility | The Hacker News |