H January(270) February(364) March(400) April(276) May(335) June(373) July(0) August(0) September(0) October(0) November(0) December(0)
DATE | NAME | Info | CATEG. | WEB |
|
30.6.24 | Google to Block Entrust Certificates in Chrome Starting November 2024 | Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its | Security | The Hacker News |
|
30.6.24 | Microsoft resumes rollout of Windows 11 KB5039302 update for most users | Microsoft has resumed the rollout of the June Windows 11 KB5039302 update, now blocking the update only for those using virtualization software. | OS | |
|
30.6.24 | Hackers exploit critical D-Link DIR-859 router flaw to steal passwords | Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords. | Exploit | |
|
30.6.24 | Meet Brain Cipher — The new ransomware behind Indonesia's data center attack | The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center. | Ransom | |
|
30.6.24 | Infosys McCamish says LockBit stole data of 6 million people | Infosys McCamish Systems (IMS) disclosed that the LockBit ransomware attack it suffered earlier this year impacted sensitive information of more than six million individuals. | Incindent | |
|
30.6.24 | Dairy giant Agropur says data breach exposed customer info | Agropur, one of the largest dairy cooperatives in North America, is notifying customers of a data breach after some of its shared online directories were exposed. | Incindent | |
|
30.6.24 | Ticketmaster sends notifications about recent massive data breach | Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company's Snowflake database, containing the data of millions of people. | Incindent | |
|
30.6.24 | TeamViewer links corporate cyberattack to Russian state hackers | RMM software developer TeamViewer says a Russian state-sponsored hacking group known as Midnight Blizzard is believed to be behind a breach of their corporate network this week. | BigBrothers | |
|
30.6.24 | Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator | The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them draw a conclusion. | Hack | |
|
30.6.24 | Former IT employee accessed data of over 1 million US patients | Geisinger, a prominent healthcare system in Pennsylvania, has announced a data breach involving a former employee of Nuance, an IT services provider contracted by the organization. | Incindent | |
|
30.6.24 | BlackSuit ransomware gang claims attack on KADOKAWA corporation | The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. | Ransom | |
|
30.6.24 | New Unfurling Hemlock threat actor floods systems with malware | A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files. | Virus | |
|
30.6.24 | U.S. indicts Russian GRU hacker, offers $10 million reward | The U.S. indicted Russian national Amin Timovich Stigal for his alleged role in cyberattacks targeting Ukrainian government computer networks in an operation from the Russian foreign military intelligence agency (GRU) prior to invading the country. | APT | |
|
30.6.24 | TeamViewer's corporate network was breached in alleged APT hack | The remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday, with a cybersecurity firm claiming it was by an APT hacking group. | Incindent | |
|
29.6.24 | Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data | The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's | APT | |
|
29.6.24 | GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others | GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run | Vulnerebility | |
|
29.6.24 | Microsoft pulls Windows 11 KB5039302 update causing reboot loops | Microsoft pulled the June Windows 11 KB5039302 update after finding that it causes some devices to restart repeatedly. | OS | |
|
29.6.24 | Critical GitLab bug lets attackers run pipelines as any user | A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user. | Vulnerebility | |
|
29.6.24 | Polyfill claims it has been 'defamed', returns after domain shut down | The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 websites.. The Polyfill service claims that it has been "maliciously defamed" and been subject to "media messages slandering Polyfill." | Security | |
|
29.6.24 | Cloudflare: We never authorized polyfill.io to use our name | Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized the use of its name or logo on the Polyfill.io website, which has recently been caught injecting malware on more than 100,000 websites in a significant supply chain attack. | Security | |
|
29.6.24 | Chinese Cyberspies Employ Ransomware in Attacks for Diversion | Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft. | Ransom | |
|
29.6.24 | LockBit lied: Stolen data is from a bank, not US Federal Reserve | Recently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States. Except, the rumor has been quashed. | Ransom | |
|
29.6.24 | CISA: Most critical open source projects not using memory safe code | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. | BigBrothers | |
|
29.6.24 | Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released | The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. | Exploit | |
|
29.6.24 | Hackers target new MOVEit Transfer critical auth bypass bug | Threat actors are attempting to exploit a critical authentication bypass flaw impacting Progress MOVEit Transfer, which the vendor disclosed yesterday. | Vulnerebility | |
|
29.6.24 | Windows 11 KB5039302 update released with 9 changes or fixes | Microsoft has released the Windows 11 KB5039302 preview update for Windows 11 version 22H2, bringing several new features and fixes. | OS | |
|
29.6.24 | Windows 10 KB5039299 update released with 10 changes or fixes | Microsoft has released the KB5039299 update for Windows 10 version 22H2 with up to ten bug fixes or changes, including a fix for "Open With" dialog boxes being shown when using apps. | OS | |
|
29.6.24 | Snowblind malware abuses Android security feature to bypass security | A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data. | Virus | |
| 29.6.24 | Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework | We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are bundled with malicious Winos payloads. | APT blog | Trend Micro |
| 29.6.24 | Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer | We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner. | Cryptocurrency blog | Trend Micro |
| 29.6.24 | ICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake Sites | In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO). Similar schemes have been found to use AI-generated images for their fake ICO websites. | AI blog | Trend Micro |
| 29.6.24 | AI Coding Companions 2024: AWS, GitHub, Tabnine + More | AI coding companions are keeping pace with the high-speed evolution of generative AI overall, continually refining and augmenting their capabilities to make software development faster and easier than ever before. This blog looks at how the landscape is changing and key features of market-leading solutions from companies like AWS, GitHub, and Tabnine. | AI blog | Trend Micro |
| 29.6.24 | Attackers in Profile: menuPass and ALPHV/BlackCat | To test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat. | Ransom blog | Trend Micro |
| 29.6.24 | Omdia Report: Trend Disclosed 60% of Vulnerabilities | The latest Omdia Vulnerability Report shows Trend Micro™ Zero Day Initiative™ (ZDI) spearheaded 60% of 2023 disclosures, underscoring its role in cybersecurity threat prevention. | Cyber blog | Trend Micro |
| 29.6.24 | Worldwide 2023 Email Phishing Statistics and Examples | Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023. | Phishing blog | Trend Micro |
| 29.6.24 | Not Just Another 100% Score: MITRE ENGENUITY ATT&CK | The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. | Cyber blog | Trend Micro |
| 29.6.24 | StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe | The SonicWall Capture Labs threat research team has been tracking StrelaStealer for a long time. Recently, in the third week of June, we observed a huge spike in JavaScript spreading StrelaStealer. StrelaStealer specifically steals Outlook and Thunderbird email credentials. The infection chain looks like previous versions of StrelaStealer except major checks have been added to avoid infecting systems in Russia. We are continuing to observe its target regions limited to Poland, Spain, Italy and Germany. | Malware blog | SonicWall |
| 29.6.24 | New Orcinius Trojan Uses VBA Stomping to Mask Infection | This week, the SonicWall Capture Labs threat research team investigated a sample of Orcinius malware. This is a multi-stage trojan that is using Dropbox and Google Docs to download second-stage payloads and stay updated. It contains an obfuscated VBA macro that hooks into Windows to monitor running windows and keystrokes and creates persistence using registry keys. | Malware blog | SonicWall |
| 29.6.24 | Attack Paths Into VMs in the Cloud | This post reviews strategies for identifying and mitigating potential attack vectors against virtual machine (VM) services in the cloud. Organizations can use this information to understand the potential risks associated with their VM services and strengthen their defense mechanisms. This research focuses on VM services offered by three major cloud service providers (CSPs): Amazon Web Services (AWS), Azure and Google Cloud Platform (GCP). | Attack blog | Palo Alto |
| 29.6.24 | Attackers Exploiting Public Cobalt Strike Profiles | In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. We also share examples of malicious Cobalt Strike samples that use Malleable C2 configuration profiles derived from the same profile hosted on a public code repository. | Malware blog | Palo Alto |
| 29.6.24 | RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS | Android, Google’s most popular mobile operating system, powers billions of smartphones and tablets globally. Known for its open-source nature and flexibility, Android offers users a wide array of features, customization options, and access to a vast ecosystem of applications through the Google Play Store and other sources. | Malware blog | Checkpoint |
| 29.6.24 | SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques | Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. | Malware blog | Cisco Blog |
| 29.6.24 | Snowflake isn’t an outlier, it’s the canary in the coal mine | By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login | Incident blog | Cisco Blog |
| 29.6.24 | Multiple vulnerabilities in TP-Link Omada system could lead to root access | Affected devices could include wireless access points, routers, switches and VPNs. | Vulnerebility blog | Cisco Blog |
| 29.6.24 | Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia | The new remote access trojan (RAT) dubbed SpiceRAT was used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. | Malware blog | Cisco Blog |
| 29.6.24 | We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there | A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop. | Cryptocurrency blog | Cisco Blog |
| 29.6.24 | Tabletop exercises are headed to the next frontier: Space | More on the recent Snowflake breach, MFA bypass techniques and more. | Cyber blog | Cisco Blog |
| 29.6.24 | Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more | As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs. | Malware blog | Cisco Blog |
| 29.6.24 | How are attackers trying to bypass MFA? | Exploring trends on how attackers are trying to manipulate and bypass MFA, as well as when/how attackers will try their 'push-spray' MFA attacks | Security blog | Cisco Blog |
| 29.6.24 | How we can separate botnets from the malware operations that rely on them | A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group. | BotNet blog | Cisco Blog |
| 29.6.24 | Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models | At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering, we're always looking for new approaches. | Cyber blog | Project Zero |
| 29.6.24 | The Windows Registry Adventure #3: Learning resources | When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry. | Cyber blog | Project Zero |
| 29.6.24 | ESET Threat Report H1 2024 | A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts | Cyber blog | Eset |
| 29.6.24 | Cyber insurance as part of the cyber threat mitigation strategy | Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies | Cyber blog | Eset |
| 29.6.24 | Buying a VPN? Here’s what to know and look for | VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes | Cyber blog | Eset |
| 29.6.24 | The long-tail costs of a data breach – Week in security with Tony Anscombe | Understanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidents | Cyber blog | Eset |
| 29.6.24 | My health information has been stolen. Now what? | As health data continues to be a prized target for hackers, here's how to minimize the fallout from a breach impacting your own health records | Cyber blog | Eset |
| 29.6.24 | Hacktivism is evolving – and that could be bad news for organizations everywhere | Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat | Cyber blog | Eset |
| 29.6.24 | Preventative defense tactics in the real world | Cyber blog | Eset | |
| 28.6.24 | Plugins on WordPress.org backdoored in supply chain attack | A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them. | Hack | |
| 28.6.24 | Polyfill.io JavaScript supply chain attack impacts over 100K sites | Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites. | Hack | |
| 28.6.24 | New Medusa malware variants target Android users in seven countries | The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey. | Virus | |
| 28.6.24 | Neiman Marcus confirms data breach after Snowflake account hack | Luxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company's database stolen in recent Snowflake data theft attacks. | Incindent | |
| 28.6.24 | FBI warns of fake law firms targeting crypto scam victims | The FBI is warning of cybercriminals posing as law firms and lawyers that offer cryptocurrency recovery services to victims of investment scams and steal funds and personal information. | Spam | |
| 28.6.24 | P2PInfect botnet targets REdis servers with new ransomware module | P2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on Redis servers. | Ransom | |
| 28.6.24 | Chemical facilities warned of possible data theft in CISA CSAT breach | CISA is warning that its Chemical Security Assessment Tool (CSAT) environment was breached in January after hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans. | Incindent | |
| 28.6.24 | New attack uses MSC files and Windows XSS flaw to breach networks | A novel command execution technique dubbed 'GrimResource' uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console. | Hack | |
| 28.6.24 | Four FIN9 hackers indicted for cyberattacks causing $71M in losses | Four Vietnamese nationals linked to the international cybercrime group FIN9 have been indicted for their involvement in a series of computer intrusions that caused over $71 million in losses to companies in the U.S. | APT | |
| 28.6.24 | CoinStats says North Korean hackers breached 1,590 crypto wallets | CoinStats suffered a massive security breach that compromised 1,590 cryptocurrency wallets, with the attack suspected to have been carried out by North Korean threat actors. | Incindent | |
| 28.6.24 | CDK Global hacked again while recovering from first cyberattack | Car dealership SaaS platform CDK Global suffered an additional breach Wednesday night as it was starting to restore systems shut down in an previous cyberattack. | Incindent | |
| 28.6.24 | 8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining | Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known | Exploit | The Hacker News |
| 28.6.24 | New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities | A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as | Exploit | The Hacker News |
| 28.6.24 | Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment | Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to | Vulnerebility | The Hacker News |
| 28.6.24 | TeamViewer Detects Security Breach in Corporate IT Environment | TeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately | Incindent | The Hacker News |
| 28.6.24 | Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads | The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and | Ransom | The Hacker News |
| 28.6.24 | Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks | Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote | Vulnerebility | The Hacker News |
| 28.6.24 | Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application | A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper | Vulnerebility | The Hacker News |
| 27.6.24 | Phoenix UEFI vulnerability impacts hundreds of Intel PC models | A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw. | Vulnerebility | |
| 27.6.24 | CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites | A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks. | Vulnerebility | |
| 27.6.24 | Linux version of RansomHub ransomware targets VMware ESXi VMs | The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks. | Ransom | |
| 27.6.24 | UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs | A suspected Chinese threat actor tracked as UNC3886 uses publicly available open-source rootkits named 'Reptile' and 'Medusa' to remain hidden on VMware ESXi virtual machines, allowing them to conduct credential theft, command execution, and lateral movement. | APT | |
| 27.6.24 | SolarWinds Serv-U path traversal flaw actively exploited in attacks | Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits. | Exploit | |
| 27.6.24 | CDK Global hacked again while recovering from first cyberattack | Car dealership SaaS platform CDK Global suffered an additional breach Wednesday night as it was starting to restore systems shut down in an previous cyberattack. | Hack | |
| 27.6.24 | T-Mobile denies it was hacked, links leaked data to vendor breach | T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company. | Incindent | |
| 27.6.24 | Crown Equipment confirms a cyberattack disrupted manufacturing | Forklift manufacturer Crown Equipment confirmed today that it suffered a cyberattack earlier this month that disrupted manufacturing at its plants. | CyberCrime | |
| 27.6.24 | Advance Auto Parts confirms data breach exposed employee information | Advance Auto Parts has confirmed it suffered a data breach after a threat actor attempted to sell stolen data on a hacking forum earlier this month. | Incindent | |
| 27.6.24 | CDK Global cyberattack impacts thousands of US car dealerships | Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut down its systems and leaving clients unable to operate their business normally. | CyberCrime | |
| 27.6.24 | "Researchers" exploit Kraken exchange bug, steal $3 million in crypto | The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds. | Cryptocurrency | |
| 27.6.24 | Microsoft says bug causes Windows 10 apps to display Open With dialogs | Microsoft has confirmed that Windows 10 apps will mistakenly display an "How do you want to open this file?" dialog box when attempting to right-click on the program's icon and perform a registered task. | OS | |
| 27.6.24 | AMD investigates breach after data for sale on hacking forum | AMD is investigating whether it suffered a cyberattack after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains AMD employee information, financial documents, and confidential information. | Incindent | |
| 27.6.24 | ONNX phishing service targets Microsoft 365 accounts at financial firms | A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments. | Phishing | |
| 27.6.24 | VMware fixes critical vCenter RCE vulnerability, patch now | VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. | Vulnerebility | |
| 27.6.24 | Scathing report on Medibank cyberattack highlights unenforced MFA | A scathing report by Australia's Information Commissioner details how misconfigurations and missed alerts allowed a hacker to breach Medibank and steal data from over 9 million people. | CyberCrime | |
| 27.6.24 | FTC files complaint against Adobe for deceptive cancellation practices | The Federal Trade Commission has filed a complaint in US federal court against Adobe and two executives, Maninder Sawhney and David Wadhwani, for deceptive practices related to their subscription plans. | BigBrothers | BleepingComputer |
| 27.6.24 | Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP! | A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild | Exploit | The Hacker News |
| 27.6.24 | Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware | Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting | APT | The Hacker News |
| 27.6.24 | Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping | Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized | OS | The Hacker News |
| 27.6.24 | New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites | Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new | CyberCrime | The Hacker News |
| 27.6.24 | New Medusa Android Trojan Targets Banking Users Across 7 Countries | Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target | Virus | The Hacker News |
| 27.6.24 | Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack | Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain | Hack | The Hacker News |
| 25.6.24 | New Attack Technique Exploits Microsoft Management Console Files | Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files | Hack | The Hacker News |
| 25.6.24 | New Cyberthreat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks | A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a | Virus | The Hacker News |
| 25.6.24 | Wikileaks' Julian Assange Released from U.K. Prison, Heads to Australia | WikiLeaks founder Julian Assange has been freed in the U.K. and has departed the country after serving more than five years in a | BigBrothers | The Hacker News |
| 25.6.24 | 4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree | Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of | APT | The Hacker News |
| 25.6.24 | Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts | Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected | Virus | The Hacker News |
| 25.6.24 | Google Introduces Project Naptime for AI-Powered Vulnerability Research | Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out | AI | The Hacker News |
| 25.6.24 | Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool | Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence (AI) | Vulnerebility | The Hacker News |
| 25.6.24 | RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations | A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, | APT | The Hacker News |
| 25.6.24 | Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices | Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called | Virus | The Hacker News |
| 23.6.24 | ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor | Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor | APT | The Hacker News |
| 23.6.24 | Warning: New Adware Campaign Targets Meta Quest App Seekers | A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new | Virus | The Hacker News |
| 23.6.24 | U.S. Treasury Sanctions 12 Kaspersky Executives Amid Software Ban | The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals | BigBrothers | The Hacker News |
| 23.6.24 | Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign | A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign | APT | The Hacker News |
| 23.6.24 | Military-themed Email Scam Spreads Malware to Infect Pakistani Users | Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan | BigBrothers | The Hacker News |
| 23.6.24 | Oyster Backdoor Spreading via Trojanized Popular Software Downloads | A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to | Virus | The Hacker News |
| 23.6.24 | SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately | A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors | Vulnerebility | The Hacker News |
| 23.6.24 | U.S. Bans Kaspersky Software, Citing National Security Risks | The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban that prohibits | BigBrothers | The Hacker News |
| 20.6.24 | Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs | Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects | Vulnerebility | The Hacker News |
| 20.6.24 | French Diplomatic Entities Targeted in Russian-Linked Cyber Attacks | State-sponsored actors with ties to Russia have been linked to targeted cyber attacks aimed at French diplomatic entities, the | BigBrothers | The Hacker News |
| 20.6.24 | Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021 | Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators | BigBrothers | The Hacker News |
| 20.6.24 | New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration | A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with | Virus | The Hacker News |
| 20.6.24 | Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations | Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns | Virus | The Hacker News |
| 19.6.24 | Two men guilty of breaching law enforcement portal in blackmail scheme | Two men have pleaded guilty to hacking into a federal law enforcement database to steal personal information of those they were extorting. | CyberCrime | |
| 19.6.24 | Fake Google Chrome errors trick you into running malicious PowerShell scripts | A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware. | Virus | |
| 19.6.24 | Panera Bread likely paid a ransom in March ransomware attack | Panera Bread, an American chain of fast food restaurants, most likely paid a ransom after being hit by a ransomware attack, suggests language used an internal email sent to employees. | Ransom | |
| 19.6.24 | Empire Market owners charged for enabling $430M in dark web transactions | Two men have been charged in a Chicago federal court for operating "Empire Market," a dark web marketplace that facilitated over $430 million in illegal transactions between February 2018 and August 2020. | BigBrothers | |
| 19.6.24 | Hackers use F5 BIG-IP malware to stealthily steal data for years | A group of suspected Chinese cyberespionage actors named 'Velvet Ant' are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data. | BigBrothers | |
| 19.6.24 | Alleged Scattered Spider sim-swapper arrested in Spain | A 22-year-old British national allegedly linked to the Scattered Spider hacking group and responsible for attacks on 45 U.S. companies has been arrested in Palma de Mallorca, Spain. | CyberCrime | |
| 19.6.24 | Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw | Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its | Cryptocurrency | The Hacker News |
| 19.6.24 | UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying | The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet , Ivanti , and VMware devices | APT | The Hacker News |
| 19.6.24 | New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers | Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious | APT | The Hacker News |
| 19.6.24 | Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software | A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital | Cryptocurrency | The Hacker News |
| 19.6.24 | Mailcow Mail Server Flaws Expose Servers to Remote Code Execution | Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious | Vulnerebility | The Hacker News |
| 19.6.24 | Signal Foundation Warns Against EU's Plan to Scan Private Messages for CSAM | A controversial proposal put forth by the European Union to scan users' private messages for detection child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned | BigBrothers | The Hacker News |
| 18.6.24 | Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer | Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called | Virus | The Hacker News |
| 18.6.24 | New Malware Targets Exposed Docker APIs for Cryptocurrency Mining | Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of | Cryptocurrency | The Hacker News |
| 18.6.24 | VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi | VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be | Vulnerebility | The Hacker News |
| 18.6.24 | Singapore Police Extradites Malaysians Linked to Android Malware Fraud | The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile | CyberCrime | The Hacker News |
| 17.6.24 | ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models | ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors | Vulnerebility | The Hacker News |
| 17.6.24 | China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices | A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization | APT | The Hacker News |
| 17.6.24 | New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems | A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature. | Attack | BleepingComputer |
| 17.6.24 | Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor | Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of | Exploit | The Hacker News |
| 17.6.24 | NiceRAT Malware Targets South Korean Users via Cracked Software | Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which | Virus | The Hacker News |
| 16.6.24 | U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain | Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The | CyberCrime | The Hacker News |
| 16.6.24 | New Linux malware is controlled through emojis sent from Discord | A newly discovered Linux malware dubbed 'DISGOMOJI' uses the novel approach of utilizing emojis to execute commands on infected devices in attacks on government agencies in India. | Virus | |
| 16.6.24 | ASUS warns of critical remote authentication bypass on 7 routers | ASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices. | Vulnerebility | |
| 16.6.24 | Microsoft: New Outlook security changes coming to personal accounts | Microsoft has announced new cybersecurity enhancements for Outlook personal email accounts as part of its 'Secure Future Initiative,' including the deprecation of basic authentication (username + password) by September 16, 2024. | Security | |
| 16.6.24 | Keytronic confirms data breach after ransomware gang leaks stolen files | PCBA manufacturing giant Keytronic is warning it suffered a data breach after the Black Basta ransomware gang leaked 530GB of the company's stolen data two weeks ago. | Incindent | |
| 16.6.24 | Mozilla Firefox can now secure access to passwords with device credentials | Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics | Security | |
| 16.6.24 | London hospitals cancel over 800 operations after ransomware attack | NHS England revealed today that multiple London hospitals impacted by last week's Synnovis ransomware attack were forced to cancel hundreds of planned operations and appointments. | Ransom | |
| 16.6.24 | CISA warns of Windows bug exploited in ransomware attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs. | Ransom | |
| 16.6.24 | Former IT employee gets 2.5 years for wiping 180 virtual servers | A former quality assurance employee of National Computer Systems (NCS) was sentenced to two years and eight months in prison for reportedly deleting 180 virtual servers after being fired. | CyberCrime | |
| 16.6.24 | Microsoft removes Copilot app ‘incorrectly’ added on Windows PCs | Microsoft says it removed a Copilot app that was "incorrectly" added to Windows 10 and Windows 11 systems in April due to buggy Microsoft Edge updates. | AI | |
| 16.6.24 | Scattered Spider hackers switch focus to cloud apps for data theft | The Scattered Spider gang has started to steal data from software-as-a-service (SaaS) applications and establish persistence through creating new virtual machines. | Incindent | |
| 16.6.24 | Insurance giant Globe Life investigating web portal breach | American financial services holding company Globe Life says attackers may have accessed consumer and policyholder data after breaching one of its web portals. | Incindent | |
| 16.6.24 | Microsoft delays Windows Recall amid privacy and security concerns | Microsoft is delaying the release of its AI-powered Windows Recall feature to test and secure it further before releasing it in a public preview on Copilot+ PCs. | AI | |
| 15.6.24 | Truist Bank confirms breach after stolen data shows up on hacking forum | Truist Bank, a leading U.S. commercial bank, confirmed this week that its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum. | Incindent | |
| 15.6.24 | Ascension hacked after employee downloaded malicious file | Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. | Ransom | |
| 15.6.24 | New York Times warns freelancers of GitHub repo data breach | The New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and leaked after its GitHub repositories were breached in January 2024. | Incindent | |
| 15.6.24 | Toronto District School Board hit by a ransomware attack | The Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed. | Ransom | |
| 15.6.24 | Panera warns of employee data breach after March ransomware attack | U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. | Ransom | |
| 15.6.24 | Exploit for Veeam Recovery Orchestrator auth bypass available, patch now | A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. | Vulnerebility | |
| 15.6.24 | Phishing emails abuse Windows search protocol to push malicious scripts | A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. | Virus | |
| 15.6.24 | AWS adds passkeys support, warns root users must enable MFA | Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. | Security | |
| 15.6.24 | Google patches exploited Android zero-day on Pixel devices | Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. | Exploit | |
| 15.6.24 | Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan | Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond | Virus | |
| 15.6.24 | Microsoft Incident Response tips for managing a mass password reset | When an active incident leaves systems vulnerable, a mass password reset may be the right tool to restore security. This post explores the necessity and risk associated with mass password resets. | Security blog | Microsoft Blog |
| 15.6.24 | How to achieve cloud-native endpoint management with Microsoft Intune | In this post, we’re focusing on what it really takes for organizations to become fully cloud-native in endpoint management—from the strategic leadership to the tactical execution. | Security blog | Microsoft Blog |
| 15.6.24 | The four stages of creating a trust fabric with identity and network security | The trust fabric journey has four stages of maturity for organizations working to evaluate, improve, and evolve their identity and network access security posture. | Security blog | Microsoft Blog |
| 15.6.24 | Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices | Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by different nation-backed actors, including attacks by IRGC-affiliated “CyberAv3ngers” in November 2023, as […] | Hacking blog | Microsoft Blog |
| 15.6.24 | Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups | This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime. | Malware blog | Trend Micro |
| 15.6.24 | Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers | We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project. | Exploit blog | Trend Micro |
| 15.6.24 | TargetCompany’s Linux Variant Targets ESXi Environments | In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution. | Ransom blog | Trend Micro |
| 15.6.24 | SANS's 2024 Threat-Hunting Survey Review | In its ninth year, the annual SANS Threat Hunting Survey delves into global organizational practices in threat hunting, shedding light on the challenges and adaptations in the landscape over the past year. | Security blog | Trend Micro |
| 15.6.24 | It's Time to Up-Level Your EDR Solution | You may have EDR, but did you know you can add threat detection and response to improve a SecOps team’s efficiency and outcomes - read more. | Security blog | Trend Micro |
| 15.6.24 | Explore AI-Driven Cybersecurity with Trend Micro, Using NVIDIA NIM | Discover Trend Micro's integration of NVIDIA NIM to deliver an AI-driven cybersecurity solution for next-generation data centers. Engage with experts, explore demos, and learn strategies for securing AI data centers and optimizing cloud performance. | AI blog | Trend Micro |
| 15.6.24 | The Lifecycle of a Threat: The Inner Workings of the Security Operations Center | See how SonicWall’s SOC handles a threat from discovery all the way to resolution in this detailed blog. | Security blog | SonicWall |
| 15.6.24 | Microsoft Security Bulletin Coverage for June 2024 | Microsoft’s June 2024 Patch Tuesday has 49 vulnerabilities, 24 of which are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2024 and has produced coverage for seven of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
| 15.6.24 | Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot Data | SonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks. | Exploit blog | SonicWall |
| 15.6.24 | Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919) | The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears. | Vulnerebility blog | SonicWall |
| 15.6.24 | Driving forward in Android drivers | Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases carry the potential to compromise a significant segment of Android phones | OS Blog | Project Zero |
| 15.6.24 | DarkGate again but... Improved? | DarkGate is back, if it ever left, with the latest version, the number 6, which includes new distribution methods, anti-analysis techniques and features. | Malware blog | Trelix |
| 15.6.24 | Operation Celestial Force employs mobile and desktop malware to target Indian entities | Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.” | Malware blog | Cisco Blog |
| 15.6.24 | Only one critical issue disclosed as part of Microsoft Patch Tuesday | The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing. | Vulnerebility blog | Cisco Blog |
| 15.6.24 | How Arid Viper spies on Android users in the Middle East – Week in security with Tony Anscombe | The spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry app | Malware blog | Eset |
| 15.6.24 | ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024 | The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023 | APT blog | Eset |
| 15.6.24 | Arid Viper poisons Android apps with AridSpy | ESET researchers discovered Arid Viper espionage campaigns spreading trojanized apps to Android users in Egypt and Palestine | OS Blog | Eset |
| 15.6.24 | 560 million Ticketmaster customer data for sale? – Week in security with Tony Anscombe | Ticketmaster seems to have experienced a data breach, with the ShinyHunters hacker group claiming to have exfiltrated 560 million customer data | Incident blog | Eset |
| 15.6.24 | Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks | A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. | APT | The Hacker News |
| 15.6.24 | Meta Pauses AI Training on EU User Data Amid Privacy Concerns | Meta on Friday said it's delaying its efforts to train the company's large language models ( LLMs ) using public content shared by adult | Social | The Hacker News |
| 14.6.24 | CISA warns of criminals impersonating its employees in phone calls | Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money. | BigBrothers | |
| 14.6.24 | New phishing toolkit uses PWAs to steal login credentials | A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. | Phishing | |
| 14.6.24 | Life360 says hacker tried to extort them after Tile data breach | Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached and stole sensitive information from a Tile customer support platform. | Incindent | |
| 14.6.24 | Microsoft deprecates Windows DirectAccess, recommends Always On VPN | Microsoft has announced that the DirectAccess remote access solution is now deprecated and will be removed in a future release of Windows, recommending companies migrate to the 'Always On VPN' for enhanced security and continued support. | OS | |
| 14.6.24 | Police arrest Conti and LockBit ransomware crypter specialist | The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself. | Ransom | |
| 14.6.24 | Black Basta ransomware gang linked to Windows zero-day attacks | The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available. | Ransom | |
| 14.6.24 | New Windows Server KB5039227 and KB5039217 updates fix LSASS crashes | Microsoft has released the Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 cumulative updates with security fixes and fixes for a variety of bugs. | OS | |
| 14.6.24 | JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens | JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. | Vulnerebility | |
| 14.6.24 | Windows 11 KB5039212 update released with 37 changes, fixes | Microsoft is rolling out the KB5039212 cumulative update for Windows 11 version 23H3 with thirty-seven improvements and changes, including better drag-and-drop support in the File Explorer address bar. | OS | |
| 14.6.24 | Windows 10 KB5039211 update released with new feature, 12 fixes | Microsoft has released the KB5039211 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 12 changes, including a Snipping Tool feature that allows you to edit Android photos in Windows. | OS | |
| 14.6.24 | Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs | Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability. | OS | |
| 14.6.24 | City of Cleveland shuts down IT systems after cyberattack | The City of Cleveland, Ohio, is currently dealing with a cyberattack that has forced it to take citizen-facing services offline, including the public offices and facilities at Erieview and the City Hall. | Incindent | |
| 14.6.24 | Chinese hackers breached 20,000 FortiGate systems worldwide | The Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is "much larger than previously known." | BigBrothers | |
| 14.6.24 | Warmcookie Windows backdoor pushed via fake job offers | A Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks. | Virus | |
| 14.6.24 | Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit | Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble | Security | The Hacker News |
| 14.6.24 | ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws | An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that | Vulnerebility | The Hacker News |
| 14.6.24 | North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics | Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's | APT | The Hacker News |
| 14.6.24 | Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns | Microsoft on Thursday revealed that it's delaying the rollout of the controversial artificial intelligence (AI)-powered Recall feature for | AI | The Hacker News |
| 13.6.24 | New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models | The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. The attack | AI | The Hacker News |
| 13.6.24 | Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware | The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to | Virus | The Hacker News |
| 13.6.24 | Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS | Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least | Virus | The Hacker News |
| 13.6.24 | Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware | The nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, | Virus | The Hacker News |
| 13.6.24 | Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups | The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti | Ransom | The Hacker News |
| 13.6.24 | Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day | Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity | Exploit | The Hacker News |
| 13.6.24 | TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers | The TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems. | Ransom | |
| 13.6.24 | Pure Storage confirms data breach after Snowflake account hack | Pure Storage, a leading provider of cloud storage systems and services, confirmed on Monday that attackers breached its Snowflake workspace and gained access to what the company describes as telemetry information | Incindent | |
| 13.6.24 | Arm warns of actively exploited flaw in Mali GPU kernel drivers | Arm has issued a security bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that is being exploited in the wild. | Exploit | |
| 13.6.24 | Gitloker attacks abuse GitHub notifications to push malicious OAuth apps | Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos. | Virus | |
| 13.6.24 | Apple enters AI arms race with new Apple Intelligence feature | Apple unveiled its new 'Apple Intelligence' feature today at its 2024 Worldwide Developer Conference, finally unveiling its generative AI strategy that will power new personalized experiences on Apple devices. | AI | |
| 13.6.24 | Netgear WNR614 flaws allow device takeover, no fix available | Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses. | Vulnerebility | |
| 13.6.24 | Cylance confirms data breach linked to 'third-party' platform | Cybersecurity company Cylance confirmed the legitimacy of data being sold on a hacking forum, stating that it is old data stolen from a "third-party platform." | Incindent | |
| 13.6.24 | London hospitals face blood shortage after Synnovis ransomware attack | England's NHS Blood and Transplant (NHSBT) has issued an urgent call to O Positive and O Negative blood donors to book appointments and donate after last week's cyberattack on pathology provider Synnovis impacted multiple hospitals in London. | Ransom | |
| 13.6.24 | Exploit for critical Veeam auth bypass available, patch now | A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates. | Vulnerebility | |
| 13.6.24 | 23andMe data breach under investigation in UK and Canada | Privacy authorities in Canada and the United Kingdom have launched a joint investigation to assess the scope of sensitive customer information exposed in last year's 23andMe data breach. | Incindent | |
| 13.6.24 | Malicious VSCode extensions with millions of installs discovered | A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. | Virus | BleepingComputer |
| 13.6.24 | New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems | A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors | Virus | The Hacker News |
| 13.6.24 | Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters | Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero | Cryptocurrency | The Hacker News |
| 13.6.24 | Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw | Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the | Ransom | The Hacker News |
| 13.6.24 | New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers | Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to | Phishing | The Hacker News |
| 13.6.24 | China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally | State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known | APT | The Hacker News |
| 12.6.24 | Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability | Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, | Vulnerebility | The Hacker News |
| 12.6.24 | Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale | Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain | APT | The Hacker News |
| 12.6.24 | Apple Launches Private Cloud Compute for Privacy-Centric AI Processing | Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's | AI | The Hacker News |
| 12.6.24 | China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics | Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new | Virus | The Hacker News |
| 11.6.24 | Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign | As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign | Incindent | The Hacker News |
| 11.6.24 | Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers | Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as | Exploit | The Hacker News |
| 11.6.24 | More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack | Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, | Phishing | The Hacker News |
| 11.6.24 | Google Takes Down Influence Campaigns Tied to China, Indonesia, and Russia | Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation | BigBrothers | The Hacker News |
| 10.6.24 | Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus | Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks | Virus | The Hacker News |
| 9.6.24 | New PHP Vulnerability Exposes Windows Servers to Remote Code Execution | Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under | Exploit | The Hacker News |
| 9.6.24 | New York Times source code stolen using exposed GitHub token | Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer. | Incindent | |
| 9.6.24 | DDoS attacks target EU political parties as elections begin | Hacktivists are conducting DDoS attacks on European political parties that represent and promote strategies opposing their interests, according to a report by Cloudflare. | BigBrothers | |
| 9.6.24 | LastPass says 12-hour outage caused by bad Chrome extension update | LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. | Security | |
| 9.6.24 | Apple to unveil new 'Passwords' password manager app for iPhones, Macs | Apple will reportedly unveil a standalone password manager named 'Passwords' as part of iOS 18, iPadOS 18, and macOS 15 during the upcoming Apple Worldwide Developers Conference. | OS | |
| 9.6.24 | Christie's starts notifying clients of RansomHub data breach | British auction house Christie's is notifying individuals whose data was stolen by the RansomHub ransomware gang in a recent network breach. | Ransom | |
| 9.6.24 | Frontier warns 750,000 of a data breach after extortion threats | Frontier Communications is warning 750,000 customers that their information was exposed in a data breach after an April cyberattack claimed by the RansomHub ransomware operation. | Incindent | |
| 9.6.24 | Microsoft makes Windows Recall opt-in, secures data with Windows Hello | Following massive customer pushback after it announced the new AI-powered Recall for Copilot+ PCs last month, Microsoft says it will update the feature to be more secure and require customers to opt in to enable it. | OS | |
| 9.6.24 | PHP fixes critical RCE flaw impacting all versions for Windows | A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide. | Vulnerebility | |
| 9.6.24 | Los Angeles Unified School District investigates data theft claims | Los Angeles Unified School District (LAUSD) officials are investigating a threat actor's claims that they're selling stolen databases containing records belonging to millions of students and thousands of teachers. | CyberCrime | |
| 9.6.24 | Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells | Chinese threat actors are targeting ThinkPHP applications vulnerable to CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama. | Vulnerebility | |
| 9.6.24 | Ukraine says hackers abuse SyncThing tool to steal data | The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed "SickSync," launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defense forces. | BigBrothers | |
| 9.6.24 | New Fog ransomware targets US education sector via breached VPNs | A new ransomware operation named 'Fog' launched in early May 2024, is using compromised VPN credentials to breach the networks of educational organizations in the U.S. | Ransom | |
| 9.6.24 | New Gitloker attacks wipe GitHub repos in extortion scheme | Attackers are targeting GitHub repositories, wiping their contents, and asking the victims to reach out on Telegram for more information. | Hack | |
| 9.6.24 | PandaBuy pays ransom to hacker only to get extorted again | Chinese shopping platform Pandabuy told BleepingComputer it previously paid a a ransom demand to prevent stolen data from being leaked, only for the same threat actor to extort the company again this week. | Ransom | |
| 9.6.24 | Linux version of TargetCompany ransomware focuses on VMware ESXi | Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads. | Ransom | BleepingComputer |
| 8.6.24 | Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks | Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult. This shared interest results in malicious internet traffic blending financial and espionage motives. | APT blog | Trend Micro |
| 8.6.24 | INC Ransomware Behind Linux Threat | This week, the SonicWall Capture Labs Research team analyzed a sample of Linux ransomware. The group behind this ransomware, called INC Ransomware, has been active since it was first reported a year ago. | Ransom blog | SonicWall |
| 8.6.24 | Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919) | The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears | Vulnerebility blog | SonicWall |
| 8.6.24 | Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot Data | SonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks. | BotNet blog | SonicWall |
| 8.6.24 | INSIDE THE BOX: MALWARE’S NEW PLAYGROUND | Over the past few months, we have been monitoring the increasing abuse of BoxedApp products in the wild. BoxedApp products are commercial packers that provide advanced features such as Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking). | Hacking blog | Checkpoint |
| 8.6.24 | The job hunter’s guide: Separating genuine offers from scams | $90,000/year, full home office, and 30 days of paid leave, and all for a job as a junior data analyst – unbelievable, right? This and many other job offers are fake though – made just to ensnare unsuspecting victims into giving up their data. | Spam blog | Eset |
| 8.6.24 | The murky world of password leaks – and how to check if you’ve been hit | Password leaks are increasingly common and figuring out whether the keys to your own kingdom have been exposed might be tricky – unless you know where to look | Incident blog | Eset |
| 8.6.24 | What happens when facial recognition gets it wrong – Week in security with Tony Anscombe | A facial recognition system misidentifies a woman in London as a shoplifter, igniting fresh concerns over the technology's accuracy and reliability | Security blog | Eset |
| 8.6.24 | FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out | The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. | Ransom | |
| 8.6.24 | Google Chrome reduced cookie requests to improve performance | Google shared details on a recently introduced Chrome feature that changes how cookies are requested, with early tests showing increased performance across all platforms. | Security | |
| 8.6.24 | Advance Auto Parts stolen data for sale after Snowflake attack | Threat actors claim to be selling 3TB of data from Advance Auto Parts, a leading automotive aftermarket parts provider, stolen after breaching the company's Snowflake account. | Incindent | |
| 8.6.24 | Check-in terminals used by thousands of hotels leak guest info | Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests' personal information and the keys for other rooms. | Incindent | |
| 8.6.24 | Club Penguin fans breached Disney Confluence server, stole 2.5GB of data | Club Penguin fans hacked a Disney Confluence server to steal information about their favorite game but wound up walking away with 2.5 GB of internal corporate data, BleepingComputer has learned. | Incindent | |
| 8.6.24 | Chinese hacking groups team up in cyber espionage campaign | Chinese state-sponsored actors have been targeting a government agency since at least March 2023 in a cyberespionage campaign that researchers track as Crimson Palace | APT | |
| 8.6.24 | Qilin ransomware gang linked to attack on London hospitals | A ransomware attack that hit pathology services provider Synnovis on Monday and impacted several major NHS hospitals in London has now been linked to the Qilin ransomware operation. | Ransom | |
| 8.6.24 | Kali Linux 2024.2 released with 18 new tools, Y2038 changes | Kali Linux has released version 2024.2, the first version of 2024, with eighteen new tools and fixes for the Y2038 bug. | OS | |
| 8.6.24 | RansomHub extortion gang linked to now-defunct Knight ransomware | Security researchers analyzing the relatively new RansomHub ransomware-as-a-service believe that it has evolved from the currently defunct Knight ransomware project. | Ransom | |
| 8.6.24 | Australian mining company discloses breach after BianLian leaks data | Northern Minerals issued an announcement earlier today warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web. | Cryptocurrency | |
| 8.6.24 | TikTok fixes zero-day bug used to hijack high-profile accounts | Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature. | Vulnerebility | |
| 8.6.24 | FBI warns of fake remote work ads used for cryptocurrency fraud | Today, the FBI issued a warning about scammers using fake remote job ads to steal cryptocurrency from job seekers across the United States while posing as recruiters for legitimate companies. | Cryptocurrency | |
| 8.6.24 | ARRL says it was hacked by an "international cyber group" | American Radio Relay League (ARRL) has shared more information about a May cyberattack that took its Logbook of the World offline and caused some members to become frustrated over the lack of information. | Hack | |
| 8.6.24 | Microsoft announces first Windows 10 Beta build since 2021 | Microsoft has reopened the Windows 10 beta channel and is asking Insiders to join or switch to receive a new beta build in the coming weeks. | OS | |
| 8.6.24 | New V3B phishing kit targets customers of 54 European banks | Cybercriminals are promoting a new phishing kit named 'V3B' on Telegram, which currently targets customers of 54 major financial institutes in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy. | Phishing | |
| 8.6.24 | Zyxel issues emergency RCE patch for end-of-life NAS devices | Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life. | Vulnerebility | |
| 8.6.24 | Major London hospitals disrupted by Synnovis ransomware attack | A ransomware attack affecting pathology and diagnostic services provider Synnovis has impacted healthcare services at multiple major NHS hospitals in London. | Ransom | |
| 8.6.24 | Microsoft deprecates Windows NTLM authentication protocol | Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in the future. | Security | |
| 8.6.24 | Collection agency FBCS ups data breach tally to 3.2 million people | Debt collection agency Financial Business and Consumer Solutions (FBCS) now says over 3.2 million people have been impacted by a data breach that occurred in February. | Incindent | |
| 8.6.24 | Data firm execs convicted for helping fraudsters target the elderly | A former senior executive and former sales manager of Epsilon Data Management LLC (Epsilon) were convicted of selling data of millions of Americans to perpetrators of mail fraud schemes. | Incindent | |
| 8.6.24 | Microsoft India’s X account hijacked in Roaring Kitty crypto scam | The official Microsoft India account on Twitter, with over 211,000 followers, was hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill. | Social | |
| 8.6.24 | Cox fixed an API auth bypass exposing millions of modems to attacks | Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of modems' settings and steal customers' sensitive personal information. | Vulnerebility | |
| 8.6.24 | 361 million stolen accounts leaked on Telegram added to HIBP | A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. | Incindent | |
| 8.6.24 | Azure Service Tags tagged as security risk, Microsoft disagrees | Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tags that could allow attackers to access customers' private data. | Vulnerebility | |
| 8.6.24 | Exploit for critical Progress Telerik auth bypass released, patch now | Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers. | Vulnerebility | |
| 8.6.24 | LightSpy Spyware's macOS Variant Found with Advanced Surveillance Capabilities | Cybersecurity researchers have disclosed that the LightSpy spyware recently identified as targeting Apple iOS users is in fact a previously | Virus | The Hacker News |
7.6.24 | FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims | The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with | Ransom | The Hacker News |
7.6.24 | SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with | Virus | |
7.6.24 | Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances | The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly | Cryptocurrency | |
7.6.24 | Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks | The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting | BotNet | |
6.6.24 | Hackers Exploit Legitimate Packer Software to Spread Malware Undetected | Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and | Exploit | |
6.6.24 | Google Maps Timeline Data to be Stored Locally on Your Device for Privacy | Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, | Security | |
6.6.24 | Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI | Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository | Hack | |
5.6.24 | Chinese State-Backed Cyber Espionage Targets Southeast Asian Government | An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state- | ||
5.6.24 | Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide | An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight | ||
5.6.24 | Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models | Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that | ||
5.6.24 | Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs | Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high- | ||
5.6.24 | Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan | Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called | ||
5.6.24 | Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts | Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be | ||
5.6.24 | Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine | A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike | ||
5.6.24 | Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers | Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted | ||
5.6.24 | DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks | Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey | ||
5.6.24 | Oracle WebLogic Server OS Command Injection Flaw Under Active Attack | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic | ||
5.6.24 | 4-Step Approach to Mapping and Securing Your Organization's Most Critical Assets | You're probably familiar with the term "critical assets". These are the technology assets within your company's IT infrastructure that are | ||
5.6.24 | Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users | Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to | ||
3.6.24 | Mobile malware statistics for Q1 2024: most common threats for Android, mobile banking Trojans, and ransomware Trojans. | |||
3.6.24 | Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware platform distributed via zero-click iMessage exploits that allowed an attacker to browse and modify device files, get passwords and credentials stored in the keychain.. | |||
3.6.24 | Kaspersky solutions blocked more than 658 million attacks from various online resources. | |||
3.6.24 | AI platform Hugging Face says hackers stole auth tokens from Spaces | AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members. | ||
3.6.24 | Police dismantle pirated TV streaming network that made $5.7 million | Spanish police have dismantled a network of illegal media content distribution that, since the start of its operations in 2015, has made over $5,700,000. | ||
3.6.24 | Kaspersky releases free tool that scans Linux for known threats | Kaspersky has released a new virus removal tool named KVRT for the Linux platform, allowing users to scan their systems and remove malware and other known threats for free. | ||
3.6.24 | Google Chrome change that weakens ad blockers begins June 3rd | Google is continuing with its plan to phase out Manifest V2 extensions in Chrome starting in early June 2024, weakening the abilities of ad blockers. | ||
3.6.24 | Ticketmaster confirms massive breach after stolen data for sale online | Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. | ||
3.6.24 | DMM Bitcoin warns that hackers stole $300 million in Bitcoin | Japanese bitcoin exchange DMM Bitcoin is warning that 4,502.9 Bitcoin (BTC), or approximately $308 million (48.2 billion yen), has been stolen from one of its wallets today, making it the most significant cryptocurrency heist of 2024. | ||
3.6.24 | CISA warns of actively exploited Linux privilege elevation flaw | The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw. | ||
3.6.24 | Snowflake account hacks linked to Santander, Ticketmaster breaches | A threat actor claiming recent Santander and Ticketmaster breaches says they stole data after hacking into an employee's account at cloud storage company Snowflake. However, Snowflake disputes these claims, saying recent breaches were caused by poorly secured customer accounts. | ||
3.6.24 | Snowflake account hacks linked to Santander, Ticketmaster breaches | Europol and German law enforcement have revealed the identities of eight cybercriminals linked to the various malware droppers and loaders disrupted as part of the Operation Endgame law enforcement operation. | ||
3.6.24 | Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions | Now-patched authorization bypass issues impacting Cox modems could have been abused as a starting point to gain unauthorized | ||
3.6.24 | Andariel Hackers Target South Korean Institutes with New Dora RAT Malware | The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its | ||
3.6.24 | Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware | Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and | ||
3.6.24 | AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform | Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier | ||
1.6.24 | STATIC UNPACKING FOR THE WIDESPREAD NSIS-BASED MALICIOUS PACKER FAMILY | Packers or crypters are widely used to protect malicious software from detection and static analysis. | ||
1.6.24 | LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader | Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.” Multiple TTPs utilized in this campaign bear some overlap with North Korean APT groups. | ||
1.6.24 | Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application. | |||
1.6.24 | AI in HR: Is artificial intelligence changing how we hire employees forever? | Much digital ink has been spilled on artificial intelligence taking over jobs, but what about AI shaking up the hiring process in the meantime? | ||
1.6.24 | ||||
1.6.24 | Beyond the buzz: Understanding AI and its role in cybersecurity | |||
1.6.24 | Europol identifies 8 cybercriminals tied to malware loader botnets | Europol and German law enforcement have revealed the identities of eight cybercriminals linked to the various malware droppers and loaders disrupted as part of the Operation Endgame law enforcement operation. | BigBrothers | |
1.6.24 | ShinyHunters claims Santander breach, selling data for 30M customers | A threat actor known as ShinyHunters is claiming to be selling a massive trove of Santander Bank data, including information for 30 million customers, employees, and bank account data, two weeks after the bank reported a data breach. | Incindent | |
1.6.24 | Microsoft: Windows 11 preview update causes taskbar crashes | Microsoft warned customers on Thursday that the May 2024 non-security preview update for Windows 11 is causing taskbar crashes and glitches. | OS | |
1.6.24 | Pirated Microsoft Office delivers malware cocktail on systems | Cybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites. | Virus | |
1.6.24 | Data of 560 million Ticketmaster customers for sale after alleged breach | A threat actor known as ShinyHunters is selling what they claim is the personal and financial information of 560 million Ticketmaster customers on the recently revived BreachForums hacking forum for $500,000. | Incindent | |
1.6.24 | Malware botnet bricked 600,000 routers in mysterious 2023 attack | A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that took 600,000 office/home office (SOHO) internet routers offline, according to a new report by researchers at Lumen's Black Lotus Labs. | BotNet | |
1.6.24 | Everbridge warns of corporate systems breach exposing business data | Everbridge, an American software company focused on crisis management and public warning solutions, notified customers that unknown attackers had accessed files containing business and user data in a recent corporate systems breach. | Incindent | |
1.6.24 | Cooler Master confirms customer info stolen in data breach | Computer hardware manufacturer Cooler Master has confirmed that it suffered a data breach on May 19, allowing a threat actor to steal customer data. | Incindent | |
1.6.24 | BBC suffers data breach impacting current, former employees | The BBC has disclosed a data security incident that occurred on May 21, involving unauthorized access to files hosted on a cloud-based service, compromising the personal information of BBC Pension Scheme members. | Incindent | |
1.6.24 | macOS version of elusive 'LightSpy' spyware tool discovered | A macOS version of the LightSpy surveillance framework has been discovered, confirming the extensive reach of a tool only previously known for targeting Android and iOS devices. | OS | |
1.6.24 | Police seize over 100 malware loader servers, arrest four cybercriminals | An international law enforcement operation codenamed 'Operation Endgame' has seized over 100 servers worldwide used by multiple major malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. | BigBrothers | |
1.6.24 | Cybercriminals pose as "helpful" Stack Overflow users to push malware | Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware. | Hack | |
1.6.24 | Windows 11 KB5037853 update fixes File Explorer issues, 20 bugs | Microsoft has released the May 2024 non-security preview update for Windows 11 versions 22H2 and 23H2, which includes 32 fixes and changes. | OS | |
1.6.24 | Windows 10 KB5037849 update released with 9 changes or fixes | Microsoft has released the optional KB5037849 Preview cumulative update for Windows 10 22H2 with nine fixes or changes. | OS | |
1.6.24 | Cooler Master hit by data breach exposing customer information | Computer hardware manufacturer Cooler Master has suffered a data breach after a threat actor breached the company's website and claimed to steal the Fanzone member information of 500,000 customers. | Incindent | |
1.6.24 | Check Point VPN zero-day exploited in attacks since April 30 | Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks. | Exploit | |
1.6.24 | Free Piano phish targets American university students, staff | A large-scale phishing campaign is using an unusual lure to earn at least $900,000 by tricking email recipients into believing they're about to receive a baby grand piano for free. | Phishing | |
1.6.24 | US dismantles 911 S5 botnet used for cyberattacks, arrests admin | The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator, in Singapore. | BotNet | |
1.6.24 | Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S. | More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a | Hack | The Hacker News |
1.6.24 | Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices | Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These | Hack | The Hacker News |