H January(270) February(364) March(400) April(276) May(343) June(373) July(4) August(0) September(0) October(0) November(0) December(0)
DATE | NAME | Info | CATEG. | WEB |
31.5.24 | Okta warns of credential stuffing attacks targeting its CORS feature | Okta warns that a Customer Identity Cloud (CIC) feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April. | Hack | |
31.5.24 | Check Point releases emergency fix for VPN zero-day exploited in attacks | Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks. | Vulnerebility | |
31.5.24 | First American December data breach impacts 44,000 people | First American Financial Corporation, the second-largest title insurance company in the United States, revealed on Tuesday that a December cyberattack led to a breach impacting 44,000 individuals. | Incindent | |
31.5.24 | Over 90 malicious Android apps with 5.5M installs found on Google Play | Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. | OS | |
31.5.24 | US govt sanctions cybercrime gang behind massive 911 S5 botnet | The U.S. Treasury Department has sanctioned a cybercrime network comprising three Chinese nationals and three Thailand-based companies linked to a massive botnet controlling a residential proxy service known as "911 S5." | BigBrothers | |
31.5.24 | Russian indicted for selling access to US corporate networks | A 31-year-old Russian national named Evgeniy Doroshenko has been indicted for wire and computer fraud in the United States for allegedly acting as an "initial access broker" from February 2019 to May 2024. | BigBrothers | |
31.5.24 | Microsoft links North Korean hackers to new FakePenny ransomware | Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. | APT | |
31.5.24 | Exploit released for maximum severity Fortinet RCE bug, patch now | Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February. | Exploit | |
31.5.24 | Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting | The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe | APT | The Hacker News |
31.5.24 | OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered | OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations (IO) originating from China, Iran, Israel, | AI | The Hacker News |
31.5.24 | CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to | BigBrothers | The Hacker News |
31.5.24 | FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine | Cloudflare on Thursday said it took steps to disrupt a month-long phishing campaign orchestrated by a Russia-aligned threat actor | BigBrothers | The Hacker News |
30.5.24 | Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors | A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning | APT | The Hacker News |
30.5.24 | RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability | The threat actors behind the RedTail cryptocurrency mining malware have added a recently disclosed security flaw impacting | Cryptocurrency | The Hacker News |
30.5.24 | Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities | Cybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being actively | Vulnerebility | The Hacker News |
30.5.24 | Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware | Europol on Thursday said it shut down the infrastructure associated with several malware loader operations such as IcedID, | CyberCrime | The Hacker News |
30.5.24 | U.S. Dismantles World's Largest 911 S5 Botnet, with 19 Million Infected Devices | The U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as "likely the world's largest botnet | BotNet | The Hacker News |
30.5.24 | Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud | Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing | Incindent | The Hacker News |
30.5.24 | Cybercriminals Abuse Stack Overflow to Promote Malicious Python Package | Cybersecurity researchers have warned of a new malicious Python package that has been discovered in the Python Package Index | CyberCrime | The Hacker News |
29.5.24 | Check Point Warns of Zero-Day Attacks on its VPN Gateway Products | Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919 , the issue impacts CloudGuard | Vulnerebility | The Hacker News |
29.5.24 | Brazilian Banks Targeted by New AllaKore RAT Variant Called AllaSenha | Brazilian banking institutions are the target of a new campaign that distributes a custom variant of the Windows-based AllaKore | Virus | The Hacker News |
29.5.24 | Christie’s confirms breach after RansomHub threatens to leak data | Christie's confirmed that it suffered a security incident earlier this month after the RansomHub extortion gang claimed responsibility and threatened to leak stolen data. | Incindent | |
29.5.24 | Ad blocker users say YouTube videos are now skipping to the end | Many users report that YouTube videos automatically skip to the end or muting video if they are using an ad blocker, making it impossible for them to watch the video. | Security | |
29.5.24 | TP-Link fixes critical RCE bug in popular C5400X gaming router | The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device. | Vulnerebility | |
29.5.24 | Hackers target Check Point VPNs to breach enterprise networks | Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. | Incindent | |
29.5.24 | Sav-Rx discloses data breach impacting 2.8 million Americans | Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack. | Incindent | |
29.5.24 | Hackers phish finance orgs using trojanized Minesweeper clone | Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations. | Phishing | |
29.5.24 | Arc browser’s Windows launch targeted by Google ads malvertising | A new Google Ads malvertising campaign, coinciding with the launch of the Arc web browser for Windows, was tricking people into downloading trojanized installers that infect them with malware payloads. | Hack | |
29.5.24 | Indian man stole $37 million in crypto using fake Coinbase Pro site | An Indian national pleaded guilty to wire fraud conspiracy for stealing over $37 million through a fake Coinbase website used to steal credentials. | Cryptocurrency | |
29.5.24 | U.S. Sentences 31-Year-Old to 10 Years for Laundering $4.5M in Email Scams | The U.S. Department of Justice (DoJ) has sentenced a 31-year-old to 10 years in prison for laundering more than $4.5 million through | BigBrothers | The Hacker News |
29.5.24 | Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group | A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks | APT | The Hacker News |
29.5.24 | BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder? | The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement | CyberCrime | The Hacker News |
28.5.24 | Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme | An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that | Cryptocurrency | The Hacker News |
28.5.24 | Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique | The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over | BotNet | The Hacker News |
28.5.24 | WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites | Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim | Exploit | The Hacker News |
28.5.24 | TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks | A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code | Vulnerebility | The Hacker News |
27.5.24 | Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud | Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that's behind gift card fraud and theft | CyberCrime | The Hacker News |
27.5.24 | New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI | Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to | Hack | The Hacker News |
27.5.24 | Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets | The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and | APT | The Hacker News |
26.5.24 | Hacker defaces spyware app’s site, dumps database and source code | A hacker has defaced the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaked over a dozen archives containing database and source code data. | Hack | |
26.5.24 | Microsoft: Windows 24H2 will remove Cortana and WordPad apps | Microsoft says the Cortana, Tips, and WordPad applications will be automatically removed on systems upgraded to the upcoming Windows 11 24H2 release. | OS | |
26.5.24 | Microsoft Copilot fixed worldwide after 24 hour outage | After over a 24-hour outage, Microsoft's Bing, Copilot, and Copilot in Windows services are back online worldwide, with no information released as to what caused the problem. | OS | |
26.5.24 | Cencora data breach exposes US patient info from 8 drug companies | Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. | Incindent | |
26.5.24 | New ShrinkLocker ransomware uses BitLocker to encrypt your files | A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker. | Ransom | |
26.5.24 | Google fixes eighth actively exploited Chrome zero-day this year | Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. | Vulnerebility | |
26.5.24 | Microsoft pushes emergency fix for Windows Server 2019 update errors | Microsoft has released an emergency out-of-band (OOB) update for Windows Server 2019 that fixes a bug causing 0x800f0982 errors when attempting to install the May 2024 Patch Tuesday security updates. | OS | |
26.5.24 | JAVS courtroom recording software backdoored in supply chain attack | Attackers have backdoored the installer of widely used Justice AV Solutions (JAVS) courtroom video recording software with malware that lets them take over compromised systems. | Attack | |
26.5.24 | Microsoft spots gift card thieves using cyber-espionage tactics | Microsoft has published a "Cyber Signals" report sharing new information about the hacking group Storm-0539 and a sharp rise in gift card theft as we approach the Memorial Day holiday in the United States. | BigBrothers | |
26.5.24 | High-severity GitLab flaw lets attackers take over accounts | GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks. | Exploit | |
26.5.24 | Apple wasn’t storing deleted iOS photos in iCloud after all | Security researchers reverse-engineered Apple's recent iOS 17.5.1 update and found that a recent bug that restored images deleted months or even years ago was caused by an iOS bug and not an issue with iCloud. | OS | |
26.5.24 | Northern Ireland police faces £750k fine after exposing staff info | UK's Information Commissioner Office (ICO) has announced the intention to impose a fine of £750,000 ($954,000) on the Police Service of Northern Ireland (PSNI) for exposing the entire workforce's personal details by inadvertently publishing a spreadsheet file online. | BigBrothers | |
26.5.24 | Windows 11 24H2 now rolling out to Release Preview Insiders | Microsoft is rolling out Windows 11 24H2 to testers in the Release Preview Channel, confirming that it is in the final stages of testing. | OS | |
26.5.24 | Microsoft to start killing off VBScript in second half of 2024 | Microsoft announced today that it will start deprecating VBScript in the second half of 2024 by making it an on-demand feature until it's completely removed. | OS | |
26.5.24 | Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data | Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that | AI | The Hacker News |
25.5.24 | ShrinkLocker: Turning BitLocker into ransomware | The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. | Ransom | Securelist |
25.5.24 | A journey into forgotten Null Session and MS-RPC interfaces | It has been almost 24 years since the null session vulnerability was discovered. Back then, it was possible to access SMB named pipes using empty credentials and collect domain information. | Vulnerebility | Securelist |
25.5.24 | Stealers, stealers and more stealers | Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers, and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid (a new stealer), ScarletStealer (another new stealer) and Sys01, which had been updated quite a bit since the previous public analysis. | Virus | Securelist |
25.5.24 | Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia | A Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter. This campaign has been targeting political entities in the Middle East, Africa and Asia since at least late 2022. | APT blog | Palo Alto |
25.5.24 | BAD KARMA, NO JUSTICE: VOID MANTICORE DESTRUCTIVE ACTIVITIES IN ISRAEL | Void Manticore is an Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS). They carry out destructive wiping attacks combined with influence operations. | APT blog | Checkpoint |
25.5.24 | SHARP DRAGON EXPANDS TOWARDS AFRICA AND THE CARIBBEAN | Sharp Dragon’s (Formerly referred to as Sharp Panda) operations continue, expanding their focus now to new regions – Africa and the Caribbean. | APT blog | Checkpoint |
25.5.24 | From trust to trickery: Brand impersonation over the email attack vector | Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. | Hacking blog | Cisco Blog |
25.5.24 | Mandatory reporting for ransomware attacks? – Week in security with Tony Anscombe | As the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond? | Ransom blog | Eset |
25.5.24 | Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries | Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to strings | Malware blog | Eset |
25.5.24 | What happens when AI goes rogue (and how to stop it) | As AI gets closer to the ability to cause physical harm and impact the real world, “it’s complicated” is no longer a satisfying response | AI blog | Eset |
25.5.24 | Untangling the hiring dilemma: How security solutions free up HR processes | The prerequisites for becoming a security elite create a skills ceiling that is tough to break through – especially when it comes to hiring skilled EDR or XDR operators. How can businesses crack this conundrum? | Security blog | Eset |
25.5.24 | State hackers turn to massive ORB proxy networks to evade detection | Security researchers are warning that China-linked state-backed hackers are increasingly relying on vast proxy networks of virtual private servers and compromised connected devices for cyberespionage operations. | APT | |
25.5.24 | Intercontinental Exchange to pay $10M SEC penalty over VPN breach | The Intercontinental Exchange (ICE) will pay a $10 million penalty to settle charges brought by the U.S. Securities and Exchange Commission (SEC) after failing to ensure its subsidiaries promptly reported an April 2021 VPN security breach. | Incindent | |
25.5.24 | LastPass is now encrypting URLs in password vaults for better security | LastPass announced it will start encrypting URLs stored in user vaults for enhanced privacy and protection against data breaches and unauthorized access. | Security | |
25.5.24 | Microsoft's new Windows 11 Recall is a privacy nightmare | Microsoft's announcement of the new AI-powered Windows 11 Recall feature has sparked a lot of concern, with many thinking that it has created massive privacy risks and a new attack vector that threat actors can exploit to steal data. | OS | |
25.5.24 | Chinese hackers hide on military and govt networks for 6 years | A previously unknown threat actor dubbed "Unfading Sea Haze" has been targeting military and government entities in the South China Sea region since 2018, remaining undetected all this time. | APT | |
25.5.24 | GhostEngine mining attacks kill EDR security using vulnerable drivers | A malicious crypto mining campaign codenamed 'REF4578,' has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner. | Virus | |
25.5.24 | Veeam warns of critical Backup Enterprise Manager auth bypass bug | Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM). | Vulnerebility | |
25.5.24 | LockBit says they stole data in London Drugs ransomware attack | Today, the LockBit ransomware gang claimed they were behind the April cyberattack on Canadian pharmacy chain London Drugs and is now threatening to publish stolen data online after allegedly failed negotiations. | Ransom | |
25.5.24 | Western Sydney University data breach exposed student data | Western Sydney University (WSU) has notified students and academic staff about a data breach after threat actors breached its Microsoft 365 and Sharepoint environment. | Incindent | |
25.5.24 | Bitbucket artifact files can leak plaintext authentication secrets | Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. | Security | |
25.5.24 | Rockwell Automation warns admins to take ICS devices offline | Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide. | ICS | |
25.5.24 | GitHub warns of SAML auth bypass flaw in Enterprise Server | GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4985, which impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication. | Vulnerebility | BleepingComputer |
24.5.24 | Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack | The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 | BigBrothers | The Hacker News |
24.5.24 | Beware: These Fake Antivirus Sites Spreading Android and Windows Malware | Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, | Virus | The Hacker News |
24.5.24 | DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed? | Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more | Ransom | The Hacker News |
24.5.24 | Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024 | Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited | Exploit | The Hacker News |
24.5.24 | JAVS Courtroom Recording Software Backdoored - Deploys RustDoor Malware | Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV | Virus | The Hacker News |
24.5.24 | Stealthy BLOODALCHEMY Malware Targeting ASEAN Government Networks | Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government | Virus | The Hacker News |
24.5.24 | Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern | Ransomware attacks targeting VMware ESXi infrastructure follow an established pattern regardless of the file-encrypting malware | Ransom | The Hacker News |
24.5.24 | CISA Warns of Actively Exploited Apache Flink Security Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, | BigBrothers | The Hacker News |
24.5.24 | New Frontiers, Old Tactics: Chinese Espionage Group Targets Africa & Caribbean Govts | The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and | APT | The Hacker News |
23.5.24 | Google rolls out Chrome fix for empty pages when switching tabs | Google is rolling out a server-side fix for a known issue affecting the Chrome browser that causes webpage content to temporarily disappear when users change between open tabs. | Vulnerebility | |
23.5.24 | Zoom adds post-quantum end-to-end encryption to video meetings | Zoom has announced the global availability of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with Zoom Phone and Zoom Rooms to follow soon. | Safety | |
23.5.24 | Critical Fluent Bit flaw impacts all major cloud providers | A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants. | Vulnerebility | |
23.5.24 | OmniVision discloses data breach after 2023 ransomware attack | The California-based imaging sensors manufacturer OmniVision is warning of a data breach after the company suffered a Cactus ransomware attack last year. | Ransom | |
23.5.24 | Owner of Incognito dark web drugs market arrested in New York | The alleged owner and operator of Incognito Market, a dark web marketplace for selling illegal narcotics online, was arrested at the John F. Kennedy Airport in New York on May 18. | CyberCrime | |
23.5.24 | Windows 11 Recall AI feature will record everything you do on your PC | Microsoft has announced a new AI-powered feature for Windows 11 called 'Recall,' which records everything you do on your PC and lets you search through your historical activities. | OS | |
23.5.24 | New BiBi Wiper version also destroys the disk partition table | A new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims. | Virus | |
23.5.24 | QNAP QTS zero-day in Share feature gets public RCE exploit | An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed. | Exploit | |
23.5.24 | American Radio Relay League cyberattack takes Logbook of the World offline | The American Radio Relay League (ARRL) warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World. | Hack | |
23.5.24 | Frustration grows over Google's AI Overviews feature, how to disable | Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. However, there are ways to turn it off using a new "Web" search mode, which we explain in this article.. | AI | |
23.5.24 | CISA warns of hackers exploiting Chrome, EoL D-Link bugs | The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. | Exploit | BleepingComputer |
23.5.24 | Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed | Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part | APT | The Hacker News |
23.5.24 | Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager | Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited | Vulnerebility | The Hacker News |
23.5.24 | The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell | Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more | OS | The Hacker News |
23.5.24 | Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries | Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that's | APT | The Hacker News |
23.5.24 | Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats | Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the | ICS | The Hacker News |
23.5.24 | GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack | Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known | Cryptocurrency | The Hacker News |
23.5.24 | MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks | An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in | Exploit | The Hacker News |
22.5.24 | QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances | Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of | Vulnerebility | The Hacker News |
22.5.24 | Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings | Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom | Safety | The Hacker News |
22.5.24 | Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass | Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical | Vulnerebility | The Hacker News |
22.5.24 | Critical GitHub Enterprise Server Flaw Allows Authentication Bypass | GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker | Vulnerebility | The Hacker News |
22.5.24 | Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users | A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google | Virus | The Hacker News |
22.5.24 | SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure | The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to | Virus | The Hacker News |
22.5.24 | Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox | A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by | Vulnerebility | The Hacker News |
21.5.24 | Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses | Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as | OS | The Hacker News |
21.5.24 | NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen | Hack | The Hacker News |
21.5.24 | "Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit | Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could | Vulnerebility | The Hacker News |
20.5.24 | Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel | An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas | APT | The Hacker News |
20.5.24 | Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal | Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, | Exploit | The Hacker News |
20.5.24 | Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail | A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer | Exploit | The Hacker News |
20.5.24 | Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns | Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus , a | Phishing | The Hacker News |
20.5.24 | Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam | The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering | Cryptocurrency | The Hacker News |
20.5.24 | Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide | The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 | Virus | The Hacker News |
19.5.24 | Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising | A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. | Ransom | |
19.5.24 | Banking malware Grandoreiro returns after police disruption | The banking trojan "Grandoreiro" is spreading in a large-scale phishing campaign in over 60 countries, targeting customer accounts of roughly 1,500 banks. | Virus | |
19.5.24 | The Week in Ransomware - May 17th 2024 - Mailbombing is back | This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. However, that does not mean there was nothing of interest released this week about ransomware. | Ransom | |
19.5.24 | Microsoft to start enforcing Azure multi-factor authentication in July | Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources. | Safety | |
19.5.24 | SEC: Financial orgs have 30 days to send data breach notifications | The Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. | BigBrothers | |
19.5.24 | US arrests suspects behind $73M ‘pig butchering’ laundering scheme | The U.S. Department of Justice charged two suspects for allegedly leading a crime ring that laundered at least $73 million from cryptocurrency investment scams, also known as "pig butchering." | BigBrothers | |
19.5.24 | WebTPA data breach impacts 2.4 million insurance policyholders | The WebTPA Employer Services (WebTPA) data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes. | Incindent | |
19.5.24 | US woman allegedly aided North Korean IT workers infiltrate 300 firms | The U.S. Justice Department charged five individuals today, a U.S. Citizen woman, a Ukrainian man, and three foreign nationals, for their involvement in cyber schemes that generated revenue for North Korea's nuclear weapons program. | BigBrothers | |
18.5.24 | Norway recommends replacing SSL VPN to prevent breaches | The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks. | Incindent | |
18.5.24 | Microsoft shares temp fix for Outlook encrypted email reply issues | Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from replying to encrypted emails using the Outlook Desktop client. | OS | |
18.5.24 | MediSecure e-script firm hit by ‘large-scale’ ransomware data breach | Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor. | Incindent | |
18.5.24 | Russian hackers use new Lunar malware to breach a European govt's agencies | Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad. | BigBrothers | |
18.5.24 | Microsoft: Windows Server 2019 updates fail with 0x800f0982 errors | Microsoft has acknowledged a new known issue causing this month's KB5037765 security update for Windows Server 2019 to fail to install with 0x800f0982 errors. | OS | |
18.5.24 | Kimsuky hackers deploy new Linux backdoor in attacks on South Korea | The North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers. | APT | |
18.5.24 | Google fixes third actively exploited Chrome zero-day in a week | Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. | Exploit | |
18.5.24 | Android to add new anti-theft and data protection features | Google is introducing multiple anti-theft and data protection features later this year, some available only for Android 15+ devices, while others will roll out to billions of devices running Android 10 and later. | OS | |
18.5.24 | Android 15, Google Play Protect get new anti-malware and anti-fraud features | Today, Google announced new security features coming to Android 15 and Google Play Protect that will help block scams, fraud, and malware apps on users' devices. | OS | |
18.5.24 | Nissan North America data breach impacts over 53,000 employees | Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom. | Incindent | |
18.5.24 | Brothers arrested for $25 million theft in Ethereum blockchain attack | The U.S. Department of Justice has indicted two former MIT students for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a "first-of-its-kind" scheme. | Cryptocurrency | |
18.5.24 | Apple blocked $7 billion in fraudulent App Store purchases in 4 years | Apple's antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis. | OS | |
18.5.24 | Payload Trends in Malicious OneNote Samples | In this post, we look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. Our analysis of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme where attackers use one or more images to lure people into clicking or interacting with OneNote files. | Malware blog | Palo Alto |
18.5.24 | Leveraging DNS Tunneling for Tracking and Scanning | This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes. | Hacking blog | Palo Alto |
18.5.24 | FOXIT PDF “FLAWED DESIGN” EXPLOITATION | PDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform for sharing documents across diverse computing environments | Exploit blog | Checkpoint |
18.5.24 | Talos releases new macOS open-source fuzzer | Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties. | OS Blog | Cisco Blog |
18.5.24 | Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core | The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server. | Vulnerebility blog | Cisco Blog |
18.5.24 | Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities | Commercial spyware tools can threaten democratic values by enabling governments to conduct covert surveillance on citizens, undermining privacy rights and freedom of expression. | BigBrother blog | Cisco Blog |
18.5.24 | Rounding up some of the major headlines from RSA | Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference. | Cyber blog | Cisco Blog |
18.5.24 | A new alert system from CISA seems to be effective — now we just need companies to sign up | Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog. | Vulnerebility blog | Cisco Blog |
18.5.24 | The who, where, and how of APT attacks – Week in security with Tony Anscombe | This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape | APT blog | Eset |
18.5.24 | To the Moon and back(doors): Lunar landing in diplomatic missions | ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs | APT blog | Eset |
18.5.24 | Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain | One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft | Cryptocurrency blog | Eset |
18.5.24 | ESET APT Activity Report Q4 2023–Q1 2024 | An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024 | APT blog | Eset |
18.5.24 | Windows Quick Assist abused in Black Basta ransomware attacks | Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks. | Ransom | |
18.5.24 | FBI seize BreachForums hacking forum used to leak stolen data | The FBI has seized the notorious BreachForums hacking forum that leaked and sold stolen corporate data to other cybercriminals. | BigBrothers | |
18.5.24 | Banco Santander warns of a data breach exposing customer info | Banco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers. | Incindent | |
18.5.24 | Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion | Alexey Pertsev, one of the main developers of the Tornado Cash cryptocurrency tumbler has been sentenced to 64 months in prison for his part in helping launder more than $2 billion worth of cryptocurrency. | Cryptocurrency | |
18.5.24 | PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers | The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. | Exploit | |
18.5.24 | Microsoft fixes VPN failures caused by April Windows updates | Today, Microsoft fixed a known issue breaking VPN connections across client and server platforms after installing the April 2024 Windows security updates. | OS | |
18.5.24 | Singing River Health System: Data of 895,000 stolen in ransomware attack | The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023. | Incindent | |
18.5.24 | Microsoft fixes Windows Server bug causing crashes, NTLM auth failures | Microsoft has fixed a known issue causing NTLM authentication failures and domain controller reboots after installing last month's Windows Server security updates. | OS | |
18.5.24 | Microsoft fixes Windows zero-day exploited in QakBot malware attacks | Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. | OS | |
18.5.24 | Windows 10 KB5037768 update released with new features and 20 fixes | Microsoft has released the KB5037768 cumulative update for Windows 10 21H2 and Windows 10 22H2 with twenty changes, including account notifications in the Start Menu and Widgets on the lock screen. | OS | |
18.5.24 | Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws | Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. | OS | |
18.5.24 | Windows 11 KB5037771 update released with 30 fixes, changes | Microsoft is rolling out the KB5037771 cumulative update for Windows 11 23H3 with thirty bug fixes and changes, including a fix for a bug breaking VPN connections. | OS | |
18.5.24 | Ebury botnet malware infected 400,000 Linux servers since 2009 | A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023. | BotNet | |
18.5.24 | Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own | Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. | OS | |
18.5.24 | Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android | On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with them. | OS | |
18.5.24 | VMware fixes three zero-day bugs exploited at Pwn2Own 2024 | VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. | Vulnerebility | |
18.5.24 | Google Chrome emergency update fixes 6th zero-day exploited in 2024 | Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks. | Vulnerebility | |
18.5.24 | PyPi package backdoors Macs using the Sliver pen-testing suite | A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. | Virus | |
18.5.24 | Apple backports fix for zero-day exploited in attacks to older iPhones | Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS zero-day tagged as exploited in attacks. | OS | |
18.5.24 | FCC reveals Royal Tiger, its first tagged robocall threat actor | The Federal Communications Commission (FCC) has named its first officially designated robocall threat actor 'Royal Tiger,' a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns. | BigBrothers | |
18.5.24 | INC ransomware source code selling on hacking forums for $300,000 | A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023. | Ransom | |
18.5.24 | Botnet sent millions of emails in LockBit Black ransomware campaign | Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign. | BotNet | |
18.5.24 | Hackers use DNS tunneling for network scanning, tracking victims | Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. | Hack | |
18.5.24 | Helsinki suffers data breach after hackers exploit unpatched flaw | The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. | Incindent | |
18.5.24 | Criminal IP Teams with Quad9 for Advanced Threat Intelligence Sharing | The Criminal IP Threat Intelligence (CTI) search engine to integrate with Quad9's threat-blocking service. Learn more from Criminal IP about how this integration can help you. | CyberCrime | |
18.5.24 | Largest non-bank lender in Australia warns of a data breach | Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm. | Incindent | |
18.5.24 | Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking | The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent | Cryptocurrency | The Hacker News |
18.5.24 | China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT | Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked | Virus | The Hacker News |
18.5.24 | Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks | The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General | APT | The Hacker News |
17.5.24 | CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to | Vulnerebility | The Hacker News |
17.5.24 | New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks | Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard | Attack | The Hacker News |
17.5.24 | North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign | The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs | APT | The Hacker News |
17.5.24 | Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines | Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that | Vulnerebility | The Hacker News |
16.5.24 | Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks | The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client | Ransom | The Hacker News |
16.5.24 | Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability | Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been | Exploit | The Hacker News |
16.5.24 | FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity | Law enforcement agencies have officially seized control of the notorious BreachForums platform, an online bazaar known for | BigBrothers | The Hacker News |
16.5.24 | Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps | Google is unveiling a set of new features in Android 15 to prevent malicious apps installed on the device from capturing sensitive | OS | The Hacker News |
16.5.24 | Google Launches AI-Powered Theft and Data Protection Features for Android Devices | Google has announced a slew of privacy and security features in Android, including a suite of advanced protection features to help | AI | The Hacker News |
16.5.24 | Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions | An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two | APT | The Hacker News |
16.5.24 | Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years | A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 | BotNet | The Hacker News |
15.5.24 | Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days | Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, | Vulnerebility | The Hacker News |
15.5.24 | VMware Patches Severe Security Flaws in Workstation and Fusion Products | Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat | Vulnerebility | The Hacker News |
15.5.24 | New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation | Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under | Vulnerebility | The Hacker News |
15.5.24 | Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code | The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security | Vulnerebility | The Hacker News |
15.5.24 | Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls | Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam | Spam | The Hacker News |
14.5.24 | Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices | Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a | OS | The Hacker News |
14.5.24 | MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices | The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded | Safety | The Hacker News |
14.5.24 | Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries | Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by | Vulnerebility | The Hacker News |
14.5.24 | Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia | The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure | Ransom | The Hacker News |
14.5.24 | Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo | Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests | Virus | The Hacker News |
12.5.24 | The Post Millennial hack leaked data impacting 26 million people | Have I Been Pwned has added the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website. | Incindent | |
12.5.24 | CISA: Black Basta ransomware breached over 500 orgs worldwide | CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. | Ransom | |
12.5.24 | Europol confirms web portal breach, says no operational data stolen | Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. | BigBrothers | |
12.5.24 | The Week in Ransomware - May 10th 2024 - Chipping away at LockBit | After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation. | Ransom | |
12.5.24 | Dell API abused to steal 49 million customer records in data breach | The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. | Incindent | |
12.5.24 | Ascension redirects ambulances after suspected ransomware attack | Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday. | Ransom | |
12.5.24 | Ohio Lottery ransomware attack impacts over 538,000 individuals | The Ohio Lottery is sending data breach notification letters to over 538,000 individuals affected by a cyberattack that hit the organization's systems on Christmas Eve. | Ransom | |
12.5.24 | Google fixes fifth Chrome zero-day exploited in attacks this year | Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year. | Vulnerebility | |
12.5.24 | Widely used modems in industrial IoT devices open to SMS attack | Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. | IoT | |
12.5.24 | Poland says Russian military hackers target its govt networks | Project management platform Monday.com has removed its "Share Update" feature after threat actors abused it in phishing attacks. | BigBrothers | |
11.5.24 | FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT | The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate | APT | The Hacker News |
11.5.24 | Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution | Two vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10. | Vulnerebility blog | Cisco Blog |
11.5.24 | How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe | We spoke to climate scientist Katharine Hayhoe about intersections between climate action, human psychology and spirituality, and how to channel anxiety about the state of our planet into meaningful action | Security blog | Eset |
11.5.24 | In it to win it! WeLiveSecurity shortlisted for European Security Blogger Awards | We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024 | Security blog | Eset |
11.5.24 | It's a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe | More than 40,000 security experts descended on San Francisco this week. Let's now look back on some of the event's highlights – including the CISA-led 'Secure by Design' pledge also signed by ESET | Cyber blog | Eset |
11.5.24 | RSA Conference 2024: AI hype overload | Can AI effortlessly thwart all sorts of cyberattacks? Let’s cut through the hyperbole surrounding the tech and look at its actual strengths and limitations. | AI blog | Eset |
11.5.24 | How to inspire the next generation of scientists | Unlocked 403: Cybersecurity podcast | As Starmus Earth draws near, we caught up with Dr. Garik Israelian to celebrate the fusion of science and creativity and venture where imagination flourishes and groundbreaking ideas take flight | Security blog | Eset |
11.5.24 | The hacker’s toolkit: 4 gadgets that could spell security trouble | Their innocuous looks and endearing names mask their true power. These gadgets are designed to help identify and prevent security woes, but what if they fall into the wrong hands? | Malware blog | Eset |
11.5.24 | North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms | The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based | APT | The Hacker News |
11.5.24 | Monday.com removes "Share Update" feature abused for phishing attacks | Project management platform Monday.com has removed its "Share Update" feature after threat actors abused it in phishing attacks. | Phishing | |
11.5.24 | Citrix warns admins to manually mitigate PuTTY SSH client bug | Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key. | Vulnerebility | |
11.5.24 | AT&T delays Microsoft 365 email delivery due to spam wave | AT&T's email servers are blocking connections from Microsoft 365 due to a "high volume" spam wave originating from Microsoft's service. | Spam | |
11.5.24 | British Columbia investigating cyberattacks on government networks | The Government of British Columbia is investigating multiple "cybersecurity incidents" that have impacted the Canadian province's government networks. | Incindent | |
11.5.24 | Dell warns of data breach, 49 million customers allegedly affected | Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. | Incindent | |
11.5.24 | Zscaler takes "test environment" offline after rumors of a breach | Zscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems. | Security | |
11.5.24 | University System of Georgia: 800K exposed in 2023 MOVEit attack | The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks. | Hack | |
11.5.24 | Ascension healthcare takes systems offline after cyberattack | Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a "cyber security event." | Incindent | |
11.5.24 | New BIG-IP Next Central Manager bugs allow device takeover | F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create rogue accounts on any managed assets. | Vulnerebility | |
11.5.24 | FBI warns of gift card fraud ring targeting retail companies | The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation. | Ransom | |
10.5.24 | Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability | Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the | ||
10.5.24 | Malicious Android Apps Pose as Google, Instagram, WhatsApp, to Steal Credentials | Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed | ||
10.5.24 | Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models | Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large | ||
10.5.24 | New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation | Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop | ||
10.5.24 | Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign | Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked | ||
9.5.24 | The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation. | |||
9.5.24 | Microsoft: April Windows Server updates also cause crashes, reboots | Microsoft has confirmed that last month's Windows Server security updates may also cause domain controller reboots after the Local Security Authority Subsystem Service (LSASS) process crashes. | ||
9.5.24 | Massive webshop fraud ring steals credit cards from 850,000 people | A massive network of 75,000 fake online shops called 'BogusBazaar' tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders. | ||
9.5.24 | DocGo discloses cyberattack after hackers steal patient health data | Mobile medical care firm DocGo confirmed it suffered a cyberattack after threat actors breached its systems and stole patient health data. | ||
9.5.24 | Hackers exploit LiteSpeed Cache flaw to create WordPress admins | Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites. | ||
9.5.24 | UK confirms Ministry of Defence payroll data exposed in data breach | The UK Government confirmed today that a threat actor recently breached the country's Ministry of Defence and gained access to part of the Armed Forces payment network. | ||
9.5.24 | A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. | |||
9.5.24 | Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw | Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. | ||
9.5.24 | The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity. | |||
9.5.24 | Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. | |||
9.5.24 | Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery | Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai | ||
9.5.24 | Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover | Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize | ||
8.5.24 | New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data | Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage | ||
8.5.24 | Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version | A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis | ||
8.5.24 | Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites | A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create | ||
8.5.24 | BetterHelp to pay $7.8 million to 800,000 in health data sharing settlement | BetterHelp has agreed to pay $7.8 million in a settlement agreement with the U.S. Federal Trade Commission (FTC) over allegations of misusing and sharing consumer health data for advertising purposes. | ||
8.5.24 | LockBit ransomware admin identified, sanctioned in US, UK, Australia | The FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor revealed for the first time. | ||
8.5.24 | Microsoft tests using MT/s for memory speed in Windows 11 Task Manager | Microsoft is testing showing memory speeds as MT/s (mega-transfers per second) rather than MHz (megahertz) in the Windows 11 Task Manager. | ||
8.5.24 | City of Wichita shuts down IT network after ransomware attack | The City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after suffering a weekend ransomware attack. | ||
8.5.24 | Lockbit's seized site comes alive to tease new police announcements | The NCA, FBI, and Europol have revived a seized LockBit ransomware data leak site to hint at new information being revealed by law enforcement this Tuesday. | ||
8.5.24 | Finland warns of Android malware attacks breaching bank accounts | Finland's Transport and Communications Agency (Traficom) has issued a warning about an ongoing Android malware campaign targeting banking accounts. | ||
8.5.24 | Iranian hackers pose as journalists to push backdoor malware | The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets. | ||
8.5.24 | Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, | |||
8.5.24 | Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component of that landscape. | |||
8.5.24 | Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator | The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, | ||
| 7.5.24 | APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data | The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target | APT | The Hacker News |
| 7.5.24 | China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion | The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the | APT | |
| 7.5.24 | Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever) | Google on Monday announced that it's simplifying the process of enabling two-factor authentication (2FA) for users with personal | Safety | The Hacker News |
| 7.5.24 | Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering | A Russian operator of a now-dismantled BTC-e cryptocurrency exchange has pleaded guilty to money laundering charges from | Cryptocurrency | The Hacker News |
| 6.5.24 | Android bug leaks DNS queries even when VPN kill switch is enabled | A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. | OS | |
| 6.5.24 | NSA warns of North Korean hackers exploiting weak DMARC email policies | The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks. | APT | |
| 6.5.24 | Google rolls back reCaptcha update to fix Firefox issues | Google has rolled back a recent release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. | Vulnerebility | |
| 6.5.24 | NATO and EU condemn Russia's cyberattacks against Germany, Czechia | NATO and the European Union, with international partners, formally condemned a long-term cyber espionage campaign against European countries conducted by the Russian threat group APT28. | BigBrothers | |
| 6.5.24 | Microsoft rolls out passkey auth for personal Microsoft accounts | Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. | Security | |
| 6.5.24 | CEO who sold fake Cisco devices to US military gets 6 years in prison | Onur Aksoy, the CEO of a group of companies controlling multiple online storefronts, was sentenced to six and a half years in prison for selling $100 million worth of counterfeit Cisco network equipment to government, health, education, and military organizations worldwide. | BigBrothers | |
| 6.5.24 | Bitwarden launches new MFA Authenticator app for iOS, Android | Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. | Safety | |
| 6.5.24 | CISA urges software devs to weed out path traversal vulnerabilities | CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping. | BigBrothers | |
| 6.5.24 | Police shuts down 12 fraud call centres, arrests 21 suspects | Law enforcement shut down 12 phone fraud call centers in Albania, Bosnia and Herzegovina, Kosovo, and Lebanon, behind thousands of scam calls daily. | CyberCrime | |
| 6.5.24 | Microsoft warns of "Dirty Stream" attack impacting Android apps | Microsoft has highlighted a novel attack dubbed "Dirty Stream," which could allow malicious Android apps to overwrite files in another application's home directory, potentially leading to arbitrary code execution and secrets theft. | OS | |
| 6.5.24 | REvil hacker behind Kaseya ransomware attack gets 13 years in prison | Yaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation. | Ransom | |
| 6.5.24 | Microsoft won't fix Windows 0x80070643 errors, manual fix required | Microsoft has confirmed that it won't provide an automated fix for a known issue causing 0x80070643 errors when installing recent Windows Recovery Environment (WinRE) updates. | OS | |
| 6.5.24 | Cybersecurity consultant arrested after allegedly extorting IT firm | A former cybersecurity consultant was arrested for allegedly attempting to extort a publicly traded IT company by threatening to disclose confidential and proprietary data unless they paid him $1,500,000. | Cyber | |
| 6.5.24 | HPE Aruba Networking fixes four critical RCE flaws in ArubaOS | HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system. | Vulnerebility | |
| 6.5.24 | Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution | More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical | Vulnerebility | |
| 6.5.24 | Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components | Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices | Mobil | The Hacker News |
| 6.5.24 | New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs | Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up | OS | The Hacker News |
| 5.5.24 | DropBox says hackers stole customer data, auth secrets from eSignature service | Cloud storage firm DropBox says hackers breached production systems for its DropBox Sign eSignature platform and gained access to authentication tokens, MFA keys, hashed passwords, and customer information. | Incindent | |
| 5.5.24 | US govt warns of pro-Russian hacktivists targeting water facilities | The US government is warning that pro-Russian hacktivists are seeking out and hacking into unsecured operational technology (OT) systems used to disrupt critical infrastructure operations. | BigBrothers | |
| 5.5.24 | Panda Restaurants discloses data breach after corporate systems hack | Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March and stole the personal information of an undisclosed number of individuals. | Incindent | |
| 5.5.24 | French hospital CHC-SV refuses to pay LockBit extortion demand | The Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom. | Ransom | |
| 5.5.24 | CISA says GitLab account takeover bug is actively exploited in attacks | CISA warned today that attackers are actively exploiting a maximum-severity GitLab vulnerability that allows them to take over accounts via password resets. | Exploit | |
| 5.5.24 | Microsoft: April Windows Server updates cause NTLM auth failures | Microsoft has confirmed customer reports of NTLM authentication failures and high load after installing last month's Windows Server security updates. | OS | |
| 5.5.24 | Microsoft says April Windows updates break VPN connections | Microsoft says the April 2024 Windows security updates break VPN connections on Windows 11, Windows 10, and Windows Server systems. | OS | |
| 5.5.24 | Qantas app exposed sensitive traveler details to random users | Qantas Airways confirms that some of its customers were impacted by a misconfiguration in its app that exposed sensitive information and boarding passes to random users. | Incindent | |
| 5.5.24 | New Cuttlefish malware infects routers to monitor traffic for credentials | A new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information. | Virus | |
| 5.5.24 | New Latrodectus malware attacks use Microsoft, Cloudflare themes | Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. | Virus | |
| 5.5.24 | Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach | Daily newspaper Philadelphia Inquirer revealed that attackers behind a May 2023 security breach have stolen the personal and financial information of 25,549 individuals. | Incindent | |
| 5.5.24 | R language flaw allows code execution via RDS/RDX files | A new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files. | Vulnerebility | |
| 5.5.24 | Google now pays up to $450,000 for RCE bugs in some Android apps | Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. | Vulnerebility | BleepingComputer |
| 5.5.24 | Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities | Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the | BigBrothers | The Hacker News |
| 4.5.24 | Millions of Docker repos found pushing malware, phishing sites | Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021. | Phishing | |
| 4.5.24 | New Wpeeper Android malware hides behind hacked WordPress sites | A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads. | OS | |
| 4.5.24 | Change Healthcare hacked using stolen Citrix account with no MFA | UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled. | Incindent | |
| 4.5.24 | Muddling Meerkat hackers manipulate DNS using China’s Great Firewall | A new cluster of activity tracked as "Muddling Meerkat" is believed to be linked to a Chinese state-sponsored threat actor's manipulation of DNS to probe networks globally since October 2019, with a spike in activity observed in September 2023. | APT | |
| 4.5.24 | London Drugs pharmacy chain closes stores after cyberattack | Canadian pharmacy chain London Drugs has closed all its retail stores to contain what it described as a "cybersecurity incident." | Incindent | |
| 4.5.24 | FBI warns of fake verification schemes targeting dating app users | The FBI is warning of fake verification schemes promoted by fraudsters on online dating platforms that lead to costly recurring subscription charges. | BigBrothers | |
| 4.5.24 | Google rejected 2.28 million risky Android apps from Play store in 2023 | Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user's security. | OS | |
| 4.5.24 | Microsoft fixes bug behind incorrect BitLocker encryption errors | Microsoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments. | Vulnerebility | BleepingComputer |
| 4.5.24 | It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise | Our telemetry indicates a growing number of threat actors are turning to malware-initiated scanning attacks. This article reviews how attackers use infected hosts for malware-based scans of their targets instead of the more traditional approach using direct scans. | Malware blog | Palo Alto |
| 4.5.24 | Muddled Libra’s Evolution to the Cloud | Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. | APT blog | Palo Alto |
| 4.5.24 | Vulnerabilities in employee management system could lead to remote code execution, login credential theft | Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files. | Vulnerebility blog | Cisco Blog |
| 4.5.24 | James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape | Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation. | APT blog | Cisco Blog |
| 4.5.24 | Pay up, or else? – Week in security with Tony Anscombe | Organizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or not | Ransom blog | Eset |
| 4.5.24 | Adding insult to injury: crypto recovery scams | Once your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over | Spam blog | Eset |
| 4.5.24 | MDR: Unlocking the power of enterprise-grade security for businesses of all sizes | We spoke to Astronomy magazine editor-in-chief David Eicher about key challenges facing our planet, the importance of space exploration for humanity, and the possibility of life beyond Earth | Security blog | Eset |
| 4.5.24 | How space exploration benefits life on Earth: Q&A with David Eicher | The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details | Phishing blog | Eset |
| 4.5.24 | Collection agency FBCS warns data breach impacts 1.9 million people | Financial Business and Consumer Solutions (FBCS) is warning 1,955,385 impacted individuals in the United States that the company suffered a data breach after discovering unauthorized access to specific systems in its network. | Incindent | |
| 4.5.24 | US Post Office phishing sites get as much traffic as the real one | Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays. | Phishing | |
| 4.5.24 | Google Chrome's new post-quantum cryptography may break TLS connections | Some Google Chrome users report having issues connecting to websites, servers, and firewalls after Chrome 124 was released last week with the new quantum-resistant X25519Kyber768 encapsulation mechanism enabled by default. | Cyber | |
| 4.5.24 | Japanese police create fake support scam payment cards to warn victims | Japanese police placed fake payment cards in convenience stores to protect the elderly targeted by tech support scams or unpaid money fraud. | CyberCrime | |
| 4.5.24 | Okta warns of "unprecedented" credential stuffing attacks on customers | Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. | Hack | |
| 4.5.24 | Fake job interviews target developers with new Python backdoor | A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). | Virus | |
| 4.5.24 | Kaiser Permanente: Data breach may impact 13.4 million patients | Healthcare service provider Kaiser Permanente disclosed a data security incident that may impact 13.4 million people in the United States. | Incindent | |
| 4.5.24 | FBI warns against using unlicensed crypto transfer services | The FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if these platforms are taken down by law enforcement. | Cryptocurrency | |
| 4.5.24 | LA County Health Services: Patients' data exposed in phishing attack | The Los Angeles County Department of Health Services disclosed a data breach after thousands of patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. | Phishing | |
| 4.5.24 | Researchers sinkhole PlugX malware server with 2.5 million unique IPs | Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. | Virus | |
| 4.5.24 | Over 1,400 CrushFTP servers vulnerable to actively exploited bug | Over 1,400 CrushFTP servers exposed online were found vulnerable to attacks currently targeting a critical severity server-side template injection (SSTI) vulnerability previously exploited as a zero-day. | Exploit | |
| 4.5.24 | WP Automatic WordPress plugin hit by millions of SQL injection attacks | Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. | Hack | |
| 4.5.24 | New Brokewell malware takes over Android devices, steals data | Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches. | OS | |
| 4.5.24 | US charges Samourai cryptomixer founders for laundering $100 million | Keonne Rodriguez and William Lonergan Hill have been charged by the U.S. Department of Justice for laundering more than $100 million from various criminal enterprises through Samourai, a cryptocurrency mixer service they ran for nearly a decade. | Cryptocurrency | |
| 4.5.24 | Maximum severity Flowmon bug has a public exploit, patch now | Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility. | Exploit | |
| 4.5.24 | ArcaneDoor hackers exploit Cisco zero-days to breach govt networks | Cisco warned today that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. | Exploit | BleepingComputer |
| 3.5.24 | Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications | Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of | Virus | The Hacker News |
| 3.5.24 | NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources | The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send | BigBrothers | The Hacker News |
| 3.5.24 | Google Announces Passkeys Adopted by Over 400 Million Accounts | Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more | Security | The Hacker News |
| 3.5.24 | Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks | HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that | Vulnerebility | The Hacker News |
| 3.5.24 | Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw | Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability | OS | The Hacker News |
| 2.5.24 | Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million | A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out | CyberCrime | The Hacker News |
| 2.5.24 | Dropbox Discloses Breach of Digital Signature Service Affecting All Users | Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by | Incindent | The Hacker News |
| 2.5.24 | New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw | A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical | BotNet | The Hacker News |
| 2.5.24 | CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited | Exploit | The Hacker News |
| 2.5.24 | New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials | A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily | Virus | The Hacker News |
| 2.5.24 | Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds | A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit | Cryptocurrency | The Hacker News |
| 2.5.24 | Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers | Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses | OS | The Hacker News |
| 1.5.24 | ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan | The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan | Virus | The Hacker News |
| 1.5.24 | Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia | A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for | BigBrothers | The Hacker News |
| 1.5.24 | Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years | Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious | Virus | The Hacker News |