H  January(270)  February(364) March(400) April(276) May(343) June(373) July(336) August(388) September(287) October(0) November(0) December(0)  

DATE

NAME

Info

CATEG.

WEB

21.12.24

The evolution and abuse of proxy networks Proxy and anonymization networks have been dominating the headlines, this piece discusses its origins and evolution on the threat landscape with specific focus on state sponsored abuse. Security blog

Cisco Blog

21.12.24

Exploring vulnerable Windows drivers This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about malicious Windows drivers. Vulnerebility blog

Cisco Blog

21.12.24

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” Vulnerebility blog

Cisco Blog

21.12.24

Acrobat out-of-bounds and Foxit use-after-free PDF reader vulnerabilities found Cisco Talos’ Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader. These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular a Vulnerebility blog

Cisco Blog

21.12.24

Something to Read When You Are On Call and Everyone Else is at the Office Party Its mid-December, if you’re on-call or working to defend networks, this newsletter is for you. Martin discusses the widening gap between threat and defences as well as the growing problem of home devices being recruited to act as proxy servers for criminals. Cyber blog

Cisco Blog

21.12.24

MC LR Router and GoCast unpatched vulnerabilities Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been patched at time of this posting. For Snort coverage that can detect the explo Vulnerebility blog

Cisco Blog

21.12.24

The adventures of an extroverted cyber nerd and the people Talos helps to fight the good fight Ever wonder what an extroverted strategy security nerd does? Wonder no longer! This week, Joe pontificates on his journey at Talos, and then is inspired by the people he gets to meet and help. Cyber blog

Cisco Blog

21.12.24

Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform By Philippe Laulheret ClipSP (clipsp.sys) is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems. Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of p Vulnerebility blog Cisco Blog

21.12.24

ESET Research Podcast: Telekopye, again Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths' Cyber blog

Eset

21.12.24

Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (ep. 9) ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud Cyber blog

Eset

21.12.24

Cybersecurity is never out-of-office: Protecting your business anytime, anywhere While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year Cyber blog

Eset

21.12.24

ESET Threat Report H2 2024: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025

Cyber blog

Eset

21.12.24

ESET Threat Report H2 2024 A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Cyber blog

Eset

21.12.24

Black Hat Europe 2024: Hacking a car – or rather, its infotainment system Our ‘computers on wheels’ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow Cyber blog

Eset

21.12.24

Black Hat Europe 2024: Why a CVSS score of 7.5 may be a 'perfect' 10 in your organization Aggregate vulnerability scores don’t tell the whole story – the relationship between a flaw’s public severity rating and the specific risks it poses for your company is more complex than it seems Cyber blog

Eset

21.12.24

Black Hat Europe 2024: Can AI systems be socially engineered? Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally? Cyber blog

Eset

21.12.24

How cyber-secure is your business? | Unlocked 403 cybersecurity podcast (ep. 8) As cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats? Cyber blog

Eset

21.12.24

Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost Cyber blog

Eset

21.12.24

Philip Torr: AI to the people | Starmus Highlights We’re on the cusp of a technological revolution that is poised to transform our lives – and we hold the power to shape its impact AI blog

Eset

21.12.24

Achieving cybersecurity compliance in 5 steps Cybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements Cyber blog

Eset

21.12.24

CVE-2024-55956: Zero-Day Vulnerability in Cleo Software Could Lead to Data Theft

A zero-day vulnerability, tracked as CVE-2024-55956, has been discovered in 3 Cleo products and is being exploited by CL0P ransomware group, leading to potential data theft

Vulnerebility blog

Cybereason

21.12.24

Your Data Is Under New Lummanagement: The Rise of LummaStealer

In this Threat Analysis report, Cybereason investigates the rising activity of the malware LummaStealer.

Malware blog

Cybereason

21.12.24

Stellar Discovery of A New Cluster of Andromeda/Gamarue C2

In this Threat Analysis report, Cybereason investigates incidents relating to the Andromeda backdoor and a new cluster of C2 servers

Malware blog

Cybereason

21.12.24

Malicious Life Podcast: Operation Snow White, Part 2

Scientology spies were trained in all covert operations techniques: surveillance, recruiting agents, infiltrating enemy lines, and blackmail. However, a suspicious librarian and a determined FBI agent brought the largest single spy operation in US government history to an end.

BigBrother blog

Cybereason

21.12.24

THREAT ANALYSIS: Beast Ransomware

In this Threat Analysis report, Cybereason investigates the Ransomware-as-a-Service (RaaS) known as Beast and how to defend against it through the Cybereason Defense Platform.

Ransom blog

Cybereason

21.12.24

CUCKOO SPEAR Part 2: Threat Actor Arsenal

In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques.

Phishing blog

Cybereason

21.12.24

Malicious Life Podcast: Operation Snow White, Part 1

In 1963, the FDA raided the headquarters of a budding new and esoteric religion - The Church of Scientology. In response to this and similar incidents to come, the church's founder - an eccentric science fiction author named L. Ron Hubbard - would go on to lead the single largest known government infiltration operation in United States history.

BigBrother blog

Cybereason

21.12.24

CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective

In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques.

Phishing blog

Cybereason

21.12.24

The Windows Registry Adventure #5: The regf file format

As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats.

Hacking blog

Project Zero

21.12.24

The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit

Earlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered, and the hypothesized ITW exploit strategy gleaned from the logs.

Exploit blog

Project Zero

21.12.24

Windows Tooling Updates: OleView.NET

This is a short blog post about some recent improvements I've been making to the OleView.NET tool which has been released as part of version 1.16. The tool is designed to discover the attack surface of Windows COM and find security vulnerabilities such as privilege escalation and remote code execution.

OS Blog

Project Zero

21.12.24

Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst

Recently, one of the projects I was involved in had to do with video decoding on Apple platforms, specifically AV1 decoding. On Apple devices that support AV1 video format (starting from Apple A17 iOS / M3 macOS), decoding is done in hardware

OS Blog

Project Zero

21.12.24

Safeguarding Election Integrity: Threat Hunting for the U.S. Elections

With 2024 being a major election year globally, the stakes for election security were and remain high. More than 60 countries, including the United States, Mexico, India, and Indonesia, held elections and engaged nearly 2 billion voters. The U.S. general election on November 5th, 2024, drew significant attention due to concerns over potential interference and cybersecurity threats.

BigBrother blog

Trelix

21.12.24

Hacktivist Groups: The Shadowy Links to Nation-State Agendas

The recent conflicts between Ukraine and the Middle East have seen a surge in hacktivist activity, with groups aligned with both sides engaging in cyberattacks. In this blog we will cover a large set of Hacktivist groups.

BigBrother blog

Trelix

21.12.24

Anatomy of Celestial Stealer: Malware-as-a-Service Revealed

During proactive hunting, Trellix Advanced Research Center found samples belonging to Celestial Stealer, a JavaScript-based infostealer which is packaged either as an Electron application or as a NodeJS single application for Windows 10 and Windows 11 operating system. It is a Malware-as-a-Service (MaaS) advertised on the Telegram platform. The stealer is marketed as a FUD (fully undetectable).

Malware blog

Trelix

21.12.24

Phobos: Stealthy Ransomware That Operated Under the Radar - Until Now

On November 18th, the US Justice Department unsealed criminal charges against a Russian national for allegedly administering the sale, distribution, and operation of Phobos ransomware. Phobos is considered an evolution of Dharma Ransomware (aka CrySIS). Code similarities and ransom notes suggest that the creators are either the same or closely connected.

Ransom blog

Trelix

21.12.24

When Guardians Become Predators: How Malware Corrupts the Protectors

We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us?

Malware blog

Trelix

21.12.24 LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Ransom The Hacker News
21.12.24 DigiEver Fix That IoT Thing! A vulnerability in DigiEver DS-2105 Pro DVRs is being exploited to spread malware. IoT Akamai
21.12.24 cShell DDoS Bot Attack Case Targeting Linux SSH Server (screen and hping3) AhnLab SEcurity intelligence Center (ASEC) monitors attacks against poorly managed Linux servers using multiple honeypots. Among the prominent honeypots are SSH services using weak credential information, which are targeted by numerous DDoS and CoinMiner threat actors. Hack asec Ahnlab
21.12.24 Counterfeit ESLint and Node 'types' libraries downloaded thousands of times abuse Pastebin The legitimate ESLint packages on the npmjs.com registry are called "typescript-eslint" and "@typescript-eslint/eslint-plugin." This has unscrupulous actors publishing a typosquat named "@typescript_eslinter/eslint" that very closely resembles the names of the real libraries, but is up to no good. Hack Sonatype
21.12.24 Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers. Cryptocurrency Socket.dev
21.12.24 Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection APT

The Hacker News

21.12.24 Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli , were compromised in a software supply chain Cryptocurrency

The Hacker News

21.12.24 Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow Vulnerebility

The Hacker News

21.12.24 Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote Vulnerebility

The Hacker News

21.12.24 CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access Exploit

The Hacker News

21.12.24 Thousands Download Malicious npm Libraries Impersonating Legitimate Tools Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up Virus

The Hacker News

21.12.24 Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that BotNet

The Hacker News

21.12.24 Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive Vulnerebility

The Hacker News

21.12.24 CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to BigBrothers

The Hacker News

21.12.24 Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers BigBrothers

The Hacker News

21.12.24 UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country BigBrothers

The Hacker News

18.12.24 HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take Phishing

The Hacker News

18.12.24 Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The Exploit

The Hacker News

18.12.24 APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious APT

The Hacker News

18.12.24 BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the Vulnerebility

The Hacker News

18.12.24 INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse INTERPOL is calling for a linguistic shift that aims to put to an end to the term " pig butchering ," instead advocating for the use of "romance baiting" to refer to online BigBrothers

The Hacker News

18.12.24 Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach BigBrothers

The Hacker News

18.12.24 Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate . "An attacker used Virus

The Hacker News

18.12.24 Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Phishing

The Hacker News

2.11.24

Attacker Abuses Victim Resources to Reap Rewards from Titan Network In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes.Vulnerebility blog

Trend Micro

2.11.24

Unmasking Prometei: A Deep Dive Into Our MXDR Findings How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflicts damage to the system.BotNet blog

Trend Micro

2.11.24

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts.Cryptocurrency blog

Trend Micro

2.11.24

Attackers Target Exposed Docker Remote API Servers With perfctl Malware We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware.Malware blog

Trend Micro

2.11.24

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network  Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777).Hacking blogMicrosoft Blog

2.11.24

New Iranian-based Ransomware Group Charges $2000 for File Retrieval The SonicWall Capture Labs threat research team has encountered a recently released ransomware from an Iranian team of hackers. The group has named themselves hackersadism. The group does not appear to be targeting large corporations at this time as they only charge $2000 in BNB (Binance coin crypto) for file restoration. The price for file retrieval is also negotiable. During our analysis, we were able to converse directly with the malware operator and negotiate payment. Ransom blogSonicWall

2.11.24

Command Injection and Local File Inclusion in Grafana: CVE-2024-9264 The SonicWall Capture Labs threat research team became aware of a critical vulnerability in Grafana, assessed its impact and developed mitigation measures. Grafana is a multi-platform open-source analytics and visualization solution that can produce charts, graphs and alerts according to the data. Vulnerebility blogSonicWall

2.11.24

New Iranian-based Ransomware Group Charges $2000 for File Retrieval The SonicWall Capture Labs threat research team has encountered a recently released ransomware from an Iranian team of hackers. The group has named themselves hackersadism. The group does not appear to be targeting large corporations at this time as they only charge $2000 in BNB (Binance coin crypto) for file restoration. The price for file retrieval is also negotiable. During our analysis, we were able to converse directly with the malware operator and negotiate payment. Ransom blogSonicWall

2.11.24

Code Injection in Spring Cloud: CVE-2024-37084 The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-37084, assessed its impact, and developed mitigation measures for this vulnerability. Vulnerebility blogSonicWall

2.11.24

A Look Into Embargo Ransomware, Another Rust-based Ransomware Embargo is a relatively new ransomware group that emerged in 2024. This group is known for using Rust-based malware and operating under a ransomware-as-a-service (Raas) model. Like many modern ransomware groups, Embargo employs double extortion tactics where they first exfiltrate sensitive data from their victims before encrypting their files. They then threaten to release the stolen data unless a ransom Is paid. Malware blogSonicWall

2.11.24

HORUS Protector Part 1: The New Malware Distribution Service Recently, the SonicWall threat research team came across a new malware distribution service called Horus Protector. Horus Protector is claiming to be a Fully Undetectable (FUD) crypter. We have observed a variety of malware families propagated by Horus Protector including AgentTesla, Remcos, Snake, NjRat and many others. Malware blogSonicWall

2.11.24

VMWare vCenter Server CVE-2024-38812 DCERPC Vulnerability CVE-2024-38812 is a critical heap-overflow vulnerability identified in VMware vCenter Server’s implementation of the DCERPC (Distributed Computing Environment/Remote Procedure Call) protocol. This flaw allows a malicious actor with network access to the vCenter Server to send specially crafted packets, potentially leading to remote code execution (RCE). The vulnerability, classified under CWE-122 (Heap-based Buffer Overflow), arises when memory allocated in the heap is improperly overwritten, leading to unpredictable behavior that could be exploited.Vulnerebility blogSonicWall

2.11.24

Insecure Deserialization in Veeam Backup and Replication: CVE-2024-40711 The SonicWall Capture Labs threat research team became aware of an insecure deserialization vulnerability in Veeam Backup & Replication, assessed its impact and developed mitigation measures. Veeam Backup & Replication is a proprietary backup app developed by Veeam for virtual environments built on VMware vSphere, Nutanix AHV and Microsoft Hyper-V hypervisors. Vulnerebility blogSonicWall

2.11.24

Jumpy Pisces Engages in Play Ransomware Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People's Army, as a key player in a recent ransomware incident. Our investigation indicates a likely shift in the group’s tactics. We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group (Fiddling Scorpius). Ransom blogPalo Alto

2.11.24

Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction

This article introduces a simple and straightforward technique for jailbreaking that we call Deceptive Delight. Deceptive Delight is a multi-turn technique that engages large language models (LLM) in an interactive conversation, gradually bypassing their safety guardrails and eliciting them to generate unsafe or harmful content. AI blogPalo Alto

2.11.24

Jumpy Pisces Engages in Play Ransomware

Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People's Army, as a key player in a recent ransomware incident. Our investigation indicates a likely shift in the group’s tactics. We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group (Fiddling Scorpius). Ransom blogPalo Alto

2.11.24

Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism

Unit 42 researchers have found that certain third-party utilities and applications pertaining to archiving, virtualization and Apple’s native command-line tools do not enforce the quarantine attribute. This can pose a threat to the integrity of a security feature on macOS known as Gatekeeper, which is responsible for ensuring that only trusted software runs on the system. A bypass of Gatekeeper could leave the user unprotected from risky applications that may attempt to execute malicious content. OS BlogPalo Alto

2.11.24

Talos IR trends Q3 2024: Identity-based operations loom large Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance - read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions.Cyber blogCisco Blog

2.11.24

Threat actors use copyright infringement phishing lure to deploy infostealers * Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. * The decoy email and fake PDF filenames are designed to impersonate a company's legal department, attempting to lure thePhishing blogCisco Blog

2.11.24

Threat Spotlight: WarmCookie/BadSpace WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.Malware blogCisco Blog

2.11.24

Threat actor abuses Gophish to deliver new PowerRAT and DCRAT Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor.Malware blogCisco Blog

2.11.24

NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation ofVulnerebility blogCisco Blog

2.11.24

Writing a BugSleep C2 server and detecting its traffic with Snort This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort. Cyber blogCisco Blog

2.11.24

How LLMs could help defenders write better and faster detection Can LLM tools actually help defenders in the cybersecurity industry write more effective detection content? Read the full research AI blogCisco Blog

2.11.24

Highlighting TA866/Asylum Ambuscade Activity Since 2021 TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020. Cyber blogCisco Blog

2.11.24

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entitiesBigBrother blogCisco Blog

2.11.24

Protecting major events: An incident response blueprint Go behind the scenes with Talos incident responders and learn from what we've seen in the field. Incident blogCisco Blog

2.11.24

Ghidra data type archive for Windows driver functions Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types.Malware blogCisco Blog

2.11.24

Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments.Vulnerebility blogCisco Blog

2.11.24

Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity.Vulnerebility blogCisco Blog

2.11.24

Are hardware supply chain attacks “cyber attacks?” It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process.Hacking blogCisco Blog

2.11.24

Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks Have you ever wondered why there are so many vulnerable drivers and what might be causing them to be vulnerable? Do you want to understand why some drivers are prone to crossing security boundaries and how we can stop that? Vulnerebility blogCheckpoint

2.11.24

Operation MiddleFloor: Disinformation campaign targets Moldova ahead of presidential elections and EU membership referendum Beginning in early August, Check Point Research observed a cyber-enabled disinformation campaign primarily targeting Moldova’s government and education sectors. Acting ahead of Moldova’s elections on October 20th, attackers behind this campaign likely seek to foster negative perceptions of European values and the EU membership process in addition to Moldova’s current pro-European leadership, with the intent of influencing the outcome of the upcoming fall elections and national referendum. BigBrother blogCheckpoint

2.11.24

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind.Vulnerebility blogProject Zero

2.11.24

The Windows Registry Adventure #4: Hives and the registry layout To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit (abbreviated as HKCR, HKLM, HKCU, HKU and HKCC), and each of them contains a nested tree structure that serves a specific role in the systemVulnerebility blogProject Zero

2.11.24

Effective Fuzzing: A Dav1d Case Study Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580. Vulnerebility blogProject Zero

2.11.24

MacOS Malware Surges as Corporate Usage Grows As more companies adopt macOS for their corporate needs, attackers are adapting their techniques to get what they want OS BlogTrelix

2.11.24

Cyber Threats Targeting the US Government During the Democratic National Convention Trellix global sensors detected increased threat activities during the days that the Democratic National Convention (DNC) was held in August 2024, culminating into a massive spike in detections halfway through the convention. Our data indicate that these threat activities targeted a wide range of US government organizations, including regional democratic causes, state legislative offices, legislative data centers, election boards, local law enforcement agencies, and public transportation networks.BigBrother blogTrelix

2.11.24

Month in security with Tony Anscombe – October 2024 edition Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories Cyber blog

Eset

2.11.24

How to remove your personal information from Google Search results Have you ever googled yourself? Were you happy with what came up? If not, consider requesting the removal of your personal information from search results. Cyber blog

Eset

2.11.24

Don't become a statistic: Tips to help keep your personal data off the dark web You may not always stop your personal information from ending up in the internet’s dark recesses, but you can take steps to protect yourself from criminals looking to exploit it Cyber blog

Eset

2.11.24

Tony Fadell: Innovating to save our planet | Starmus highlights As methane emissions come under heightened global scrutiny, learn how a state-of-the-art satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts Security blog

Eset

2.11.24

CloudScout: Evasive Panda scouting cloud services ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud servicesAPT blog

Eset

2.11.24

ESET Research Podcast: CosmicBeetle Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world Cyber blog

Eset

2.11.24

Embargo ransomware: Rock’n’Rust Novice ransomware group Embargo is testing and deploying a new Rust-based toolkitRansom blog

Eset

2.11.24

Google Voice scams: What are they and how do I avoid them? Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers Spam blog

Eset

2.11.24

Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last yearExploit blog

Eset

2.11.24

Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7) “Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online – and even be the start of a predatory relationship Cyber blog

Eset

2.11.24

Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment detailsHacking blog

Eset

2.11.24

Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships The world needs more cybersecurity professionals – here are three great ways to give you an ‘in’ to the ever-growing and rewarding security industry Cyber blog

Eset

2.11.24

GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe GoldenJackal jumps the air gap … twice – Week in security with Tony AnscombeHacking blog

Eset

2.11.24

ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms Telekopye transitions to targeting tourists via hotel booking scamSpam blog

Eset

2.11.24

Cyber insurance, human risk, and the potential for cyber-ratings Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility? Cyber blog

Eset

2.11.24

Mind the (air) gap: GoldenJackal gooses government guardrails ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackalBigBrother blog

Eset

2.11.24

The complexities of attack attribution – Week in security with Tony Anscombe Attributing a cyberattack to a specific threat actor is a complex affair, as evidenced by new ESET research published this weekCyber blog

Eset

2.11.24

Separating the bee from the panda: CeranaKeeper making a beeline for Thailand ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast AsiaAPT blog

Eset

2.11.24

Why system resilience should mainly be the job of the OS, not just third-party applications Building efficient recovery options will drive ecosystem resilience OS Blog

Eset

2.11.24

Cybersecurity Awareness Month needs a radical overhaul – it needs legislation Despite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practicesCyber blog

Eset

2.11.24

Gamaredon's operations under the microscope – Week in security with Tony Anscombe ESET research examines the group's malicious wares as used to spy on targets in Ukraine in the past two yearsCyber blog

Eset

1.11.24

Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 BigBrothers

The Hacker News

1.11.24

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone Incindent

The Hacker News

1.11.24

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly BotNet

The Hacker News

1.11.24

Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it's taking the time to OS

The Hacker News

1.11.24

New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the Phishing

The Hacker News

1.11.24

New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its OS

The Hacker News

1.11.24

LottieFiles Issues Warning About Compromised "lottie-player" npm Package LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to Hack

The Hacker News

1.11.24

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated Vulnerebility

The Hacker News

30.10.24

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, APT

The Hacker News

30.10.24

Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to Vulnerebility

The Hacker News

30.10.24

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Social

The Hacker News

30.10.24

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but Cryptocurrency

The Hacker News

29.10.24

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code AI

The Hacker News

29.10.24

Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two BigBrothers

The Hacker News

29.10.24

U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol ( TLP ) to handle threat intelligence BigBrothers

The Hacker News

29.10.24

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the Vulnerebility

The Hacker News

29.10.24

Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that APT

The Hacker News

28.10.24

Russian Espionage Group Targets Ukrainian Military with Malware via Telegram A suspected Russian hybrid espionage and influence operation has been observed delivering a mix of Windows and Android malware to BigBrothers

The Hacker News

28.10.24

BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked Virus

The Hacker News

28.10.24

Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors CyberCrime

The Hacker News

28.10.24

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, OS

The Hacker News

28.10.24

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native Cryptocurrency

The Hacker News

28.10.24

Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of Ransom

The Hacker News

27.10.24

CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government BigBrothers

The Hacker News

27.10.24

Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with Vulnerebility

The Hacker News

27.10.24

Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security Apple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research AI

The Hacker News

27.10.24

Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof? Artificial Intelligence (AI) has rapidly evolved from a futuristic concept to a potent weapon in the hands of bad actors. Today, AI- AI

The Hacker News

27.10.24

SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially BigBrothers The Hacker News

27.10.24

Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations The Irish data protection watchdog on Thursday fined LinkedIn €310 million ($335 million) for violating the privacy of its users by Social

The Hacker News

27.10.24

New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics Ransom

The Hacker News

27.10.24

AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that Vulnerebility

The Hacker News

27.10.24

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance Vulnerebility

The Hacker News

27.10.24

Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw APT

The Hacker News

27.10.24

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Vulnerebility

The Hacker News

27.10.24

New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud Virus

The Hacker News

27.10.24

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities ( KEV ) catalog by the U.S. Exploit

The Hacker News

27.10.24

Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models Cybersecurity researchers have shed light on a new adversarial technique that could be used to jailbreak large language models AI

The Hacker News

27.10.24

Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of Ransom

The Hacker News

27.10.24

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called

Phishing

The Hacker News

27.10.24

Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers

Details have emerged about a now-patched security flaw in Styra's Open Policy Agent ( OPA ) that, if successfully exploited, could have

Vulnerebility

The Hacker News

27.10.24

Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks

Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances,

Cryptocurrency

The Hacker News

27.10.24

Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies

Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have

VirusThe Hacker News

27.10.24

Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest

Virus

The Hacker News

27.10.24

VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability

VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for

Vulnerebility

The Hacker News

27.10.24

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to

Vulnerebility

The Hacker News

27.10.24

Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. "The

Vulnerebility

The Hacker News

27.10.24

Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials

Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail

Exploit

The Hacker News

27.10.24

North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data

North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not

APT

The Hacker News

27.10.24

Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks

A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government

Ransom

The Hacker News

27.10.24

U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by

ICS

The Hacker News

27.10.24

Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver

Virus

The Hacker News

26.10.24

Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in

Vulnerebility

The Hacker News

26.10.24

Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant

The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies

APT

The Hacker News

26.10.24

Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after

Ransom

The Hacker News

26.10.24

SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile

APT

The Hacker News

26.10.24

U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks

Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire

BigBrothers

The Hacker News

26.10.24

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root

Vulnerebility

The Hacker News

26.10.24

Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity

Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response

Hack

The Hacker News

26.10.24

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows

Virus

The Hacker News

26.10.24

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by

Virus

The Hacker News

26.10.24

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow

Vulnerebility

The Hacker News

26.10.24

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web

Exploit

The Hacker News

26.10.24

TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's

Virus

The Hacker News

26.10.24

New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT

Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a

Virus

The Hacker News

26.10.24

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of

Virus

The Hacker News

26.10.24

China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns

China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as Volt Typhoon is a fabrication of the U.S. and its allies.

APT

The Hacker News

15.9.24

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate

Virus

The Hacker News

15.9.24

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites

The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow

Vulnerebility

The Hacker News

15.9.24

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-

APT

The Hacker News

15.9.24

Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware

Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog

Vulnerebility

The Hacker News

15.9.24

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the

APT

The Hacker News

15.9.24

FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation

The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with

Cryptocurrency

The Hacker News

29.9.24

Ireland fines Meta €91 million for storing passwords in plaintext

The Data Protection Commission (DPC) in Ireland has fined Meta Platforms Ireland Limited (MPIL) €91 million ($100 million) for storing in plaintext passwords of hundreds of millions of users.

BigBrothers

BleepingComputer

29.9.24

Iranian hackers charged for ‘hack-and-leak’ plot to influence election

The U.S. Department of Justice unsealed an indictment charging three Iranian hackers with a "hack-and-leak" campaign that aimed to influence the 2024 U.S. presidential election.

BigBrothers

BleepingComputer

29.9.24

U.S. charges Joker's Stash and Rescator money launderers

The U.S. Department of Justice (DoJ) has announced charges against two Russian nationals for operating billion-dollar money laundering services for cybercriminals, including ransomware groups.

BigBrothers

BleepingComputer

29.9.24

Microsoft: Windows Recall now can be removed, is more secure

Microsoft has announced security and privacy upgrades to its AI-powered Windows Recall feature, which now can be removed and has stronger default protection for user data and tighter access controls.

AI

BleepingComputer

29.9.24

Embargo ransomware escalates attacks to cloud environments

Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets.

Ransom

BleepingComputer

29.9.24

Progress urges admins to patch critical WhatsUp Gold bugs ASAP

Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible.

Vulnerebility

BleepingComputer

29.9.24

Windows 11 KB5043145 update released with 13 changes and fixes

Microsoft released the September 2024 preview update (KB5043145) for Windows 11 23H2 and 22H2, with 13 improvements and fixes for multiple issues, including Edge and task manager freezes.

OS

BleepingComputer

29.9.24

CUPS flaws enable Linux remote code execution, but there’s a catch

Under certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines.

Vulnerebility

BleepingComputer

28.9.24

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to

Cryptocurrency

The Hacker News

28.9.24

Threat landscape for industrial automation systems, Q2 2024

In this report, we share statistics on threats to industrial control systems in Q2 2024, including statistics by region, industry, malware and other threat types

ICS

Securelist

28.9.24

New RomCom malware variant 'SnipBot' spotted in data theft attacks

A new variant of the RomCom malware called SnipBot, has been used in attacks that pivot on the network to steal data from compromised systems.

Virus

BleepingComputer

28.9.24

Kia dealer portal flaw could let attackers hack millions of cars

A group of security researchers discovered critical flaws in Kia's dealer portal that could let hackers locate and steal millions of Kia cars made after 2013 using just the targeted vehicle's license plate.

Hack

BleepingComputer

28.9.24

Tails OS merges with Tor Project for better privacy, security

The Tor Project and Tails OS are merging operations to better collaborate for a free internet by protecting users from surveillance and censorship.

OS

BleepingComputer

28.9.24

US sanctions crypto exchanges used by Russian ransomware gangs

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned PM2BTC and Cryptex, two cryptocurrency exchanges that laundered funds from Russian ransomware gangs and other cybercrime groups.

Cryptocurrency

BleepingComputer

28.9.24

Automattic blocks WP Engine’s access to WordPress resources

WordPress.org has banned WP Engine from accessing its resources and stopped delivering plugin updates to websites hosted on the platform, urging impacted users to choose other hosting providers.

Security

BleepingComputer

28.9.24

U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes

U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic

BigBrothers

The Hacker News

28.9.24

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical

Vulnerebility

The Hacker News

28.9.24

Evolved Exploits Call for AI-Driven ASRM + XDR

AI-driven insights for managing emerging threats and minimizing organizational risk

AI blog

Trend Micro

28.9.24

Cybersecurity Compass: Bridging the Communication Gap

Discover how to use the Cybersecurity Compass to foster effective conversations about cybersecurity strategy between non-technical and technical audiences, focusing on the phases of before, during, and after a breach.

Cyber blog

Trend Micro

28.9.24

2024 SonicWall Threat Brief: Healthcare’s Escalating Cybersecurity Challenge

SonicWall’s 2024 Healthcare Threat Brief reveals at least 14 million U.S. patients affected by malware breaches, as outdated systems leave healthcare providers vulnerable to evolving ransomware threats - underscoring the need for MSPs/MSSPs.

Ransom blog

SonicWall

28.9.24

Secure Access Unlocked: Exploring WNM 4.5 and Service Provider Monthly Program

Learn about exciting updates in WNM 4.5 plus new additions to our service provider program!

Security blog

SonicWall

28.9.24

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages. We’ve named these infected software packages PondRAT.

Malware blog

Palo Alto

28.9.24

Inside SnipBot: The Latest RomCom Malware Variant

We recently discovered a novel version of the RomCom malware family called SnipBot and, for the first time, show post-infection activity from the attacker on a victim system.

Malware blog

Palo Alto

28.9.24

Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz

We have been monitoring a widely popular phishing-as-a-service (PhaaS) platform named Sniper Dz that primarily targets popular social media platforms and online services. A large number of phishers could be using this platform to launch phishing attacks, since the group behind this kit has thousands of subscribers on its Telegram channel.

Phishing blog

Palo Alto

28.9.24

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

Unit 42 researchers discovered two malware samples used by the Sparkling Pisces (aka Kimsuky) threat group. This includes an undocumented keylogger, called KLogEXE by its authors, and an undocumented variant of a backdoor dubbed FPSpy.

Malware blog

Palo Alto

28.9.24

Wallet Scam: A Case Study in Crypto Drainer Tactics

Check Point Research (CPR) uncovered a malicious app on Google Play designed to steal cryptocurrency marking the first time a drainer has targeted mobile device users exclusively. The app used a set of evasion techniques to avoid detection and remained available for nearly five months before being removed.

Cryptocurrency blog

Checkpoint

28.9.24

10 Years of DLL Hijacking, and What We Can Do to Prevent 10 More

DLL Hijacking — a technique for forcing legitimate applications to run malicious code — has been in use for about a decade at least. In this write-up we give a short introduction to the technique of DLL Hijacking, followed by a digest of several dozen documented uses of that technique over the past decade as documented by MITRE.

Hacking blog

Checkpoint

28.9.24

Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam

Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email.

Spam blog

Cisco Blog

28.9.24

Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023

ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine

BigBrother blog

Eset

28.9.24

Don’t panic and other tips for staying safe from scareware

Keep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tactics

Spam blog

Eset

28.9.24

Time to engage: How parents can help keep their children safe on Snapchat

Here’s what parents should know about Snapchat and why you should take some time to ensure your children can stay safe when using the app

Social blog

Eset

28.9.24

Fake WalletConnect app on Google Play steals Android users’ crypto

A crypto draining app mimicking the legitimate 'WalletConnect' project has been distributed over Google Play for five months getting more than 10,000 downloads.

Cryptocurrency

BleepingComputer

28.9.24

HPE Aruba Networking fixes critical flaws impacting Access Points

HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices.

Vulnerebility

BleepingComputer

28.9.24

Google sees 68% drop in Android memory safety flaws over 5 years

The percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in 2024, representing a massive decrease of over 68% in five years.

OS

BleepingComputer

28.9.24

CISA: Hackers target industrial systems using “unsophisticated methods”

​CISA warned today of threat actors trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using "unsophisticated" methods like brute force attacks and default credentials.

Hack

BleepingComputer

28.9.24

Windows 10 KB5043131 update released with 9 changes and fixes

Microsoft has released the September 2024 non-security preview update for Windows 10, version 22H2, with fixes for bugs causing Edge web browser freezes and media playback issues.

OS

BleepingComputer

28.9.24

AutoCanada says ransomware attack "may" impact employee data

AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang.

Ransom

BleepingComputer

28.9.24

Kansas water plant cyberattack forces switch to manual operations

Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning.

Hack

BleepingComputer

27.9.24

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System ( CUPS ) on Linux

Vulnerebility

The Hacker News

27.9.24

Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks

The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the

APT

The Hacker News

27.9.24

New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users

Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka

Hack

The Hacker News

27.9.24

U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering

The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national

BigBrothers

The Hacker News

27.9.24

Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers

A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to

Vulnerebility

The Hacker News

26.9.24

Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates

Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could

Hack

The Hacker News

26.9.24

N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks

Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity

APT

The Hacker News

26.9.24

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest

Virus

The Hacker News

26.9.24

U.S. govt agency CMS says data breach impacted 3.1 million people

The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year.

Incindent

BleepingComputer

26.9.24

Infostealer malware bypasses Chrome’s new cookie-theft defenses

Infostealer malware developers released updates claiming to bypass Google Chrome's recently introduced feature App-Bound Encryption to protect sensitive data such as cookies.

Virus

BleepingComputer

26.9.24

Critical Ivanti vTM auth bypass bug now exploited in attacks

CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks.

Vulnerebility

BleepingComputer

26.9.24

Hackers deploy AI-written malware in targeted attacks

While cybercriminals have used generative AI technology to create convincing emails, government agencies have warned about the potential abuse of AI tools to creating malicious software, despite the safeguards and restrictions that vendors implemented.

AI

BleepingComputer

26.9.24

Generative AI Security: Getting ready for Salesforce Einstein Copilot

Salesforce's Einstein Copilot can provide insights and perform tasks help streamline daily processes. However, it also comes with risks that you should takes steps to mitigate. Learn more from Varonis on how to prepare for Salesforce Einstein Copilot,

AI

BleepingComputer

26.9.24

MoneyGram confirms a cyberattack is behind dayslong outage

Money transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday.

Hack

BleepingComputer

26.9.24

From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group.

APT

Securelist

26.9.24

Web tracking report: who monitored users’ online activities in 2023–2024 the most

Web tracking has become a pervasive aspect of our online experience. Whether we’re browsing social media, playing video games, shopping for products, or simply reading news articles, trackers are silently monitoring our online behavior, fueling the ceaseless hum of countless data centers worldwide. In this article,

Safety

Securelist

26.9.24

Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities

An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential

APT

The Hacker News

26.9.24

Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign

Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage

APT

The Hacker News

25.9.24

Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%

Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the

Vulnerebility

The Hacker News

25.9.24

Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent

Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection

Security

The Hacker News

25.9.24

Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool

Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto

Exploit

The Hacker News

25.9.24

ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function

A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term

AI

The Hacker News

25.9.24

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of

Virus

The Hacker News

25.9.24

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic

Vulnerebility

The Hacker News

25.9.24

Necro Android Malware Found in Popular Camera and Browser Apps on Play Store

Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of

Virus

The Hacker News

24.9.24

U.S. Proposes Ban on Connected Vehicles Using Chinese and Russian Tech

The U.S. Department of Commerce (DoC) said it's proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the

BigBrothers

The Hacker News

24.9.24

Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns

Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective

Security

The Hacker News

24.9.24

New Octo Android malware version impersonates NordVPN, Google Chrome

A new version of the Octo Android malware, named "Octo2," has been seen spreading across Europe under the guise of NordVPN, Google Chrome, and an app called Europe Enterprise.

Virus

BleepingComputer

24.9.24

US proposes ban on connected vehicle tech from China, Russia

Today, the Biden administration announced new proposed measures to defend the United States' national security from potential threats linked to connected vehicle technologies originating from China and Russia.

APT

BleepingComputer

24.9.24

Telegram now shares users’ IP and phone number on legal requests

Telegram will now share users' phone numbers and IP addresses with law enforcement if they are found to be violating the platform's rules following a valid legal request.

Social

BleepingComputer

24.9.24

New Mallox ransomware Linux variant based on leaked Kryptina code

An affiliate of the Mallox ransomware operation, also known as TargetCompany, was spotted using a slightly modified version of the Kryptina ransomware to attack Linux systems.

Ransom

BleepingComputer

24.9.24

Kaspersky deletes itself, installs UltraAV antivirus without warning

Starting Thursday, Kaspersky deleted its anti-malware software from computers across the United States and replaced it with UltraAV's antivirus solution without warning.

Security

BleepingComputer

24.9.24

Android malware 'Necro' infects 11 million devices via Google Play

A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks.

Virus

BleepingComputer

24.9.24

New Google Chrome feature will translate complex pages in real time

Google is testing a new API that uses machine learning models to offer real-time language translation for inputted text and to make it easier to translate web pages.

Cyber

BleepingComputer

24.9.24

New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities

Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved

Virus

The Hacker News

24.9.24

Telegram Agrees to Share User Data With Authorities for Criminal Investigations

In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to

Social

The Hacker News

23.9.24

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead

IoT

The Hacker News

23.9.24

Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls

Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted (E2EE) protocol to

Social

The Hacker News

23.9.24

New PondRAT Malware Hidden in Python Packages Targets Software Developers

Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called

Virus

The Hacker News

23.9.24

Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware

A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other

Virus

The Hacker News

22.9.24

Global infostealer malware operation targets crypto users, gamers

A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named "Marko Polo."

Virus

BleepingComputer

22.9.24

Microsoft ends development of Windows Server Update Services (WSUS)

Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel.

OS

BleepingComputer

22.9.24

Windows Server 2025 previews security updates without restarts

​Microsoft announced today that Hotpatching is now available in public preview for Windows Server 2025, allowing installation of security updates without restarting.

OS

BleepingComputer

22.9.24

Disney ditching Slack after massive July data breach

The Walt Disney Company is reportedly ditching Slack after a July data breach exposed over 1TB of confidential messages and files posted to the company's internal communication channels.

Incindent

BleepingComputer

22.9.24

Ukraine bans Telegram on military, govt devices over security risks

Ukraine's National Coordination Centre for Cybersecurity (NCCC) has restricted the use of the Telegram messaging app within government agencies, military units, and critical infrastructure, citing national security concerns.

BigBrothers

BleepingComputer

22.9.24

Dell investigates data breach claims after hacker leaks employee info

Dell has confirmed to BleepingComputer that they are investigating recent claims that it suffered a data breach after a threat actor leaked the data for over 10,000 employees.

Incindent

BleepingComputer

21.9.24

Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks

A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber

APT

The Hacker News

21.9.24

Ukraine Bans Telegram Use for Government and Military Personnel

Ukraine has restricted the use of the Telegram messaging app by government officials, military personnel, and other defense and

BigBrothers

The Hacker News

21.9.24

macOS Sequoia change breaks networking for VPN, antivirus software

Users of macOS 15 'Sequoia' are reporting network connection errors when using certain endpoint detection and response (EDR) or virtual private network (VPN) solutions, and web browsers.

OS

BleepingComputer

21.9.24

Clickbaity or genius? 'BF cheated on you' QR codes pop up across UK

A new wave of QR codes has popped up across UK claiming to share a video of a boyfriend who "cheated" on a girl named Emily last night. Clickbaity or genius?

Security

BleepingComputer

21.9.24

Suspects behind $230 million cryptocurrency theft arrested in Miami

Two suspects were arrested in Miami this week and charged with conspiracy to steal and launder over $230 million in cryptocurrency using crypto exchanges and mixing services.

Cryptocurrency

BleepingComputer

21.9.24

CISA warns of actively exploited Apache HugeGraph-Server bug

The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server.

BigBrothers

BleepingComputer

21.9.24

Tor says it’s "still safe" amid reports of police deanonymizing users

The Tor Project is attempting to assure users that the network is still safe after a recent investigative report warned that law enforcement from Germany and other countries are working together to deanonymize users through timing attacks.

Security

BleepingComputer

21.9.24

Ivanti warns of another critical CSA flaw exploited in attacks

Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers.

Exploit

BleepingComputer

21.9.24

Google Password Manager now automatically syncs your passkeys

Google announced that starting today, passkeys added to Google Password Manager will automatically sync between Windows, macOS, Linux, Android, and ChromeOS devices for logged-in users.

Safety

BleepingComputer

21.9.24

Police dismantles phone unlocking ring linked to 483,000 victims

A joint law enforcement operation has dismantled an international criminal network that used the iServer automated phishing-as-a-service platform to unlock the stolen or lost mobile phones of 483,000 victims worldwide. 

BigBrothers

BleepingComputer

21.9.24

Germany seizes 47 crypto exchanges used by ransomware gangs

German law enforcement seized 47 cryptocurrency exchange services hosted in the country that facilitated illegal money laundering activities for cybercriminals, including ransomware gangs.

BigBrothers

BleepingComputer

21.9.24

Unexplained ‘Noise Storms’ flood the Internet, puzzle experts

Internet intelligence firm GreyNoise reports that it has been tracking large waves of "Noise Storms" containing spoofed internet traffic since January 2020. However, despite extensive analysis, it has not concluded its origin and purpose.

Cyber

BleepingComputer

21.9.24

Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from it.

Virus

BleepingComputer

21.9.24

Discord rolls out end-to-end encryption for audio, video calls

Discord has introduced the DAVE protocol, a custom end-to-end encryption (E2EE) protocol designed to protect audio and video calls on the platform from unauthorized interceptions.

Safety

BleepingComputer

21.9.24

Europol takes down "Ghost" encrypted messaging platform used for crime

Europol and law enforcement from nine countries successfully dismantled an encrypted communications platform called "Ghost," which was used by organized crime such as drug trafficking and money laundering.

BigBrothers

BleepingComputer

21.9.24

X hacking spree fuels "$HACKED" crypto token pump-and-dump

​Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks.

Ransom

BleepingComputer

21.9.24

Cracked Software or Cyber Trap? The Rising Danger of AsyncRAT Malware

Authored by Neil Tyagi In cybersecurity, threats constantly evolve, and new ways to exploit unsuspecting users are...

Malware blog

McAfee

21.9.24

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions.

Ransom blog

Trend Micro

21.9.24

Identifying Rogue AI

This is the third blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights

AI blog

Trend Micro

21.9.24

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.

APT blog

Trend Micro

21.9.24

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC), both of which have now been resolved and are discussed in this blog post.

Vulnerebility blog

Trend Micro

21.9.24

Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability (CVE-2024-20017) Threatens Routers and Smartphones

Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-20017, assessed its impact and developed mitigation measures for the vulnerability. CVE-2024-20017 is a critical zero-click vulnerability with a CVSS 3.0 score

Vulnerebility blog

SonicWall

21.9.24

Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool

This article discusses the discovery of a new post-exploitation red team tool called Splinter that we found on customer systems using Advanced WildFire’s memory scanning tools. Penetration testing toolkits and adversary simulation frameworks are often useful for identifying potential security issues in a company's network.

Exploit blog

Palo Alto

21.9.24

FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe

With just weeks to go before the US presidential election, the FBI and the CISA are warning about attempts to sow distrust in the electoral process

BigBrother blog

Eset

21.9.24

Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6)

How do analyst relations professionals 'sort through the noise' and help deliver the not-so-secret sauce for a company's success? We spoke with ESET's expert to find out

Social blog

Eset

21.9.24

Understanding cyber-incident disclosure

Proper disclosure of a cyber-incident can help shield your business from further financial and reputational damage, and cyber-insurers can step in to help

Cyber blog

Eset

21.9.24

ESET Research Podcast: EvilVideo

ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos

Malware blog

Eset

21.9.24

AI security bubble already springing leaks

Artificial intelligence is just a spoke in the wheel of security – an important spoke but, alas, only one

AI blog

Eset

21.9.24

The Iranian Cyber Capability

In this blog, we will provide an overview of the Iranian threat landscape and discuss the tools, tactics and techniques used by these groups.

APT blog

Trelix

21.9.24

Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware

Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks.

Ransom

BleepingComputer

21.9.24

X hacking spree fuels "$HACKED" crypto token pump-and-dump

An X account hacking spree has fueled a successful pump-and-dump scheme for the $HACKED Solana token, with people rushing to buy the coin.

Social

BleepingComputer

21.9.24

Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware

​Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks.

Ransom

BleepingComputer

21.9.24

GitLab releases fix for critical SAML authentication bypass flaw

GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE).

Vulnerebility

BleepingComputer

21.9.24

Microsoft may have revealed Windows 11 24H2 is coming this month

Microsoft may have accidentally confirmed that Windows 11 24H2 (Windows 11 2024 Update) is arriving on September 24 as part of the optional preview update, with it rolling out to more people as part of the mandatory October Patch Tuesday updates.

OS

BleepingComputer

21.9.24

Apple pulls iPadOS 18 update bricking M4 iPad Pro devices

Apple has paused the rollout of iPadOS 18 on iPad Pro tablets with the M4 chip after numerous owners reported the update is "bricking" their devices, with no way to turn them on after performing the update.

OS

BleepingComputer

21.9.24

Chinese botnet infects 260,000 SOHO routers, IP cameras with malware

The FBI and cybersecurity researchers have disrupted a massive Chinese botnet called "Raptor Train" that infected over 260,000 networking devices to target critical infrastructure in the US and in other countries.

BotNet

BleepingComputer

21.9.24

Russian security firm Dr.Web disconnects all servers after breach

On Tuesday, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend.

Incindent

BleepingComputer

21.9.24

Temu denies breach after hacker claims theft of 87 million data records

Temu denies it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information.

Incindent

BleepingComputer

21.9.24

Broadcom fixes critical RCE bug in VMware vCenter Server

Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet.

Vulnerebility

BleepingComputer

21.9.24

Construction firms breached in brute force attacks on accounting software

Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to breach corporate networks.

Incindent

BleepingComputer

21.9.24

AT&T pays $13 million FCC settlement over 2023 data breach

The Federal Communications Commission (FCC) has reached a $13 million settlement with AT&T to resolve a probe into whether the telecom giant failed to protect customer data after a vendor's cloud environment was breached three years ago.

Incindent

BleepingComputer

21.9.24

CISA urges software devs to weed out XSS vulnerabilities

CISA and the FBI urged tech companies to review their software and eliminate cross-site scripting (XSS) vulnerabilities before shipping.

BigBrothers

BleepingComputer

20.9.24

Ransomware gangs now abuse Microsoft Azure tool for data theft

Ransomware gangs like BianLian and Rhysida increasingly use Microsoft's Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage.

Ransom

BleepingComputer

20.9.24

PKfail Secure Boot bypass remains a significant risk two months later

Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks.

Incindent

BleepingComputer

20.9.24

Over 1,000 ServiceNow instances found leaking corporate KB data

Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors.

Security

BleepingComputer

20.9.24

CISA warns of Windows flaw used in infostealer malware attacks

​CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group.

BigBrothers

BleepingComputer

20.9.24

Exploit code released for critical Ivanti RCE flaw, patch now

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices.

Exploit

BleepingComputer

20.9.24

Microsoft rolls out Office LTSC 2024 for Windows and Mac

​Microsoft has announced that Office LTSC (Long Term Servicing Channel) 2024, a volume-licensed and perpetual version of Office for Windows and macOS users, is now available for commercial and government customers.

OS

BleepingComputer

20.9.24

US cracks down on spyware vendor Intellexa with more sanctions

Today, the U.S. Department of the Treasury has sanctioned five executives and one entity linked to the Intellexa Consortium for developing and distributing Predator commercial spyware.

BigBrothers

BleepingComputer

20.9.24

Chrome switching to NIST-approved ML-KEM quantum encryption

Google announced updates in the post-quantum cryptographic key encapsulation mechanism used in the Chrome browser, specifically, the swap of Kyber used in hybrid key exchanges with Module Lattice Key Encapsulation Mechanism (ML-KEM).

Safety

BleepingComputer

20.9.24

D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers

D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials.

Vulnerebility

BleepingComputer

20.9.24

Windows vulnerability abused braille “spaces” in zero-day attacks

A recently fixed "Windows MSHTML spoofing vulnerability" tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group.

APT

BleepingComputer

20.9.24

Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials

Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to

BigBrothers

The Hacker News

20.9.24

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East

An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to

APT

The Hacker News

20.9.24

Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature

Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux,

Safety

The Hacker News

20.9.24

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the

Vulnerebility

The Hacker News

20.9.24

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software , according to

Hack

The Hacker News

19.9.24

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a

Virus

The Hacker News

19.9.24

New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit

The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server

Cryptocurrency

The Hacker News

19.9.24

Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first

Ransom

The Hacker News

19.9.24

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result

Vulnerebility

The Hacker News

19.9.24

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and

IoT

The Hacker News

19.9.24

Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military

A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain

APT

The Hacker News

18.9.24

North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware

A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in

APT

The Hacker News

18.9.24

Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing

Google has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when

Safety

The Hacker News

18.9.24

GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging

The GSM Association (GSMA), the governing body that oversees the development of the Rich Communications Services (RCS) protocol,

BigBrothers

The Hacker News

18.9.24

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for

Vulnerebility

The Hacker News

17.9.24

Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to

Safety

The Hacker News

17.9.24

U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa

BigBrothers

The Hacker News

17.9.24

Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with

Cryptocurrency

The Hacker News

17.9.24

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical

Vulnerebility

The Hacker News

16.9.24

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve

Vulnerebility

The Hacker News

16.9.24

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on

APT

The Hacker News

16.9.24

Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure

Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk

OS

The Hacker News

16.9.24

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver

Phishing

The Hacker News

15.9.24

YARA 4.5.2 Release

YARA 4.5.2 was released with 3 small changes and 4 bugfixes.

SANS

15.9.24

Finding Honeypot Data Clusters Using DBSCAN: Part 2

In an earlier diary, I reviewed how using tools like DBSCAN can be useful to group similar data. I used DBSCAN to try and group similar commands submitted to Cowrie and URL paths submitted to the DShield web honeypot.

SANS

15.9.24

Python Libraries Used for Malicious Purposes

Since I’m interested in malicious Python scripts, I found multiple samples that rely on existing libraries.

SANS

15.9.24

FBI tells public to ignore false claims of hacked voter data

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks.

BigBrothers

BleepingComputer

15.9.24

Malware locks browser in kiosk mode to steal Google credentials

A malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.

Virus

BleepingComputer

15.9.24

Port of Seattle hit by Rhysida ransomware in August attack

Port of Seattle, the United States government agency overseeing Seattle's seaport and airport, confirmed on Friday that the Rhysida ransomware operation was behind a cyberattack impacting its systems over the last three weeks.

Ransom

BleepingComputer

15.9.24

TfL requires in-person password resets for 30,000 employees after hack

​Transport for London (TfL) says that all staff (roughly 30,000 employees) must attend in-person appointments to verify their identities and reset passwords following a cybersecurity incident disclosed almost two weeks ago.

CyberCrime

BleepingComputer

15.9.24

23andMe to pay $30 million in genetics data breach settlement

DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023.

Incindent

BleepingComputer

15.9.24

Ivanti warns high severity CSA flaw is now exploited in attacks

Ivanti confirmed on Friday that a high severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks.

Exploit

BleepingComputer

15.9.24

New Linux malware Hadooken targets Oracle WebLogic servers

Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named "Hadooken," which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks

Virus

BleepingComputer

15.9.24

RansomHub claims Kawasaki cyberattack, threatens to leak stolen data

Kawasaki Motors Europe has announced that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data.

Ransom

BleepingComputer

15.9.24

New Vo1d malware infects 1.3 million Android streaming boxes

Threat actors have infected over 1.3 million TV streaming boxes running Android with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices.

Virus

BleepingComputer

15.9.24

FBI: Reported cryptocurrency losses reached $5.6 billion in 2023

The FBI says that 2023 was a record year for cryptocurrency fraud, with total losses exceeding $5.6 billion, based on nearly 70,000 reports received through the Internet Crime Complaint Center (IC3).

Cryptocurrency

BleepingComputer

15.9.24

Fortinet confirms data breach after hacker claims to steal 440GB of files

Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server.

Incindent

BleepingComputer

15.9.24

UK arrests teen linked to Transport for London cyber attack

U.K.'s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city's public transportation agency.

CyberCrime

BleepingComputer

15.9.24

Hackers targeting WhatsUp Gold with public exploit since August

Hackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software.

Exploit

BleepingComputer

15.9.24

Transport for London confirms customer data stolen in cyberattack

Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses.

Incindent

BleepingComputer

15.9.24

GitLab warns of critical pipeline execution vulnerability

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.

Vulnerebility

BleepingComputer

15.9.24

Fake password manager coding test used to hack Python developers

Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware.

Hack

BleepingComputer

15.9.24

Adobe fixes Acrobat Reader zero-day with public PoC exploit

A cybersecurity researcher is urging users to upgrade Adobe Acrobat Reader after a fix was released yesterday for a remote code execution zero-day with a public in-the-wild proof-of-concept exploit.

Exploit

BleepingComputer

14.9.24

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.

Vulnerebility blog

Trend Micro

14.9.24

Earth Preta Evolves its Attacks with New Malware and Strategies

In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.

Malware blog

Trend Micro

14.9.24

CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective

In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques

APT blog

Cybereason

14.9.24

Chinese APT Abuses VSCode to Target Government in Asia

Unit 42 researchers recently found that Stately Taurus abused the popular Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. Stately Taurus is a Chinese advanced persistent threat (APT) group that carries out cyberespionage attacks.

APT blog

Palo Alto

14.9.24

Key Group Russian Ransomware Gang Uses Extensive Multi-purpose Telegram Channel

The SonicWall Capture Labs threat research team has been recently tracking ransomware known as Key Group. Key Group is a Russian-based malware threat group that was formed in early 2023. 

Ransom blog

SonicWall

14.9.24

Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers

While investigating CVE-2024-5932, a code injection vulnerability in the GiveWP WordPress plugin, our team encountered a malicious Proof of Concept (POC) targeting cybersecurity professionals. This has become a growing threat to cybersecurity professionals from threat actors to achieve their motives, such as crypto mining, data exfiltration and backdoor installation

Vulnerebility blog

SonicWall

14.9.24

Microsoft Security Bulletin Coverage For September 2024

Microsoft’s September 2024 Patch Tuesday has 79 vulnerabilities, of which 30 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2024 and has produced coverage for 9 of the reported vulnerabilities.

OS Blog

SonicWall

14.9.24

Targeted Iranian Attacks Against Iraqi Government Infrastructure

Check Point Research discovered a new set of malware called Veaty and Spearal that was used in attacks against different Iraqi entities including government networks.

APT blog

Checkpoint

14.9.24

DragonRank, a Chinese-speaking SEO manipulator service provider

Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation

APT blog

Cisco Blog

14.9.24

The 2024 Threat Landscape State of Play

Talos' Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer attention to infostealers.

Security blog

Cisco Blog

14.9.24

Vulnerability in Tencent WeChat custom browser could lead to remote code execution

While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor.

Vulnerebility blog

Cisco Blog

14.9.24

Watch our new documentary, "The Light We Keep: A Project PowerUp Story"

The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country.

Security blog

Cisco Blog

14.9.24

We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders

A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America.

Security blog

Cisco Blog

14.9.24

Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API

CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges.

Vulnerebility blog

Cisco Blog

14.9.24

Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score

September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.

Vulnerebility blog

Cisco Blog

14.9.24

The best and worst ways to get users to improve their account security

In my opinion, mandatory enrollment is best enrollment.

Security blog

Cisco Blog

14.9.24

Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads

The threat of VBA macros has diminished since Microsoft prevented the execution of macros in Microsoft Office documents downloaded from the internet, but not all users are using the latest up-to-date Office versions and can still be vulnerable.

Malware blog

Cisco Blog

14.9.24

CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe

ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends

Ransom blog

Eset

14.9.24

6 common Geek Squad scams and how to defend against them

Learn about the main tactics used by scammers impersonating Best Buy’s tech support arm and how to avoid falling for their tricks

Spam blog

Eset

14.9.24

CosmicBeetle steps up: Probation period at RansomHub

CosmicBeetle, after improving its own ransomware, tries its luck as a RansomHub affiliate

Ransom blog

Eset

14.9.24

WordPress.org to require 2FA for plugin developers by October

Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor authentication (2FA) on their accounts.

Safety

BleepingComputer

14.9.24

Chinese hackers linked to cybercrime syndicate arrested in Singapore

Six Chinese nationals and a Singaporean have been arrested on Monday in Singapore for their alleged role in malicious cyber activities committed in connection with a "global syndicate."

CyberCrime

BleepingComputer

14.9.24

Microsoft fixes Windows Server performance issues from August updates

Microsoft says this month's Patch Tuesday cumulative updates also fix a known issue causing Windows Server 2019 boot problems, freezes, and performance issues after installing the August 2024 security updates.

OS

BleepingComputer

14.9.24

Ivanti fixes maximum severity RCE bug in Endpoint Management software

Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server.

Vulnerebility

BleepingComputer

14.9.24

New PIXHELL acoustic attack leaks secrets from LCD screen noise

A novel acoustic attack named 'PIXHELL' can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to.

Attack

BleepingComputer

14.9.24

RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software

The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to attempt disabling endpoint detection and response (EDR) services on target systems.

Ransom

BleepingComputer

14.9.24

Windows 10 KB5043064 update released with 6 fixes, security updates

Microsoft has released the KB5043064 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 6 changes and fixes, including a fix for Bluetooth devices that stop working due to a memory leak.

OS

BleepingComputer

14.9.24

Microsoft fixes Windows Smart App Control zero-day exploited since 2018

Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018.

OS

BleepingComputer

14.9.24

Windows 11 KB5043076 cumulative update released with 19 changes

Microsoft has released the mandatory Windows 11 23H2 KB5043076 cumulative update to fix security vulnerabilities and make 19 improvements.

OS

BleepingComputer

14.9.24

Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws

Today is Microsoft's September 2024 Patch Tuesday, which includes security updates for 79 flaws, including three actively exploited and one publicly disclosed zero-days.

OS

BleepingComputer

14.9.24

Wix to block Russian users starting September 12

Wix.com has announced it will stop providing services to Russian users on September 12, 2024, with all accounts from Russia, including free and premium, to be blocked and their websites taken down

BigBrothers

BleepingComputer

14.9.24

Microsoft to start force-upgrading Windows 22H2 systems next month

Microsoft announced that Windows 11 installs reaching the end of support next month, on October 8, will be force-upgraded to Windows 11 23H2.

OS

BleepingComputer

14.9.24

Navigating Endpoint Privilege Management: Insights for CISOs and Admins

Understanding endpoint privilege management is key to defending organizations from advanced attacks. Learn more from ThreatLocker on using endpoint privilege management to better secure your org's systems.

Security

BleepingComputer

14.9.24

Flipper Zero releases Firmware 1.0 after three years of development

After three years of development, the Flipper Zero team has announced the release of the first major firmware version for the portable, customizable digital hacking device.

Security

BleepingComputer

14.9.24

NoName ransomware gang deploying RansomHub malware in recent attacks

The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate.

Ransom

BleepingComputer

14.9.24

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190

Vulnerebility

The Hacker News

13.9.24

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully

Exploit

The Hacker News

13.9.24

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for

CyberCrime

The Hacker News

13.9.24

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new

Virus

The Hacker News

13.9.24

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in

Exploit

The Hacker News

13.9.24

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining

Cryptocurrency

The Hacker News

12.9.24

New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram

Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at

Virus

The Hacker News

12.9.24

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an

Vulnerebility

The Hacker News

12.9.24

Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide

Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197

Virus

The Hacker News

12.9.24

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns.

Cryptocurrency

The Hacker News

12.9.24

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state-

APT

The Hacker News

12.9.24

Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe

The Irish Data Protection Commission (DPC) has announced that it has commenced a "Cross-Border statutory inquiry" into Google's

AI

The Hacker News

12.9.24

WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes

Security

The Hacker News

12.9.24

Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN

BotNet

The Hacker News

12.9.24

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe

APT

The Hacker News

11.9.24

Fake recruiter coding tests target devs with malicious Python packages

RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.

APT

ReversingLabs

11.9.24

Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged

CyberCrime

The Hacker News

11.9.24

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of

APT

The Hacker News

11.9.24

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active

Vulnerebility

The Hacker News

11.9.24

Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical

Vulnerebility

The Hacker News

11.9.24

CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub

The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and

Ransom

The Hacker News

11.9.24

Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia

A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as

APT

The Hacker News

11.9.24

New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers

A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the "audio gap" and

Attack

The Hacker News

11.9.24

Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments

The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and

APT

The Hacker News

11.9.24

New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks

A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data

Attack

The Hacker News

10.9.24

Critical SonicWall SSLVPN bug exploited in ransomware attacks

Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks.

Ransom

BleepingComputer

10.9.24

Quad7 botnet targets more SOHO and VPN routers, media servers

The Quad7 botnet is expanding its targeting scope with the addition of new clusters and custom implants that now also target Zyxel VPN appliances and Ruckus wireless routers.

BotNet

BleepingComputer

10.9.24

Chinese hackers use new data theft malware in govt attacks

New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks.

APT

BleepingComputer

10.9.24

Highline Public Schools closes schools following cyberattack

Highline Public Schools, a K-12 district in Washington state, has shut down all schools and canceled school activities after its technology systems were compromised in a cyberattack.

Hack

BleepingComputer

10.9.24

Meta fixes easily bypassed WhatsApp ‘View Once’ privacy feature

A privacy flaw in WhatsApp, an instant messenger with over 2 billion users worldwide, is being exploited by attackers to bypass the app's "View once" feature and view messages again.

Social

BleepingComputer

10.9.24

Payment gateway data breach affects 1.7 million credit card owners

Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals.

Incindent

BleepingComputer

10.9.24

Progress LoadMaster vulnerable to 10/10 severity RCE flaw

Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device.

Vulnerebility

BleepingComputer

9.9.24

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized

Virus

The Hacker News

9.9.24

Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code

APT

The Hacker News

9.9.24

Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor

Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that

Vulnerebility

The Hacker News

9.9.24

New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys

Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat

Virus

The Hacker News

9.9.24

TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign

A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers

BigBrothers

The Hacker News

9.9.24

U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks

The U.S. government and a coalition of international partners have officially attributed a Russian hacking group tracked as Cadet

BigBrothers

The Hacker News

8.9.24

Sextortion scam now use your "cheating" spouse’s name as a lure

A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof.

Spam

BleepingComputer

8.9.24

New RAMBO attack steals data using RAM in air-gapped computers

A novel side-channel attack dubbed  "RAMBO" (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device's RAM to send data from air-gapped computers.

Attack

BleepingComputer

8.9.24

Transport for London staff faces systems disruptions after cyberattack

​Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack.

Incindent

BleepingComputer

8.9.24

Car rental giant Avis discloses data breach impacting customers

American car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information.

Incindent

BleepingComputer

8.9.24

Microsoft Office 2024 to disable ActiveX controls by default

After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps.

Security

BleepingComputer

8.9.24

SpyAgent Android malware steals your crypto recovery phrases from images

A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device.

OS

BleepingComputer

8.9.24

SonicWall SSLVPN access control flaw is now exploited in attacks

SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible.

Vulnerebility

BleepingComputer

8.9.24

Apache fixes critical OFBiz remote code execution vulnerability

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.

Vulnerebility

BleepingComputer

8.9.24

Microsoft removes revenge porn from Bing search using new tool

Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media.

Security

BleepingComputer

8.9.24

Russian military hackers linked to critical infrastructure attacks

The United States and its allies have linked a group of Russian hackers (tracked as Cadet Blizzard and Ember Bear) behind global critical infrastructure attacks to Unit 29155 of Russia's Main Directorate of the General Staff of the Armed Forces (also known as GRU).

BigBrothers

BleepingComputer

8.9.24

LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks

Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites.

Hack

BleepingComputer

8.9.24

Musician charged with $10M streaming royalties fraud using AI and bots

North Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme.

AI

BleepingComputer

8.9.24

Veeam warns of critical RCE flaw in Backup & Replication software

Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.

Vulnerebility

BleepingComputer

8.9.24

Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords

Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware.

CyberCrime

BleepingComputer

8.9.24

Planned Parenthood confirms cyberattack as RansomHub claims breach

Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage.

Ransom

BleepingComputer

8.9.24

Microchip Technology confirms data was stolen in cyberattack

American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang.

Incindent

BleepingComputer

8.9.24

Red team tool ‘MacroPack’ abused in attacks to deploy Brute Ratel

The MacroPack framework, initially designed for Red Team exercises, is being abused by threat actors to deploy malicious payloads, including Havoc, Brute Ratel, and PhatomCore.

Hack

BleepingComputer

8.9.24

US cracks down on Russian disinformation before 2024 election

The FBI seized 32 web domains used by the Doppelgänger Russian-linked influence operation network in a disinformation campaign targeting the American public ahead of this year's presidential election.

BigBrothers

BleepingComputer

8.9.24

Cisco fixes root escalation vulnerability with public exploit code

Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileges to root on vulnerable systems.

Exploit

BleepingComputer

8.9.24

New Eucleak attack lets threat actors clone YubiKey FIDO keys

A new "EUCLEAK" flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico's YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys and clone the FIDO device.

Attack

BleepingComputer

8.9.24

Cisco warns of backdoor admin account in Smart Licensing Utility

Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges.

Virus

BleepingComputer

8.9.24

Hackers inject malicious JS in Cisco store to steal credit cards, credentials

Cisco's site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout.

CyberCrime

BleepingComputer

8.9.24

Google backports fix for Pixel EoP flaw to other Android devices

Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation of privilege flaw that was previously fixed on Pixel devices.

OS

BleepingComputer

8.9.24

Criminal IP Earns PCI DSS v4.0 Certification for Top-Level Security

AI Spera has achieved PCI DSS v4.0 certification for its threat intel search engine solution, Criminal IP. Learn more from the Criminal IP cyber threat intelligence search engine.

Safety

BleepingComputer

8.9.24

Revival Hijack supply-chain attack threatens 22,000 PyPI packages

Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks.

Hack

BleepingComputer

8.9.24

FTC: Over $110 million lost to Bitcoin ATM scams in 2023

The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023.

BigBrothers

BleepingComputer

8.9.24

Zyxel warns of critical OS command injection flaw in routers

Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection.

Vulnerebility

BleepingComputer

8.9.24

New Windows PowerToy launches, repositions apps to saved layouts

Microsoft has released a new Workspaces PowerToy that helps launch sets of applications using custom desktop layouts and configurations with a mouse click.

OS

BleepingComputer

8.9.24

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake

APT

The Hacker News

8.9.24

FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals

Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that

BigBrothers

The Hacker News

7.9.24

TIDRONE Targets Military and Satellite Industries in Taiwan

Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.

BigBrother blog

Trend Micro

7.9.24

Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command

Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection.

Malware blog

Trend Micro

7.9.24

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.

Malware blog

Trend Micro

7.9.24

CVE-2024-23119: Critical SQL Injection Vulnerability in Centreon

Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-23119, assessed its impact and developed mitigation measures for this vulnerability. CVE-2024-23119 is a high-severity SQL Injection vulnerability in Centreon, impacting Centreon

Vulnerebility blog

SonicWall

7.9.24

Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe

The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams

Spam blog

Eset

7.9.24

ESET Research Podcast: HotPage

ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver

Malware blog

Eset

7.9.24

The key considerations for cyber insurance: A pragmatic approach

Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options

Cyber blog

Eset

7.9.24

In plain sight: Malicious ads hiding in search results

Sometimes there’s more than just an enticing product offer hiding behind an ad

Malware blog

Eset

7.9.24

FBI warns crypto firms of aggressive social engineering attacks

The FBI warns of North Korean hackers aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks, aiming to deploy malware that steals their crypto assets.

Cryptocurrency

BleepingComputer

7.9.24

Clearview AI fined €30.5 million for unlawful data collection

The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) on Clearview AI for unlawful data collection using facial recognition, including photos of Dutch citizens.

AI

BleepingComputer

7.9.24

D-Link says it is not fixing four RCE flaws in DIR-846W routers

D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.

Vulnerebility

BleepingComputer

7.9.24

Halliburton confirms data stolen in recent cyberattack

Oil and gas giant Halliburton has confirmed in a filing today to the Securities and Exchange Commission (SEC) that data was stolen in the recent attack linked to the RansomHub ransomware gang.

Incindent

BleepingComputer

7.9.24

Transport for London discloses ongoing “cyber security incident”

Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services.

Incindent

BleepingComputer

7.9.24

Admins of MFA bypass service plead guilty to fraud

Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K.

Safety

BleepingComputer

7.9.24

Verkada to pay $2.95 million for alleged CAN-SPAM Act violations

The Federal Trade Commission (FTC) requires security camera vendor Verkada to create a comprehensive information security program as part of a settlement after multiple security failures enabled hackers to access live video feeds from internet-connected cameras.

BigBrothers

BleepingComputer

7.9.24

Business services giant CBIZ discloses customer data breach

CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach that involves unauthorized access of client information stored in specific databases.

Incindent

BleepingComputer

7.9.24

Linux version of new Cicada ransomware targets VMware ESXi servers

A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide.

Ransom

BleepingComputer

7.9.24

GitHub comments abused to push password stealing malware masked as fixes

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments.

Virus

BleepingComputer

7.9.24

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The

Vulnerebility

The Hacker News

7.9.24

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware

A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver

BotNet

The Hacker News

7.9.24

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code

Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading

Vulnerebility

The Hacker News

6.9.24

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could

Vulnerebility

The Hacker News

6.9.24

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code

Vulnerebility

The Hacker News

6.9.24

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a

BigBrothers

The Hacker News

6.9.24

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East

Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat

APT

The Hacker News

6.9.24

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical

Vulnerebility

The Hacker News

5.9.24

U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda

BigBrothers

The Hacker News

5.9.24

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco

Virus

The Hacker News

5.9.24

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm

The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber

Virus

The Hacker News

5.9.24

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks

Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow

Vulnerebility

The Hacker News

5.9.24

North Korean Hackers Targets Job Seekers with Fake FreeConference App

North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to

APT

The Hacker News

5.9.24

Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw

Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has

Virus

The Hacker News

5.9.24

Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack

A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to

Hack

The Hacker News

4.9.24

Google Confirms CVE-2024-32896 Exploited in the Wild, Releases Android Security Patch

Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has

Exploit

The Hacker News

4.9.24

Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers

A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to

Virus

The Hacker News

4.9.24

Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers

Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions

Vulnerebility

The Hacker News

4.9.24

Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database

The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) against facial recognition firm

AI

The Hacker News

4.9.24

Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack

A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader

Virus

The Hacker News

4.9.24

Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and

Exploit

The Hacker News

4.9.24

New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems

Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities

Ransom

The Hacker News

4.9.24

Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users

Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This

Virus

The Hacker News

4.9.24

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges

Exploit

The Hacker News

4.9.24

Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt

A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his

CyberCrime

The Hacker News

4.9.24

RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors

Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in

Ransom

The Hacker News

4.9.24

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers' Systems

Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again

Virus

The Hacker News

1.9.24

GitHub comments abused to spread Lumma Stealer malware as fake fixes

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments.

Virus

BleepingComputer

1.9.24

Docker-OSX image used for security research hit by Apple DMCA takedown

The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright.

Virus

BleepingComputer

1.9.24

Microsoft is trying to reduce Windows 11's desktop spotlight clutter

Windows 11's Spotlight feature is a pretty nice way to jazz up your desktop background with different wallpapers and fun facts when you hover over the image icon, but it takes up a lot of space. Microsoft is working on a new change that reduces this clutter in the Windows 11 Spotlight feature.

OS

BleepingComputer

1.9.24

Researchers find SQL injection to bypass airport TSA security checks

Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits.

Incindent

BleepingComputer

1.9.24

New Voldemort malware abuses Google Sheets to store stolen data

A campaign that started on August 5, 2024, is spreading a previously undocumented malware named "Voldemort" to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia.

Virus

BleepingComputer

1.9.24

North Korean hackers exploit Chrome zero-day to deploy rootkit

North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit.

Exploit

BleepingComputer

1.9.24

Halliburton cyberattack linked to RansomHub ransomware gang

The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company's IT systems and business operations.

Ransom

BleepingComputer

1.9.24

FBI: RansomHub ransomware breached 210 victims since February

Since surfacing in February 2024, RansomHub ransomware affiliates have breached over 200 victims from a wide range of critical U.S. infrastructure sectors.

Ransom

BleepingComputer

1.9.24

Fake Palo Alto GlobalProtect used as lure to backdoor enterprises

Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further.

Virus

BleepingComputer

1.9.24

Windows 10 KB5041582 update released with 5 changes and fixes

Microsoft has released the August 2024 preview update for Windows 10, version 22H2, with fixes for issues causing system freezes and memory leaks.

OS

BleepingComputer

1.9.24

North Korean threat actor Citrine Sleet exploiting Chromium zero-day

Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE).

Exploit blog

Microsoft Blog

1.9.24

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North

Exploit

The Hacker News