H January(270) February(364) March(400) April(276) May(343) June(373) July(336) August(388) September(287) October(0) November(0) December(0)
DATE | NAME | Info | CATEG. | WEB |
21.12.24 | The evolution and abuse of proxy networks | Proxy and anonymization networks have been dominating the headlines, this piece discusses its origins and evolution on the threat landscape with specific focus on state sponsored abuse. | Security blog | |
21.12.24 | Exploring vulnerable Windows drivers | This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about malicious Windows drivers. | Vulnerebility blog | |
21.12.24 | Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities | The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” | Vulnerebility blog | |
21.12.24 | Acrobat out-of-bounds and Foxit use-after-free PDF reader vulnerabilities found | Cisco Talos’ Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader. These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular a | Vulnerebility blog | |
21.12.24 | Something to Read When You Are On Call and Everyone Else is at the Office Party | Its mid-December, if you’re on-call or working to defend networks, this newsletter is for you. Martin discusses the widening gap between threat and defences as well as the growing problem of home devices being recruited to act as proxy servers for criminals. | Cyber blog | |
21.12.24 | MC LR Router and GoCast unpatched vulnerabilities | Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been patched at time of this posting. For Snort coverage that can detect the explo | Vulnerebility blog | |
21.12.24 | The adventures of an extroverted cyber nerd and the people Talos helps to fight the good fight | Ever wonder what an extroverted strategy security nerd does? Wonder no longer! This week, Joe pontificates on his journey at Talos, and then is inspired by the people he gets to meet and help. | Cyber blog | |
21.12.24 | Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform | By Philippe Laulheret ClipSP (clipsp.sys) is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems. Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of p | Vulnerebility blog | Cisco Blog |
21.12.24 | ESET Research Podcast: Telekopye, again | Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths' | Cyber blog | |
21.12.24 | Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (ep. 9) | ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud | Cyber blog | |
21.12.24 | Cybersecurity is never out-of-office: Protecting your business anytime, anywhere | While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year | Cyber blog | |
21.12.24 | ESET Threat Report H2 2024: Key findings | Cyber blog | ||
21.12.24 | ESET Threat Report H2 2024 | A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts | Cyber blog | |
21.12.24 | Black Hat Europe 2024: Hacking a car – or rather, its infotainment system | Our ‘computers on wheels’ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow | Cyber blog | |
21.12.24 | Black Hat Europe 2024: Why a CVSS score of 7.5 may be a 'perfect' 10 in your organization | Aggregate vulnerability scores don’t tell the whole story – the relationship between a flaw’s public severity rating and the specific risks it poses for your company is more complex than it seems | Cyber blog | |
21.12.24 | Black Hat Europe 2024: Can AI systems be socially engineered? | Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally? | Cyber blog | |
21.12.24 | How cyber-secure is your business? | Unlocked 403 cybersecurity podcast (ep. 8) | As cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats? | Cyber blog | |
21.12.24 | Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks | Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost | Cyber blog | |
21.12.24 | Philip Torr: AI to the people | Starmus Highlights | We’re on the cusp of a technological revolution that is poised to transform our lives – and we hold the power to shape its impact | AI blog | |
21.12.24 | Achieving cybersecurity compliance in 5 steps | Cybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements | Cyber blog | |
21.12.24 |
CVE-2024-55956: Zero-Day Vulnerability in Cleo Software Could Lead to Data Theft |
A zero-day vulnerability, tracked as CVE-2024-55956, has been discovered in 3 Cleo products and is being exploited by CL0P ransomware group, leading to potential data theft | ||
21.12.24 |
Your Data Is Under New Lummanagement: The Rise of LummaStealer |
In this Threat Analysis report, Cybereason investigates the rising activity of the malware LummaStealer. | ||
21.12.24 |
In this Threat Analysis report, Cybereason investigates incidents relating to the Andromeda backdoor and a new cluster of C2 servers | |||
21.12.24 |
Scientology spies were trained in all covert operations techniques: surveillance, recruiting agents, infiltrating enemy lines, and blackmail. However, a suspicious librarian and a determined FBI agent brought the largest single spy operation in US government history to an end. | |||
21.12.24 |
In this Threat Analysis report, Cybereason investigates the Ransomware-as-a-Service (RaaS) known as Beast and how to defend against it through the Cybereason Defense Platform. | |||
21.12.24 |
In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques. | |||
21.12.24 |
In 1963, the FDA raided the headquarters of a budding new and esoteric religion - The Church of Scientology. In response to this and similar incidents to come, the church's founder - an eccentric science fiction author named L. Ron Hubbard - would go on to lead the single largest known government infiltration operation in United States history. | |||
21.12.24 |
CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective |
In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques. | ||
21.12.24 |
As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. | |||
21.12.24 |
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit |
Earlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered, and the hypothesized ITW exploit strategy gleaned from the logs. | ||
21.12.24 |
This is a short blog post about some recent improvements I've been making to the OleView.NET tool which has been released as part of version 1.16. The tool is designed to discover the attack surface of Windows COM and find security vulnerabilities such as privilege escalation and remote code execution. | |||
21.12.24 |
Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst |
Recently, one of the projects I was involved in had to do with video decoding on Apple platforms, specifically AV1 decoding. On Apple devices that support AV1 video format (starting from Apple A17 iOS / M3 macOS), decoding is done in hardware | ||
21.12.24 |
Safeguarding Election Integrity: Threat Hunting for the U.S. Elections |
With 2024 being a major election year globally, the stakes for election security were and remain high. More than 60 countries, including the United States, Mexico, India, and Indonesia, held elections and engaged nearly 2 billion voters. The U.S. general election on November 5th, 2024, drew significant attention due to concerns over potential interference and cybersecurity threats. | ||
21.12.24 |
Hacktivist Groups: The Shadowy Links to Nation-State Agendas |
The recent conflicts between Ukraine and the Middle East have seen a surge in hacktivist activity, with groups aligned with both sides engaging in cyberattacks. In this blog we will cover a large set of Hacktivist groups. | ||
21.12.24 |
During proactive hunting, Trellix Advanced Research Center found samples belonging to Celestial Stealer, a JavaScript-based infostealer which is packaged either as an Electron application or as a NodeJS single application for Windows 10 and Windows 11 operating system. It is a Malware-as-a-Service (MaaS) advertised on the Telegram platform. The stealer is marketed as a FUD (fully undetectable). | |||
21.12.24 |
Phobos: Stealthy Ransomware That Operated Under the Radar - Until Now |
On November 18th, the US Justice Department unsealed criminal charges against a Russian national for allegedly administering the sale, distribution, and operation of Phobos ransomware. Phobos is considered an evolution of Dharma Ransomware (aka CrySIS). Code similarities and ransom notes suggest that the creators are either the same or closely connected. | ||
21.12.24 |
When Guardians Become Predators: How Malware Corrupts the Protectors |
We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? | ||
21.12.24 | LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages | A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. | Ransom | The Hacker News |
21.12.24 | DigiEver Fix That IoT Thing! | A vulnerability in DigiEver DS-2105 Pro DVRs is being exploited to spread malware. | IoT | Akamai |
21.12.24 | cShell DDoS Bot Attack Case Targeting Linux SSH Server (screen and hping3) | AhnLab SEcurity intelligence Center (ASEC) monitors attacks against poorly managed Linux servers using multiple honeypots. Among the prominent honeypots are SSH services using weak credential information, which are targeted by numerous DDoS and CoinMiner threat actors. | Hack | asec Ahnlab |
21.12.24 | Counterfeit ESLint and Node 'types' libraries downloaded thousands of times abuse Pastebin | The legitimate ESLint packages on the npmjs.com registry are called "typescript-eslint" and "@typescript-eslint/eslint-plugin." This has unscrupulous actors publishing a typosquat named "@typescript_eslinter/eslint" that very closely resembles the names of the real libraries, but is up to no good. | Hack | Sonatype |
21.12.24 | Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware | A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers. | Cryptocurrency | Socket.dev |
21.12.24 | Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware | The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection | APT | |
21.12.24 | Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack | The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli , were compromised in a software supply chain | Cryptocurrency | |
21.12.24 | Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation | Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow | Vulnerebility | |
21.12.24 | Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools | A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote | Vulnerebility | |
21.12.24 | CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access | Exploit | |
21.12.24 | Thousands Download Malicious npm Libraries Impersonating Legitimate Tools | Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up | Virus | |
21.12.24 | Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords | Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that | BotNet | |
21.12.24 | Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits | Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive | Vulnerebility | |
21.12.24 | CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to | BigBrothers | |
21.12.24 | Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency | The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers | BigBrothers | |
21.12.24 | UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App | The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country | BigBrothers | |
18.12.24 | HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft | Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take | Phishing | |
18.12.24 | Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected | Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The | Exploit | |
18.12.24 | APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP | The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious | APT | |
18.12.24 | BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products | BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the | Vulnerebility | |
18.12.24 | INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse | INTERPOL is calling for a linguistic shift that aims to put to an end to the term " pig butchering ," instead advocating for the use of "romance baiting" to refer to online | BigBrothers | |
18.12.24 | Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts | Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach | BigBrothers | |
18.12.24 | Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware | A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate . "An attacker used | Virus | |
18.12.24 | Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks | A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. | Phishing | |
2.11.24 | Attacker Abuses Victim Resources to Reap Rewards from Titan Network | In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes. | Vulnerebility blog | |
2.11.24 | Unmasking Prometei: A Deep Dive Into Our MXDR Findings | How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflicts damage to the system. | BotNet blog | |
2.11.24 | Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach | In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts. | Cryptocurrency blog | |
2.11.24 | Attackers Target Exposed Docker Remote API Servers With perfctl Malware | We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware. | Malware blog | |
2.11.24 | Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network | Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). | Hacking blog | Microsoft Blog |
2.11.24 | New Iranian-based Ransomware Group Charges $2000 for File Retrieval | The SonicWall Capture Labs threat research team has encountered a recently released ransomware from an Iranian team of hackers. The group has named themselves hackersadism. The group does not appear to be targeting large corporations at this time as they only charge $2000 in BNB (Binance coin crypto) for file restoration. The price for file retrieval is also negotiable. During our analysis, we were able to converse directly with the malware operator and negotiate payment. | Ransom blog | SonicWall |
2.11.24 | Command Injection and Local File Inclusion in Grafana: CVE-2024-9264 | The SonicWall Capture Labs threat research team became aware of a critical vulnerability in Grafana, assessed its impact and developed mitigation measures. Grafana is a multi-platform open-source analytics and visualization solution that can produce charts, graphs and alerts according to the data. | Vulnerebility blog | SonicWall |
2.11.24 | New Iranian-based Ransomware Group Charges $2000 for File Retrieval | The SonicWall Capture Labs threat research team has encountered a recently released ransomware from an Iranian team of hackers. The group has named themselves hackersadism. The group does not appear to be targeting large corporations at this time as they only charge $2000 in BNB (Binance coin crypto) for file restoration. The price for file retrieval is also negotiable. During our analysis, we were able to converse directly with the malware operator and negotiate payment. | Ransom blog | SonicWall |
2.11.24 | Code Injection in Spring Cloud: CVE-2024-37084 | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-37084, assessed its impact, and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
2.11.24 | A Look Into Embargo Ransomware, Another Rust-based Ransomware | Embargo is a relatively new ransomware group that emerged in 2024. This group is known for using Rust-based malware and operating under a ransomware-as-a-service (Raas) model. Like many modern ransomware groups, Embargo employs double extortion tactics where they first exfiltrate sensitive data from their victims before encrypting their files. They then threaten to release the stolen data unless a ransom Is paid. | Malware blog | SonicWall |
2.11.24 | HORUS Protector Part 1: The New Malware Distribution Service | Recently, the SonicWall threat research team came across a new malware distribution service called Horus Protector. Horus Protector is claiming to be a Fully Undetectable (FUD) crypter. We have observed a variety of malware families propagated by Horus Protector including AgentTesla, Remcos, Snake, NjRat and many others. | Malware blog | SonicWall |
2.11.24 | VMWare vCenter Server CVE-2024-38812 DCERPC Vulnerability | CVE-2024-38812 is a critical heap-overflow vulnerability identified in VMware vCenter Server’s implementation of the DCERPC (Distributed Computing Environment/Remote Procedure Call) protocol. This flaw allows a malicious actor with network access to the vCenter Server to send specially crafted packets, potentially leading to remote code execution (RCE). The vulnerability, classified under CWE-122 (Heap-based Buffer Overflow), arises when memory allocated in the heap is improperly overwritten, leading to unpredictable behavior that could be exploited. | Vulnerebility blog | SonicWall |
2.11.24 | Insecure Deserialization in Veeam Backup and Replication: CVE-2024-40711 | The SonicWall Capture Labs threat research team became aware of an insecure deserialization vulnerability in Veeam Backup & Replication, assessed its impact and developed mitigation measures. Veeam Backup & Replication is a proprietary backup app developed by Veeam for virtual environments built on VMware vSphere, Nutanix AHV and Microsoft Hyper-V hypervisors. | Vulnerebility blog | SonicWall |
2.11.24 | Jumpy Pisces Engages in Play Ransomware | Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People's Army, as a key player in a recent ransomware incident. Our investigation indicates a likely shift in the group’s tactics. We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group (Fiddling Scorpius). | Ransom blog | Palo Alto |
2.11.24 |
Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction | This article introduces a simple and straightforward technique for jailbreaking that we call Deceptive Delight. Deceptive Delight is a multi-turn technique that engages large language models (LLM) in an interactive conversation, gradually bypassing their safety guardrails and eliciting them to generate unsafe or harmful content. | AI blog | Palo Alto |
2.11.24 |
Jumpy Pisces Engages in Play Ransomware | Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People's Army, as a key player in a recent ransomware incident. Our investigation indicates a likely shift in the group’s tactics. We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group (Fiddling Scorpius). | Ransom blog | Palo Alto |
2.11.24 |
Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism | Unit 42 researchers have found that certain third-party utilities and applications pertaining to archiving, virtualization and Apple’s native command-line tools do not enforce the quarantine attribute. This can pose a threat to the integrity of a security feature on macOS known as Gatekeeper, which is responsible for ensuring that only trusted software runs on the system. A bypass of Gatekeeper could leave the user unprotected from risky applications that may attempt to execute malicious content. | OS Blog | Palo Alto |
2.11.24 | Talos IR trends Q3 2024: Identity-based operations loom large | Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance - read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions. | Cyber blog | Cisco Blog |
2.11.24 | Threat actors use copyright infringement phishing lure to deploy infostealers | * Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. * The decoy email and fake PDF filenames are designed to impersonate a company's legal department, attempting to lure the | Phishing blog | Cisco Blog |
2.11.24 | Threat Spotlight: WarmCookie/BadSpace | WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns. | Malware blog | Cisco Blog |
2.11.24 | Threat actor abuses Gophish to deliver new PowerRAT and DCRAT | Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. | Malware blog | Cisco Blog |
2.11.24 | NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities | Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation of | Vulnerebility blog | Cisco Blog |
2.11.24 | Writing a BugSleep C2 server and detecting its traffic with Snort | This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort. | Cyber blog | Cisco Blog |
2.11.24 | How LLMs could help defenders write better and faster detection | Can LLM tools actually help defenders in the cybersecurity industry write more effective detection content? Read the full research | AI blog | Cisco Blog |
2.11.24 | Highlighting TA866/Asylum Ambuscade Activity Since 2021 | TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020. | Cyber blog | Cisco Blog |
2.11.24 | UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants | Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entities | BigBrother blog | Cisco Blog |
2.11.24 | Protecting major events: An incident response blueprint | Go behind the scenes with Talos incident responders and learn from what we've seen in the field. | Incident blog | Cisco Blog |
2.11.24 | Ghidra data type archive for Windows driver functions | Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types. | Malware blog | Cisco Blog |
2.11.24 | Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project | Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments. | Vulnerebility blog | Cisco Blog |
2.11.24 | Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities | The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity. | Vulnerebility blog | Cisco Blog |
2.11.24 | Are hardware supply chain attacks “cyber attacks?” | It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process. | Hacking blog | Cisco Blog |
2.11.24 | Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks | Have you ever wondered why there are so many vulnerable drivers and what might be causing them to be vulnerable? Do you want to understand why some drivers are prone to crossing security boundaries and how we can stop that? | Vulnerebility blog | Checkpoint |
2.11.24 | Operation MiddleFloor: Disinformation campaign targets Moldova ahead of presidential elections and EU membership referendum | Beginning in early August, Check Point Research observed a cyber-enabled disinformation campaign primarily targeting Moldova’s government and education sectors. Acting ahead of Moldova’s elections on October 20th, attackers behind this campaign likely seek to foster negative perceptions of European values and the EU membership process in addition to Moldova’s current pro-European leadership, with the intent of influencing the outcome of the upcoming fall elections and national referendum. | BigBrother blog | Checkpoint |
2.11.24 | From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code | In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind. | Vulnerebility blog | Project Zero |
2.11.24 | The Windows Registry Adventure #4: Hives and the registry layout | To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit (abbreviated as HKCR, HKLM, HKCU, HKU and HKCC), and each of them contains a nested tree structure that serves a specific role in the system | Vulnerebility blog | Project Zero |
2.11.24 | Effective Fuzzing: A Dav1d Case Study | Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580. | Vulnerebility blog | Project Zero |
2.11.24 | MacOS Malware Surges as Corporate Usage Grows | As more companies adopt macOS for their corporate needs, attackers are adapting their techniques to get what they want | OS Blog | Trelix |
2.11.24 | Cyber Threats Targeting the US Government During the Democratic National Convention | Trellix global sensors detected increased threat activities during the days that the Democratic National Convention (DNC) was held in August 2024, culminating into a massive spike in detections halfway through the convention. Our data indicate that these threat activities targeted a wide range of US government organizations, including regional democratic causes, state legislative offices, legislative data centers, election boards, local law enforcement agencies, and public transportation networks. | BigBrother blog | Trelix |
2.11.24 | Month in security with Tony Anscombe – October 2024 edition | Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories | Cyber blog | |
2.11.24 | How to remove your personal information from Google Search results | Have you ever googled yourself? Were you happy with what came up? If not, consider requesting the removal of your personal information from search results. | Cyber blog | |
2.11.24 | Don't become a statistic: Tips to help keep your personal data off the dark web | You may not always stop your personal information from ending up in the internet’s dark recesses, but you can take steps to protect yourself from criminals looking to exploit it | Cyber blog | |
2.11.24 | Tony Fadell: Innovating to save our planet | Starmus highlights | As methane emissions come under heightened global scrutiny, learn how a state-of-the-art satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts | Security blog | |
2.11.24 | CloudScout: Evasive Panda scouting cloud services | ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services | APT blog | |
2.11.24 |
ESET Research Podcast: CosmicBeetle | Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world | Cyber blog | |
2.11.24 | Embargo ransomware: Rock’n’Rust | Novice ransomware group Embargo is testing and deploying a new Rust-based toolkit | Ransom blog | |
2.11.24 |
Google Voice scams: What are they and how do I avoid them? | Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers | Spam blog | |
2.11.24 | Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe | The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year | Exploit blog | |
2.11.24 | Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7) | “Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online – and even be the start of a predatory relationship | Cyber blog | |
2.11.24 | Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes | Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details | Hacking blog | |
2.11.24 | Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships | The world needs more cybersecurity professionals – here are three great ways to give you an ‘in’ to the ever-growing and rewarding security industry | Cyber blog | |
2.11.24 | GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe | GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe | Hacking blog | |
2.11.24 | ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms | Telekopye transitions to targeting tourists via hotel booking scam | Spam blog | |
2.11.24 | Cyber insurance, human risk, and the potential for cyber-ratings | Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility? | Cyber blog | |
2.11.24 | Mind the (air) gap: GoldenJackal gooses government guardrails | ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal | BigBrother blog | |
2.11.24 | The complexities of attack attribution – Week in security with Tony Anscombe | Attributing a cyberattack to a specific threat actor is a complex affair, as evidenced by new ESET research published this week | Cyber blog | |
2.11.24 | Separating the bee from the panda: CeranaKeeper making a beeline for Thailand | ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia | APT blog | |
2.11.24 | Why system resilience should mainly be the job of the OS, not just third-party applications | Building efficient recovery options will drive ecosystem resilience | OS Blog | |
2.11.24 | Cybersecurity Awareness Month needs a radical overhaul – it needs legislation | Despite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practices | Cyber blog | |
2.11.24 | Gamaredon's operations under the microscope – Week in security with Tony Anscombe | ESET research examines the group's malicious wares as used to spy on targets in Ukraine in the past two years | Cyber blog | |
1.11.24 | Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare | U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 | BigBrothers | |
1.11.24 | Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned | Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone | Incindent | |
1.11.24 | Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft | Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly | BotNet | |
1.11.24 | Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns | Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it's taking the time to | OS | |
1.11.24 | New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites | Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the | Phishing | |
1.11.24 | New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics | Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its | OS | |
1.11.24 | LottieFiles Issues Warning About Compromised "lottie-player" npm Package | LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to | Hack | |
1.11.24 | LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites | A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated | Vulnerebility | |
30.10.24 | North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack | Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, | APT | |
30.10.24 | Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information | A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to | Vulnerebility | |
30.10.24 | Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware | Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked | Social | |
30.10.24 | Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code | Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but | Cryptocurrency | |
29.10.24 | Researchers Uncover Vulnerabilities in Open-Source AI and ML Models | A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code | AI | |
29.10.24 | Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus | The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two | BigBrothers | |
29.10.24 | U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing | The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol ( TLP ) to handle threat intelligence | BigBrothers | |
29.10.24 | New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors | More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the | Vulnerebility | |
29.10.24 | Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services | A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that | APT | |
28.10.24 | Russian Espionage Group Targets Ukrainian Military with Malware via Telegram | A suspected Russian hybrid espionage and influence operation has been observed delivering a mix of Windows and Android malware to | BigBrothers | |
28.10.24 | BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers | Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked | Virus | |
28.10.24 | Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials | Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors | CyberCrime | |
28.10.24 | Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel | A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, | OS | |
28.10.24 | Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining | The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native | Cryptocurrency | |
28.10.24 | Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions | Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of | Ransom | |
27.10.24 | CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities | The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government | BigBrothers | |
27.10.24 | Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite | A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with | Vulnerebility | |
27.10.24 | Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security | Apple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research | AI | |
27.10.24 | Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof? | Artificial Intelligence (AI) has rapidly evolved from a futuristic concept to a potent weapon in the hands of bad actors. Today, AI- | AI | |
27.10.24 |
SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures | The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially | BigBrothers | The Hacker News |
27.10.24 |
Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations | The Irish data protection watchdog on Thursday fined LinkedIn €310 million ($335 million) for violating the privacy of its users by | Social | |
27.10.24 | New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics | Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics | Ransom | |
27.10.24 | AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks | Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that | Vulnerebility | |
27.10.24 | Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack | Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance | Vulnerebility | |
27.10.24 | Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices | The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw | APT | |
27.10.24 | Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation | Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. | Vulnerebility | |
27.10.24 | New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection | New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud | Virus | |
27.10.24 | CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) | A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities ( KEV ) catalog by the U.S. | Exploit | |
27.10.24 | Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models | Cybersecurity researchers have shed light on a new adversarial technique that could be used to jailbreak large language models | AI | |
27.10.24 | Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks | Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of | Ransom | |
27.10.24 |
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans |
Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called | ||
27.10.24 |
Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers |
Details have emerged about a now-patched security flaw in Styra's Open Policy Agent ( OPA ) that, if successfully exploited, could have | ||
27.10.24 |
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks |
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, | ||
27.10.24 | Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies |
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have | Virus | The Hacker News |
27.10.24 |
Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor |
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest | ||
27.10.24 |
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability |
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for | ||
27.10.24 |
CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to | ||
27.10.24 |
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers |
Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. "The | ||
27.10.24 |
Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials |
Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail | ||
27.10.24 |
North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data |
North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not | ||
27.10.24 |
Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks |
A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government | ||
27.10.24 |
U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign |
Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by | ||
27.10.24 |
Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign |
Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver | ||
26.10.24 |
Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser |
Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in | ||
26.10.24 |
Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant |
The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies | ||
26.10.24 |
Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program |
Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after | ||
26.10.24 |
SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack |
An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile | ||
26.10.24 |
U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks |
Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire | ||
26.10.24 |
Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk |
A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root | ||
26.10.24 |
Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity |
Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response | ||
26.10.24 |
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware |
The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows | ||
26.10.24 |
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack |
A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by | ||
26.10.24 |
GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access |
GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow | ||
26.10.24 |
CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web | ||
26.10.24 |
TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns |
New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's | ||
26.10.24 |
New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT |
Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a | ||
26.10.24 |
New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists |
North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of | ||
26.10.24 |
China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns |
| ||
15.9.24 |
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates |
Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate | ||
15.9.24 |
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites |
The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow | ||
15.9.24 |
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration |
A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero- | ||
15.9.24 |
Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware |
Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog | ||
15.9.24 |
OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf |
The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the | ||
15.9.24 |
FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation |
The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with | ||
29.9.24 |
Ireland fines Meta €91 million for storing passwords in plaintext |
The Data Protection Commission (DPC) in Ireland has fined Meta Platforms Ireland Limited (MPIL) €91 million ($100 million) for storing in plaintext passwords of hundreds of millions of users. | ||
29.9.24 |
Iranian hackers charged for ‘hack-and-leak’ plot to influence election |
The U.S. Department of Justice unsealed an indictment charging three Iranian hackers with a "hack-and-leak" campaign that aimed to influence the 2024 U.S. presidential election. | ||
29.9.24 |
The U.S. Department of Justice (DoJ) has announced charges against two Russian nationals for operating billion-dollar money laundering services for cybercriminals, including ransomware groups. | |||
29.9.24 |
Microsoft: Windows Recall now can be removed, is more secure |
Microsoft has announced security and privacy upgrades to its AI-powered Windows Recall feature, which now can be removed and has stronger default protection for user data and tighter access controls. | ||
29.9.24 |
Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets. | |||
29.9.24 |
Progress urges admins to patch critical WhatsUp Gold bugs ASAP |
Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible. | ||
29.9.24 |
Windows 11 KB5043145 update released with 13 changes and fixes |
Microsoft released the September 2024 preview update (KB5043145) for Windows 11 23H2 and 22H2, with 13 improvements and fixes for multiple issues, including Edge and task manager freezes. | ||
29.9.24 |
CUPS flaws enable Linux remote code execution, but there’s a catch |
Under certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines. | ||
28.9.24 |
Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign |
Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to | ||
28.9.24 |
In this report, we share statistics on threats to industrial control systems in Q2 2024, including statistics by region, industry, malware and other threat types | |||
28.9.24 |
New RomCom malware variant 'SnipBot' spotted in data theft attacks |
A new variant of the RomCom malware called SnipBot, has been used in attacks that pivot on the network to steal data from compromised systems. | ||
28.9.24 |
Kia dealer portal flaw could let attackers hack millions of cars |
A group of security researchers discovered critical flaws in Kia's dealer portal that could let hackers locate and steal millions of Kia cars made after 2013 using just the targeted vehicle's license plate. | ||
28.9.24 |
Tails OS merges with Tor Project for better privacy, security |
The Tor Project and Tails OS are merging operations to better collaborate for a free internet by protecting users from surveillance and censorship. | ||
28.9.24 |
US sanctions crypto exchanges used by Russian ransomware gangs |
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned PM2BTC and Cryptex, two cryptocurrency exchanges that laundered funds from Russian ransomware gangs and other cybercrime groups. | ||
28.9.24 |
WordPress.org has banned WP Engine from accessing its resources and stopped delivering plugin updates to websites hosted on the platform, urging impacted users to choose other hosting providers. | |||
28.9.24 |
U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes |
U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic | ||
28.9.24 |
Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now |
Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical | ||
28.9.24 |
AI-driven insights for managing emerging threats and minimizing organizational risk | |||
28.9.24 |
Discover how to use the Cybersecurity Compass to foster effective conversations about cybersecurity strategy between non-technical and technical audiences, focusing on the phases of before, during, and after a breach. | |||
28.9.24 |
2024 SonicWall Threat Brief: Healthcare’s Escalating Cybersecurity Challenge |
SonicWall’s 2024 Healthcare Threat Brief reveals at least 14 million U.S. patients affected by malware breaches, as outdated systems leave healthcare providers vulnerable to evolving ransomware threats - underscoring the need for MSPs/MSSPs. | ||
28.9.24 |
Secure Access Unlocked: Exploring WNM 4.5 and Service Provider Monthly Program |
Learn about exciting updates in WNM 4.5 plus new additions to our service provider program! | ||
28.9.24 |
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors |
Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages. We’ve named these infected software packages PondRAT. | ||
28.9.24 |
We recently discovered a novel version of the RomCom malware family called SnipBot and, for the first time, show post-infection activity from the attacker on a victim system. | |||
28.9.24 |
Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz |
We have been monitoring a widely popular phishing-as-a-service (PhaaS) platform named Sniper Dz that primarily targets popular social media platforms and online services. A large number of phishers could be using this platform to launch phishing attacks, since the group behind this kit has thousands of subscribers on its Telegram channel. | ||
28.9.24 |
Unit 42 researchers discovered two malware samples used by the Sparkling Pisces (aka Kimsuky) threat group. This includes an undocumented keylogger, called KLogEXE by its authors, and an undocumented variant of a backdoor dubbed FPSpy. | |||
28.9.24 |
Check Point Research (CPR) uncovered a malicious app on Google Play designed to steal cryptocurrency marking the first time a drainer has targeted mobile device users exclusively. The app used a set of evasion techniques to avoid detection and remained available for nearly five months before being removed. | |||
28.9.24 |
10 Years of DLL Hijacking, and What We Can Do to Prevent 10 More |
DLL Hijacking — a technique for forcing legitimate applications to run malicious code — has been in use for about a decade at least. In this write-up we give a short introduction to the technique of DLL Hijacking, followed by a digest of several dozen documented uses of that technique over the past decade as documented by MITRE. | ||
28.9.24 |
Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam |
Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email. | ||
28.9.24 |
Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023 |
ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine | ||
28.9.24 | ||||
28.9.24 |
Time to engage: How parents can help keep their children safe on Snapchat | |||
28.9.24 |
Fake WalletConnect app on Google Play steals Android users’ crypto |
A crypto draining app mimicking the legitimate 'WalletConnect' project has been distributed over Google Play for five months getting more than 10,000 downloads. | ||
28.9.24 |
HPE Aruba Networking fixes critical flaws impacting Access Points |
HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices. | ||
28.9.24 |
Google sees 68% drop in Android memory safety flaws over 5 years |
The percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in 2024, representing a massive decrease of over 68% in five years. | ||
28.9.24 |
CISA: Hackers target industrial systems using “unsophisticated methods” |
CISA warned today of threat actors trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using "unsophisticated" methods like brute force attacks and default credentials. | ||
28.9.24 |
Windows 10 KB5043131 update released with 9 changes and fixes |
Microsoft has released the September 2024 non-security preview update for Windows 10, version 22H2, with fixes for bugs causing Edge web browser freezes and media playback issues. | ||
28.9.24 |
AutoCanada says ransomware attack "may" impact employee data |
AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang. | ||
28.9.24 |
Kansas water plant cyberattack forces switch to manual operations |
Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning. | ||
27.9.24 |
Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution |
A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System ( CUPS ) on Linux | ||
27.9.24 |
Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks |
The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the | ||
27.9.24 |
New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users |
Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka | ||
27.9.24 |
U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering |
The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national | ||
27.9.24 |
Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers |
A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to | ||
26.9.24 |
Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates |
Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could | ||
26.9.24 |
N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks |
Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity | ||
26.9.24 |
Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware |
As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest | ||
26.9.24 |
U.S. govt agency CMS says data breach impacted 3.1 million people |
The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year. | ||
26.9.24 |
Infostealer malware bypasses Chrome’s new cookie-theft defenses |
Infostealer malware developers released updates claiming to bypass Google Chrome's recently introduced feature App-Bound Encryption to protect sensitive data such as cookies. | ||
26.9.24 |
Critical Ivanti vTM auth bypass bug now exploited in attacks |
CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks. | ||
26.9.24 |
While cybercriminals have used generative AI technology to create convincing emails, government agencies have warned about the potential abuse of AI tools to creating malicious software, despite the safeguards and restrictions that vendors implemented. | |||
26.9.24 |
Generative AI Security: Getting ready for Salesforce Einstein Copilot |
Salesforce's Einstein Copilot can provide insights and perform tasks help streamline daily processes. However, it also comes with risks that you should takes steps to mitigate. Learn more from Varonis on how to prepare for Salesforce Einstein Copilot, | ||
26.9.24 |
Money transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday. | |||
26.9.24 |
From 12 to 21: how we discovered connections between the Twelve and BlackJack groups |
An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group. | ||
26.9.24 |
Web tracking report: who monitored users’ online activities in 2023–2024 the most |
Web tracking has become a pervasive aspect of our online experience. Whether we’re browsing social media, playing video games, shopping for products, or simply reading news articles, trackers are silently monitoring our online behavior, fueling the ceaseless hum of countless data centers worldwide. In this article, | ||
26.9.24 |
Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities |
An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential | ||
26.9.24 |
Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign |
Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage | ||
25.9.24 |
Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52% |
Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the | ||
25.9.24 |
Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent |
Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection | ||
25.9.24 |
Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool |
Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto | ||
25.9.24 |
ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function |
A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term | ||
25.9.24 |
Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware |
Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of | ||
25.9.24 |
CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic | ||
25.9.24 |
Necro Android Malware Found in Popular Camera and Browser Apps on Play Store |
Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of | ||
24.9.24 |
U.S. Proposes Ban on Connected Vehicles Using Chinese and Russian Tech |
The U.S. Department of Commerce (DoC) said it's proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the | ||
24.9.24 |
Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns |
Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective | ||
24.9.24 |
New Octo Android malware version impersonates NordVPN, Google Chrome |
A new version of the Octo Android malware, named "Octo2," has been seen spreading across Europe under the guise of NordVPN, Google Chrome, and an app called Europe Enterprise. | ||
24.9.24 |
US proposes ban on connected vehicle tech from China, Russia |
Today, the Biden administration announced new proposed measures to defend the United States' national security from potential threats linked to connected vehicle technologies originating from China and Russia. | ||
24.9.24 |
Telegram now shares users’ IP and phone number on legal requests |
Telegram will now share users' phone numbers and IP addresses with law enforcement if they are found to be violating the platform's rules following a valid legal request. | ||
24.9.24 |
New Mallox ransomware Linux variant based on leaked Kryptina code |
An affiliate of the Mallox ransomware operation, also known as TargetCompany, was spotted using a slightly modified version of the Kryptina ransomware to attack Linux systems. | ||
24.9.24 |
Kaspersky deletes itself, installs UltraAV antivirus without warning |
Starting Thursday, Kaspersky deleted its anti-malware software from computers across the United States and replaced it with UltraAV's antivirus solution without warning. | ||
24.9.24 |
Android malware 'Necro' infects 11 million devices via Google Play |
A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks. | ||
24.9.24 |
New Google Chrome feature will translate complex pages in real time |
Google is testing a new API that uses machine learning models to offer real-time language translation for inputted text and to make it easier to translate web pages. | ||
24.9.24 |
New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities |
Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved | ||
24.9.24 |
Telegram Agrees to Share User Data With Authorities for Criminal Investigations |
In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to | ||
23.9.24 |
Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk |
A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead | ||
23.9.24 |
Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls |
Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted (E2EE) protocol to | ||
23.9.24 |
New PondRAT Malware Hidden in Python Packages Targets Software Developers |
Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called | ||
23.9.24 |
Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware |
A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other | ||
22.9.24 |
Global infostealer malware operation targets crypto users, gamers |
A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named "Marko Polo." | ||
22.9.24 |
Microsoft ends development of Windows Server Update Services (WSUS) |
Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel. | ||
22.9.24 |
Windows Server 2025 previews security updates without restarts |
Microsoft announced today that Hotpatching is now available in public preview for Windows Server 2025, allowing installation of security updates without restarting. | ||
22.9.24 |
The Walt Disney Company is reportedly ditching Slack after a July data breach exposed over 1TB of confidential messages and files posted to the company's internal communication channels. | |||
22.9.24 |
Ukraine bans Telegram on military, govt devices over security risks |
Ukraine's National Coordination Centre for Cybersecurity (NCCC) has restricted the use of the Telegram messaging app within government agencies, military units, and critical infrastructure, citing national security concerns. | ||
22.9.24 |
Dell investigates data breach claims after hacker leaks employee info |
Dell has confirmed to BleepingComputer that they are investigating recent claims that it suffered a data breach after a threat actor leaked the data for over 10,000 employees. | ||
21.9.24 |
Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks |
A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber | ||
21.9.24 |
Ukraine Bans Telegram Use for Government and Military Personnel |
Ukraine has restricted the use of the Telegram messaging app by government officials, military personnel, and other defense and | ||
21.9.24 |
macOS Sequoia change breaks networking for VPN, antivirus software |
Users of macOS 15 'Sequoia' are reporting network connection errors when using certain endpoint detection and response (EDR) or virtual private network (VPN) solutions, and web browsers. | ||
21.9.24 |
Clickbaity or genius? 'BF cheated on you' QR codes pop up across UK |
A new wave of QR codes has popped up across UK claiming to share a video of a boyfriend who "cheated" on a girl named Emily last night. Clickbaity or genius? | ||
21.9.24 |
Suspects behind $230 million cryptocurrency theft arrested in Miami |
Two suspects were arrested in Miami this week and charged with conspiracy to steal and launder over $230 million in cryptocurrency using crypto exchanges and mixing services. | ||
21.9.24 |
CISA warns of actively exploited Apache HugeGraph-Server bug |
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server. | ||
21.9.24 |
Tor says it’s "still safe" amid reports of police deanonymizing users |
The Tor Project is attempting to assure users that the network is still safe after a recent investigative report warned that law enforcement from Germany and other countries are working together to deanonymize users through timing attacks. | ||
21.9.24 |
Ivanti warns of another critical CSA flaw exploited in attacks |
Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. | ||
21.9.24 |
Google Password Manager now automatically syncs your passkeys |
Google announced that starting today, passkeys added to Google Password Manager will automatically sync between Windows, macOS, Linux, Android, and ChromeOS devices for logged-in users. | ||
21.9.24 |
Police dismantles phone unlocking ring linked to 483,000 victims |
A joint law enforcement operation has dismantled an international criminal network that used the iServer automated phishing-as-a-service platform to unlock the stolen or lost mobile phones of 483,000 victims worldwide. | ||
21.9.24 |
German law enforcement seized 47 cryptocurrency exchange services hosted in the country that facilitated illegal money laundering activities for cybercriminals, including ransomware gangs. | |||
21.9.24 |
Unexplained ‘Noise Storms’ flood the Internet, puzzle experts |
Internet intelligence firm GreyNoise reports that it has been tracking large waves of "Noise Storms" containing spoofed internet traffic since January 2020. However, despite extensive analysis, it has not concluded its origin and purpose. | ||
21.9.24 |
Clever 'GitHub Scanner' campaign abusing repos to push malware |
A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. | ||
21.9.24 |
Discord rolls out end-to-end encryption for audio, video calls |
Discord has introduced the DAVE protocol, a custom end-to-end encryption (E2EE) protocol designed to protect audio and video calls on the platform from unauthorized interceptions. | ||
21.9.24 |
Europol takes down "Ghost" encrypted messaging platform used for crime |
Europol and law enforcement from nine countries successfully dismantled an encrypted communications platform called "Ghost," which was used by organized crime such as drug trafficking and money laundering. | ||
21.9.24 |
Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. | |||
21.9.24 |
Cracked Software or Cyber Trap? The Rising Danger of AsyncRAT Malware |
Authored by Neil Tyagi In cybersecurity, threats constantly evolve, and new ways to exploit unsuspecting users are... | ||
21.9.24 |
How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections |
Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions. | ||
21.9.24 |
This is the third blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights | |||
21.9.24 |
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC |
We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China. | ||
21.9.24 |
Vulnerabilities in Cellular Packet Cores Part IV: Authentication |
Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC), both of which have now been resolved and are discussed in this blog post. | ||
21.9.24 |
Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-20017, assessed its impact and developed mitigation measures for the vulnerability. CVE-2024-20017 is a critical zero-click vulnerability with a CVSS 3.0 score | |||
21.9.24 |
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool |
This article discusses the discovery of a new post-exploitation red team tool called Splinter that we found on customer systems using Advanced WildFire’s memory scanning tools. Penetration testing toolkits and adversary simulation frameworks are often useful for identifying potential security issues in a company's network. | ||
21.9.24 |
FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe |
With just weeks to go before the US presidential election, the FBI and the CISA are warning about attempts to sow distrust in the electoral process | ||
21.9.24 |
Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6) | |||
21.9.24 | ||||
21.9.24 | ||||
21.9.24 | ||||
21.9.24 |
In this blog, we will provide an overview of the Iranian threat landscape and discuss the tools, tactics and techniques used by these groups. | |||
21.9.24 |
Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware |
Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. | ||
21.9.24 |
An X account hacking spree has fueled a successful pump-and-dump scheme for the $HACKED Solana token, with people rushing to buy the coin. | |||
21.9.24 |
Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware |
Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. | ||
21.9.24 |
GitLab releases fix for critical SAML authentication bypass flaw |
GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE). | ||
21.9.24 |
Microsoft may have revealed Windows 11 24H2 is coming this month |
Microsoft may have accidentally confirmed that Windows 11 24H2 (Windows 11 2024 Update) is arriving on September 24 as part of the optional preview update, with it rolling out to more people as part of the mandatory October Patch Tuesday updates. | ||
21.9.24 |
Apple has paused the rollout of iPadOS 18 on iPad Pro tablets with the M4 chip after numerous owners reported the update is "bricking" their devices, with no way to turn them on after performing the update. | |||
21.9.24 |
Chinese botnet infects 260,000 SOHO routers, IP cameras with malware |
The FBI and cybersecurity researchers have disrupted a massive Chinese botnet called "Raptor Train" that infected over 260,000 networking devices to target critical infrastructure in the US and in other countries. | ||
21.9.24 |
Russian security firm Dr.Web disconnects all servers after breach |
On Tuesday, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend. | ||
21.9.24 |
Temu denies breach after hacker claims theft of 87 million data records |
Temu denies it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information. | ||
21.9.24 |
Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet. | |||
21.9.24 |
Construction firms breached in brute force attacks on accounting software |
Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to breach corporate networks. | ||
21.9.24 |
The Federal Communications Commission (FCC) has reached a $13 million settlement with AT&T to resolve a probe into whether the telecom giant failed to protect customer data after a vendor's cloud environment was breached three years ago. | |||
21.9.24 |
CISA and the FBI urged tech companies to review their software and eliminate cross-site scripting (XSS) vulnerabilities before shipping. | |||
20.9.24 |
Ransomware gangs now abuse Microsoft Azure tool for data theft |
Ransomware gangs like BianLian and Rhysida increasingly use Microsoft's Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage. | ||
20.9.24 |
PKfail Secure Boot bypass remains a significant risk two months later |
Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks. | ||
20.9.24 |
Over 1,000 ServiceNow instances found leaking corporate KB data |
Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors. | ||
20.9.24 |
CISA warns of Windows flaw used in infostealer malware attacks |
CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. | ||
20.9.24 |
Exploit code released for critical Ivanti RCE flaw, patch now |
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. | ||
20.9.24 |
Microsoft has announced that Office LTSC (Long Term Servicing Channel) 2024, a volume-licensed and perpetual version of Office for Windows and macOS users, is now available for commercial and government customers. | |||
20.9.24 |
US cracks down on spyware vendor Intellexa with more sanctions |
Today, the U.S. Department of the Treasury has sanctioned five executives and one entity linked to the Intellexa Consortium for developing and distributing Predator commercial spyware. | ||
20.9.24 |
Google announced updates in the post-quantum cryptographic key encapsulation mechanism used in the Chrome browser, specifically, the swap of Kyber used in hybrid key exchanges with Module Lattice Key Encapsulation Mechanism (ML-KEM). | |||
20.9.24 |
D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers |
D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. | ||
20.9.24 |
Windows vulnerability abused braille “spaces” in zero-day attacks |
A recently fixed "Windows MSHTML spoofing vulnerability" tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group. | ||
20.9.24 |
Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials |
Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to | ||
20.9.24 |
Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East |
An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to | ||
20.9.24 |
Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature |
Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, | ||
20.9.24 |
Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks |
Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the | ||
20.9.24 |
Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms |
Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software , according to | ||
19.9.24 |
New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails |
A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a | ||
19.9.24 |
New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit |
The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server | ||
19.9.24 |
Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector |
Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first | ||
19.9.24 |
GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions |
GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result | ||
19.9.24 |
New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide |
Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and | ||
19.9.24 |
Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military |
A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain | ||
18.9.24 |
North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware |
A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in | ||
18.9.24 |
Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing |
Google has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when | ||
18.9.24 |
GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging |
The GSM Association (GSMA), the governing body that oversees the development of the Rich Communications Services (RCS) protocol, | ||
18.9.24 |
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution |
Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for | ||
17.9.24 |
Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense |
Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to | ||
17.9.24 |
U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation |
The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa | ||
17.9.24 |
Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users |
Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with | ||
17.9.24 |
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks |
SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical | ||
16.9.24 |
Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution |
A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve | ||
16.9.24 |
North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware |
Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on | ||
16.9.24 |
Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure |
Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk | ||
16.9.24 |
Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks |
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver | ||
15.9.24 |
YARA 4.5.2 was released with 3 small changes and 4 bugfixes. | |||
15.9.24 |
In an earlier diary, I reviewed how using tools like DBSCAN can be useful to group similar data. I used DBSCAN to try and group similar commands submitted to Cowrie and URL paths submitted to the DShield web honeypot. | |||
15.9.24 |
Since I’m interested in malicious Python scripts, I found multiple samples that rely on existing libraries. | |||
15.9.24 |
FBI tells public to ignore false claims of hacked voter data |
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks. | ||
15.9.24 |
Malware locks browser in kiosk mode to steal Google credentials |
A malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. | ||
15.9.24 |
Port of Seattle, the United States government agency overseeing Seattle's seaport and airport, confirmed on Friday that the Rhysida ransomware operation was behind a cyberattack impacting its systems over the last three weeks. | |||
15.9.24 |
TfL requires in-person password resets for 30,000 employees after hack |
Transport for London (TfL) says that all staff (roughly 30,000 employees) must attend in-person appointments to verify their identities and reset passwords following a cybersecurity incident disclosed almost two weeks ago. | ||
15.9.24 |
23andMe to pay $30 million in genetics data breach settlement |
DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. | ||
15.9.24 |
Ivanti warns high severity CSA flaw is now exploited in attacks |
Ivanti confirmed on Friday that a high severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks. | ||
15.9.24 |
Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named "Hadooken," which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks | |||
15.9.24 |
RansomHub claims Kawasaki cyberattack, threatens to leak stolen data |
Kawasaki Motors Europe has announced that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data. | ||
15.9.24 |
New Vo1d malware infects 1.3 million Android streaming boxes |
Threat actors have infected over 1.3 million TV streaming boxes running Android with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices. | ||
15.9.24 |
FBI: Reported cryptocurrency losses reached $5.6 billion in 2023 |
The FBI says that 2023 was a record year for cryptocurrency fraud, with total losses exceeding $5.6 billion, based on nearly 70,000 reports received through the Internet Crime Complaint Center (IC3). | ||
15.9.24 |
Fortinet confirms data breach after hacker claims to steal 440GB of files |
Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server. | ||
15.9.24 |
U.K.'s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city's public transportation agency. | |||
15.9.24 |
Hackers targeting WhatsUp Gold with public exploit since August |
Hackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software. | ||
15.9.24 |
Transport for London confirms customer data stolen in cyberattack |
Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses. | ||
15.9.24 |
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. | |||
15.9.24 |
Fake password manager coding test used to hack Python developers |
Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. | ||
15.9.24 |
A cybersecurity researcher is urging users to upgrade Adobe Acrobat Reader after a fix was released yesterday for a remote code execution zero-day with a public in-the-wild proof-of-concept exploit. | |||
14.9.24 |
Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities |
In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671. | ||
14.9.24 |
Earth Preta Evolves its Attacks with New Malware and Strategies |
In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign. | ||
14.9.24 |
CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective |
In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques | ||
14.9.24 |
Unit 42 researchers recently found that Stately Taurus abused the popular Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. Stately Taurus is a Chinese advanced persistent threat (APT) group that carries out cyberespionage attacks. | |||
14.9.24 |
Key Group Russian Ransomware Gang Uses Extensive Multi-purpose Telegram Channel |
The SonicWall Capture Labs threat research team has been recently tracking ransomware known as Key Group. Key Group is a Russian-based malware threat group that was formed in early 2023. | ||
14.9.24 |
Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers |
While investigating CVE-2024-5932, a code injection vulnerability in the GiveWP WordPress plugin, our team encountered a malicious Proof of Concept (POC) targeting cybersecurity professionals. This has become a growing threat to cybersecurity professionals from threat actors to achieve their motives, such as crypto mining, data exfiltration and backdoor installation | ||
14.9.24 |
Microsoft’s September 2024 Patch Tuesday has 79 vulnerabilities, of which 30 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2024 and has produced coverage for 9 of the reported vulnerabilities. | |||
14.9.24 |
Targeted Iranian Attacks Against Iraqi Government Infrastructure |
Check Point Research discovered a new set of malware called Veaty and Spearal that was used in attacks against different Iraqi entities including government networks. | ||
14.9.24 |
DragonRank, a Chinese-speaking SEO manipulator service provider |
Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation | ||
14.9.24 |
Talos' Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer attention to infostealers. | |||
14.9.24 |
Vulnerability in Tencent WeChat custom browser could lead to remote code execution |
While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor. | ||
14.9.24 |
Watch our new documentary, "The Light We Keep: A Project PowerUp Story" |
The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country. | ||
14.9.24 |
A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America. | |||
14.9.24 |
CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges. | |||
14.9.24 |
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical. | |||
14.9.24 |
The best and worst ways to get users to improve their account security |
In my opinion, mandatory enrollment is best enrollment. | ||
14.9.24 |
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads |
The threat of VBA macros has diminished since Microsoft prevented the execution of macros in Microsoft Office documents downloaded from the internet, but not all users are using the latest up-to-date Office versions and can still be vulnerable. | ||
14.9.24 |
CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe |
ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends | ||
14.9.24 | ||||
14.9.24 |
CosmicBeetle, after improving its own ransomware, tries its luck as a RansomHub affiliate | |||
14.9.24 |
WordPress.org to require 2FA for plugin developers by October |
Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor authentication (2FA) on their accounts. | ||
14.9.24 |
Chinese hackers linked to cybercrime syndicate arrested in Singapore |
Six Chinese nationals and a Singaporean have been arrested on Monday in Singapore for their alleged role in malicious cyber activities committed in connection with a "global syndicate." | ||
14.9.24 |
Microsoft fixes Windows Server performance issues from August updates |
Microsoft says this month's Patch Tuesday cumulative updates also fix a known issue causing Windows Server 2019 boot problems, freezes, and performance issues after installing the August 2024 security updates. | ||
14.9.24 |
Ivanti fixes maximum severity RCE bug in Endpoint Management software |
Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. | ||
14.9.24 |
New PIXHELL acoustic attack leaks secrets from LCD screen noise |
A novel acoustic attack named 'PIXHELL' can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to. | ||
14.9.24 |
RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software |
The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to attempt disabling endpoint detection and response (EDR) services on target systems. | ||
14.9.24 |
Windows 10 KB5043064 update released with 6 fixes, security updates |
Microsoft has released the KB5043064 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 6 changes and fixes, including a fix for Bluetooth devices that stop working due to a memory leak. | ||
14.9.24 |
Microsoft fixes Windows Smart App Control zero-day exploited since 2018 |
Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018. | ||
14.9.24 |
Windows 11 KB5043076 cumulative update released with 19 changes |
Microsoft has released the mandatory Windows 11 23H2 KB5043076 cumulative update to fix security vulnerabilities and make 19 improvements. | ||
14.9.24 |
Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws |
Today is Microsoft's September 2024 Patch Tuesday, which includes security updates for 79 flaws, including three actively exploited and one publicly disclosed zero-days. | ||
14.9.24 |
Wix.com has announced it will stop providing services to Russian users on September 12, 2024, with all accounts from Russia, including free and premium, to be blocked and their websites taken down | |||
14.9.24 |
Microsoft to start force-upgrading Windows 22H2 systems next month |
Microsoft announced that Windows 11 installs reaching the end of support next month, on October 8, will be force-upgraded to Windows 11 23H2. | ||
14.9.24 |
Navigating Endpoint Privilege Management: Insights for CISOs and Admins |
Understanding endpoint privilege management is key to defending organizations from advanced attacks. Learn more from ThreatLocker on using endpoint privilege management to better secure your org's systems. | ||
14.9.24 |
Flipper Zero releases Firmware 1.0 after three years of development |
After three years of development, the Flipper Zero team has announced the release of the first major firmware version for the portable, customizable digital hacking device. | ||
14.9.24 |
NoName ransomware gang deploying RansomHub malware in recent attacks |
The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate. | ||
14.9.24 |
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability |
Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 | ||
13.9.24 |
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers |
Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully | ||
13.9.24 |
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London |
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for | ||
13.9.24 |
TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud |
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new | ||
13.9.24 |
Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw |
Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in | ||
13.9.24 |
New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency |
Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining | ||
12.9.24 |
New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram |
Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at | ||
12.9.24 |
Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution |
GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an | ||
12.9.24 |
Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide |
Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 | ||
12.9.24 |
Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking |
Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. | ||
12.9.24 |
Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack |
Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state- | ||
12.9.24 |
Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe |
The Irish Data Protection Commission (DPC) has announced that it has commenced a "Cross-Border statutory inquiry" into Google's | ||
12.9.24 |
WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers |
WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes | ||
12.9.24 |
Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances |
The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN | ||
12.9.24 |
DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe |
A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe | ||
11.9.24 |
Fake recruiter coding tests target devs with malicious Python packages |
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers. | ||
11.9.24 |
Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate |
The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged | ||
11.9.24 |
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware |
Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of | ||
11.9.24 |
Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws |
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active | ||
11.9.24 |
Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities |
Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical | ||
11.9.24 |
CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub |
The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and | ||
11.9.24 |
Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia |
A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as | ||
11.9.24 |
New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers |
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the "audio gap" and | ||
11.9.24 |
Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments |
The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and | ||
11.9.24 |
New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks |
A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data | ||
10.9.24 |
Critical SonicWall SSLVPN bug exploited in ransomware attacks |
Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks. | ||
10.9.24 |
Quad7 botnet targets more SOHO and VPN routers, media servers |
The Quad7 botnet is expanding its targeting scope with the addition of new clusters and custom implants that now also target Zyxel VPN appliances and Ruckus wireless routers. | ||
10.9.24 |
New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks. | |||
10.9.24 |
Highline Public Schools closes schools following cyberattack |
Highline Public Schools, a K-12 district in Washington state, has shut down all schools and canceled school activities after its technology systems were compromised in a cyberattack. | ||
10.9.24 |
Meta fixes easily bypassed WhatsApp ‘View Once’ privacy feature |
A privacy flaw in WhatsApp, an instant messenger with over 2 billion users worldwide, is being exploited by attackers to bypass the app's "View once" feature and view messages again. | ||
10.9.24 |
Payment gateway data breach affects 1.7 million credit card owners |
Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. | ||
10.9.24 |
Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device. | |||
9.9.24 |
Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT |
The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized | ||
9.9.24 |
Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks |
The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code | ||
9.9.24 |
Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor |
Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that | ||
9.9.24 |
New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys |
Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat | ||
9.9.24 |
TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign |
A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers | ||
9.9.24 |
U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks |
The U.S. government and a coalition of international partners have officially attributed a Russian hacking group tracked as Cadet | ||
8.9.24 |
Sextortion scam now use your "cheating" spouse’s name as a lure |
A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. | ||
8.9.24 |
New RAMBO attack steals data using RAM in air-gapped computers |
A novel side-channel attack dubbed "RAMBO" (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device's RAM to send data from air-gapped computers. | ||
8.9.24 |
Transport for London staff faces systems disruptions after cyberattack |
Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack. | ||
8.9.24 |
Car rental giant Avis discloses data breach impacting customers |
American car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information. | ||
8.9.24 |
Microsoft Office 2024 to disable ActiveX controls by default |
After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. | ||
8.9.24 |
SpyAgent Android malware steals your crypto recovery phrases from images |
A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. | ||
8.9.24 |
SonicWall SSLVPN access control flaw is now exploited in attacks |
SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible. | ||
8.9.24 |
Apache fixes critical OFBiz remote code execution vulnerability |
Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. | ||
8.9.24 |
Microsoft removes revenge porn from Bing search using new tool |
Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media. | ||
8.9.24 |
Russian military hackers linked to critical infrastructure attacks |
The United States and its allies have linked a group of Russian hackers (tracked as Cadet Blizzard and Ember Bear) behind global critical infrastructure attacks to Unit 29155 of Russia's Main Directorate of the General Staff of the Armed Forces (also known as GRU). | ||
8.9.24 |
LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks |
Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. | ||
8.9.24 |
Musician charged with $10M streaming royalties fraud using AI and bots |
North Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme. | ||
8.9.24 |
Veeam warns of critical RCE flaw in Backup & Replication software |
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. | ||
8.9.24 |
Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords |
Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. | ||
8.9.24 |
Planned Parenthood confirms cyberattack as RansomHub claims breach |
Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage. | ||
8.9.24 |
Microchip Technology confirms data was stolen in cyberattack |
American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang. | ||
8.9.24 |
Red team tool ‘MacroPack’ abused in attacks to deploy Brute Ratel |
The MacroPack framework, initially designed for Red Team exercises, is being abused by threat actors to deploy malicious payloads, including Havoc, Brute Ratel, and PhatomCore. | ||
8.9.24 |
US cracks down on Russian disinformation before 2024 election |
The FBI seized 32 web domains used by the Doppelgänger Russian-linked influence operation network in a disinformation campaign targeting the American public ahead of this year's presidential election. | ||
8.9.24 |
Cisco fixes root escalation vulnerability with public exploit code |
Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileges to root on vulnerable systems. | ||
8.9.24 |
New Eucleak attack lets threat actors clone YubiKey FIDO keys |
A new "EUCLEAK" flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico's YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys and clone the FIDO device. | ||
8.9.24 |
Cisco warns of backdoor admin account in Smart Licensing Utility |
Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. | ||
8.9.24 |
Hackers inject malicious JS in Cisco store to steal credit cards, credentials |
Cisco's site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout. | ||
8.9.24 |
Google backports fix for Pixel EoP flaw to other Android devices |
Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation of privilege flaw that was previously fixed on Pixel devices. | ||
8.9.24 |
Criminal IP Earns PCI DSS v4.0 Certification for Top-Level Security |
AI Spera has achieved PCI DSS v4.0 certification for its threat intel search engine solution, Criminal IP. Learn more from the Criminal IP cyber threat intelligence search engine. | ||
8.9.24 |
Revival Hijack supply-chain attack threatens 22,000 PyPI packages |
Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. | ||
8.9.24 |
The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. | |||
8.9.24 |
Zyxel warns of critical OS command injection flaw in routers |
Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. | ||
8.9.24 |
New Windows PowerToy launches, repositions apps to saved layouts |
Microsoft has released a new Workspaces PowerToy that helps launch sets of applications using custom desktop layouts and configurations with a mouse click. | ||
8.9.24 |
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams |
Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake | ||
8.9.24 |
FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals |
Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that | ||
7.9.24 |
Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones. | |||
7.9.24 |
Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command |
Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection. | ||
7.9.24 |
Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion |
While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign. | ||
7.9.24 |
CVE-2024-23119: Critical SQL Injection Vulnerability in Centreon |
Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-23119, assessed its impact and developed mitigation measures for this vulnerability. CVE-2024-23119 is a high-severity SQL Injection vulnerability in Centreon, impacting Centreon | ||
7.9.24 |
Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe |
The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams | ||
7.9.24 | ||||
7.9.24 |
The key considerations for cyber insurance: A pragmatic approach | |||
7.9.24 |
Sometimes there’s more than just an enticing product offer hiding behind an ad | |||
7.9.24 |
FBI warns crypto firms of aggressive social engineering attacks |
The FBI warns of North Korean hackers aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks, aiming to deploy malware that steals their crypto assets. | ||
7.9.24 |
Clearview AI fined €30.5 million for unlawful data collection |
The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) on Clearview AI for unlawful data collection using facial recognition, including photos of Dutch citizens. | ||
7.9.24 |
D-Link says it is not fixing four RCE flaws in DIR-846W routers |
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. | ||
7.9.24 |
Oil and gas giant Halliburton has confirmed in a filing today to the Securities and Exchange Commission (SEC) that data was stolen in the recent attack linked to the RansomHub ransomware gang. | |||
7.9.24 |
Transport for London discloses ongoing “cyber security incident” |
Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services. | ||
7.9.24 |
Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K. | |||
7.9.24 |
Verkada to pay $2.95 million for alleged CAN-SPAM Act violations |
The Federal Trade Commission (FTC) requires security camera vendor Verkada to create a comprehensive information security program as part of a settlement after multiple security failures enabled hackers to access live video feeds from internet-connected cameras. | ||
7.9.24 |
CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach that involves unauthorized access of client information stored in specific databases. | |||
7.9.24 |
Linux version of new Cicada ransomware targets VMware ESXi servers |
A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide. | ||
7.9.24 |
GitHub comments abused to push password stealing malware masked as fixes |
GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. | ||
7.9.24 |
SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation |
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The | ||
7.9.24 |
GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware |
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver | ||
7.9.24 |
GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code |
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading | ||
6.9.24 |
Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress |
Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could | ||
6.9.24 |
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution |
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code | ||
6.9.24 |
Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity |
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a | ||
6.9.24 |
Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East |
Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat | ||
6.9.24 |
Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues |
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical | ||
5.9.24 |
U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown |
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda | ||
5.9.24 |
Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore |
Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco | ||
5.9.24 |
New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm |
The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber | ||
5.9.24 |
Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks |
Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow | ||
5.9.24 |
North Korean Hackers Targets Job Seekers with Fake FreeConference App |
North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to | ||
5.9.24 |
Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw |
Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has | ||
5.9.24 |
Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack |
A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to | ||
4.9.24 |
Google Confirms CVE-2024-32896 Exploited in the Wild, Releases Android Security Patch |
Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has | ||
4.9.24 |
Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers |
A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to | ||
4.9.24 |
Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers |
Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions | ||
4.9.24 |
Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database |
The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) against facial recognition firm | ||
4.9.24 |
Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack |
A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader | ||
4.9.24 |
Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus |
A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and | ||
4.9.24 |
New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems |
Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities | ||
4.9.24 |
Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users |
Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This | ||
4.9.24 |
New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access |
Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges | ||
4.9.24 |
Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt |
A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his | ||
4.9.24 |
RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors |
Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in | ||
4.9.24 |
Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers' Systems |
Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again | ||
1.9.24 |
GitHub comments abused to spread Lumma Stealer malware as fake fixes |
GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. | ||
1.9.24 |
Docker-OSX image used for security research hit by Apple DMCA takedown |
The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright. | ||
1.9.24 |
Microsoft is trying to reduce Windows 11's desktop spotlight clutter |
Windows 11's Spotlight feature is a pretty nice way to jazz up your desktop background with different wallpapers and fun facts when you hover over the image icon, but it takes up a lot of space. Microsoft is working on a new change that reduces this clutter in the Windows 11 Spotlight feature. | ||
1.9.24 |
Researchers find SQL injection to bypass airport TSA security checks |
Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits. | ||
1.9.24 |
New Voldemort malware abuses Google Sheets to store stolen data |
A campaign that started on August 5, 2024, is spreading a previously undocumented malware named "Voldemort" to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia. | ||
1.9.24 |
North Korean hackers exploit Chrome zero-day to deploy rootkit |
North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. | ||
1.9.24 |
The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company's IT systems and business operations. | |||
1.9.24 |
FBI: RansomHub ransomware breached 210 victims since February |
Since surfacing in February 2024, RansomHub ransomware affiliates have breached over 200 victims from a wide range of critical U.S. infrastructure sectors. | ||
1.9.24 |
Fake Palo Alto GlobalProtect used as lure to backdoor enterprises |
Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further. | ||
1.9.24 |
Windows 10 KB5041582 update released with 5 changes and fixes |
Microsoft has released the August 2024 preview update for Windows 10, version 22H2, with fixes for issues causing system freezes and memory leaks. | ||
1.9.24 |
North Korean threat actor Citrine Sleet exploiting Chromium zero-day |
Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). | ||
1.9.24 |
North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit |
A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North |