DATE

NAME

Info

CATEG.

WEB

13.3.24PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian UsersThe threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvestVirusThe Hacker News
13.3.24Researchers Highlight Google's Gemini AI Susceptibility to LLM ThreatsGoogle's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmfulAIThe Hacker News
13.3.24Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHubA new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-VirusThe Hacker News
13.3.24Windows 11 KB5035853 update released, here's what's newMicrosoft has released the KB5035853 cumulative update for Windows 11 23H3 and 22H2, with 21 fixes and changes, including fixing a bug causing 0x800F0922 errors when installing updates.OSBleepingComputer
13.3.24Windows 10 KB5035845 update released with 9 new changes, fixesMicrosoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes.OS

BleepingComputer

13.3.24Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugsToday is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws.OS

BleepingComputer

13.3.24Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorshipThe Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight.Security

BleepingComputer

13.3.24Google paid $10 million in bug bounty rewards last yearGoogle awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services.Security

BleepingComputer

13.3.24Over 12 million auth secrets and keys leaked on GitHub in 2023GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days.Incindent

BleepingComputer

13.3.24Tuta Mail adds new quantum-resistant encryption to protect emailTuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks.Security

BleepingComputer

13.3.24Microsoft says Windows 10 21H2 support is ending in JuneMicrosoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service.OS

BleepingComputer

13.3.24Okta says data leaked on hacking forum not from its systemsOkta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum.Incindent

BleepingComputer

13.3.24Researchers expose Microsoft SCCM misconfigs usable in cyberattacksSecurity researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller.Incindent

BleepingComputer

13.3.24Equilend warns employees their data was stolen by ransomware gangNew York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack.Ransom

BleepingComputer

13.3.24Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardwareRoku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions.Incindent

BleepingComputer

13.3.24Fake Leather wallet app on Apple App Store is a crypto drainerThe developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets.Cryptocurrency

BleepingComputer

13.3.24Hackers exploit WordPress plugin flaw to infect 3,300 sites with malwareHackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.Exploit

BleepingComputer

13.3.24Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V FlawsMicrosoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issuesOSThe Hacker News
12.3.24Watch Out: These PyPI Python Packages Can Drain Your Crypto WalletsThreat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonicCryptocurrencyThe Hacker News
12.3.24Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ SitesA new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code.VirusThe Hacker News
12.3.24South Korean Citizen Detained in Russia on Cyber Espionage ChargesRussia has detained a South Korean national for the first time on cyber espionage charges and transferred from Vladivostok to Moscow for furtherBigBrothersThe Hacker News
12.3.24New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing TacticsUsers in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDFVirusThe Hacker News
11.3.24BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware AttacksThe threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct theirRansomThe Hacker News
11.3.24Proof-of-Concept Exploit Released for Progress Software OpenEdge VulnerabilityTechnical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress SoftwareExploitThe Hacker News
11.3.24Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RATA financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunisticallyVirusThe Hacker News
10.3.24Magnet Goblin hackers use 1-day flaws to drop custom Linux malwareA financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems.Virus

BleepingComputer

10.3.24The Week in Ransomware - March 8th 2024 - Waiting for the BlackCat rebrandWe saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government.Ransom

BleepingComputer

10.3.24Critical Fortinet flaw may impact 150,000 exposed devicesScans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication.Vulnerebility

BleepingComputer

10.3.24QNAP warns of critical auth bypass flaw in its NAS devicesQNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices.Vulnerebility

BleepingComputer

10.3.24UnitedHealth brings some Change Healthcare pharmacy services back onlineOptum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system.Incindent

BleepingComputer

10.3.24Microsoft says Russian hackers breached its systems, accessed source codeMicrosoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack.BigBrothers

BleepingComputer

10.3.24CISA, NSA share best practices for securing cloud servicesThe NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment.BigBrothers

BleepingComputer

10.3.24Switzerland: Play ransomware leaked 65,000 government documentsThe National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files.Ransom

BleepingComputer

10.3.24Windows 10 KB5001716 update fails with 0x80070643 errors, how to fixMicrosoft is pushing out a Windows 10 KB5001716 update used to improve Windows Update that is ironically failing to install, showing 0x80070643 errors.OS

BleepingComputer

10.3.24MiTM phishing attack can let attackers unlock and steal a TeslaResearchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.Phishing

BleepingComputer

10.3.24AnyCubic fixes exploited 3D printer zero day flaw with new firmwareAnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide.Vulnerebility

BleepingComputer

10.3.24Google engineer caught stealing AI tech secrets for Chinese firmsThe U.S. Department of Justice (DoJ) has announced the unsealing of an indictment against Linwei (Leon) Ding, 38, a former software engineer at Google, suspected of stealing Google AI trade secrets for Chinese companies.AI

BleepingComputer

10.3.24FBI: U.S. lost record $12.5 billion to online crime in 2023FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion.CyberCrime

BleepingComputer

10.3.24PetSmart warns of credential stuffing attacks trying to hack accountsPet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts.Incindent

BleepingComputer

10.3.24Critical TeamCity flaw now widely exploited to create admin accountsHackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday.Vulnerebility

BleepingComputer

10.3.24Hacked WordPress sites use visitors' browsers to hack other sitesHackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. HackBleepingComputer
10.3.24Hackers impersonate U.S. government agencies in BEC attacksA gang of hackers specialized in business email compromise (BEC) attacks and tracked as TA4903 has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes.SpamBleepingComputer
9.3.24Threat Group Assessment: Muddled Libra (Updated)Muddled Libra stands at the intersection of devious social engineering and nimble technology adaptation. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses. APT blogPalo Alto
9.3.24MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIESMagnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector. At least in one case of Ivanti Connect Secure VPN (CVE-2024-21887), the exploit entered the group’s arsenal as fast as within 1 day after a POC for it was published.Vulnerebility blogCheckpoint
9.3.24GhostSec’s joint ransomware operation and evolution of their arsenalCisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.Ransom blogCisco Blog
9.3.24The 3 most common post-compromise tactics on network infrastructureWe discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. These include modifying the device’s firmware, uploading customized/weaponized firmware, and bypassing security measures.Cyber blogCisco Blog
9.3.24Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” musicThe bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand adversaries’ motivation and tactics.Cyber blogCisco Blog
9.3.24APT attacks taking aim at Tibetans – Week in security with Tony AnscombeEvasive Panda has been spotted targeting Tibetans in several countries and territories with payloads that included a previously undocumented backdoor ESET has named NightdoorAPT blogEset
9.3.24Evasive Panda leverages Monlam Festival to target TibetansESET researchers uncover strategic web compromise and supply-chain attacks targeting TibetansAPT blogEset
9.3.24Top 10 scams targeting seniors – and how to keep your money safeThe internet can be a wonderful place. But it’s also awash with fraudsters preying on people who are susceptible to fraud.Spam blogEset
9.3.24Irresistible: Hooks, habits and why you can’t put down your phoneStruggle to part ways with your tech? You’re not alone. Here’s why your devices are your vices.Security blogEset
9.3.24Duvel says it has "more than enough" beer after ransomware attackDuvel Moortgat Brewery was hit by a ransomware attack late last night, bringing to a halt the beer production in the company's bottling facilitiesRansom

BleepingComputer

9.3.24Canada's anti-money laundering agency offline after cyberattackThe Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has announced that a "cyber incident" forced it to take its corporate systems offline as a precaution.CyberCrime

BleepingComputer

9.3.24VMware fixes critical sandbox escape flaws in ESXi, Workstation, and FusionVMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system.Vulnerebility

BleepingComputer

9.3.24Hackers target Docker, Hadoop, Redis, Confluence with new Golang malwareHackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts.Virus

BleepingComputer

9.3.24NSA shares zero-trust guidance to limit adversaries on the networkThe National Security Agency is sharing new guidance to help organizations limit an adversary's movement on the internal network by adopting zero-trust framework principles.BigBrothers

BleepingComputer

9.3.24Apple fixes two new iOS zero-days exploited in attacks on iPhonesApple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones.OS

BleepingComputer

9.3.24New WogRAT malware abuses online notepad service to store malwareA new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code.Virus

BleepingComputer

9.3.24New WogRAT malware abuses online notepad service to store malwareMicrosoft has unexpectedly announced they are ending support for the Windows Subsystem for Android next year on March 5th.VirusBleepingComputer
9.3.24Microsoft Confirms Russian Hackers Stole Source Code, Some Customer SecretsMicrosoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access toAPTThe Hacker News
8.3.24Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA RegulationsMeta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the DigitalSocialThe Hacker News
8.3.24Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure ClientCisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actorVulnerebilityThe Hacker News
8.3.24QEMU Emulator Exploited as Tunneling Tool to Breach Company NetworkThreat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting anExploit

The Hacker News

8.3.24CISA Warns of Actively Exploited JetBrains TeamCity VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-ExploitThe Hacker News
7.3.24Android and Windows RATs Distributed Via Online Meeting LuresBeginning in December 2023, Zscaler’s ThreatLabz discovered a threat actor creating fraudulent Skype, Google Meet, and Zoom websites to spread malware.VirusZscaler
7.3.24Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force AttacksThreat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal.AttackThe Hacker News
7.3.24Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole AttacksThe China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least sinceBigBrothersThe Hacker News
7.3.24Ex-Google Engineer Arrested for Stealing AI Technology Secrets for ChinaThe U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident of allegedly stealingAI

The Hacker News

7.3.24New Python-Based Snake Info Stealer Spreading Through Facebook MessagesFacebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that's designed to capture credentials andVirusThe Hacker News
7.3.24Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering MalwareThreat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver aVirusThe Hacker News
7.3.24Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto MiningThreat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services asExploit

The Hacker News

7.3.24Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million PayoutThe threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus lawRansomThe Hacker News
6.3.24Microsoft is killing off the Android apps in Windows 11 featureMicrosoft has unexpectedly announced they are ending support for the Windows Subsystem for Android next year on March 5th.OS

BleepingComputer

6.3.24U.S. sanctions Predator spyware operators for spying on AmericansThe U.S. has imposed sanctions on two individuals and five entities linked to the development and distribution of the Predator commercial spyware used to target Americans, including government officials and journalists.BigBrothers

BleepingComputer

6.3.24Hackers abuse QEMU to covertly tunnel network traffic in cyberattacksMalicious actors were detected abusing the open-source hypervisor platform QEMU as a tunneling tool in a cyberattack against a large company.Cyber

BleepingComputer

6.3.24BlackCat ransomware shuts down in exit scam, blames the "feds"The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates' money by pretending the FBI seized their site and infrastructure.Ransom

BleepingComputer

6.3.24Passwords are Costing Your Organization Money - How to Minimize Those CostsGetting rid of passwords completely isn't a realistic option for most orgs, but there are things you can do to make them more secure. Learn more from Specops Software on maximizing security while mitigating costs.Security

BleepingComputer

6.3.24Exploit available for new critical TeamCity auth bypass bug, patch nowA critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. Exploit

BleepingComputer

6.3.24ScreenConnect flaws exploited to drop new ToddlerShark malwareThe North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark.Vulnerebility

BleepingComputer

6.3.24Hackers steal Windows NTLM authentication hashes in phishing attacksThe hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks.CyberCrime

BleepingComputer

6.3.24BlackCat ransomware turns off servers amid claim they stole $22 million ransomThe ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.Ransom

BleepingComputer

6.3.24Ukraine claims it hacked Russian Ministry of Defense serversThe Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents.BigBrothers

BleepingComputer

6.3.24North Korea hacks two South Korean chip firms to steal engineering dataThe National Intelligence Service (NIS) in South Korea warns that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks.APT

BleepingComputer

6.3.24American Express credit cards exposed in third-party data breachAmerican Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked.Incindent

BleepingComputer

6.3.24Stealthy GTPDOOR Linux malware targets mobile operator networksSecurity researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks.Virus

BleepingComputer

6.3.24Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCsStarting next month, Microsoft nag screens pushing Windows 11 will also show up on non-managed enterprise devices running Windows 10 Pro and Pro Workstation.OS

BleepingComputer

6.3.24U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and JournalistsThe U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the IntellexaVirusThe Hacker News
6.3.24VMware Issues Security Patches for ESXi, Workstation, and Fusion FlawsVMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to codeVulnerebilityThe Hacker News
6.3.24Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 CountriesThe cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker . "TheGhostSec and StormousRansom

The Hacker News

6.3.24New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial EntitiesA financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023.APTThe Hacker News
6.3.24Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day FlawsApple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in theOSThe Hacker News
6.3.24Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK MalwareNorth Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called Virus

The Hacker News

5.3.24Group-IB reveals Hi-Tech Crime Trends 23/24: surge in ransomware against backdrop of growing AI, macOS threatsGroup-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, is proud to announce the launch of its new report Hi-Tech Crime Trends 2023/2024, the latest edition of the company’s annual round-up of the most pressing global cyber threats to organizations and individuals.CyberGroup-IB
5.3.24Cybercriminals Using Novel DNS Hijacking Technique for Investment ScamsA new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds.CyberCrimeThe Hacker News
5.3.24Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web MarketsMore than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets betweenAIThe Hacker News
5.3.24Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM HashesThe threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager (Hack

The Hacker News

5.3.24Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server TakeoversA new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor toExploitThe Hacker News
4.3.24How Cybercriminals are Exploiting India's UPI for Money Laundering OperationsCybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money launderingExploitThe Hacker News
4.3.24Over 100 Malicious AI/ML Models Found on Hugging Face PlatformAs many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These includeAI

The Hacker News

4.3.24Phobos Ransomware Aggressively Targeting U.S. Critical InfrastructureU.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructureRansom

The Hacker News

3.3.24News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian...BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices.Security

BleepingComputer

3.3.24Hackers target FCC, crypto firms in advanced Okta phishing attacksA new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals.Phishing

BleepingComputer

3.3.24Windows Kernel bug fixed last month exploited as zero-day since AugustMicrosoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day.OS

BleepingComputer

3.3.24The Week in Ransomware - March 1st 2024 - Healthcare under siegeRansomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA.Ransom

BleepingComputer

3.3.24CISA warns of Microsoft Streaming bug exploited in malware attacksCISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks.Virus

BleepingComputer

3.3.24Germany takes down cybercrime market with over 180,000 usersThe Düsseldorf Police in Germany have seized Crimemarket, a massive German-speaking illicit trading platform with over 180,000 users, arresting six people, including one of its operators.CyberCrime

BleepingComputer

3.3.24Microsoft fixes Outlook clients not syncing over Exchange ActiveSyncMicrosoft has fixed an issue causing some Microsoft 365 users' Outlook desktop clients to stop connecting to email servers via Exchange ActiveSync.OS

BleepingComputer

3.3.24Microsoft pulls Edge update causing 'Out of Memory' crashesMicrosoft has pulled the Microsoft Edge 122.0.2365.63 update after users reported receiving "Out of memory" errors when browsing the web or accessing the browser settings.OS

BleepingComputer

3.3.24Wireshark Tutorial: Exporting Objects From a PcapPalo Alto Networks customers are better protected from the malware samples in this tutorial through Cortex XDR and XSIAM.Security blogPalo Alto
3.3.24The Art of Domain Deception: Bifrost's New Tactic to Deceive UsersFirst identified in 2004, Bifrost is a remote access Trojan (RAT) that allows an attacker to gather sensitive information, like hostname and IP address. In this article, along with exploring Bifrost, we’ll also showcase a notable spike in Bifrost’s Linux variants during the past few months.Malware blogPalo Alto
3.3.24Navigating the Cloud: Exploring Lateral Movement TechniquesWe explore cloud lateral movement techniques in all three major cloud providers: Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, highlighting their differences compared to similar techniques in on-premises environments. Hacking blogPalo Alto
3.3.24TimbreStealer campaign targets Mexican users with financial luresTalos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023.Malware blogCisco Blog
3.3.24Deceptive AI content and 2024 elections – Week in security with Tony AnscombeAs the specter of AI-generated disinformation looms large, tech giants vow to crack down on fabricated content that could sway voters and disrupt elections taking place around the world this yearAI blogEset
3.3.24Blue Team toolkit: 6 open-source tools to assess and enhance corporate defensesHere’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armorSecurity blogEset
3.3.24Vulnerabilities in business VPNs under the spotlightAs adversaries increasingly set their sights on vulnerable enterprise VPN software to infiltrate corporate networks, concerns mount about VPNs themselves being a source of cyber riskVulnerebility blogEset
3.3.2410 things to avoid posting on social media – and whyDo you often take to social media to broadcast details from your life? Here’s why this habit may put your privacy and security at risk.Social blogEset
3.3.24U.S. charges Iranian for hacks on defense orgs, offers $10M for infoThe U.S. Department of Justice (DoJ) has unveiled an indictment against Alireza Shafie Nasab, a 39-year-old Iranian national, for his role in a cyber-espionage campaign targeting U.S. government and defense entities.BigBrothers

BleepingComputer

3.3.24Golden Corral restaurant chain data breach impacts 183,000 peopleThe Golden Corral American restaurant chain disclosed a data breach after attackers behind an August cyberattack stole the personal information of over 180,000 people.Incindent

BleepingComputer

3.3.24New Bifrost malware for Linux mimics VMware domain for evasionA new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware.Virus

BleepingComputer

3.3.24Brave browser launches privacy-focused AI assistant on AndroidBrave Software is the next company to jump into AI, announcing a new privacy-preserving AI assistant called "Leo" is rolling out on the Android version of its browser through the latest release, version 1.63.AI

BleepingComputer

3.3.24CISA cautions against using hacked Ivanti VPN gateways even after factory resetsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets.BigBrothers

BleepingComputer

3.3.24Windows 10 KB5034843 update released with 9 new changes, fixesMicrosoft has released the optional KB5034843 Preview cumulative update for Windows 10 22H2 with an updated sharing experience and eight other fixes or changes.OS

BleepingComputer

3.3.24Windows 11 KB5034848 preview update adds USB 80Gbps supportMicrosoft has released the optional KB5034848 Preview cumulative update for Windows 11 23H2 and 22H2, which brings new features, including USB 80Gbps and nineteen other changes and fixes.OS

BleepingComputer

3.3.24GitHub enables push protection by default to stop secrets leakGitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code.Security

BleepingComputer

3.3.24Citrix, Sophos software impacted by 2024 leap year bugsCitrix and Sophos products have been impacted by leap year flaws, leading to unexpected problems in their products.Vulnerebility

BleepingComputer

3.3.24Windows 11 'Moment 5' update released, here are the new featuresMicrosoft has released the Windows 11 'Moment 5' update for versions 23H2 and 22H2, starting the rollout of new features, such as Windows Copilot skills and plugins, Voice Access, AI enhancements for ClipChamp and Photos, and Narrator improvements.OS

BleepingComputer

3.3.24Microsoft rolls back decision to stop Windows 11 22H2 preview updatesMicrosoft says that systems running Windows 11 22H2 will continue to receive non-security preview updates after initially stating they would no longer receive them after February 2024.OS

BleepingComputer

3.3.2420 million Cutout.Pro user records leaked on data breach forumAI service Cutout.Pro has suffered a data breach exposing the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names.Incindent

BleepingComputer

3.3.24Anycubic 3D printers hacked worldwide to expose security flawAccording to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks.Hack

BleepingComputer

3.3.24Malicious AI models on Hugging Face backdoor users’ machinesAt least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor.AI

BleepingComputer

3.3.24New executive order bans mass sale of personal data to China, RussiaU.S. President Joe Biden has signed an executive order that aims to ban the bulk sale and transfer of Americans' private data to "countries of concern" such as China, Russia, Iran, North Korea, Cuba, and Venezuela.BigBrothers

BleepingComputer

3.3.24Rhysida ransomware wants $3.6 million for children’s stolen dataThe Rhysida ransomware gang has claimed the cyberattack on Lurie Children's Hospital in Chicago at the start of the month.Ransom

BleepingComputer

2.3.24Kali Linux 2024.1 released with 4 new tools, UI refreshKali Linux has released version 2024.1, the first version of 2024, with four new tools, a theme refresh, and desktop changes.OS

BleepingComputer

2.3.24Ransomware gang claims they stole 6TB of Change Healthcare dataThe BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform.Ransom

BleepingComputer

2.3.24LockBit ransomware returns to attacks with new encryptors, serversThe LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption.Ransom

BleepingComputer

2.3.24Lazarus hackers exploited Windows zero-day to gain Kernel privilegesNorth Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques.APT

BleepingComputer

2.3.24Epic Games: "Zero evidence" we were hacked by Mogilevich gangEpic Games said they found zero evidence of a cyberattack or data theft after the Mogilevich extortion group claimed to have breached the company's servers.Hack

BleepingComputer

2.3.24Japan warns of malicious PyPi packages created by North Korean hackersJapan's Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware.Virus

BleepingComputer

2.3.24Need to Know: Key Takeaways from the Latest Phishing AttacksThis article takes a look at some lessons from recent phishing attacks and highlights actionable tips to limit the risks of phishing affecting your company.Phishing

BleepingComputer

2.3.24Savvy Seahorse gang uses DNS CNAME records to power investor scamsA threat actor named Savvy Seahorse is abusing CNAME DNS records Domain Name System to create a traffic distribution system that powers financial scam campaigns.Spam

BleepingComputer

2.3.24Pharmaceutical giant Cencora says data was stolen in a cyberattackPharmaceutical giant Cencora says they suffered a cyberattack where threat actors stole data from corporate IT systems.Incindent

BleepingComputer

2.3.24FBI, CISA warn US hospitals of targeted BlackCat ransomware attacksToday, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks.Ransom

BleepingComputer

2.3.24LabHost cybercrime service lets anyone phish Canadian bank usersThe Phishing as a Service (PhaaS) platform 'LabHost' has been helping cybercriminals target North American banks, particularly financial institutes in Canada, causing a notable increase in activity.Phishing

BleepingComputer

2.3.24Black Basta, Bl00dy ransomware gangs join ScreenConnect attacksThe Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability.Ransom

BleepingComputer

2.3.24Russian hackers hijack Ubiquiti routers to launch stealthy attacksRussian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners.APT

BleepingComputer

2.3.24Hessen Consumer Center says systems encrypted by ransomwareThe Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and temporarily disrupting its availability.Ransom

BleepingComputer

2.3.24Malicious code in Tornado Cash governance proposal puts user funds at riskMalicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months.Virus

BleepingComputer

2.3.24Windows February 2024 updates fail to install with 0x800F0922 errorsMicrosoft says the February 2024 updates fail to install on Windows 11 22H2 and 23H2 systems, with 0x800F0922 errors and downloads stopping at 96%.OS

BleepingComputer

2.3.24U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsAppA U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant'sBigBrothersThe Hacker News
2.3.24U.S. Charges Iranian Hacker, Offers $10 Million Reward for CaptureThe U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-CyberCrimeThe Hacker News
2.3.24New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency UsersA novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamedCryptocurrency

The Hacker News

2.3.24New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for EvasionCybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptiveVirusThe Hacker News
1.3.24Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway VulnerabilitiesThe Five Eyes (FVEY) intelligence alliance has issued a new cybersecurity advisory warning of cyber threat actors exploiting known security flaws inExploitThe Hacker News
1.3.24GitHub Rolls Out Default Secret Scanning Push Protection for Public RepositoriesGitHub on Thursday announced that it's enabling secret scanning push protection by default for all pushes to public repositories. "This means thatSecurityThe Hacker News
1.3.24New Silver SAML Attack Evades Golden SAML Defenses in Identity SystemsCybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations haveAttack

The Hacker News

1.3.24GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming NetworksThreat hunters have discovered a new Linux malware called GTPDOOR that's designed to be deployed in telecom networks that are adjacent toVirusThe Hacker News
1.3.24Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent AttacksThe notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-levelExploit

The Hacker News

1.3.24New Backdoor Targeting European Officials Linked to Indian Diplomatic EventsA previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomaticVirusThe Hacker News
1.3.24Lazarus Exploits Typos to Sneak PyPI Malware into Dev SystemsThe notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal ofVirusThe Hacker News
29.2.24UnitedHealth subsidiary Optum hack linked to BlackCat ransomwareA cyberattack on UnitedHealth Group subsidiary Optum that led to an ongoing outage impacting the Change Healthcare payment exchange platform was linked to the BlackCat ransomware group by sources familiar with the investigation.Incindent

BleepingComputer

29.2.24New IDAT loader version uses steganography to push Remcos RATA hacking group tracked as 'UAC-0184' was observed utilizing steganographic image files to deliver the Remcos remote access trojan (RAT) onto the systems of a Ukrainian entity operating in FinlandVirus

BleepingComputer

29.2.24White House urges devs to switch to memory-safe programming languagesThe White House Office of the National Cyber Director (ONCD) urged tech companies today to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities.BigBrothers

BleepingComputer

29.2.24Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoningThreat actors are exploiting a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams.BigBrothers

BleepingComputer

29.2.24Russian hackers shift to cloud attacks, US and allies warnMembers of the Five Eyes (FVEY) intelligence alliance warned today that APT29 Russian Foreign Intelligence Service (SVR) hackers are now switching to attacks targeting their victims' cloud services.APT

BleepingComputer

29.2.24Steel giant ThyssenKrupp confirms cyberattack on automotive divisionSteel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort.Incindent

BleepingComputer

29.2.24Hijacked subdomains of major brands used in massive spam campaignA massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising.Spam

BleepingComputer

29.2.24LockBit ransomware returns, restores servers after police disruptionThe LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector.Ransom

BleepingComputer

29.2.24PayPal files patent for new method to detect stolen cookiesPayPal has filed a patent application for a novel method that can identify when "super-cookie" is stolen, which could improve the cookie-based authentication mechanism and limit account takeover attacks.Security

BleepingComputer

29.2.24Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New MalwareAt least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886 , have been attributed to theVirus

The Hacker News

29.2.24President Biden Blocks Mass Transfer of Personal Data to High-Risk NationsU.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. TheBigBrothersThe Hacker News
29.2.24Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense SectorsAn Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation,APTThe Hacker News
28.2.24FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware AttacksThe U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently asRansomThe Hacker News
28.2.24TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT UsersMexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented WindowsPhishingThe Hacker News
28.2.24Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot ThreatIn a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to takeAPTThe Hacker News
28.2.24WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at RiskA security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate theirVulnerebilityThe Hacker News
28.2.24Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHubAn "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it easily accessible to other actors atVirusThe Hacker News
28.2.24Five Eyes Agencies Expose APT29's Evolving Cloud Attack TacticsCybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-APTThe Hacker News
28.2.24New Hugging Face Vulnerability Exposes AI Models to Supply Chain AttacksCybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack theAIThe Hacker News
27.2.24WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ WebsitesA critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations.VulnerebilityThe Hacker News
27.2.24New IDAT Loader Attacks Using Steganography to Deploy Remcos RATUkrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as RemcosVirusThe Hacker News
27.2.248,000+ Domains of Trusted Brands Hijacked for Massive Spam OperationMore than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticatedSpamThe Hacker News
27.2.24North Korean Hackers Targeting Developers with Malicious npm PackagesA set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findingsVirusThe Hacker News
27.2.24Banking Trojans Target Latin America and Europe Through Google Cloud RunCybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliverVirusThe Hacker News
27.2.24LockBit Ransomware Group Resurfaces After Law Enforcement TakedownThe threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international lawRansomThe Hacker News
25.2.24Authorities Claim LockBit Admin "LockBitSupp" Has Engaged with Law EnforcementLockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "hasRansomThe Hacker News
25.2.24RCMP investigating cyber attack as its website remains downThe Royal Canadian Mounted Police (RCMP), Canada's national police force has disclosed that it recently faced a cyber attack targeting its networks. The federal body has started its criminal investigation into the matter as it works to determine the scope of the security breach.Security

BleepingComputer

25.2.24Apple adds PQ3 quantum-resistant encryption to iMessageApple is adding to the iMessage instant messaging service a new post-quantum cryptographic protocol named PQ3, designed to defend encryption from quantum attacks.Security

BleepingComputer

25.2.24Insomniac Games alerts employees hit by ransomware data breachSony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November.Ransom

BleepingComputer

25.2.24LockBit ransomware gang has over $110 million in unspent bitcoinThe LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation.Ransom

BleepingComputer

25.2.24U-Haul says hacker accessed customer records using stolen credsU-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations.Incindent

BleepingComputer

25.2.24UnitedHealth confirms Optum hack behind US healthcare billing outageHealthcare giant UnitedHealth Group confirmed that its subsidiary Optum was forced to shut down IT systems and various services after a cyberattack by "nation-state" hackers on the Change Healthcare platform.Incindent

BleepingComputer

25.2.24Microsoft has started testing Wi-Fi 7 support in Windows 11Microsoft is testing support for Wi-Fi 7 in Windows 11, which offers multi-gigabit speeds and improved throughput, latency, and reliability compared to previous Wi-Fi generations.OS

BleepingComputer

25.2.24Microsoft now force installing Windows 11 23H2 on eligible PCsMicrosoft has started force installing Windows 11 23H2 on eligible devices that have reached or are close to their end-of-servicing date.OS

BleepingComputer

25.2.24Bitwarden’s new auto-fill option adds phishing resistanceThe Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields.Phishing

BleepingComputer

25.2.24Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT CampaignsOn Feb. 16, 2024, someone uploaded data to GitHub that included possible internal company communications, sales-related materials and product manuals belonging to the Chinese IT security services company i-Soon, also known as Anxun Information Technology.APT blogPalo Alto
25.2.24Intruders in the Library: Exploring DLL HijackingDynamic-link library (DLL) hijacking is one of the oldest techniques that both threat actors and offensive security professionals continue to use today. Hacking blogPalo Alto
25.2.242024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat TacticsOur annual survey of incident data from more than 250 organizations and more than 600 incidents provides a Unit 42 perspective on the current state of security exposures. Incident blogPalo Alto
25.2.24Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)Feb. 13, 2024, ConnectWise was notified of two vulnerabilities impacting their remote desktop software application ScreenConnect. These vulnerabilities were first reported through their vulnerability disclosure channel in the ConnectWise Trust Center. Vulnerebility blogPalo Alto
25.2.242024’S CYBER BATTLEGROUND UNVEILED: ESCALATING RANSOMWARE EPIDEMIC, THE EVOLUTION OF CYBER WARFARE TACTICS AND STRATEGIC USE OF AI IN DEFENSERising Threats: Cybersecurity landscape faces an unprecedented surge in ransomware attacks, with 1 in every 10 organizations globally being targeted in 2023.Cyber blogCheckpoint
25.2.24TinyTurla-NG in-depth tooling and command and control analysisCisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed.APT blogCisco Blog
25.2.24How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severityWhile distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context.Vulnerebility blogCisco Blog
25.2.24Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaignsSince September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans.Malware blogCisco Blog
25.2.24PSYOP campaigns targeting Ukraine – Week in security with Tony AnscomberComing in two waves, the campaign sought to demoralize Ukrainians and Ukrainian speakers abroad with disinformation messages about war-related subjectsBigBrother blogEset
25.2.24Everything you need to know about IP grabbersYou would never give your personal ID to random strangers, right? So why provide the ID of your computer? Unsuspecting users beware, IP grabbers do not ask for your permission.Security blogEset
25.2.24Operation Texonto: Information operation targeting Ukrainian speakers in the context of the warA mix of PSYOPs, espionage and … fake Canadian pharmacies!Cyber blogEset
25.2.24Watching out for the fakes: How to spot online disinformationWhy and how are we subjected to so much disinformation nowadays, and is there a way to spot the fakes?Security blogEset
25.2.24Microsoft Expands Free Logging Capabilities for all U.S. Federal AgenciesMicrosoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than sixBigBrothersThe Hacker News
24.2.24New ScreenConnect RCE flaw exploited in ransomware attacksAttackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks.Ransom

BleepingComputer

24.2.24FTC to ban Avast from selling browsing data for advertising purposesThe U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes.BigBrothers

BleepingComputer

24.2.24LockBit ransomware secretly building next-gen encryptor before takedownLockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week.Ransom

BleepingComputer

24.2.24Joomla fixes XSS flaws that could expose sites to RCE attacksFive vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.Vulnerebility

BleepingComputer

24.2.24Microsoft expands free logging capabilities after May breachMicrosoft has expanded free logging capabilities for all Purview Audit standard customers, including U.S. federal agencies, six months after disclosing that Chinese hackers stole U.S. government emails undetected in an Exchange Online breach between May and June 2023.Incindent

BleepingComputer

24.2.24Hackers abuse Google Cloud Run in massive banking trojan campaignSecurity researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban.Virus

BleepingComputer

24.2.24Fraudsters tried to scam Apple out of 5,000 iPhones worth over $3 millionTwo Chinese nationals face 20 years in prison after being caught and convicted of submitting over 5,000 fake iPhones worth more than $3 million to Apple with the goal of having them replaced with genuine devices.CyberCrime

BleepingComputer

24.2.24New SSH-Snake malware steals SSH keys to spread across the networkA threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure.Virus

BleepingComputer

24.2.24US govt shares cyberattack defense tips for water utilitiesCISA, the FBI, and the Environmental Protection Agency (EPA) shared a list of defense measures U.S. water utilities should implement to better defend their systems against cyberattacksBigBrothers

BleepingComputer

24.2.24ScreenConnect critical bug now under attack as exploit code emergesBoth technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.Exploit

BleepingComputer

24.2.24US offers $15 million bounty for info on LockBit ransomware gangThe U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information about LockBit ransomware gang members and their associates.Ransom

BleepingComputer

24.2.24VMware urges admins to remove deprecated, vulnerable auth plug-inVMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched.Vulnerebility

BleepingComputer

24.2.24VoltSchemer attacks use wireless chargers to inject voice commands, fry phonesA team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger.Hack

BleepingComputer

24.2.24New Migo malware disables protection features on Redis serversSecurity researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency.Cryptocurrency

BleepingComputer

24.2.24Dormant PyPI Package Compromised to Spread Nova Sentinel MalwareA dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealerVirus

The Hacker News

23.2.24ConnectWise urges ScreenConnect admins to patch critical RCE flawConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution (RCE) attacks.Vulnerebility

BleepingComputer

23.2.24Knight ransomware source code for sale after leak site shuts downThe alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation.Ransom

BleepingComputer

23.2.24Ransomware Groups, Targeting Preferences, and the Access EconomyThe cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime.Ransom

BleepingComputer

23.2.24Critical infrastructure software maker confirms ransomware attackPSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure.Ransom

BleepingComputer

23.2.24Police arrest LockBit ransomware members, release decryptor in global crackdownLaw enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation.Ransom

BleepingComputer

23.2.24LockBit ransomware disrupted by global police operationLaw enforcement agencies from 10 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ''Operation Cronos."Ransom

BleepingComputer

23.2.24North Korean hackers linked to defense sector supply-chain attackIn an advisory today Germany's federal intelligence agency (BfV) and South Korea's National Intelligence Service (NIS) warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government.BigBrothers

BleepingComputer

23.2.24Cactus ransomware claim to steal 1.5TB of Schneider Electric dataThe Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month.Ransom

BleepingComputer

23.2.24Over 28,500 Exchange servers vulnerable to actively exploited bugUp to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting.Exploit

BleepingComputer

23.2.24Hackers exploit critical RCE flaw in Bricks WordPress site builderHackers are actively exploiting a critical remote code execution (RCE) flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites.Exploit

BleepingComputer

23.2.24Wyze camera glitch gave 13,000 users a peek into other homesWyze shared more details on a security incident that impacted thousands of users on Friday and said that at least 13,000 customers could get a peek into other users' homes.Incindent

BleepingComputer

23.2.24Anatsa Android malware downloaded 150,000 times via Google PlayThe Anatsa banking trojan has been targeting users in Europe by infecting Android devices through malware droppers hosted on Google Play.OS

BleepingComputer

23.2.24Hacker arrested for selling bank accounts of US, Canadian usersUkraine's cyber police arrested a 31-year-old for running a cybercrime operation that gained access to bank accounts of American and Canadian users and sold them on the dark web.CyberCrime

BleepingComputer

23.2.24KeyTrap attack: Internet access disrupted with one DNS packetA serious vulnerability named KeyTrap in the Domain Name System Security Extensions (DNSSEC) feature could be exploited to deny internet access to applications for an extended period.Attack

BleepingComputer

23.2.24New Google Chrome feature blocks attacks against home networksGoogle is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks.Security

BleepingComputer

23.2.24ALPHV ransomware claims loanDepot, Prudential Financial breachesThe ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot.Ransom

BleepingComputer

23.2.24Wyze investigating 'security issue' amid ongoing outageWyze Labs is investigating a security issue while experiencing a service outage that has been causing connectivity issues since this morning.Security

BleepingComputer

23.2.24SolarWinds fixes critical RCE bugs in access rights audit solutionSolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.Vulnerebility

BleepingComputer

23.2.24Alpha ransomware linked to NetWalker operation dismantled in 2021Security researchers analyzing the Alpha ransomware payload and modus operandi discovered overlaps with the now-defunct Netwalker ransomware operation.Ransom

BleepingComputer

23.2.24North Korean hackers now launder stolen crypto via YoMix tumblerThe North Korean hacker collective Lazarus, infamous for having carried out numerous large-scale cryptocurrency heists over the years, has switched to using YoMix bitcoin mixer to launder stolen proceeds.APT

BleepingComputer

23.2.24Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prisonUkrainian national Vyacheslav Igorevich Penchukov, one of the heads of the notorious JabberZeus cybercrime gang, has pleaded guilty to charges related to his leadership roles in the Zeus and IcedID malware groups.CyberCrime

BleepingComputer

23.2.24Microsoft Releases PyRIT - A Red Teaming Tool for Generative AIMicrosoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks inVirusThe Hacker News
23.2.24Researchers Detail Apple's Recent Zero-Click Shortcuts VulnerabilityDetails have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitiveOSThe Hacker News
23.2.24FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing DataThe U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data toBigBrothersThe Hacker News
23.2.24Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessageApple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messagingSecurityThe Hacker News
22.2.24Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network AttacksA recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is aHackThe Hacker News
22.2.24A New Age of HacktivismIn the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions.HackThe Hacker News
22.2.24Russian Government Software Backdoored to Deploy Konni RAT MalwareAn installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remoteVirusThe Hacker News
22.2.24U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware LeadersThe U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leadersRansomThe Hacker News
22.2.24New Wi-Fi Vulnerabilities Expose Android and Linux Devices to HackersCybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devicesVulnerebilityThe Hacker News
21.2.24Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGSThe China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbedAPTThe Hacker News
21.2.24New 'VietCredCare' Stealer Targeting Facebook Advertisers in VietnamFacebook advertisers in Vietnam are the target of a previously unknown information stealer dubbed VietCredCare at least since August 2022. TheSocialThe Hacker News
21.2.24Signal Introduces Usernames, Allowing Users to Keep Their Phone Numbers PrivateEnd-to-end encrypted (E2EE) messaging app Signal said it's piloting a new feature that allows users to create unique usernames (not to be confusedSocialThe Hacker News
21.2.24Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting AttacksCybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-relatedAPTThe Hacker News
21.2.24Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to KnowThe Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms.IncindentThe Hacker News
21.2.24VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at RiskVMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as VulnerebilityThe Hacker News
21.2.24New Migo Malware Targeting Redis Servers for Cryptocurrency MiningA novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency onCryptocurrencyThe Hacker News
20.2.24LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys ReleasedThe U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as intelligence pertaining to itsRansomThe Hacker News
20.2.24New Malicious PyPI Packages Caught Using Covert Side-Loading TacticsCybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging aVirusThe Hacker News
20.2.24New Report Reveals North Korean Hackers Targeting Defense Firms WorldwideNorth Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a jointAPTThe Hacker News
20.2.24Critical Flaws Found in ConnectWise ScreenConnect Software - Patch NowConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including aVulnerebilityThe Hacker News
20.2.24WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ SitesA critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptibleVulnerebilityThe Hacker News
20.2.24Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas NarrativeHackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. ThisBigBrothersThe Hacker News
20.2.24LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement RaidUpdate: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details . An international lawRansomThe Hacker News
19.2.24Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows DevicesMeta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab EmiratesOSThe Hacker News
19.2.24Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New CountriesThe Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observedOSThe Hacker News
19.2.24Russian-Linked Hackers Target 80+ Organizations via Roundcube FlawsThreat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-APTThe Hacker News
19.2.24Iranian Hackers Target Middle East Policy Experts with New BASICSTAR BackdoorThe Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a newAPTThe Hacker News
18.2.24Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon)Insidious Taurus (aka Volt Typhoon) is identified by U.S. government agencies and international government partners as People’s Republic of China (PRC) state-sponsored cyber actors.APT blogPalo Alto
18.2.24New Vulnerability in QNAP QTS Firmware: CVE-2023-50358This article provides technical analysis on a zero-day vulnerability affecting QNAP Network Attached Storage (NAS) devices.Vulnerebility blogPalo Alto
18.2.24THE RISKS OF THE #MONIKERLINK BUG IN MICROSOFT OUTLOOK AND THE BIG PICTURERecently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. Attack blogCheckpoint
18.2.24TinyTurla Next Generation - Turla APT spies on Polish NGOsThis new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.APT blogCisco Blog
18.2.24How are attackers using QR codes in phishing emails and lure documents?QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after.Attack blogCisco Blog
18.2.24Cyber-insurance and vulnerability scanning – Week in security with Tony AnscombeHere's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signalsVulnerebility blogEset
18.2.24All eyes on AI | Unlocked 403: A cybersecurity podcastArtificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack the basics and examine AI's broader implications.AI blogEset
18.2.24The art of digital sleuthing: How digital forensics unlocks the truthLearn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tellSecurity blogEset
18.2.24Deepfakes in the global election year of 2024: A weapon of mass deception?As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concernBigBrother blogEset
18.2.24Microsoft says it fixed a Windows Metadata server issue that’s still brokenMicrosoft claims to have fixed Windows Metadata connection issues which continue to plague customers, causing problems for users trying to manage their printers and other hardware.OS

BleepingComputer

18.2.24US offers up to $15 million for tips on ALPHV ransomware gangThe U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders.Ransom

BleepingComputer

18.2.24RansomHouse gang automates VMware ESXi attacks with new MrAgent toolThe RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors.Hack

BleepingComputer

18.2.24FBI disrupts Russian Moobot botnet infecting Ubiquiti routersThe FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks.BotNet

BleepingComputer

18.2.24OpenAI blocks state-sponsored hackers from using ChatGPTOpenAI has removed accounts used by state-sponsored threat groups from Iran, North Korea, China, and Russia, that were abusing its artificial intelligence chatbot, ChatGPT.AI

BleepingComputer

18.2.24Over 13,000 Ivanti gateways vulnerable to actively exploited bugsThousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched.Exploit

BleepingComputer

18.2.24Three critical application security flaws scanners can’t detectIn this article, Outpost24 explains three key limitations of automated vulnerability scanners, emphasizing the significance of manual pen testing in enhancing security.Vulnerebility

BleepingComputer

18.2.24Turla hackers backdoor NGOs with new TinyTurla-NG malwareSecurity researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data.Virus

BleepingComputer

18.2.24New Qbot malware variant uses fake Adobe installer popup for evasionThe developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December.Virus

BleepingComputer

18.2.24New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraudA new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access.OS

BleepingComputer

18.2.24Microsoft: New critical Exchange bug exploited as zero-dayMicrosoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday.OS

BleepingComputer

18.2.24LockBit claims ransomware attack on Fulton County, GeorgiaThe LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "confidential" documents if a ransom is not paid.Ransom

BleepingComputer

18.2.24Zoom patches critical privilege elevation flaw in Windows appsThe Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.Vulnerebility

BleepingComputer

18.2.24New critical Microsoft Outlook RCE bug is trivial to exploitMicrosoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View.Exploit

BleepingComputer

18.2.24Microsoft Exchange update enables Extended Protection by defaultMicrosoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update (aka CU14).OS

BleepingComputer

18.2.24German battery maker Varta halts production after cyberattackBattery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants.Incindent

BleepingComputer

18.2.24Ubuntu 'command-not-found' tool can be abused to spread malwareA logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users.Virus

BleepingComputer

18.2.24Trans-Northern Pipelines investigating ALPHV ransomware attack claimsTrans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang. Ransom

BleepingComputer

18.2.24DuckDuckGo browser gets end-to-end encrypted sync featureThe DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices.Security

BleepingComputer

18.2.24Prudential Financial breached in data theft cyberattackPrudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later.Incindent

BleepingComputer

18.2.24Hackers used new Windows Defender zero-day to drop DarkMe malwareMicrosoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT).Virus

BleepingComputer

18.2.24FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads GuiltyA Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021.CyberCrimeThe Hacker News
17.2.24Hackers used new Windows Defender zero-day to drop DarkMe malwareMicrosoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT).OS

BleepingComputer

17.2.24Windows 10 KB5034763 update released with new fixes, changesMicrosoft has released the KB5034763 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes a small number of changes, including the continued rollout of changes to comply with Europe's Digital Markets Act (DMA).OS

BleepingComputer

17.2.24200,000 Facebook Marketplace user records leaked on hacking forumA threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users.Social

BleepingComputer

17.2.24Integris Health says data breach impacts 2.4 million patientsIntegris Health has reported to U.S. authorities that the data breach it suffered last November exposed personal information belonging to almost 2.4 million people.Incindent

BleepingComputer

17.2.24Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flawsToday is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days.OS

BleepingComputer

17.2.24Windows 11 KB5034765 update released with Start Menu fixesMicrosoft has released the KB5034765 cumulative update for Windows versions 23H2 and 22H2 to fix several bugs in the OS, including an issue that causes problems with the Start menu.OS

BleepingComputer

17.2.24Hackers mint 1.79 billion crypto tokens from PlayDapp gaming platformHackers are believed to have used a stolen private key to mint and steal over 1.79 billion PLA tokens, a cryptocurrency used within the PlayDapp ecosystem.Cryptocurrency

BleepingComputer

17.2.24Bumblebee malware attacks are back after 4-month breakThe Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns.Virus

BleepingComputer

17.2.245 Steps to Improve Your Security Posture in Microsoft TeamsMicrosoft Teams is susceptible to a growing number of cybersecurity threats as its massive user base is an attractive target for cybercriminals. Learn more from Adaptive Shield on how to increase your Microsoft Teams security posture.Security

BleepingComputer

17.2.24Bank of America warns customers of data breach after vendor hackBank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year.Incindent

BleepingComputer

17.2.24FBI seizes Warzone RAT infrastructure, arrests malware vendorThe FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation.Virus

BleepingComputer

17.2.24FCC orders telecom carriers to report PII data breaches within 30 daysStarting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements.BigBrothers

BleepingComputer

17.2.24Ongoing Microsoft Azure account hijacking campaign targets executivesA phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives.Phishing

BleepingComputer

17.2.24CISA: Roundcube email server bug now exploited in attacksCISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks.Exploit

BleepingComputer

17.2.24Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoorHackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.Virus

BleepingComputer

17.2.24Free Rhysida ransomware decryptor for Windows exploits RNG flawSouth Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free.Ransom

BleepingComputer

17.2.24Ransomware attack forces 100 Romanian hospitals to go offline100 hospitals across Romania have taken their systems offline after a ransomware attack hit their healthcare management system.Ransom

BleepingComputer

17.2.24ExpressVPN bug has been leaking some DNS requests for yearsExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers.Vulnerebility

BleepingComputer

17.2.24Google Open Sources Magika: AI-Powered File Identification ToolEfficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid frictionAIThe Hacker News
17.2.24CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco AdaptiveRansomThe Hacker News
17.2.24RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job OffersMultiple companies operating in the cryptocurrency sector are the target of an ongoing malware campaign that involves a newly discovered AppleCryptocurrencyThe Hacker News
17.2.24Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing AttacksA malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing AmazonVirusThe Hacker News
16.2.24U.S. State Government Network Breached via Former Employee's AccountThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's networkBigBrothersThe Hacker News
16.2.24U.S. Government Disrupts Russian-Linked Botnet Engaged in Cyber EspionageThe U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country thatBigBrothersThe Hacker News
16.2.24Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG BackdoorThe Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaignVirusThe Hacker News
16.2.24Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated LibrariesA reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoringVulnerebilityThe Hacker News
16.2.24Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware AttacksA Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans,VirusThe Hacker News
15.2.24Critical Exchange Server Flaw (CVE-2024-21410) Under Active ExploitationMicrosoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, aVulnerebilityThe Hacker News
15.2.24Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber AttacksNation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language modelsAIThe Hacker News
15.2.24Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue PackagesCybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend theirHackThe Hacker News
15.2.24Bumblebee Malware Returns with New Tricks, Targeting U.S. BusinessesThe infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a newVirusThe Hacker News
15.2.24DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day VulnerabilityA newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called VirusThe Hacker News
15.2.24Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-DaysMicrosoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024,OSThe Hacker News
15.2.24Glupteba Botnet Evades Detection with Undocumented UEFI BootkitThe Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface ( UEFI ) bootkitVirusThe Hacker News
15.2.24PikaBot Resurfaces with Streamlined Code and Deceptive TacticsThe threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case ofVirusThe Hacker News
15.2.24Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT InfrastructuresThreat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy aVulnerebilityThe Hacker News
15.2.24Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch NowThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting RoundcubeBigBrothersThe Hacker News
12.2.24Rhysida Ransomware Cracked, Free Decryption Tool ReleasedRhysida Ransomware Cracked, Free Decryption Tool ReleasedRansomThe Hacker News
12.2.24CISA and OpenSSF Release Framework for Package Repository SecurityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it's partnering with the Open Source Security Foundation (OpenSSF)BigBrothersThe Hacker News
12.2.24Microsoft Introduces Linux-Like 'sudo' Command to Windows 11Microsoft said it's introducing Sudo for Windows 11 as part of an early preview version to help users execute commands with administratorOSThe Hacker News
12.2.24U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware LeadersThe U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within theBigBrothersThe Hacker News
12.2.24U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key OperatorsThe U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT)VirusThe Hacker News
10.2.24Raspberry Robin malware evolves with early access to Windows exploitsRecent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them.VirusBleepingComputer
10.2.24UK to replace physical biometric immigration cards with e-visasBy 2025, Britain is set to ditch physical immigration documents like Biometric Residence Permits (BRPs) and Biometric Residence Cards (BRCs) in a bid to make its borders digital, in-line with developed countries like Australia. Understand what these Home Office changes mean for existing BRP and BRC holders, and what you need to do.BigBrothers

BleepingComputer

10.2.24New Fortinet RCE bug is actively exploited, CISA confirmsCISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday.Exploit

BleepingComputer

10.2.24Canada to ban the Flipper Zero to stop surge in car theftsThe Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.Security

BleepingComputer

10.2.24Microsoft: Outlook clients not syncing over Exchange ActiveSyncMicrosoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update.Security

BleepingComputer

10.2.24New RustDoor macOS malware impersonates Visual Studio updateA new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.OS

BleepingComputer

10.2.24Americans lost record $10 billion to fraud in 2023, FTC warnsThe U.S. Federal Trade Commission (FTC) says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year.BigBrothers

BleepingComputer

10.2.24New Fortinet RCE flaw in SSL VPN likely exploited in attacksFortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks.Exploit

BleepingComputer

10.2.24Microsoft fixes Copilot issue blocking Windows 11 upgradesMicrosoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems.OS

BleepingComputer

10.2.24Hyundai Motor Europe hit by Black Basta ransomware attackCar maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.Ransom

BleepingComputer

10.2.24Ransomware Retrospective 2024: Unit 42 Leak Site AnalysisThe ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups. Ransom blogPalo Alto
10.2.24RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYSTwo new 1-day LPE exploits were used by the Raspberry Robin worm before they were publicly disclosed, which means that Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time.Malware blogCheckpoint
10.2.24New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organizationTalos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”Malware blogCisco Blog
10.2.24How are user credentials stolen and used by threat actors?You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can 'log on' with valid account details, and outline our recommendations for defense.Cyber blogCisco Blog
10.2.24OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privilegesOpen Automation Software recently released patches for multiple vulnerabilities in their OAS Engine.  Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with VeVulnerebility blogCisco Blog
10.2.24Ransomware payments hit a record high in 2023 – Week in security with Tony AnscombeCalled a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous yearRansom blogEset
10.2.24The buck stops here: Why the stakes are high for CISOsHeavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses?Security blogEset
10.2.24Left to their own devices: Security for employees using personal devices for workAs personal devices within corporate networks make for a potentially combustible mix, a cavalier approach to BYOD security won’t cut itSecurity blogEset
10.2.24Could your Valentine be a scammer? How to avoid getting caught in a bad romanceWith Valentine’s Day almost upon us, here’s some timely advice on how to prevent scammers from stealing more than your heartSecurity blogEset
10.2.24Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS DevicesApple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023. The backdoor, OSThe Hacker News
10.2.24Raspberry Robin Malware Upgrades with Discord Spread and New ExploitsThe operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to beExploitThe Hacker News
9.2.24Ivanti: Patch new Connect Secure auth bypass bug immediatelyToday, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately.Vulnerebility

BleepingComputer

9.2.24Microsoft unveils new 'Sudo for Windows' feature in Windows 11Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals.OS

BleepingComputer

9.2.24Android XLoader malware can now auto-execute after installationA new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch.OS

BleepingComputer

9.2.24US offers $10 million for tips on Hive ransomware leadershipThe U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang.Ransom

BleepingComputer

9.2.24Fake LastPass password manager spotted on Apple’s App StoreLastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials.OS

BleepingComputer

9.2.24Data breaches at Viamedis and Almerys impact 33 million in FranceData breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country.Incindent

BleepingComputer

9.2.24Fortinet warns of new FortiSIEM RCE bugs in confusing disclosureFortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.Vulnerebility

BleepingComputer

9.2.24Facebook ads push new Ov3r_Stealer password-stealing malwareA new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency.Virus

BleepingComputer

9.2.24Denmark orders schools to stop sending student data to GoogleThe Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools.BigBrothers

BleepingComputer

9.2.24Chinese hackers hid in US infrastructure network for 5 yearsThe Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies.APT

BleepingComputer

9.2.24Google tests blocking side-loaded Android apps with risky permissionsGoogle has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions.OS

BleepingComputer

9.2.24Critical Cisco bug exposes Expressway gateways to CSRF attacksCisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks.Vulnerebility

BleepingComputer

9.2.24No, 3 million electric toothbrushes were not used in a DDoS attackA widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack.Hack

BleepingComputer

9.2.24Critical Cisco bug exposes Expressway gateways to CSRF attacksCisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks.Vulnerebility

BleepingComputer

9.2.24No, 3 million electric toothbrushes were not used in a DDoS attackA widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack.Attack

BleepingComputer

9.2.24Critical flaw in Shim bootloader impacts major Linux distrosA critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms.Vulnerebility

BleepingComputer

9.2.24How to Apply Zero Trust to your Active DirectoryWith cyberattacks happening everyday, how can we apply zero trust principles towards keeping our Active Directory secure? Learn more from Specops Software on how to apply zero trust principles.Security

BleepingComputer

9.2.24MoqHao Android Malware Evolves with Auto-Execution CapabilityThreat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiringOS

The Hacker News

9.2.24New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered AttackSixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote . "This malware utilizes theVirusThe Hacker News
9.2.24Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active ExploitationFortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762ExploitThe Hacker News
9.2.24Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA GatewaysIvanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allowVulnerebilityThe Hacker News
9.2.24Stealthy Zardoor Backdoor Targets Saudi Islamic Charity OrganizationAn unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop aVirusThe Hacker News
8.2.24Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a DecadeThe U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into someBigBrothersThe Hacker News
8.2.24HijackLoader Evolves: Researchers Decode the Latest Evasion MethodsThe threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to beVirusThe Hacker News
8.2.24Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in SingaporeGoogle has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions toOSThe Hacker News
8.2.24Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South KoreaThe North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called APTThe Hacker News
8.2.24Critical Patches Released for New Flaws in Cisco, Fortinet, VMware ProductsCisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploitedExploitThe Hacker News
8.2.24After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce BackThe threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands toBotNetThe Hacker News
7.2.24Chinese hackers fail to rebuild botnet after FBI takedownChinese Volt Typhoon state hackers failed to revive a botnet recently taken down by the FBI, which was previously used in attacks targeting critical infrastructure across the United States.BotNet

BleepingComputer

7.2.24Ransomware payments reached record $1.1 billion in 2023Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs.Ransom

BleepingComputer

7.2.24Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in errorIt turns out that critical Fortinet FortiSIEM vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 are not new and have been published this year in error.Vulnerebility

BleepingComputer

7.2.24Chinese hackers infect Dutch military network with malwareA Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.BigBrothers

BleepingComputer

7.2.24Data breach at French healthcare services firm puts millions at riskFrench healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country.Incindent

BleepingComputer

7.2.24JetBrains warns of new TeamCity auth bypass vulnerabilityJetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges.Vulnerebility

BleepingComputer

7.2.24Google says spyware vendors behind most zero-days it discoversCommercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide.BigBrothers

BleepingComputer

7.2.24Verizon insider data breach hits over 63,000 employeesVerizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information.Incindent

BleepingComputer

7.2.24Hackers steal data of 2 million in SQL injection, XSS attacksA threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site scripting (XSS) attacks.Incindent

BleepingComputer

7.2.24Microsoft Outlook December updates trigger ICS security alertsMicrosoft is investigating an issue that triggers Outlook security alerts when trying to open .ICS calendar files after installing December 2023 Patch Tuesday Office security updates.ICSBleepingComputer
7.2.24US announces visa ban on those linked to commercial spywareSecretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States.BigBrothers

BleepingComputer

7.2.24HPE investigates new breach after data for sale on hacking forumHewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information.Incindent

BleepingComputer

7.2.24Newest Ivanti SSRF zero-day now under mass exploitationAn Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers.Vulnerebility

BleepingComputer

7.2.24Microsoft is bringing the Linux sudo command to Windows ServerMicrosoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications.OS

BleepingComputer

7.2.24Microsoft is bringing the Linux sudo command to Windows ServerMicrosoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications.OSBleepingComputer
7.2.24Leaky Vessels flaws allow hackers to escape Docker, runc containersFour vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.VulnerebilityBleepingComputer
7.2.24Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux DistrosThe maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote codeVulnerebilityThe Hacker News
7.2.24Global Coalition and Tech Giants Unite Against Commercial Spyware AbuseA coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft,BigBrothersThe Hacker News
7.2.24Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military NetworkChinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "ThisExploitThe Hacker News
7.2.24Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch NowJetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD)VulnerebilityThe Hacker News
6.2.24Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and CredentialsThreat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealerVirusThe Hacker News
6.2.24High Severity Flaws Found in Azure HDInsight Spark, Kafka, and Hadoop ServicesThree new security vulnerabilities have been discovered in Azure HDInsight's Apache Hadoop , Kafka , and Spark services that could be exploited toVulnerebilityThe Hacker News
6.2.24Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal DataEmployment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumentedIncindentThe Hacker News
6.2.24Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass ExploitationA recently disclosed server-side request forgery ( SSRF ) vulnerability impacting Ivanti Connect Secure and Policy Secure products has comeExploitThe Hacker News
6.2.24U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware SurveillanceThe U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use ofBigBrothersThe Hacker News
6.2.24Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money LaunderingA 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related toCryptocurrencyThe Hacker News
5.2.24Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy MalwareThe threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remoteOSThe Hacker News
5.2.24Pegasus Spyware Targeted iPhones of Journalists and Activists in JordanThe iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSOOSThe Hacker News
5.2.24New Mispadu Banking Trojan Exploiting Windows SmartScreen FlawThe threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw toExploitThe Hacker News
4.2.24Clorox says cyberattack caused $49 million in expensesClorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident.Incindent

BleepingComputer

4.2.24Check if you're in Google Chrome's third-party cookie phaseout testGoogle has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test.Security

BleepingComputer

4.2.24Mastodon vulnerability allows attackers to take over accountsMastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account.Vulnerebility

BleepingComputer

4.2.24The Week in Ransomware - February 2nd 2024 - No honor among thievesAttacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks.Ransom

BleepingComputer

4.2.24AnyDesk says hackers breached its production servers, reset passwordsAnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.IncindentBleepingComputer
4.2.24Lurie Children's Hospital took systems offline after cyberattackLurie Children's Hospital in Chicago was forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances.Incindent

BleepingComputer

4.2.24BTC-e server admin indicted for laundering ransom payments, stolen cryptoAliaksandr Klimenka, a Belarusian and Cypriot national, has been indicted in the U.S. for his involvement in an international cybercrime money laundering operation.Cryptocurrency

BleepingComputer

4.2.24Interpol operation Synergia takes down 1,300 servers used for cybercrimeAn international law enforcement operation code-named 'Synergia' has taken down over 1,300 command and control servers used in ransomware, phishing, and malware campaigns.BigBrothers

BleepingComputer

4.2.24FTC orders Blackbaud to boost security after massive data breachBlackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people.Incindent

BleepingComputer

4.2.24Cloudflare hacked using auth tokens stolen in Okta attackCloudflare disclosed today that its internal Atlassian server was breached by a suspected 'nation state attacker' who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system.Incindent

BleepingComputer

4.2.24Microsoft fixes connection issue affecting Outlook email appsMicrosoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts.Vulnerebility

BleepingComputer

4.2.24More Android apps riddled with malware spotted on Google PlayAn Android remote access trojan (RAT) known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023.OS

BleepingComputer

4.2.24PurpleFox malware infects thousands of computers in UkraineThe Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country.Virus

BleepingComputer

4.2.24Google shares fix for Pixel phones hit by bad system updateGoogle has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update.Vulnerebility

BleepingComputer

4.2.24New Windows Event Log zero-day flaw gets unofficial patchesFree unofficial patches are available for a new Windows zero-day vulnerability dubbed 'EventLogCrasher' that lets attackers remotely crash the Event Log service on devices within the same Windows domain.Vulnerebility

BleepingComputer

4.2.24Exploring the Latest Mispadu Stealer VariantUnit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019. We found this activity as part of the Unit 42 Managed Threat Hunting offering. Malware blogPalo Alto
4.2.24ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery CampaignUnit 42 researchers discovered a large-scale campaign we call ApateWeb that uses a network of over 130,000 domains to deliver scareware, potentially unwanted programs (PUPs) and other scam pages.Spam blogPalo Alto
4.2.24Threat Assessment: BianLianUnit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most active groups based on leak site data we’ve gathered.BigBrother blogPalo Alto
4.2.24Financial Fraud APK CampaignDuring our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files.OS BlogPalo Alto
4.2.24Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectorsTalos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter.Ransom blogCisco Blog
4.2.24OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privilegesOpen Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with VeVulnerebility blogCisco Blog
4.2.24Exploring malicious Windows drivers (Part 1): Introduction to the kernel and driversMalicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.Malware blogCisco Blog
4.2.24Grandoreiro banking malware disrupted – Week in security with Tony AnscombeThe banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windowsMalware blogEset
4.2.24VajraSpy: A Patchwork of espionage appsESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT groupAPT blogEset
4.2.24ESET Research Podcast: ChatGPT, the MOVEit hack, and PandoraAn AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxesCyber blogEset
4.2.24ESET takes part in global operation to disrupt the Grandoreiro banking trojanESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimologyMalware blogEset
4.2.24Cyber: The Swiss army knife of tradecraftIn today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alikeCyber blogEset
4.2.24Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony AnscombeThe previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UKAPT blogEset
4.2.24Assessing and mitigating supply chain cybersecurity risksBlindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk managementCyber blogEset
4.2.24NSPX30: A sophisticated AitM-enabled implant evolving since 2005ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named BlackwoodAPT blogEset
4.2.24Break the fake: The race is on to stop AI voice cloning scamsAs AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detectionAI blogEset

3.2.24

CISA orders federal agencies to disconnect Ivanti VPN appliances by SaturdayCISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday.BigBrothersBleepingComputer

3.2.24

Hackers push USB malware payloads via news, media hosting sitesA financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content.Virus

BleepingComputer

3.2.24

Police seize record 50,000 Bitcoin from now-defunct piracy siteThe police in Saxony, eastern Germany, have seized 50,000 Bitcoin from the former operator of the pirate site movie2k.to through a voluntary deposit to a state-controlled wallet.Cryptocurrency

BleepingComputer

3.2.24

Europcar denies data breach of 50 million users, says data is fakeCar rental company Europcar says it has not suffered a data breach and that shared customer data is fake after a threat actor claimed to be selling the personal info of 50 million customers.Incindent

BleepingComputer

3.2.24

Exploit released for Android local elevation flaw impacting 7 OEMsA proof-of-concept (PoC) exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers (OEMs) is now publicly available on GitHub. However, as the exploit requires local access, its release will mostly be helpful to researchers.OS

BleepingComputer

3.2.24

CISA warns of patched iPhone kernel bug now exploited in attacksCISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks.BigBrothersBleepingComputer

3.2.24

FBI disrupts Chinese botnet by wiping malware from infected routersThe FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure.BotNet

BleepingComputer

3.2.24

CISA: Vendors must secure SOHO routers against Volt Typhoon attacksCISA has urged manufacturers of small office/home office (SOHO) routers to ensure their devices' security against ongoing attacks attempting to hijack them, especially those coordinated by Chinese state-backed hacking group Volt Typhoon (Bronze Silhouette).BigBrothers

BleepingComputer

3.2.24

Johnson Controls says ransomware attack cost $27 million, data stolenJohnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data.Ransom

BleepingComputer

3.2.24

Ivanti warns of new Connect Secure zero-day exploited in attacksToday, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation.Vulnerebility

BleepingComputer

3.2.24

New Linux glibc flaw lets attackers get root on major distrosUnprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).Vulnerebility

BleepingComputer

3.2.24

Online ransomware decryptor helps recover partially encrypted filesCyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption.Ransom

BleepingComputer

3.2.24

US charges two more suspects with DraftKing account hacks​The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack.CyberCrimeBleepingComputer

3.2.24

Vastaamo hacker traced via ‘untraceable’ Monero transactions, police saysJulius Aleksanteri Kivimäki, the suspect believed to be behind an attack against one of Finland's largest psychotherapy clinics, Vastaamo, was allegedly identified by tracing what has been believed to be untraceable Monero transactions.Cryptocurrency

BleepingComputer

3.2.24

A mishandled GitHub token exposed Mercedes-Benz source codeA mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public.Incindent

BleepingComputer

3.2.24

Microsoft Teams phishing pushes DarkGate malware via group chatsNew phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems.Phishing

BleepingComputer

3.2.24

Citibank sued over failure to defend customers against hacks, fraudNew York Attorney General Letitia James sued Citibank over its alleged failure to defend customers against hacks and scams and refusal to reimburse victims after allowing fraudsters to steal millions from their accounts.Incindent

BleepingComputer

3.2.24

Police disrupt Grandoreiro banking malware operation, make arrestsThe Federal Police of Brazil and cybersecurity researchers have disrupted the Grandoreiro banking malware operation, which has been targeting Spanish-speaking countries with financial fraud since 2017.CyberCrime

BleepingComputer

3.2.24

Keenan warns 1.5 million people of data breach after summer cyberattackKeenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack.Incindent

BleepingComputer

3.2.24

U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber AttacksThe U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the IranianBigBrothersThe Hacker News

3.2.24

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized AccountThe decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account.VulnerebilityThe Hacker News

3.2.24

AnyDesk Hacked: Popular Remote Desktop Software Mandates Password ResetRemote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The GermanIncindentThe Hacker News

3.2.24

Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay AttacksRussian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023,APTThe Hacker News

3.2.24

DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and CryptojackingThe Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strainVirusThe Hacker News

3.2.24

Former CIA Engineer Sentenced to 40 Years for Leaking Classified DocumentsA former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New YorkBigBrothersThe Hacker News

3.2.24

INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPsAn INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IPCyberCrimeThe Hacker News

3.2.24

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal DocsCloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorizedIncindentThe Hacker News

2.2.24

45k Jenkins servers exposed to RCE attacks using public exploitsResearchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.VulnerebilityBleepingComputer

2.2.24

Keenan warns 1.5 million people of data breach after summer cyberattackKeenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack.Incindent

BleepingComputer

2.2.24

Energy giant Schneider Electric hit by Cactus ransomware attackEnergy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter.Ransom

BleepingComputer

2.2.24

Microsoft says Outlook apps can’t connect to Outlook.comMicrosoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account.Security

BleepingComputer

2.2.24

FBI: Tech support scams now use couriers to collect victims' money​Today, the FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams.BigBrothers

BleepingComputer

2.2.24

Ransomware payments drop to record low as victims refuse to payThe number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware.Ransom

BleepingComputer

2.2.24

DHS employees jailed for stealing data of 200K U.S. govt workersThree former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees.BigBrothers

BleepingComputer

2.2.24

Exploits released for critical Jenkins RCE flaw, patch nowMultiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks.Exploit

BleepingComputer

2.2.24

The Week in Ransomware - January 26th 2024 - Govts strike backGovernments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison.Ransom

BleepingComputer

2.2.24

Kansas City public transportation authority hit by ransomwareThe Kansas City Area Transportation Authority (KCATA) announced it was targeted by a ransomware attack on Tuesday, January 23.Ransom

BleepingComputer

2.2.24

Microsoft releases first Windows Server 2025 preview buildMicrosoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program.OSBleepingComputer

2.2.24

FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your NetworkThe threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability toVirusThe Hacker News

2.2.24

Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking CampaignExposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat .CryptocurrencyThe Hacker News

2.2.24

U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO RoutersThe U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO)BotNetThe Hacker News

2.2.24

HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto MiningCybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the worldVirusThe Hacker News

2.2.24

Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN VulnerabilitiesGoogle-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groupsExploitThe Hacker News

2.2.24

CISA Warns of Active Exploitation of Flaw in Apple iOS and macOSThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS,BigBrothersThe Hacker News

1.2.24

Microsoft introduces flighting for Windows Server insidersMicrosoft has launched flighting for Windows Server systems enrolled in its Windows Insider open software testing program.OS

BleepingComputer

1.2.24Ukraine: Hack wiped 2 petabytes of data from Russian research centerThe Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data.Virus

BleepingComputer

1.2.24

Microsoft reveals how hackers breached its Exchange Online accountsMicrosoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign.Hack

BleepingComputer

1.2.24

Role of Wazuh in building a robust cybersecurity architectureLeveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits. Learn more from Wazuh about the benefits of open source solutions.Security

BleepingComputer

1.2.24

Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twiceThe first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.Congress

BleepingComputer

1.2.2423andMe data breach: Hackers stole raw genotype data, health reportsGenetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27.Incindent

BleepingComputer

1.2.24

Blackwood hackers hijack WPS Office update to install malwareA previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals.Virus

BleepingComputer

1.2.24

Russian TrickBot malware dev sentenced to 64 months in prisonRussian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide.Virus

BleepingComputer

1.2.24iPhone apps abuse iOS push notifications to collect user dataNumerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking.OS

BleepingComputer

1.2.24

Tesla hacked again, 24 more zero-days exploited at Pwn2Own TokyoSecurity researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition.Congress

BleepingComputer

1.2.24Cisco warns of critical RCE flaw in communications softwareCisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue.Vulnerebility

BleepingComputer

1.2.24

Hackers target WordPress database plugin active on 1 million sitesMalicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours.CyberCrime

BleepingComputer

1.2.24

HPE: Russian hackers breached its security team’s email accountsHewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments.Incindent

BleepingComputer

1.2.24VexTrio TDS: Inside a massive 70,000-domain cybercrime operationA previously unknown traffic distribution system (TDS) named 'VexTrio' has been active since at least 2017, aiding 60 affiliates in their cybercrime operations through a massive network of 70,000 sites.CyberCrime

BleepingComputer

1.2.24

Over 5,300 GitLab servers exposed to zero-click account takeover attacksOver 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.Vulnerebility

BleepingComputer

1.2.24UK says AI will empower ransomware over the next two yearsThe United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware.AI

BleepingComputer

1.2.24

Global fintech firm EquiLend offline after recent cyberattackNew York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in a Monday cyberattack.Attack

BleepingComputer

1.2.24How to secure AD passwords without sacrificing end-user experienceTo increase password security, regulatory bodies recommend longer and unique passwords. Despite this, many still stick to using the same easy-to-guess passwords for the sake of convenience.Security

BleepingComputer

1.2.24

Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.Congress

BleepingComputer

1.2.24

Windows 11 KB5034204 update fixes Bluetooth audio issues, 24 bugsMicrosoft released the January 2024 preview update for Windows 11 versions 22H2 and 23H2, which comes with Bluetooth audio bug fixes and addresses 24 known issues.OS

BleepingComputer

1.2.24Microsoft: Recent updates cause Sysprep Windows validation errorsMicrosoft says admins are seeing 0x80073cf2 errors when using the System Preparation (Sysprep) tool to validate Windows installations for deployment after installing recent Windows 10 updates.OSBleepingComputer
1.2.24RunC Flaws Enable Container Escapes, Granting Attackers Host AccessMultiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of theExploitThe Hacker News

1.2.24

Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active ExploitationIvanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. ExploitThe Hacker News
1.2.24Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and MalwareCybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter forPhishingThe Hacker News

1.2.24

The SEC Won't Let CISOs Be: Understanding New SaaS Cybersecurity RulesThe SEC isn't giving SaaS a free pass. Applicable public companies, known as "registrants," are now subject to cyber incident disclosure and cybersecurityBigBrothersThe Hacker News

1.2.24

Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking MalwareA financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations inCryptocurrencyThe Hacker News
1.2.24Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader MalwareA pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-VirusThe Hacker News

1.2.24

New Glibc Flaw Grants Attackers Root Access on Major Linux DistrosMalicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (akaVulnerebilityThe Hacker News

31.1.24

Exploit released for Fortra GoAnywhere MFT auth bypass bugExploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal.Exploit

BleepingComputer

31.1.24

Water services giant Veolia North America hit by ransomware attackVeolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems.Ransom

BleepingComputer

31.1.24

Trello API abused to link email addresses to 15 million accountsAn exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.Incindent

BleepingComputer

31.1.24

X adds passkeys support for iOS users in the United StatesX, formerly Twitter, announced today that iOS users in the United States can now log into their accounts using passkeys.Social

BleepingComputer

31.1.24

Kasseika ransomware uses antivirus driver to kill other antivirusesA recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files.Ransom

BleepingComputer

31.1.24

Windows 10 KB5034203 preview update adds EU DMA complianceMicrosoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act (DMA) compliance in the European Economic Area (EEA) to allow European users to uninstall all apps in Windows by March 6.OS

BleepingComputer

31.1.24

Jason’s Deli says customer data exposed in credential stuffing attackJason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks.Attack

BleepingComputer

31.1.24

Fortra warns of new critical GoAnywhere MFT auth bypass, patch nowFortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user.Vulnerebility

BleepingComputer

31.1.24

US, UK, Australia sanction REvil hacker behind Medibank data breachThe Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group.Ransom

BleepingComputer

31.1.24

SEC confirms X account was hacked in SIM swapping attackThe U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account.BigBrothers

BleepingComputer

31.1.24

Cracked macOS apps drain wallets using scripts fetched from DNS recordsHackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts.OS

BleepingComputer

31.1.24

Malicious web redirect scripts stealth up to hide on hacked sitesSecurity researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms.Virus

BleepingComputer

31.1.24

Apple fixes first zero-day bug exploited in attacks this yearApple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs.OS

BleepingComputer

31.1.24

Ivanti: VPN appliances vulnerable if pushing configs after mitigationIvanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities.Vulnerebility

BleepingComputer

31.1.24

loanDepot cyberattack causes data breach for 16.6 million peopleMortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier this month.Incindent

BleepingComputer

31.1.24

Trezor support site breach exposes personal data of 66,000 customersTrezor issued an alert following a security breach on January 17, 2024, when unauthorized access was gained to their third-party support ticketing portal.Cryptocurrency

BleepingComputer

31.1.24

Hackers start exploiting critical Atlassian Confluence RCE flawSecurity researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers.Exploit

BleepingComputer

31.1.24

Tietoevry ransomware attack causes outages for Swedish firms, citiesFinnish IT services and enterprise cloud hosting provider Tietoevry has suffered an Akira ransomware attack impacting cloud hosting customers in one of its data centers in Sweden.Ransom

BleepingComputer

31.1.24

Watch out for "I can't believe he is gone" Facebook phishing postsA widespread Facebook phishing campaign stating, "I can't believe he is gone. I'm gonna miss him so much," leads unsuspecting users to a website that steals your Facebook credentials.Social

BleepingComputer

31.1.24

Brave to end 'Strict' fingerprinting protection as it breaks websitesBrave Software has announced plans to deprecate the 'Strict' fingerprinting protection mode in its privacy-focused Brave Browser because it causes many sites to function incorrectly.Safety

BleepingComputer

31.1.24

Brazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top OperativesA Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil VirusThe Hacker News

31.1.24

URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File OverwriteGitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited toVulnerebilityThe Hacker News

31.1.24

China-Linked Hackers Target Myanmar's Top Ministries with Backdoor BlitzThe China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twinAPTThe Hacker News

31.1.24

Italian Data Protection Watchdog Accuses ChatGPT of Privacy ViolationsItaly's data protection authority (DPA) has notified ChatGPT-maker OpenAI of supposedly violating privacy laws in the region. "The available evidence pointedAIThe Hacker News

31.1.24

New ZLoader Malware Variant Surfaces with 64-bit Windows CompatibilityThreat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure wasVirusThe Hacker News

30.1.24

Juniper Networks Releases Urgent Junos OS Updates for High-Severity FlawsJuniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor toVulnerebilityThe Hacker News

30.1.24

Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM PasswordsA now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords whenVulnerebilityThe Hacker News

30.1.24

Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and GolangCybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust . Fortinet FortiGuard Labs, whichRansomThe Hacker News

29.1.24

NSA Admits Secretly Buying Your Internet Browsing Data without WarrantsThe U.S. National Security Agency (NSA) has admitted to buying internet browsing records from data brokers to identify the websites and appsBigBrothersThe Hacker News

29.1.24

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows MachinesCybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an informationVirusThe Hacker News

27.1.24

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud TricksMexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote accessVirusThe Hacker News

26.1.24

Perfecting the Defense-in-Depth Strategy with AutomationMedieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdomSecurityThe Hacker News

26.1.24

Malicious Ads on Google Target Chinese Users with Fake Messaging AppsChinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertisingVirusThe Hacker News

26.1.24

Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global OrgsMicrosoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 haveAPTThe Hacker News

26.1.24

Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBotCyberCrimeThe Hacker News

26.1.24

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms SystemsCisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that couldVulnerebilityThe Hacker News

26.1.24

From Megabits to Terabits: Gcore Radar Warns of a New Era of DDoS AttacksAs we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to trackAttackThe Hacker News

26.1.24

SystemBC Malware's C2 Server Analysis Exposes Payload Delivery TricksCybersecurity researchers have shed light on the command-and-control (C2) server workings of a known malware family called SystemBC . "SystemBC canVirusThe Hacker News

26.1.24

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolvedVulnerebilityThe Hacker News

26.1.24

LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code TricksCybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks. The findingsVirusThe Hacker News

25.1.24

China-backed Hackers Hijack Software Updates to Implant "NSPX30" SpywareA previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests fromHackThe Hacker News

25.1.24

New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc ExploitsA new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromisedVirusThe Hacker News

24.1.24

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC BreachHackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud emailHackThe Hacker News

24.1.24

Google Kubernetes Misconfig Lets Any Gmail Account Control Your ClustersCybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actorsExploitThe Hacker News

24.1.24

Kasseika Ransomware Using BYOVD Trick to Disarm Security Pre-EncryptionThe ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver ( BYOVD ) attack to disarm security-RansomThe Hacker News

24.1.24

U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank BreachGovernments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomwareRansomThe Hacker News

23.1.24

VexTrio: The Uber of Cybercrime - Brokering Malware for 60+ AffiliatesThe threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part ofCyberCrimeThe Hacker News

23.1.24

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHubTwo malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen fromVirusThe Hacker News

23.1.24

"Activator" Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto WalletsCracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting systemOSThe Hacker News

23.1.24

BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail TimeConor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator ofIncindentThe Hacker News

23.1.24

~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active ExploitationMalicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and ConfluenceVulnerebilityThe Hacker News

23.1.24

Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update NowApple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under activeOSThe Hacker News

23.1.24

North Korean Hackers Weaponize Research Lures to Deliver RokRAT BackdoorMedia organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor knownVirusThe Hacker News

23.1.24

MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned LibrariesSeveral public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supplyOSThe Hacker News

22.1.24

NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular BrowsersCybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data fromVirusThe Hacker News

22.1.24

FTC Bans InMarket for Selling Precise User Location Without ConsentThe U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise locationBigBrothersThe Hacker News

22.1.24

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell AttacksCybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliverExploitThe Hacker News

21.1.24

Court charges dev with hacking after cybersecurity issue disclosureA German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorized access to external computer systems and spying on data.Cyber

BleepingComputer

21.1.24

Researchers link 3AM ransomware to Conti, Royal cybercrime gangsSecurity researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang.Ransom

BleepingComputer

21.1.24

Meta won't remove fake Instagram profiles that are clearly catfishingMeta seems to be falling short of effectively tackling fake Instagram profiles even when there are sufficient signs to indicate that a profile is misusing someone else's photos and identity.Social

BleepingComputer

21.1.24

Russian hackers stole Microsoft corporate emails in month-long breachMicrosoft warned Friday night that some of its corporate email accounts were breached and data stolen by a Russian state-sponsored hacking group known as Midnight Blizzard. Incindent

BleepingComputer

21.1.24

BreachForums hacking forum admin sentenced to 20 years supervised releaseConor Brian Fitzpatrick was sentenced to 20 years of supervised release today in the Eastern District of Virginia for operating the notorious BreachForums hacking forum, known for the sale and leaking of personal data for hundreds of millions of people worldwide.Cyber

BleepingComputer

21.1.24

Payoneer accounts in Argentina hacked in 2FA bypass attacksNumerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping.Hack

BleepingComputer

21.1.24

CISA emergency directive: Mitigate Ivanti zero-days immediatelyCISA issued this year's first emergency directive ordering Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate two Ivanti Connect Secure and Ivanti Policy Secure zero-day flaws in response to widespread and active exploitation by multiple threat actors.BigBrothers

BleepingComputer

21.1.24

FTC bans one more data broker from selling your location infoThe U.S. Federal Trade Commission (FTC) continues to target data brokers, this time in a settlement with InMarket Media, which bans the company from selling Americans' precise location data.BigBrothers

BleepingComputer

21.1.24

Chinese hackers exploit VMware bug as zero-day for two yearsA Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021.Vulnerebility

BleepingComputer

21.1.24

Vans, North Face owner says ransomware breach affects 35 million peopleVF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35 million customers had their personal information stolen in a December ransomware attack.Ransom

BleepingComputer

21.1.24

VMware confirms critical vCenter flaw now exploited in attacksVMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation.Exploit

BleepingComputer

21.1.24

TeamViewer abused to breach networks in new ransomware attacksRansomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder.Ransom

BleepingComputer

21.1.24

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 YearsAn advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has beenBigBrothersThe Hacker News

20.1.24

Parrot TDS: A Persistent and Evolving Malware CampaignThis campaign is unique in its methodology, employing a source spoofing technique to target a broad spectrum of token holders. It specifically focuses on more than 100 highly popular projects, aiming its attacks at token holders. Malware blogPalo Alto

20.1.24

CHECK POINT RESEARCH ALERTS ON A NEW NFT AIRDROP CAMPAIGNA traffic direction system (TDS) nicknamed Parrot TDS has been publicly reported as active since October 2021. Websites with Parrot TDS have malicious scripts injected into existing JavaScript code hosted on the server. This TDS is easily identifiable by keywords found in the injected JavaScript that we will explore to show the evolution of this threat. OS BlogCheckpoint

20.1.24

Why many CISOs consider quitting – Week in security with Tony AnscombeThe job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failingsSecurity blogEset

20.1.24

Virtual kidnapping: How to see through this terrifying scamPhone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victimsSpam blogEset

20.1.24

Is Temu safe? What to know before you ‘shop like a billionaire’Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible dealSpam blogEset

20.1.24

The 7 deadly cloud security sins and how SMBs can do things betterBy eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-riskSecurity blogEset

20.1.24

CISA: Critical Ivanti auth bypass bug now actively exploitedCISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) and MobileIron Core device management software (patched in August 2023) is now under active exploitation.Exploit

BleepingComputer

20.1.24

Kansas State University cyberattack disrupts IT network and servicesKansas State University (K-State) announced it is managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services on Canvas and Mediasite.Incindent

BleepingComputer

20.1.24

Haier hits Home Assistant plugin dev with takedown noticeAppliances giant Haier reportedly issued a takedown notice to a software developer for creating Home Assistant integration plugins for the company's home appliances and releasing them on GitHub.Security

BleepingComputer

20.1.24

US govt wants BreachForums admin sentenced to 15 years in prisonThe United States government has recommended that Conor Brian Fitzpatrick, the creator and lead administrator of the now-defunct BreachForums hacking forums, receive a sentence of 15 years in prison.CyberCrime

BleepingComputer

20.1.24

Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web MarketsLearn how threat actors utilize credentials to break into privileged IT infrastructure to create data breaches and distribute ransomware.Ransom

BleepingComputer

20.1.24

Google: Russian FSB hackers deploy new Spica backdoor malwareGoogle says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool.BigBrothers

BleepingComputer

20.1.24

Docker hosts hacked in ongoing website traffic theft schemeA new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy.Cryptocurrency

BleepingComputer

20.1.24

Have I Been Pwned adds 71 million emails from Naz.API stolen account listHave I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service.Security

BleepingComputer

20.1.24

Microsoft: Iranian hackers target researchers with new MediaPl malwareMicrosoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware.Virus

BleepingComputer

20.1.24

Bigpanzi botnet infects 170,000 Android TV boxes with malwareA previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015.OS

BleepingComputer

20.1.24

CISA pushes federal agencies to patch Citrix RCE within a weekToday, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks.Exploit

BleepingComputer

20.1.24

iShutdown scripts can help detect iOS spyware on your iPhoneSecurity researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events.OS

BleepingComputer

20.1.24

AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacksA new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space.Vulnerebility

BleepingComputer

20.1.24

GitHub rotates keys to mitigate impact of credential-exposing flawGitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables.Vulnerebility

BleepingComputer

20.1.24

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day ExploitsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive BranchExploitThe Hacker News

20.1.24

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT AttackMicrosoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments fromAPTThe Hacker News

20.1.24

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter MalwareThe threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware familiesPhishingThe Hacker News

19.1.24

MacOS info-stealers quickly evolve to evade XProtect detectionMultiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently.OS

BleepingComputer

19.1.24

Citrix warns of new Netscaler zero-days exploited in attacksCitrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities.Vulnerebility

BleepingComputer

19.1.24

Google fixes first actively exploited Chrome zero-day of 2024Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year.Vulnerebility

BleepingComputer

19.1.24

Majorca city Calvià extorted for $11M in ransomware attackThe Calvià City Council in Majorca announced it was targeted by a ransomware attack on Saturday, which impacted municipal services.Ransom

BleepingComputer

19.1.24

FBI: Androxgh0st malware botnet steals AWS, Microsoft credentialsCISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads.BigBrothers

BleepingComputer

19.1.24

PixieFail flaws impact PXE network boot in enterprise systemsA set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers.Vulnerebility

BleepingComputer

19.1.24

Atlassian warns of critical RCE flaw in older Confluence versionsAtlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases.Vulnerebility

BleepingComputer

19.1.24

Ivanti Connect Secure zero-days now under mass exploitationTwo zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) appliances are now under mass exploitation.Vulnerebility

BleepingComputer

19.1.24

US court docs expose fake antivirus renewal phishing tacticsIn a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails.Phishing

BleepingComputer

19.1.24

Microsoft working on a fix for Windows 10 0x80070643 errorsMicrosoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability.Vulnerebility

BleepingComputer

19.1.24

Windows SmartScreen flaw exploited to drop Phemedrone malwareA Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files.Exploit

BleepingComputer

19.1.24

Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacksSecurity researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks.Vulnerebility

BleepingComputer

19.1.24

Latest Adblock update causes massive YouTube performance hitAdblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension.Security

BleepingComputer

19.1.24

Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular SoftwarePirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infectedOSThe Hacker News

19.1.24

Npm Trojan Bypasses UAC, Installs AnyDesk with "Oscompatible" PackageA malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. TheVirusThe Hacker News

19.1.24

U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager MobileBigBrothersThe Hacker News

19.1.24

New Docker Malware Steals CPU for Crypto & Drives Fake Website TrafficVulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as theVirusThe Hacker News

19.1.24

Russian COLDRIVER Hackers Expand Beyond Phishing with Custom MalwareThe Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-everBigBrothersThe Hacker News

19.1.24

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning AttacksContinuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework couldVulnerebilityThe Hacker News

19.1.24

MFA Spamming and Fatigue: When Security Measures Go WrongIn today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguardHackThe Hacker News

19.1.24

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data TheftMultiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the UnifiedVulnerebilityThe Hacker News

18.1.24

Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War ExpertsHigh-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S.BigBrothersThe Hacker News

18.1.24

PAX PoS Terminal Flaw Could Allow Attackers to Tamper with TransactionsThe point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threatHackThe Hacker News

18.1.24

Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 CredentialsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the BigBrothersThe Hacker News

18.1.24

New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhoneCybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices,OSThe Hacker News

18.1.24

GitHub Rotates Keys After High-Severity Vulnerability Exposes CredentialsGitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentialsVulnerebilityThe Hacker News

17.1.24

Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that areVulnerebilityThe Hacker News

17.1.24

Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited VulnerabilityGoogle on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked asExploitThe Hacker News

17.1.24

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act NowOver 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to causeExploitThe Hacker News

17.1.24

Remcos RAT Spreading Through Adult Games in New Attack WaveThe remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in SouthVirusThe Hacker News

16.1.24

Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 VictimsThe operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 andCryptocurrencyThe Hacker News

16.1.24

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone StealerThreat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called CryptocurrencyThe Hacker News

16.1.24

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or WindowsCybersecurity researchers have disclosed a now-patched security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be..VulnerebilityThe Hacker News

15.1.24

The new Windows 11 features coming in 2024Windows 11 is gearing up to introduce an array of exciting new features in 2024 aimed at enhancing user experience across various aspects of the operating system.OS

BleepingComputer

15.1.24

GrapheneOS: Frequent Android auto-reboots block firmware exploitsGrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users.OS

BleepingComputer

15.1.24

Hacker spins up 1 million virtual servers to illegally mine cryptoA 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency. Cryptocurrency

BleepingComputer

15.1.24

High-Severity Flaws Uncovered in Bosch Thermostats and Smart NutrunnersMultiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, ifVulnerebilityThe Hacker News

15.1.24

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin VulnerabilityThousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector . First VirusThe Hacker News

15.1.24

DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023The environmental services industry witnessed an "unprecedented surge" in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for halfAttackThe Hacker News

14.1.24

New Findings Challenge Attribution in Denmark's Energy Sector CyberattacksThe cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, newBigBrothersThe Hacker News

14.1.24

Medusa Ransomware Turning Your Files into StoneUnit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. Ransom blogPalo Alto

14.1.24

Financial Fraud APK CampaignDuring our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. Hacking blogPalo Alto

14.1.24

Tackling Anti-Analysis Techniques of GuLoader and RedLine StealerMalware, like many complex software systems, relies on the concept of software configuration. Configurations establish guidelines for malware behavior and they are a common feature among the various malware families we examine.Malware blogPalo Alto

14.1.24

.NET HOOKING – HARMONIZING MANAGED TERRITORYFor a malware researcher, analyst, or reverse engineer, the ability to alter the functionality of certain parts of code is a crucial step, often necessary to reach a meaningful result during the analysis process. Malware blogCheckpoint

14.1.24

New decryptor for Babuk Tortilla ransomware variant releasedCisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor.Ransom blogCisco Blog

14.1.24

Lessons from SEC's X account hack – Week in security with Tony AnscombeThe cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC's X account right ahead of the much-anticipated decision about Bitcoin ETFsCryptocurrency blogEset

14.1.24

A peek behind the curtain: How are sock puppet accounts used in OSINT?How wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risksSecurity blogEset

14.1.24

Attack of the copycats: How fake messaging apps and app mods could bite youWhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don’t get taken for a ride.Social blogEset

14.1.24

Love is in the AI: Finding love online takes on a whole new meaningIs AI companionship the future of not-so-human connection – and even the cure for loneliness?AI blogEset

14.1.24

Cracking the 2023 SANS Holiday Hack ChallengeFrom ChatNPT to Game Boys and space apps, this year’s challenge took us to the Geese Islands for another rollicking romp of funHacking blogEset

14.1.24

Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony AnscombeWhat are some of the key cybersecurity trends that people and organizations should have on their radars this year?Security blogEset

14.1.24

Lost and found: How to locate your missing devices and moreLosing your keys, your wallet – or anything else, really – can be a pain, but there is a wide world of trackers that can help you locate your missing things – with awesome accuracySecurity blogEset

14.1.24

Say what you will? Your favorite speech-to-text app may be a privacy riskTyping with your voice? It should go without saying that you need to take some precautions and avoid spilling your secrets.Security blogEset

13.1.24

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX SwitchesJuniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue,VulnerebilityThe Hacker News

13.1.24

29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud ServicesA 29-year-old Ukrainian national has been arrested in connection with running a "sophisticated cryptojacking scheme," netting them over $2 million (€1.8CryptocurrencyThe Hacker News

13.1.24

The Week in Ransomware - January 12th 2024 - Targeting homeowners' dataMortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked.Ransom

BleepingComputer

13.1.24

CISA: Critical Microsoft SharePoint bug now actively exploitedCISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution.Exploit

BleepingComputer

13.1.24

GitLab warns of critical zero-click account hijacking vulnerabilityGitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.Vulnerebility

BleepingComputer

13.1.24

Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware FamiliesAs many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-dayExploitThe Hacker News

12.1.24

Juniper warns of critical RCE bug in its firewalls and switchesJuniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches.Vulnerebility

BleepingComputer

12.1.24

Ivanti Connect Secure zero-days exploited to deploy custom malwareHackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes.Vulnerebility

BleepingComputer

12.1.24

Framework discloses data breach after accountant gets phishedFramework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack.Incindent

BleepingComputer

12.1.24

Over 150k WordPress sites at takeover risk via vulnerable pluginTwo vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.Vulnerebility

BleepingComputer

12.1.24

Halara probes breach after hacker leaks data for 950,000 peoplePopular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum.Incindent

BleepingComputer

12.1.24

Microsoft testing Windows 11 USB 80Gbps support, Copilot on loginMicrosoft is now testing support for the USB4 Version 2.0 specification in Windows 11, enabling transfer speeds of up to 80 Gbps over USB Type-C cables.OSBleepingComputer

12.1.24

Bitwarden adds passkey support to log into web password vaultsThe open-source Bitwarden password manager has announced that all users can now log in to their web vaults using a passkey instead of the standard username and password pairs.Security

BleepingComputer

12.1.24

Microsoft shares script to update Windows 10 WinRE with BitLocker fixesMicrosoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass.Vulnerebility

BleepingComputer

12.1.24

New Balada Injector campaign infects 6,700 WordPress sitesA new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign.Virus

BleepingComputer

12.1.24

Finland warns of Akira ransomware wiping NAS and tape backup devicesThe Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups.Ransom

BleepingComputer

12.1.24

Medusa Ransomware on the Rise: From Data Leaks to Physical ThreatsThe threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark webRansomThe Hacker News

12.1.24

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New AttacksCybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrencyCryptocurrencyThe Hacker News

12.1.24

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to itsExploitThe Hacker News

12.1.24

Threat Actors Increasingly Abusing GitHub for Malicious PurposesThe ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloadsVirusThe Hacker News

12.1.24

Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and StrategyCybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute 1 , "only 59% of organizations saySecurityThe Hacker News

12.1.24

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP SystemsCybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-sourceExploitThe Hacker News

12.1.24

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS PlatformsA new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaSHackThe Hacker News

11.1.24

Mandiant's X account hacked by crypto Drainer-as-a-Service gangCybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack."Hack

BleepingComputer

11.1.24

Cisco says critical Unity Connection bug lets attackers get rootCisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices.Vulnerebility

BleepingComputer

11.1.24

Fidelity National Financial: Hackers stole data of 1.3 million peopleFidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers.BigBrothersBleepingComputer

11.1.24

Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attackA pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator.BigBrothers

BleepingComputer

11.1.24

Ivanti warns of Connect Secure zero-days exploited in attacksIvanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways.Exploit

BleepingComputer

11.1.24

Fake 401K year-end statements used to steal corporate credentialsThreat actors are using communication about personal pension accounts (the 401(k) plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials.IncindentBleepingComputer

11.1.24

Windows 10 KB5034441 security update fails with 0x80070643 errorsWindows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker.OS

BleepingComputer

11.1.24

Microsoft Exchange 2019 has reached end of mainstream supportMicrosoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023.OS

BleepingComputer

11.1.24

ShinyHunters member gets 3 years in prison for breaching 60 firmsThe U.S. District Court in Seattle sentenced ShinyHunters member Sebastien Raoult to three years in prison and ordered a restitution of $5,000,000.CyberCrimeBleepingComputer

11.1.24

Nigerian gets 10 years for laundering millions stolen from elderlyA Nigerian man was sentenced on Monday to 10 years and one month in prison for conspiring to launder millions stolen from elderly victims in internet fraud schemes.CyberCrimeBleepingComputer

11.1.24

US SEC’s X account hacked to announce fake Bitcoin ETF approvalThe X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges.BigBrothers

BleepingComputer

11.1.24

China claims it cracked Apple's AirDrop to find numbers, email addressesA Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content.BigBrothers

BleepingComputer

11.1.24

Ransomware victims targeted by fake hack-back offersSome organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data.RansomBleepingComputer

11.1.24

FTC bans data broker from selling Americans’ location dataToday, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes.BigBrothers

BleepingComputer

11.1.24

Windows 10 KB5034122 update released with fix for shut down bugMicrosoft has released the KB5034122 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes only a small number of fixes due to the holiday season.OS

BleepingComputer

11.1.24

CISA warns agencies of fourth flaw used in Triangulation spyware attacksThe U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla.Exploit

BleepingComputer

11.1.24

Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugsToday is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities.OSBleepingComputer

11.1.24

Windows 11 KB5034123 update released with security and Wi-Fi fixesMicrosoft has released the Windows 11 KB5034123 cumulative update for versions 23H2 and 22H2 to fix a variety of issues, including a potential Wi-Fi bug that was fixed in a KIR last month.OS

BleepingComputer

11.1.24

Hackers target Microsoft SQL servers in Mimic ransomware attacksA group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware.Ransom

BleepingComputer

11.1.24

Decryptor for Babuk ransomware variant released after hacker arrestedResearchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator.Ransom

BleepingComputer

11.1.24

Paraguay warns of Black Hunt ransomware attacks after Tigo Business breachThe Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company's business division.Ransom

BleepingComputer

11.1.24

Criminal IP and Tenable Partner for Swift Vulnerability DetectionCyber Threat Intelligence (CTI) search engine Criminal IP has established a technical partnership with Tenable. Learn more from Criminal IP about how this partnership can assist in real-time vulnerability and maliciousness scans.Security

BleepingComputer

11.1.24

Google Search bug shows blank page in Firefox for AndroidUsers of the Firefox browser for Android have been reporting that they are seeing a blank page when trying to load the main Google Search site.OSBleepingComputer

11.1.24

Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted PayloadCybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actorsOSThe Hacker News

11.1.24

Mandiant's X Account Was Hacked Using Brute-Force AttackThe compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to aAttackThe Hacker News

11.1.24

Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy SecureA pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors toVulnerebilityThe Hacker News

11.1.24

Cisco Fixes High-Risk Vulnerability Impacting Unity Connection SoftwareCisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitraryVulnerebilityThe Hacker News

11.1.24

NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto MiningA new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. "The capabilities ofBotNetThe Hacker News

10.1.24

Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware VictimsA decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regainRansomThe Hacker News

10.1.24

FTC Bans Outlogic (X-Mode) From Selling Sensitive Location DataThe U.S. Federal Trade Commission (FTC) on Tuesday prohibited data broker Outlogic , which was previously known as X-Mode Social , from sharing orBigBrothersThe Hacker News

10.1.24

Microsoft's January 2024 Windows Update Patches 48 New VulnerabilitiesMicrosoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two areOSThe Hacker News

10.1.24

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under AttackThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citingBigBrothersThe Hacker News

10.1.24

Alert: Water Curupira Hackers Actively Distributing PikaBot Loader MalwareA threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. "PikaBot'sVirusThe Hacker News

10.1.24

Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the GlobePoorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoingExploitThe Hacker News

9.1.24

The best Windows 11 features added in 2023The year 2023 marks a significant milestone for Windows 11 with the introduction of several new features and improvements. This includes drag and drop for the taskbar, AI, and more.OSBleepingComputer

9.1.24

Toronto Zoo: Ransomware attack had no impact on animal wellbeingToronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations.Ransom

BleepingComputer

9.1.24

Netgear, Hyundai latest X accounts hacked to push crypto drainersThe official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware.Cryptocurrency

BleepingComputer

9.1.24

Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcosThe Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers (ISPs), and Kurdish websites.BigBrothers

BleepingComputer

9.1.24

Twilio will ditch its Authy desktop 2FA app in August, goes mobile onlyThe Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication (2FA) app.Mobil

BleepingComputer

9.1.24

US mortgage lender loanDepot confirms ransomware attack​Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption.Ransom

BleepingComputer

9.1.24

Capital Health attack claimed by LockBit ransomware, risk of data leakThe Lockbit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow.Ransom

BleepingComputer

9.1.24

Securing helpdesks from hackers: What we can learn from the MGM breachIn the wake of the MGM Resorts service desk hack, it's clear that organizations need to rethink their approach to securing their help desks. Learn more from Specops Software on how to prevent such incidents.Incindent

BleepingComputer

9.1.24

Mortgage firm loanDepot cyberattack impacts IT systems, payment portalU.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans.Attack

BleepingComputer

9.1.24

Stealthy AsyncRAT malware attacks targets US infrastructure for 11 monthsA campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains.Virus

BleepingComputer

9.1.24

KyberSlash attacks put quantum encryption projects at riskMultiple implementations of the Kyber key encapsulation mechanism for quantum-safe encryption, are vulnerable to a set of flaws collectively referred to as KyberSlash, which could allow the recovery of secret keys.Attack

BleepingComputer

9.1.24

Google: Malware abusing API is standard token theft, not an API issueGoogle is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.Virus

BleepingComputer

9.1.24

X users fed up with constant stream of malicious crypto adsCybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams.Cryptocurrency

BleepingComputer

9.1.24

Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device ManagerA security flaw has been disclosed in Kyocera's Device Manager product that could be exploited by bad actors to carry out malicious activities on affectedVulnerebilityThe Hacker News

9.1.24

Beware! YouTube Videos Promoting Cracked Software Distribute Lumma StealerThreat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an informationVirusThe Hacker News

9.1.24

Syrian Hackers Distributing Stealthy C#-Based Silver RAT to CybercriminalsThreat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that's equipped to bypassVirusThe Hacker News

7.1.24

Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and StrategyCybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, "only 59% of organizations say theirSecurityThe Hacker News

7.1.24

NIST Warns of Security and Privacy Risks from Rapid AI System DeploymentThe U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result ofAIThe Hacker News

7.1.24

DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace FraudThe U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace , which is estimated toCyberCrimeThe Hacker News

7.1.24

North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023Threat actors affiliated with the Democratic People's Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrencyCryptocurrencyThe Hacker News

7.1.24

Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom CompaniesTelecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the NetherlandsBigBrothersThe Hacker News

6.1.24

The Week in Ransomware - January 5th 2024 - Secret decryptorsWith it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information.Ransom

BleepingComputer

6.1.24

US charged 19 suspects linked to xDedic cybercrime marketplaceThe U.S. Department of Justice announced the end of a transnational investigation into the dark web xDedic cybercrime marketplace, charging 19 suspects for their involvement in running and using the market's services.CyberCrime

BleepingComputer

6.1.24

BreachForums admin jailed again for using a VPN, unmonitored PCThe administrator behind the notorious BreachForums hacking forum has been arrested again for breaking pretrial release conditions, including using an unmonitored computer and a VPN.CyberCrime

BleepingComputer

6.1.24

Hackers target Apache RocketMQ servers vulnerable to RCE attacksSecurity researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582.Vulnerebility

BleepingComputer

6.1.24

Web3 security firm CertiK's X account hacked to push crypto drainerThe Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer.Social

BleepingComputer

6.1.24

Memorial University recovers from cyberattack, delays semester startThe Memorial University of Newfoundland (MUN) continues to deal with the effects of a cyberattack that occurred in late December and postponed the start of classes in one campus.Incindent

BleepingComputer

6.1.24

Crypto wallet founder loses $125,000 to fake airdrop websiteA crypto wallet service co-founder shares with the world his agony after losing $125,000 to a crypto scam. The startup CEO, who at the time believed he was on a legitimate cryptocurrency airdrop website, realized after his loss that the domain he'd went on was setup for the purposes of phishing unsuspecting users.Cryptocurrency

BleepingComputer

6.1.24

Ivanti warns critical EPM bug lets hackers hijack enrolled devicesIvanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server.Vulnerebility

BleepingComputer

6.1.24

Russian hackers wiped thousands of systems in KyivStar attackThe Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped all systems on the telecom operator's core network.BigBrothers

BleepingComputer

6.1.24

Hackers hijack govt and business accounts on X for crypto scamsHackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams, phishing sites, and sites with crypto drainers.Social

BleepingComputer

6.1.24

Zeppelin ransomware source code sold for $500 on hacking forumA threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500.Ransom

BleepingComputer

6.1.24

FTC offers $25,000 prize for detecting AI-enabled voice cloningThe U.S. Federal Trade Commission (FTC) has started accepting submissions for its Voice Cloning Challenge, a public competition with a $25,000 top prize for ideas that protect consumers from the danger of AI-enabled voice cloning for fraudulent activity.BigBrothers

BleepingComputer

6.1.24

'everything' blocks devs from removing their own npm packagesOver the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it impossible for all npm authors to unpublish their packages from the registry.Virus

BleepingComputer

6.1.24

'everything' blocks devs from removing their own npm packagesThe Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam.Cryptocurrency

BleepingComputer

6.1.24

Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper MalwareThe recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice . The findings come fromBigBrothersThe Hacker News

5.1.24

SpectralBlur: New macOS Backdoor Threat from North Korean HackersCybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that hasAppleThe Hacker News

5.1.24

Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by MalwareMobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administratorHackThe Hacker News

5.1.24

Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager SolutionIvanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, couldVulnerebilityThe Hacker News

5.1.24

Russian Hackers Had Covert Access to Ukraine's Telecom Giant for MonthsUkrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operatorBigBrothersThe Hacker News

5.1.24

New Bandook RAT Variant Resurfaces, Targeting Windows MachinesA new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate WindowsVirusThe Hacker News

5.1.24

Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto MinersThree new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy aVirusThe Hacker News

5.1.24

UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RATThe threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection fromVirusThe Hacker News

4.1.24

Mandiant's Twitter Account Restored After Six-Hour Crypto Scam HackAmerican cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an..Cryptocurrency

The Hacker News

4.1.24

Mandiant’s account on X hacked to push cryptocurrency scamThe Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam.Cryptocurrency

BleepingComputer

4.1.24

Hacker hijacks Orange Spain RIPE account to cause BGP havocOrange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration.Hack

BleepingComputer

4.1.24

Nigerian hacker arrested for stealing $7.5M from charitiesA Nigerian national was arrested in Ghana and is facing charges related to business email compromise (BEC) attacks that caused a charitable organization in the United States to lose more than $7.5 million.Spam

BleepingComputer

4.1.24

PornHub blocks North Carolina, Montana over new age verification lawsAdult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Carolina as new age verifications laws go into effect.Security

BleepingComputer

4.1.24

LastPass now requires 12-character master passwords for better securityLastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security.Incindent

BleepingComputer

4.1.24

Data breach at healthcare tech firm impacts 4.5 million patientsHealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers.Incindent

BleepingComputer

4.1.24

Nearly 11 million SSH servers vulnerable to new Terrapin attacksAlmost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections.Attack

BleepingComputer

4.1.24

CISA warns of actively exploited bugs in Chrome and Excel parsing libraryThe U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel.BigBrothers

BleepingComputer

4.1.24

Steam drops support for Windows 7 and 8.1 to boost securitySteam is no longer supported on Windows 7, Windows 8, and Windows 8.1 as of January 1, with the company recommending users upgrade to a newer operating system.Security

BleepingComputer

4.1.24

Orbit Chain loses $86 million in the last fintech hack of 2023Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin.Incindent

BleepingComputer

4.1.24

Online museum collections down after cyberattack on service providerMuseum software solutions provider Gallery Systems has disclosed that its ongoing IT outages were caused by a ransomware attack last week.Ransom

BleepingComputer

4.1.24

Xerox says subsidiary XBS U.S. breached after ransomware gang leaks dataThe U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers, and a limited amount of personal information might have been exposed, according to an announcement by the parent company, Xerox Corporation.Ransom

BleepingComputer

4.1.24

Google Groups is ending support for Usenet to combat spamGoogle has officially announced it's ceasing support for Usenet groups on its Google Groups platform, a move partly attributed to the platform's increasing struggle with spam content.Spam

BleepingComputer

4.1.24

Victoria court recordings exposed in reported ransomware attackAustralia's Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack.Ransom

BleepingComputer

4.1.24

The law enforcement operations targeting cybercrime in 2023In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks.CyberCrime

BleepingComputer

4.1.24

The biggest cybersecurity and cyberattack stories of 20232023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.Security

BleepingComputer

3.1.24

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password ResetInformation stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user..Virus

The Hacker News

3.1.24

SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof EmailsA new exploitation technique called Simple Mail Transfer Protocol ( SMTP ) smuggling can be weaponized by threat actors to send spoofed emails..ExploitThe Hacker News

3.1.24

DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall OperationThe U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it..SpamThe Hacker News

3.1.24

Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode'Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought..Security

The Hacker News

1.1.24

New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 ProtectionsSecurity researchers have detailed a new variant of a dynamic link library ( DLL ) search order hijacking technique that could be used by threat actors..HackThe Hacker News

1.1.24

New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security

Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell ( SSH ) cryptographic network protocol that..

Attack

The Hacker News

1.1.24

New JinxLoader Targeting Users with Formbook and XLoader MalwareA new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor..VirusThe Hacker News