DATE | NAME | Info | CATEG. | WEB |
13.3.24 | PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users | The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest | Virus | The Hacker News |
13.3.24 | Researchers Highlight Google's Gemini AI Susceptibility to LLM Threats | Google's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful | AI | The Hacker News |
13.3.24 | Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub | A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java- | Virus | The Hacker News |
13.3.24 | Windows 11 KB5035853 update released, here's what's new | Microsoft has released the KB5035853 cumulative update for Windows 11 23H3 and 22H2, with 21 fixes and changes, including fixing a bug causing 0x800F0922 errors when installing updates. | OS | BleepingComputer |
13.3.24 | Windows 10 KB5035845 update released with 9 new changes, fixes | Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes. | OS | |
13.3.24 | Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs | Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. | OS | |
13.3.24 | Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship | The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight. | Security | |
13.3.24 | Google paid $10 million in bug bounty rewards last year | Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. | Security | |
13.3.24 | Over 12 million auth secrets and keys leaked on GitHub in 2023 | GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. | Incindent | |
13.3.24 | Tuta Mail adds new quantum-resistant encryption to protect email | Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. | Security | |
13.3.24 | Microsoft says Windows 10 21H2 support is ending in June | Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service. | OS | |
13.3.24 | Okta says data leaked on hacking forum not from its systems | Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. | Incindent | |
13.3.24 | Researchers expose Microsoft SCCM misconfigs usable in cyberattacks | Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. | Incindent | |
13.3.24 | Equilend warns employees their data was stolen by ransomware gang | New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack. | Ransom | |
13.3.24 | Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware | Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. | Incindent | |
13.3.24 | Fake Leather wallet app on Apple App Store is a crypto drainer | The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets. | Cryptocurrency | |
13.3.24 | Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware | Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. | Exploit | |
13.3.24 | Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws | Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues | OS | The Hacker News |
12.3.24 | Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets | Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic | Cryptocurrency | The Hacker News |
12.3.24 | Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites | A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. | Virus | The Hacker News |
12.3.24 | South Korean Citizen Detained in Russia on Cyber Espionage Charges | Russia has detained a South Korean national for the first time on cyber espionage charges and transferred from Vladivostok to Moscow for further | BigBrothers | The Hacker News |
12.3.24 | New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics | Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF | Virus | The Hacker News |
11.3.24 | BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks | The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their | Ransom | The Hacker News |
11.3.24 | Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability | Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software | Exploit | The Hacker News |
11.3.24 | Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT | A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically | Virus | The Hacker News |
10.3.24 | Magnet Goblin hackers use 1-day flaws to drop custom Linux malware | A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. | Virus | |
10.3.24 | The Week in Ransomware - March 8th 2024 - Waiting for the BlackCat rebrand | We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. | Ransom | |
10.3.24 | Critical Fortinet flaw may impact 150,000 exposed devices | Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. | Vulnerebility | |
10.3.24 | QNAP warns of critical auth bypass flaw in its NAS devices | QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. | Vulnerebility | |
10.3.24 | UnitedHealth brings some Change Healthcare pharmacy services back online | Optum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. | Incindent | |
10.3.24 | Microsoft says Russian hackers breached its systems, accessed source code | Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack. | BigBrothers | |
10.3.24 | CISA, NSA share best practices for securing cloud services | The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment. | BigBrothers | |
10.3.24 | Switzerland: Play ransomware leaked 65,000 government documents | The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. | Ransom | |
10.3.24 | Windows 10 KB5001716 update fails with 0x80070643 errors, how to fix | Microsoft is pushing out a Windows 10 KB5001716 update used to improve Windows Update that is ironically failing to install, showing 0x80070643 errors. | OS | |
10.3.24 | MiTM phishing attack can let attackers unlock and steal a Tesla | Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. | Phishing | |
10.3.24 | AnyCubic fixes exploited 3D printer zero day flaw with new firmware | AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide. | Vulnerebility | |
10.3.24 | Google engineer caught stealing AI tech secrets for Chinese firms | The U.S. Department of Justice (DoJ) has announced the unsealing of an indictment against Linwei (Leon) Ding, 38, a former software engineer at Google, suspected of stealing Google AI trade secrets for Chinese companies. | AI | |
10.3.24 | FBI: U.S. lost record $12.5 billion to online crime in 2023 | FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion. | CyberCrime | |
10.3.24 | PetSmart warns of credential stuffing attacks trying to hack accounts | Pet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts. | Incindent | |
10.3.24 | Critical TeamCity flaw now widely exploited to create admin accounts | Hackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday. | Vulnerebility | |
10.3.24 | Hacked WordPress sites use visitors' browsers to hack other sites | Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. | Hack | BleepingComputer |
10.3.24 | Hackers impersonate U.S. government agencies in BEC attacks | A gang of hackers specialized in business email compromise (BEC) attacks and tracked as TA4903 has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes. | Spam | BleepingComputer |
9.3.24 | Threat Group Assessment: Muddled Libra (Updated) | Muddled Libra stands at the intersection of devious social engineering and nimble technology adaptation. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses. | APT blog | Palo Alto |
9.3.24 | MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES | Magnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector. At least in one case of Ivanti Connect Secure VPN (CVE-2024-21887), the exploit entered the group’s arsenal as fast as within 1 day after a POC for it was published. | Vulnerebility blog | Checkpoint |
9.3.24 | GhostSec’s joint ransomware operation and evolution of their arsenal | Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware. | Ransom blog | Cisco Blog |
9.3.24 | The 3 most common post-compromise tactics on network infrastructure | We discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. These include modifying the device’s firmware, uploading customized/weaponized firmware, and bypassing security measures. | Cyber blog | Cisco Blog |
9.3.24 | Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” music | The bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand adversaries’ motivation and tactics. | Cyber blog | Cisco Blog |
9.3.24 | APT attacks taking aim at Tibetans – Week in security with Tony Anscombe | Evasive Panda has been spotted targeting Tibetans in several countries and territories with payloads that included a previously undocumented backdoor ESET has named Nightdoor | APT blog | Eset |
9.3.24 | Evasive Panda leverages Monlam Festival to target Tibetans | ESET researchers uncover strategic web compromise and supply-chain attacks targeting Tibetans | APT blog | Eset |
9.3.24 | Top 10 scams targeting seniors – and how to keep your money safe | The internet can be a wonderful place. But it’s also awash with fraudsters preying on people who are susceptible to fraud. | Spam blog | Eset |
9.3.24 | Irresistible: Hooks, habits and why you can’t put down your phone | Struggle to part ways with your tech? You’re not alone. Here’s why your devices are your vices. | Security blog | Eset |
9.3.24 | Duvel says it has "more than enough" beer after ransomware attack | Duvel Moortgat Brewery was hit by a ransomware attack late last night, bringing to a halt the beer production in the company's bottling facilities | Ransom | |
9.3.24 | Canada's anti-money laundering agency offline after cyberattack | The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has announced that a "cyber incident" forced it to take its corporate systems offline as a precaution. | CyberCrime | |
9.3.24 | VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion | VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system. | Vulnerebility | |
9.3.24 | Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware | Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. | Virus | |
9.3.24 | NSA shares zero-trust guidance to limit adversaries on the network | The National Security Agency is sharing new guidance to help organizations limit an adversary's movement on the internal network by adopting zero-trust framework principles. | BigBrothers | |
9.3.24 | Apple fixes two new iOS zero-days exploited in attacks on iPhones | Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. | OS | |
9.3.24 | New WogRAT malware abuses online notepad service to store malware | A new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code. | Virus | |
9.3.24 | New WogRAT malware abuses online notepad service to store malware | Microsoft has unexpectedly announced they are ending support for the Windows Subsystem for Android next year on March 5th. | Virus | BleepingComputer |
9.3.24 | Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets | Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to | APT | The Hacker News |
8.3.24 | Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA Regulations | Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital | Social | The Hacker News |
8.3.24 | Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client | Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor | Vulnerebility | The Hacker News |
8.3.24 | QEMU Emulator Exploited as Tunneling Tool to Breach Company Network | Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an | Exploit | |
8.3.24 | CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On- | Exploit | The Hacker News |
7.3.24 | Android and Windows RATs Distributed Via Online Meeting Lures | Beginning in December 2023, Zscaler’s ThreatLabz discovered a threat actor creating fraudulent Skype, Google Meet, and Zoom websites to spread malware. | Virus | Zscaler |
7.3.24 | Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks | Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. | Attack | The Hacker News |
7.3.24 | Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks | The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since | BigBrothers | The Hacker News |
7.3.24 | Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China | The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident of allegedly stealing | AI | |
7.3.24 | New Python-Based Snake Info Stealer Spreading Through Facebook Messages | Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that's designed to capture credentials and | Virus | The Hacker News |
7.3.24 | Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware | Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a | Virus | The Hacker News |
7.3.24 | Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining | Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as | Exploit | |
7.3.24 | Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout | The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law | Ransom | The Hacker News |
6.3.24 | Microsoft is killing off the Android apps in Windows 11 feature | Microsoft has unexpectedly announced they are ending support for the Windows Subsystem for Android next year on March 5th. | OS | |
6.3.24 | U.S. sanctions Predator spyware operators for spying on Americans | The U.S. has imposed sanctions on two individuals and five entities linked to the development and distribution of the Predator commercial spyware used to target Americans, including government officials and journalists. | BigBrothers | |
6.3.24 | Hackers abuse QEMU to covertly tunnel network traffic in cyberattacks | Malicious actors were detected abusing the open-source hypervisor platform QEMU as a tunneling tool in a cyberattack against a large company. | Cyber | |
6.3.24 | BlackCat ransomware shuts down in exit scam, blames the "feds" | The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates' money by pretending the FBI seized their site and infrastructure. | Ransom | |
6.3.24 | Passwords are Costing Your Organization Money - How to Minimize Those Costs | Getting rid of passwords completely isn't a realistic option for most orgs, but there are things you can do to make them more secure. Learn more from Specops Software on maximizing security while mitigating costs. | Security | |
6.3.24 | Exploit available for new critical TeamCity auth bypass bug, patch now | A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. | Exploit | |
6.3.24 | ScreenConnect flaws exploited to drop new ToddlerShark malware | The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark. | Vulnerebility | |
6.3.24 | Hackers steal Windows NTLM authentication hashes in phishing attacks | The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks. | CyberCrime | |
6.3.24 | BlackCat ransomware turns off servers amid claim they stole $22 million ransom | The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million. | Ransom | |
6.3.24 | Ukraine claims it hacked Russian Ministry of Defense servers | The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents. | BigBrothers | |
6.3.24 | North Korea hacks two South Korean chip firms to steal engineering data | The National Intelligence Service (NIS) in South Korea warns that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks. | APT | |
6.3.24 | American Express credit cards exposed in third-party data breach | American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked. | Incindent | |
6.3.24 | Stealthy GTPDOOR Linux malware targets mobile operator networks | Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks. | Virus | |
6.3.24 | Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs | Starting next month, Microsoft nag screens pushing Windows 11 will also show up on non-managed enterprise devices running Windows 10 Pro and Pro Workstation. | OS | |
6.3.24 | U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists | The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa | Virus | The Hacker News |
6.3.24 | VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws | VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code | Vulnerebility | The Hacker News |
6.3.24 | Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries | The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker . "TheGhostSec and Stormous | Ransom | |
6.3.24 | New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities | A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. | APT | The Hacker News |
6.3.24 | Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws | Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the | OS | The Hacker News |
6.3.24 | Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware | North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called | Virus | |
5.3.24 | Group-IB reveals Hi-Tech Crime Trends 23/24: surge in ransomware against backdrop of growing AI, macOS threats | Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, is proud to announce the launch of its new report Hi-Tech Crime Trends 2023/2024, the latest edition of the company’s annual round-up of the most pressing global cyber threats to organizations and individuals. | Cyber | Group-IB |
5.3.24 | Cybercriminals Using Novel DNS Hijacking Technique for Investment Scams | A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds. | CyberCrime | The Hacker News |
5.3.24 | Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets | More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between | AI | The Hacker News |
5.3.24 | Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes | The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager ( | Hack | |
5.3.24 | Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers | A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to | Exploit | The Hacker News |
4.3.24 | How Cybercriminals are Exploiting India's UPI for Money Laundering Operations | Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering | Exploit | The Hacker News |
4.3.24 | Over 100 Malicious AI/ML Models Found on Hugging Face Platform | As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These include | AI | |
4.3.24 | Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure | U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure | Ransom | |
3.3.24 | News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian... | BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices. | Security | |
3.3.24 | Hackers target FCC, crypto firms in advanced Okta phishing attacks | A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals. | Phishing | |
3.3.24 | Windows Kernel bug fixed last month exploited as zero-day since August | Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. | OS | |
3.3.24 | The Week in Ransomware - March 1st 2024 - Healthcare under siege | Ransomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA. | Ransom | |
3.3.24 | CISA warns of Microsoft Streaming bug exploited in malware attacks | CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks. | Virus | |
3.3.24 | Germany takes down cybercrime market with over 180,000 users | The Düsseldorf Police in Germany have seized Crimemarket, a massive German-speaking illicit trading platform with over 180,000 users, arresting six people, including one of its operators. | CyberCrime | |
3.3.24 | Microsoft fixes Outlook clients not syncing over Exchange ActiveSync | Microsoft has fixed an issue causing some Microsoft 365 users' Outlook desktop clients to stop connecting to email servers via Exchange ActiveSync. | OS | |
3.3.24 | Microsoft pulls Edge update causing 'Out of Memory' crashes | Microsoft has pulled the Microsoft Edge 122.0.2365.63 update after users reported receiving "Out of memory" errors when browsing the web or accessing the browser settings. | OS | |
3.3.24 | Wireshark Tutorial: Exporting Objects From a Pcap | Palo Alto Networks customers are better protected from the malware samples in this tutorial through Cortex XDR and XSIAM. | Security blog | Palo Alto |
3.3.24 | The Art of Domain Deception: Bifrost's New Tactic to Deceive Users | First identified in 2004, Bifrost is a remote access Trojan (RAT) that allows an attacker to gather sensitive information, like hostname and IP address. In this article, along with exploring Bifrost, we’ll also showcase a notable spike in Bifrost’s Linux variants during the past few months. | Malware blog | Palo Alto |
3.3.24 | Navigating the Cloud: Exploring Lateral Movement Techniques | We explore cloud lateral movement techniques in all three major cloud providers: Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, highlighting their differences compared to similar techniques in on-premises environments. | Hacking blog | Palo Alto |
3.3.24 | TimbreStealer campaign targets Mexican users with financial lures | Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023. | Malware blog | Cisco Blog |
3.3.24 | Deceptive AI content and 2024 elections – Week in security with Tony Anscombe | As the specter of AI-generated disinformation looms large, tech giants vow to crack down on fabricated content that could sway voters and disrupt elections taking place around the world this year | AI blog | Eset |
3.3.24 | Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses | Here’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armor | Security blog | Eset |
3.3.24 | Vulnerabilities in business VPNs under the spotlight | As adversaries increasingly set their sights on vulnerable enterprise VPN software to infiltrate corporate networks, concerns mount about VPNs themselves being a source of cyber risk | Vulnerebility blog | Eset |
3.3.24 | 10 things to avoid posting on social media – and why | Do you often take to social media to broadcast details from your life? Here’s why this habit may put your privacy and security at risk. | Social blog | Eset |
3.3.24 | U.S. charges Iranian for hacks on defense orgs, offers $10M for info | The U.S. Department of Justice (DoJ) has unveiled an indictment against Alireza Shafie Nasab, a 39-year-old Iranian national, for his role in a cyber-espionage campaign targeting U.S. government and defense entities. | BigBrothers | |
3.3.24 | Golden Corral restaurant chain data breach impacts 183,000 people | The Golden Corral American restaurant chain disclosed a data breach after attackers behind an August cyberattack stole the personal information of over 180,000 people. | Incindent | |
3.3.24 | New Bifrost malware for Linux mimics VMware domain for evasion | A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware. | Virus | |
3.3.24 | Brave browser launches privacy-focused AI assistant on Android | Brave Software is the next company to jump into AI, announcing a new privacy-preserving AI assistant called "Leo" is rolling out on the Android version of its browser through the latest release, version 1.63. | AI | |
3.3.24 | CISA cautions against using hacked Ivanti VPN gateways even after factory resets | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets. | BigBrothers | |
3.3.24 | Windows 10 KB5034843 update released with 9 new changes, fixes | Microsoft has released the optional KB5034843 Preview cumulative update for Windows 10 22H2 with an updated sharing experience and eight other fixes or changes. | OS | |
3.3.24 | Windows 11 KB5034848 preview update adds USB 80Gbps support | Microsoft has released the optional KB5034848 Preview cumulative update for Windows 11 23H2 and 22H2, which brings new features, including USB 80Gbps and nineteen other changes and fixes. | OS | |
3.3.24 | GitHub enables push protection by default to stop secrets leak | GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code. | Security | |
3.3.24 | Citrix, Sophos software impacted by 2024 leap year bugs | Citrix and Sophos products have been impacted by leap year flaws, leading to unexpected problems in their products. | Vulnerebility | |
3.3.24 | Windows 11 'Moment 5' update released, here are the new features | Microsoft has released the Windows 11 'Moment 5' update for versions 23H2 and 22H2, starting the rollout of new features, such as Windows Copilot skills and plugins, Voice Access, AI enhancements for ClipChamp and Photos, and Narrator improvements. | OS | |
3.3.24 | Microsoft rolls back decision to stop Windows 11 22H2 preview updates | Microsoft says that systems running Windows 11 22H2 will continue to receive non-security preview updates after initially stating they would no longer receive them after February 2024. | OS | |
3.3.24 | 20 million Cutout.Pro user records leaked on data breach forum | AI service Cutout.Pro has suffered a data breach exposing the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names. | Incindent | |
3.3.24 | Anycubic 3D printers hacked worldwide to expose security flaw | According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks. | Hack | |
3.3.24 | Malicious AI models on Hugging Face backdoor users’ machines | At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor. | AI | |
3.3.24 | New executive order bans mass sale of personal data to China, Russia | U.S. President Joe Biden has signed an executive order that aims to ban the bulk sale and transfer of Americans' private data to "countries of concern" such as China, Russia, Iran, North Korea, Cuba, and Venezuela. | BigBrothers | |
3.3.24 | Rhysida ransomware wants $3.6 million for children’s stolen data | The Rhysida ransomware gang has claimed the cyberattack on Lurie Children's Hospital in Chicago at the start of the month. | Ransom | |
2.3.24 | Kali Linux 2024.1 released with 4 new tools, UI refresh | Kali Linux has released version 2024.1, the first version of 2024, with four new tools, a theme refresh, and desktop changes. | OS | |
2.3.24 | Ransomware gang claims they stole 6TB of Change Healthcare data | The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform. | Ransom | |
2.3.24 | LockBit ransomware returns to attacks with new encryptors, servers | The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption. | Ransom | |
2.3.24 | Lazarus hackers exploited Windows zero-day to gain Kernel privileges | North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques. | APT | |
2.3.24 | Epic Games: "Zero evidence" we were hacked by Mogilevich gang | Epic Games said they found zero evidence of a cyberattack or data theft after the Mogilevich extortion group claimed to have breached the company's servers. | Hack | |
2.3.24 | Japan warns of malicious PyPi packages created by North Korean hackers | Japan's Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware. | Virus | |
2.3.24 | Need to Know: Key Takeaways from the Latest Phishing Attacks | This article takes a look at some lessons from recent phishing attacks and highlights actionable tips to limit the risks of phishing affecting your company. | Phishing | |
2.3.24 | Savvy Seahorse gang uses DNS CNAME records to power investor scams | A threat actor named Savvy Seahorse is abusing CNAME DNS records Domain Name System to create a traffic distribution system that powers financial scam campaigns. | Spam | |
2.3.24 | Pharmaceutical giant Cencora says data was stolen in a cyberattack | Pharmaceutical giant Cencora says they suffered a cyberattack where threat actors stole data from corporate IT systems. | Incindent | |
2.3.24 | FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks | Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. | Ransom | |
2.3.24 | LabHost cybercrime service lets anyone phish Canadian bank users | The Phishing as a Service (PhaaS) platform 'LabHost' has been helping cybercriminals target North American banks, particularly financial institutes in Canada, causing a notable increase in activity. | Phishing | |
2.3.24 | Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks | The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability. | Ransom | |
2.3.24 | Russian hackers hijack Ubiquiti routers to launch stealthy attacks | Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. | APT | |
2.3.24 | Hessen Consumer Center says systems encrypted by ransomware | The Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and temporarily disrupting its availability. | Ransom | |
2.3.24 | Malicious code in Tornado Cash governance proposal puts user funds at risk | Malicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months. | Virus | |
2.3.24 | Windows February 2024 updates fail to install with 0x800F0922 errors | Microsoft says the February 2024 updates fail to install on Windows 11 22H2 and 23H2 systems, with 0x800F0922 errors and downloads stopping at 96%. | OS | |
2.3.24 | U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp | A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant's | BigBrothers | The Hacker News |
2.3.24 | U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture | The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber- | CyberCrime | The Hacker News |
2.3.24 | New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users | A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed | Cryptocurrency | |
2.3.24 | New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion | Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive | Virus | The Hacker News |
1.3.24 | Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities | The Five Eyes (FVEY) intelligence alliance has issued a new cybersecurity advisory warning of cyber threat actors exploiting known security flaws in | Exploit | The Hacker News |
1.3.24 | GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories | GitHub on Thursday announced that it's enabling secret scanning push protection by default for all pushes to public repositories. "This means that | Security | The Hacker News |
1.3.24 | New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems | Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have | Attack | |
1.3.24 | GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks | Threat hunters have discovered a new Linux malware called GTPDOOR that's designed to be deployed in telecom networks that are adjacent to | Virus | The Hacker News |
1.3.24 | Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks | The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level | Exploit | |
1.3.24 | New Backdoor Targeting European Officials Linked to Indian Diplomatic Events | A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic | Virus | The Hacker News |
1.3.24 | Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems | The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of | Virus | The Hacker News |
29.2.24 | UnitedHealth subsidiary Optum hack linked to BlackCat ransomware | A cyberattack on UnitedHealth Group subsidiary Optum that led to an ongoing outage impacting the Change Healthcare payment exchange platform was linked to the BlackCat ransomware group by sources familiar with the investigation. | Incindent | |
29.2.24 | New IDAT loader version uses steganography to push Remcos RAT | A hacking group tracked as 'UAC-0184' was observed utilizing steganographic image files to deliver the Remcos remote access trojan (RAT) onto the systems of a Ukrainian entity operating in Finland | Virus | |
29.2.24 | White House urges devs to switch to memory-safe programming languages | The White House Office of the National Cyber Director (ONCD) urged tech companies today to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities. | BigBrothers | |
29.2.24 | Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning | Threat actors are exploiting a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams. | BigBrothers | |
29.2.24 | Russian hackers shift to cloud attacks, US and allies warn | Members of the Five Eyes (FVEY) intelligence alliance warned today that APT29 Russian Foreign Intelligence Service (SVR) hackers are now switching to attacks targeting their victims' cloud services. | APT | |
29.2.24 | Steel giant ThyssenKrupp confirms cyberattack on automotive division | Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort. | Incindent | |
29.2.24 | Hijacked subdomains of major brands used in massive spam campaign | A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising. | Spam | |
29.2.24 | LockBit ransomware returns, restores servers after police disruption | The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector. | Ransom | |
29.2.24 | PayPal files patent for new method to detect stolen cookies | PayPal has filed a patent application for a novel method that can identify when "super-cookie" is stolen, which could improve the cookie-based authentication mechanism and limit account takeover attacks. | Security | |
29.2.24 | Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware | At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886 , have been attributed to the | Virus | |
29.2.24 | President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations | U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The | BigBrothers | The Hacker News |
29.2.24 | Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense Sectors | An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, | APT | The Hacker News |
28.2.24 | FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks | The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as | Ransom | The Hacker News |
28.2.24 | TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users | Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows | Phishing | The Hacker News |
28.2.24 | Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat | In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take | APT | The Hacker News |
28.2.24 | WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk | A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their | Vulnerebility | The Hacker News |
28.2.24 | Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub | An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it easily accessible to other actors at | Virus | The Hacker News |
28.2.24 | Five Eyes Agencies Expose APT29's Evolving Cloud Attack Tactics | Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state- | APT | The Hacker News |
28.2.24 | New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks | Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the | AI | The Hacker News |
27.2.24 | WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites | A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. | Vulnerebility | The Hacker News |
27.2.24 | New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT | Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos | Virus | The Hacker News |
27.2.24 | 8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation | More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated | Spam | The Hacker News |
27.2.24 | North Korean Hackers Targeting Developers with Malicious npm Packages | A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings | Virus | The Hacker News |
27.2.24 | Banking Trojans Target Latin America and Europe Through Google Cloud Run | Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver | Virus | The Hacker News |
27.2.24 | LockBit Ransomware Group Resurfaces After Law Enforcement Takedown | The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law | Ransom | The Hacker News |
25.2.24 | Authorities Claim LockBit Admin "LockBitSupp" Has Engaged with Law Enforcement | LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "has | Ransom | The Hacker News |
25.2.24 | RCMP investigating cyber attack as its website remains down | The Royal Canadian Mounted Police (RCMP), Canada's national police force has disclosed that it recently faced a cyber attack targeting its networks. The federal body has started its criminal investigation into the matter as it works to determine the scope of the security breach. | Security | |
25.2.24 | Apple adds PQ3 quantum-resistant encryption to iMessage | Apple is adding to the iMessage instant messaging service a new post-quantum cryptographic protocol named PQ3, designed to defend encryption from quantum attacks. | Security | |
25.2.24 | Insomniac Games alerts employees hit by ransomware data breach | Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November. | Ransom | |
25.2.24 | LockBit ransomware gang has over $110 million in unspent bitcoin | The LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation. | Ransom | |
25.2.24 | U-Haul says hacker accessed customer records using stolen creds | U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. | Incindent | |
25.2.24 | UnitedHealth confirms Optum hack behind US healthcare billing outage | Healthcare giant UnitedHealth Group confirmed that its subsidiary Optum was forced to shut down IT systems and various services after a cyberattack by "nation-state" hackers on the Change Healthcare platform. | Incindent | |
25.2.24 | Microsoft has started testing Wi-Fi 7 support in Windows 11 | Microsoft is testing support for Wi-Fi 7 in Windows 11, which offers multi-gigabit speeds and improved throughput, latency, and reliability compared to previous Wi-Fi generations. | OS | |
25.2.24 | Microsoft now force installing Windows 11 23H2 on eligible PCs | Microsoft has started force installing Windows 11 23H2 on eligible devices that have reached or are close to their end-of-servicing date. | OS | |
25.2.24 | Bitwarden’s new auto-fill option adds phishing resistance | The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. | Phishing | |
25.2.24 | Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns | On Feb. 16, 2024, someone uploaded data to GitHub that included possible internal company communications, sales-related materials and product manuals belonging to the Chinese IT security services company i-Soon, also known as Anxun Information Technology. | APT blog | Palo Alto |
25.2.24 | Intruders in the Library: Exploring DLL Hijacking | Dynamic-link library (DLL) hijacking is one of the oldest techniques that both threat actors and offensive security professionals continue to use today. | Hacking blog | Palo Alto |
25.2.24 | 2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics | Our annual survey of incident data from more than 250 organizations and more than 600 incidents provides a Unit 42 perspective on the current state of security exposures. | Incident blog | Palo Alto |
25.2.24 | Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) | Feb. 13, 2024, ConnectWise was notified of two vulnerabilities impacting their remote desktop software application ScreenConnect. These vulnerabilities were first reported through their vulnerability disclosure channel in the ConnectWise Trust Center. | Vulnerebility blog | Palo Alto |
25.2.24 | 2024’S CYBER BATTLEGROUND UNVEILED: ESCALATING RANSOMWARE EPIDEMIC, THE EVOLUTION OF CYBER WARFARE TACTICS AND STRATEGIC USE OF AI IN DEFENSE | Rising Threats: Cybersecurity landscape faces an unprecedented surge in ransomware attacks, with 1 in every 10 organizations globally being targeted in 2023. | Cyber blog | Checkpoint |
25.2.24 | TinyTurla-NG in-depth tooling and command and control analysis | Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed. | APT blog | Cisco Blog |
25.2.24 | How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity | While distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context. | Vulnerebility blog | Cisco Blog |
25.2.24 | Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns | Since September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans. | Malware blog | Cisco Blog |
25.2.24 | PSYOP campaigns targeting Ukraine – Week in security with Tony Anscomber | Coming in two waves, the campaign sought to demoralize Ukrainians and Ukrainian speakers abroad with disinformation messages about war-related subjects | BigBrother blog | Eset |
25.2.24 | Everything you need to know about IP grabbers | You would never give your personal ID to random strangers, right? So why provide the ID of your computer? Unsuspecting users beware, IP grabbers do not ask for your permission. | Security blog | Eset |
25.2.24 | Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war | A mix of PSYOPs, espionage and … fake Canadian pharmacies! | Cyber blog | Eset |
25.2.24 | Watching out for the fakes: How to spot online disinformation | Why and how are we subjected to so much disinformation nowadays, and is there a way to spot the fakes? | Security blog | Eset |
25.2.24 | Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies | Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six | BigBrothers | The Hacker News |
24.2.24 | New ScreenConnect RCE flaw exploited in ransomware attacks | Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. | Ransom | |
24.2.24 | FTC to ban Avast from selling browsing data for advertising purposes | The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes. | BigBrothers | |
24.2.24 | LockBit ransomware secretly building next-gen encryptor before takedown | LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week. | Ransom | |
24.2.24 | Joomla fixes XSS flaws that could expose sites to RCE attacks | Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites. | Vulnerebility | |
24.2.24 | Microsoft expands free logging capabilities after May breach | Microsoft has expanded free logging capabilities for all Purview Audit standard customers, including U.S. federal agencies, six months after disclosing that Chinese hackers stole U.S. government emails undetected in an Exchange Online breach between May and June 2023. | Incindent | |
24.2.24 | Hackers abuse Google Cloud Run in massive banking trojan campaign | Security researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban. | Virus | |
24.2.24 | Fraudsters tried to scam Apple out of 5,000 iPhones worth over $3 million | Two Chinese nationals face 20 years in prison after being caught and convicted of submitting over 5,000 fake iPhones worth more than $3 million to Apple with the goal of having them replaced with genuine devices. | CyberCrime | |
24.2.24 | New SSH-Snake malware steals SSH keys to spread across the network | A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure. | Virus | |
24.2.24 | US govt shares cyberattack defense tips for water utilities | CISA, the FBI, and the Environmental Protection Agency (EPA) shared a list of defense measures U.S. water utilities should implement to better defend their systems against cyberattacks | BigBrothers | |
24.2.24 | ScreenConnect critical bug now under attack as exploit code emerges | Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software. | Exploit | |
24.2.24 | US offers $15 million bounty for info on LockBit ransomware gang | The U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information about LockBit ransomware gang members and their associates. | Ransom | |
24.2.24 | VMware urges admins to remove deprecated, vulnerable auth plug-in | VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. | Vulnerebility | |
24.2.24 | VoltSchemer attacks use wireless chargers to inject voice commands, fry phones | A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. | Hack | |
24.2.24 | New Migo malware disables protection features on Redis servers | Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency. | Cryptocurrency | |
24.2.24 | Dormant PyPI Package Compromised to Spread Nova Sentinel Malware | A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer | Virus | |
23.2.24 | ConnectWise urges ScreenConnect admins to patch critical RCE flaw | ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution (RCE) attacks. | Vulnerebility | |
23.2.24 | Knight ransomware source code for sale after leak site shuts down | The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation. | Ransom | |
23.2.24 | Ransomware Groups, Targeting Preferences, and the Access Economy | The cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime. | Ransom | |
23.2.24 | Critical infrastructure software maker confirms ransomware attack | PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure. | Ransom | |
23.2.24 | Police arrest LockBit ransomware members, release decryptor in global crackdown | Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation. | Ransom | |
23.2.24 | LockBit ransomware disrupted by global police operation | Law enforcement agencies from 10 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ''Operation Cronos." | Ransom | |
23.2.24 | North Korean hackers linked to defense sector supply-chain attack | In an advisory today Germany's federal intelligence agency (BfV) and South Korea's National Intelligence Service (NIS) warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government. | BigBrothers | |
23.2.24 | Cactus ransomware claim to steal 1.5TB of Schneider Electric data | The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month. | Ransom | |
23.2.24 | Over 28,500 Exchange servers vulnerable to actively exploited bug | Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting. | Exploit | |
23.2.24 | Hackers exploit critical RCE flaw in Bricks WordPress site builder | Hackers are actively exploiting a critical remote code execution (RCE) flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites. | Exploit | |
23.2.24 | Wyze camera glitch gave 13,000 users a peek into other homes | Wyze shared more details on a security incident that impacted thousands of users on Friday and said that at least 13,000 customers could get a peek into other users' homes. | Incindent | |
23.2.24 | Anatsa Android malware downloaded 150,000 times via Google Play | The Anatsa banking trojan has been targeting users in Europe by infecting Android devices through malware droppers hosted on Google Play. | OS | |
23.2.24 | Hacker arrested for selling bank accounts of US, Canadian users | Ukraine's cyber police arrested a 31-year-old for running a cybercrime operation that gained access to bank accounts of American and Canadian users and sold them on the dark web. | CyberCrime | |
23.2.24 | KeyTrap attack: Internet access disrupted with one DNS packet | A serious vulnerability named KeyTrap in the Domain Name System Security Extensions (DNSSEC) feature could be exploited to deny internet access to applications for an extended period. | Attack | |
23.2.24 | New Google Chrome feature blocks attacks against home networks | Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks. | Security | |
23.2.24 | ALPHV ransomware claims loanDepot, Prudential Financial breaches | The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. | Ransom | |
23.2.24 | Wyze investigating 'security issue' amid ongoing outage | Wyze Labs is investigating a security issue while experiencing a service outage that has been causing connectivity issues since this morning. | Security | |
23.2.24 | SolarWinds fixes critical RCE bugs in access rights audit solution | SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation. | Vulnerebility | |
23.2.24 | Alpha ransomware linked to NetWalker operation dismantled in 2021 | Security researchers analyzing the Alpha ransomware payload and modus operandi discovered overlaps with the now-defunct Netwalker ransomware operation. | Ransom | |
23.2.24 | North Korean hackers now launder stolen crypto via YoMix tumbler | The North Korean hacker collective Lazarus, infamous for having carried out numerous large-scale cryptocurrency heists over the years, has switched to using YoMix bitcoin mixer to launder stolen proceeds. | APT | |
23.2.24 | Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison | Ukrainian national Vyacheslav Igorevich Penchukov, one of the heads of the notorious JabberZeus cybercrime gang, has pleaded guilty to charges related to his leadership roles in the Zeus and IcedID malware groups. | CyberCrime | |
23.2.24 | Microsoft Releases PyRIT - A Red Teaming Tool for Generative AI | Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in | Virus | The Hacker News |
23.2.24 | Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability | Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive | OS | The Hacker News |
23.2.24 | FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data | The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to | BigBrothers | The Hacker News |
23.2.24 | Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessage | Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging | Security | The Hacker News |
22.2.24 | Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks | A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a | Hack | The Hacker News |
22.2.24 | A New Age of Hacktivism | In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. | Hack | The Hacker News |
22.2.24 | Russian Government Software Backdoored to Deploy Konni RAT Malware | An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote | Virus | The Hacker News |
22.2.24 | U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders | The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders | Ransom | The Hacker News |
22.2.24 | New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers | Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices | Vulnerebility | The Hacker News |
21.2.24 | Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS | The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed | APT | The Hacker News |
21.2.24 | New 'VietCredCare' Stealer Targeting Facebook Advertisers in Vietnam | Facebook advertisers in Vietnam are the target of a previously unknown information stealer dubbed VietCredCare at least since August 2022. The | Social | The Hacker News |
21.2.24 | Signal Introduces Usernames, Allowing Users to Keep Their Phone Numbers Private | End-to-end encrypted (E2EE) messaging app Signal said it's piloting a new feature that allows users to create unique usernames (not to be confused | Social | The Hacker News |
21.2.24 | Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks | Cybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-related | APT | The Hacker News |
21.2.24 | Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know | The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. | Incindent | The Hacker News |
21.2.24 | VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk | VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as | Vulnerebility | The Hacker News |
21.2.24 | New Migo Malware Targeting Redis Servers for Cryptocurrency Mining | A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on | Cryptocurrency | The Hacker News |
20.2.24 | LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released | The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as intelligence pertaining to its | Ransom | The Hacker News |
20.2.24 | New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics | Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a | Virus | The Hacker News |
20.2.24 | New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide | North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a joint | APT | The Hacker News |
20.2.24 | Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now | ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a | Vulnerebility | The Hacker News |
20.2.24 | WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites | A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible | Vulnerebility | The Hacker News |
20.2.24 | Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative | Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This | BigBrothers | The Hacker News |
20.2.24 | LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid | Update: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details . An international law | Ransom | The Hacker News |
19.2.24 | Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices | Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates | OS | The Hacker News |
19.2.24 | Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries | The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed | OS | The Hacker News |
19.2.24 | Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws | Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross- | APT | The Hacker News |
19.2.24 | Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor | The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new | APT | The Hacker News |
18.2.24 | Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon) | Insidious Taurus (aka Volt Typhoon) is identified by U.S. government agencies and international government partners as People’s Republic of China (PRC) state-sponsored cyber actors. | APT blog | Palo Alto |
18.2.24 | New Vulnerability in QNAP QTS Firmware: CVE-2023-50358 | This article provides technical analysis on a zero-day vulnerability affecting QNAP Network Attached Storage (NAS) devices. | Vulnerebility blog | Palo Alto |
18.2.24 | THE RISKS OF THE #MONIKERLINK BUG IN MICROSOFT OUTLOOK AND THE BIG PICTURE | Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. | Attack blog | Checkpoint |
18.2.24 | TinyTurla Next Generation - Turla APT spies on Polish NGOs | This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation. | APT blog | Cisco Blog |
18.2.24 | How are attackers using QR codes in phishing emails and lure documents? | QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after. | Attack blog | Cisco Blog |
18.2.24 | Cyber-insurance and vulnerability scanning – Week in security with Tony Anscombe | Here's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals | Vulnerebility blog | Eset |
18.2.24 | All eyes on AI | Unlocked 403: A cybersecurity podcast | Artificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack the basics and examine AI's broader implications. | AI blog | Eset |
18.2.24 | The art of digital sleuthing: How digital forensics unlocks the truth | Learn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tell | Security blog | Eset |
18.2.24 | Deepfakes in the global election year of 2024: A weapon of mass deception? | As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concern | BigBrother blog | Eset |
18.2.24 | Microsoft says it fixed a Windows Metadata server issue that’s still broken | Microsoft claims to have fixed Windows Metadata connection issues which continue to plague customers, causing problems for users trying to manage their printers and other hardware. | OS | |
18.2.24 | US offers up to $15 million for tips on ALPHV ransomware gang | The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. | Ransom | |
18.2.24 | RansomHouse gang automates VMware ESXi attacks with new MrAgent tool | The RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors. | Hack | |
18.2.24 | FBI disrupts Russian Moobot botnet infecting Ubiquiti routers | The FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks. | BotNet | |
18.2.24 | OpenAI blocks state-sponsored hackers from using ChatGPT | OpenAI has removed accounts used by state-sponsored threat groups from Iran, North Korea, China, and Russia, that were abusing its artificial intelligence chatbot, ChatGPT. | AI | |
18.2.24 | Over 13,000 Ivanti gateways vulnerable to actively exploited bugs | Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched. | Exploit | |
18.2.24 | Three critical application security flaws scanners can’t detect | In this article, Outpost24 explains three key limitations of automated vulnerability scanners, emphasizing the significance of manual pen testing in enhancing security. | Vulnerebility | |
18.2.24 | Turla hackers backdoor NGOs with new TinyTurla-NG malware | Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data. | Virus | |
18.2.24 | New Qbot malware variant uses fake Adobe installer popup for evasion | The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December. | Virus | |
18.2.24 | New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraud | A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. | OS | |
18.2.24 | Microsoft: New critical Exchange bug exploited as zero-day | Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. | OS | |
18.2.24 | LockBit claims ransomware attack on Fulton County, Georgia | The LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "confidential" documents if a ransom is not paid. | Ransom | |
18.2.24 | Zoom patches critical privilege elevation flaw in Windows apps | The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network. | Vulnerebility | |
18.2.24 | New critical Microsoft Outlook RCE bug is trivial to exploit | Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View. | Exploit | |
18.2.24 | Microsoft Exchange update enables Extended Protection by default | Microsoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update (aka CU14). | OS | |
18.2.24 | German battery maker Varta halts production after cyberattack | Battery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants. | Incindent | |
18.2.24 | Ubuntu 'command-not-found' tool can be abused to spread malware | A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. | Virus | |
18.2.24 | Trans-Northern Pipelines investigating ALPHV ransomware attack claims | Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang. | Ransom | |
18.2.24 | DuckDuckGo browser gets end-to-end encrypted sync feature | The DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices. | Security | |
18.2.24 | Prudential Financial breached in data theft cyberattack | Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. | Incindent | |
18.2.24 | Hackers used new Windows Defender zero-day to drop DarkMe malware | Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT). | Virus | |
18.2.24 | FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty | A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. | CyberCrime | The Hacker News |
17.2.24 | Hackers used new Windows Defender zero-day to drop DarkMe malware | Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT). | OS | |
17.2.24 | Windows 10 KB5034763 update released with new fixes, changes | Microsoft has released the KB5034763 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes a small number of changes, including the continued rollout of changes to comply with Europe's Digital Markets Act (DMA). | OS | |
17.2.24 | 200,000 Facebook Marketplace user records leaked on hacking forum | A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users. | Social | |
17.2.24 | Integris Health says data breach impacts 2.4 million patients | Integris Health has reported to U.S. authorities that the data breach it suffered last November exposed personal information belonging to almost 2.4 million people. | Incindent | |
17.2.24 | Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws | Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days. | OS | |
17.2.24 | Windows 11 KB5034765 update released with Start Menu fixes | Microsoft has released the KB5034765 cumulative update for Windows versions 23H2 and 22H2 to fix several bugs in the OS, including an issue that causes problems with the Start menu. | OS | |
17.2.24 | Hackers mint 1.79 billion crypto tokens from PlayDapp gaming platform | Hackers are believed to have used a stolen private key to mint and steal over 1.79 billion PLA tokens, a cryptocurrency used within the PlayDapp ecosystem. | Cryptocurrency | |
17.2.24 | Bumblebee malware attacks are back after 4-month break | The Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns. | Virus | |
17.2.24 | 5 Steps to Improve Your Security Posture in Microsoft Teams | Microsoft Teams is susceptible to a growing number of cybersecurity threats as its massive user base is an attractive target for cybercriminals. Learn more from Adaptive Shield on how to increase your Microsoft Teams security posture. | Security | |
17.2.24 | Bank of America warns customers of data breach after vendor hack | Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year. | Incindent | |
17.2.24 | FBI seizes Warzone RAT infrastructure, arrests malware vendor | The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation. | Virus | |
17.2.24 | FCC orders telecom carriers to report PII data breaches within 30 days | Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. | BigBrothers | |
17.2.24 | Ongoing Microsoft Azure account hijacking campaign targets executives | A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives. | Phishing | |
17.2.24 | CISA: Roundcube email server bug now exploited in attacks | CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks. | Exploit | |
17.2.24 | Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor | Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. | Virus | |
17.2.24 | Free Rhysida ransomware decryptor for Windows exploits RNG flaw | South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free. | Ransom | |
17.2.24 | Ransomware attack forces 100 Romanian hospitals to go offline | 100 hospitals across Romania have taken their systems offline after a ransomware attack hit their healthcare management system. | Ransom | |
17.2.24 | ExpressVPN bug has been leaking some DNS requests for years | ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. | Vulnerebility | |
17.2.24 | Google Open Sources Magika: AI-Powered File Identification Tool | Efficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction | AI | The Hacker News |
17.2.24 | CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive | Ransom | The Hacker News |
17.2.24 | RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job Offers | Multiple companies operating in the cryptocurrency sector are the target of an ongoing malware campaign that involves a newly discovered Apple | Cryptocurrency | The Hacker News |
17.2.24 | Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks | A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon | Virus | The Hacker News |
16.2.24 | U.S. State Government Network Breached via Former Employee's Account | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network | BigBrothers | The Hacker News |
16.2.24 | U.S. Government Disrupts Russian-Linked Botnet Engaged in Cyber Espionage | The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that | BigBrothers | The Hacker News |
16.2.24 | Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor | The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign | Virus | The Hacker News |
16.2.24 | Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries | A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring | Vulnerebility | The Hacker News |
16.2.24 | Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks | A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, | Virus | The Hacker News |
15.2.24 | Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation | Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a | Vulnerebility | The Hacker News |
15.2.24 | Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks | Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models | AI | The Hacker News |
15.2.24 | Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages | Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their | Hack | The Hacker News |
15.2.24 | Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses | The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new | Virus | The Hacker News |
15.2.24 | DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability | A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called | Virus | The Hacker News |
15.2.24 | Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days | Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, | OS | The Hacker News |
15.2.24 | Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit | The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface ( UEFI ) bootkit | Virus | The Hacker News |
15.2.24 | PikaBot Resurfaces with Streamlined Code and Deceptive Tactics | The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of | Virus | The Hacker News |
15.2.24 | Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures | Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a | Vulnerebility | The Hacker News |
15.2.24 | Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube | BigBrothers | The Hacker News |
12.2.24 | Rhysida Ransomware Cracked, Free Decryption Tool Released | Rhysida Ransomware Cracked, Free Decryption Tool Released | Ransom | The Hacker News |
12.2.24 | CISA and OpenSSF Release Framework for Package Repository Security | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it's partnering with the Open Source Security Foundation (OpenSSF) | BigBrothers | The Hacker News |
12.2.24 | Microsoft Introduces Linux-Like 'sudo' Command to Windows 11 | Microsoft said it's introducing Sudo for Windows 11 as part of an early preview version to help users execute commands with administrator | OS | The Hacker News |
12.2.24 | U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders | The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the | BigBrothers | The Hacker News |
12.2.24 | U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators | The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) | Virus | The Hacker News |
10.2.24 | Raspberry Robin malware evolves with early access to Windows exploits | Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. | Virus | BleepingComputer |
10.2.24 | UK to replace physical biometric immigration cards with e-visas | By 2025, Britain is set to ditch physical immigration documents like Biometric Residence Permits (BRPs) and Biometric Residence Cards (BRCs) in a bid to make its borders digital, in-line with developed countries like Australia. Understand what these Home Office changes mean for existing BRP and BRC holders, and what you need to do. | BigBrothers | |
10.2.24 | New Fortinet RCE bug is actively exploited, CISA confirms | CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday. | Exploit | |
10.2.24 | Canada to ban the Flipper Zero to stop surge in car thefts | The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars. | Security | |
10.2.24 | Microsoft: Outlook clients not syncing over Exchange ActiveSync | Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. | Security | |
10.2.24 | New RustDoor macOS malware impersonates Visual Studio update | A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang. | OS | |
10.2.24 | Americans lost record $10 billion to fraud in 2023, FTC warns | The U.S. Federal Trade Commission (FTC) says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year. | BigBrothers | |
10.2.24 | New Fortinet RCE flaw in SSL VPN likely exploited in attacks | Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. | Exploit | |
10.2.24 | Microsoft fixes Copilot issue blocking Windows 11 upgrades | Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. | OS | |
10.2.24 | Hyundai Motor Europe hit by Black Basta ransomware attack | Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. | Ransom | |
10.2.24 | Ransomware Retrospective 2024: Unit 42 Leak Site Analysis | The ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups. | Ransom blog | Palo Alto |
10.2.24 | RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYS | Two new 1-day LPE exploits were used by the Raspberry Robin worm before they were publicly disclosed, which means that Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time. | Malware blog | Checkpoint |
10.2.24 | New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization | Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.” | Malware blog | Cisco Blog |
10.2.24 | How are user credentials stolen and used by threat actors? | You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can 'log on' with valid account details, and outline our recommendations for defense. | Cyber blog | Cisco Blog |
10.2.24 | OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges | Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with Ve | Vulnerebility blog | Cisco Blog |
10.2.24 | Ransomware payments hit a record high in 2023 – Week in security with Tony Anscombe | Called a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous year | Ransom blog | Eset |
10.2.24 | The buck stops here: Why the stakes are high for CISOs | Heavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses? | Security blog | Eset |
10.2.24 | Left to their own devices: Security for employees using personal devices for work | As personal devices within corporate networks make for a potentially combustible mix, a cavalier approach to BYOD security won’t cut it | Security blog | Eset |
10.2.24 | Could your Valentine be a scammer? How to avoid getting caught in a bad romance | With Valentine’s Day almost upon us, here’s some timely advice on how to prevent scammers from stealing more than your heart | Security blog | Eset |
10.2.24 | Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS Devices | Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023. The backdoor, | OS | The Hacker News |
10.2.24 | Raspberry Robin Malware Upgrades with Discord Spread and New Exploits | The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be | Exploit | The Hacker News |
9.2.24 | Ivanti: Patch new Connect Secure auth bypass bug immediately | Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. | Vulnerebility | |
9.2.24 | Microsoft unveils new 'Sudo for Windows' feature in Windows 11 | Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals. | OS | |
9.2.24 | Android XLoader malware can now auto-execute after installation | A new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch. | OS | |
9.2.24 | US offers $10 million for tips on Hive ransomware leadership | The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang. | Ransom | |
9.2.24 | Fake LastPass password manager spotted on Apple’s App Store | LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. | OS | |
9.2.24 | Data breaches at Viamedis and Almerys impact 33 million in France | Data breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country. | Incindent | |
9.2.24 | Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure | Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution. | Vulnerebility | |
9.2.24 | Facebook ads push new Ov3r_Stealer password-stealing malware | A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. | Virus | |
9.2.24 | Denmark orders schools to stop sending student data to Google | The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools. | BigBrothers | |
9.2.24 | Chinese hackers hid in US infrastructure network for 5 years | The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies. | APT | |
9.2.24 | Google tests blocking side-loaded Android apps with risky permissions | Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions. | OS | |
9.2.24 | Critical Cisco bug exposes Expressway gateways to CSRF attacks | Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks. | Vulnerebility | |
9.2.24 | No, 3 million electric toothbrushes were not used in a DDoS attack | A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack. | Hack | |
9.2.24 | Critical Cisco bug exposes Expressway gateways to CSRF attacks | Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks. | Vulnerebility | |
9.2.24 | No, 3 million electric toothbrushes were not used in a DDoS attack | A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack. | Attack | |
9.2.24 | Critical flaw in Shim bootloader impacts major Linux distros | A critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms. | Vulnerebility | |
9.2.24 | How to Apply Zero Trust to your Active Directory | With cyberattacks happening everyday, how can we apply zero trust principles towards keeping our Active Directory secure? Learn more from Specops Software on how to apply zero trust principles. | Security | |
9.2.24 | MoqHao Android Malware Evolves with Auto-Execution Capability | Threat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiring | OS | |
9.2.24 | New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack | Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote . "This malware utilizes the | Virus | The Hacker News |
9.2.24 | Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation | Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 | Exploit | The Hacker News |
9.2.24 | Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways | Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow | Vulnerebility | The Hacker News |
9.2.24 | Stealthy Zardoor Backdoor Targets Saudi Islamic Charity Organization | An unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop a | Virus | The Hacker News |
8.2.24 | Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade | The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some | BigBrothers | The Hacker News |
8.2.24 | HijackLoader Evolves: Researchers Decode the Latest Evasion Methods | The threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to be | Virus | The Hacker News |
8.2.24 | Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in Singapore | Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to | OS | The Hacker News |
8.2.24 | Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea | The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called | APT | The Hacker News |
8.2.24 | Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products | Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited | Exploit | The Hacker News |
8.2.24 | After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back | The threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands to | BotNet | The Hacker News |
7.2.24 | Chinese hackers fail to rebuild botnet after FBI takedown | Chinese Volt Typhoon state hackers failed to revive a botnet recently taken down by the FBI, which was previously used in attacks targeting critical infrastructure across the United States. | BotNet | |
7.2.24 | Ransomware payments reached record $1.1 billion in 2023 | Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs. | Ransom | |
7.2.24 | Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error | It turns out that critical Fortinet FortiSIEM vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 are not new and have been published this year in error. | Vulnerebility | |
7.2.24 | Chinese hackers infect Dutch military network with malware | A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands. | BigBrothers | |
7.2.24 | Data breach at French healthcare services firm puts millions at risk | French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country. | Incindent | |
7.2.24 | JetBrains warns of new TeamCity auth bypass vulnerability | JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. | Vulnerebility | |
7.2.24 | Google says spyware vendors behind most zero-days it discovers | Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide. | BigBrothers | |
7.2.24 | Verizon insider data breach hits over 63,000 employees | Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information. | Incindent | |
7.2.24 | Hackers steal data of 2 million in SQL injection, XSS attacks | A threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site scripting (XSS) attacks. | Incindent | |
7.2.24 | Microsoft Outlook December updates trigger ICS security alerts | Microsoft is investigating an issue that triggers Outlook security alerts when trying to open .ICS calendar files after installing December 2023 Patch Tuesday Office security updates. | ICS | BleepingComputer |
7.2.24 | US announces visa ban on those linked to commercial spyware | Secretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States. | BigBrothers | |
7.2.24 | HPE investigates new breach after data for sale on hacking forum | Hewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information. | Incindent | |
7.2.24 | Newest Ivanti SSRF zero-day now under mass exploitation | An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers. | Vulnerebility | |
7.2.24 | Microsoft is bringing the Linux sudo command to Windows Server | Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications. | OS | |
7.2.24 | Microsoft is bringing the Linux sudo command to Windows Server | Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications. | OS | BleepingComputer |
7.2.24 | Leaky Vessels flaws allow hackers to escape Docker, runc containers | Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. | Vulnerebility | BleepingComputer |
7.2.24 | Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux Distros | The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code | Vulnerebility | The Hacker News |
7.2.24 | Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse | A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, | BigBrothers | The Hacker News |
7.2.24 | Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network | Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This | Exploit | The Hacker News |
7.2.24 | Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now | JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) | Vulnerebility | The Hacker News |
6.2.24 | Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials | Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer | Virus | The Hacker News |
6.2.24 | High Severity Flaws Found in Azure HDInsight Spark, Kafka, and Hadoop Services | Three new security vulnerabilities have been discovered in Azure HDInsight's Apache Hadoop , Kafka , and Spark services that could be exploited to | Vulnerebility | The Hacker News |
6.2.24 | Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data | Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented | Incindent | The Hacker News |
6.2.24 | Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation | A recently disclosed server-side request forgery ( SSRF ) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come | Exploit | The Hacker News |
6.2.24 | U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware Surveillance | The U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of | BigBrothers | The Hacker News |
6.2.24 | Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering | A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to | Cryptocurrency | The Hacker News |
5.2.24 | Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware | The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote | OS | The Hacker News |
5.2.24 | Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan | The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO | OS | The Hacker News |
5.2.24 | New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw | The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to | Exploit | The Hacker News |
4.2.24 | Clorox says cyberattack caused $49 million in expenses | Clorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident. | Incindent | |
4.2.24 | Check if you're in Google Chrome's third-party cookie phaseout test | Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. | Security | |
4.2.24 | Mastodon vulnerability allows attackers to take over accounts | Mastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account. | Vulnerebility | |
4.2.24 | The Week in Ransomware - February 2nd 2024 - No honor among thieves | Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. | Ransom | |
4.2.24 | AnyDesk says hackers breached its production servers, reset passwords | AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. | Incindent | BleepingComputer |
4.2.24 | Lurie Children's Hospital took systems offline after cyberattack | Lurie Children's Hospital in Chicago was forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances. | Incindent | |
4.2.24 | BTC-e server admin indicted for laundering ransom payments, stolen crypto | Aliaksandr Klimenka, a Belarusian and Cypriot national, has been indicted in the U.S. for his involvement in an international cybercrime money laundering operation. | Cryptocurrency | |
4.2.24 | Interpol operation Synergia takes down 1,300 servers used for cybercrime | An international law enforcement operation code-named 'Synergia' has taken down over 1,300 command and control servers used in ransomware, phishing, and malware campaigns. | BigBrothers | |
4.2.24 | FTC orders Blackbaud to boost security after massive data breach | Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. | Incindent | |
4.2.24 | Cloudflare hacked using auth tokens stolen in Okta attack | Cloudflare disclosed today that its internal Atlassian server was breached by a suspected 'nation state attacker' who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system. | Incindent | |
4.2.24 | Microsoft fixes connection issue affecting Outlook email apps | Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. | Vulnerebility | |
4.2.24 | More Android apps riddled with malware spotted on Google Play | An Android remote access trojan (RAT) known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. | OS | |
4.2.24 | PurpleFox malware infects thousands of computers in Ukraine | The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. | Virus | |
4.2.24 | Google shares fix for Pixel phones hit by bad system update | Google has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update. | Vulnerebility | |
4.2.24 | New Windows Event Log zero-day flaw gets unofficial patches | Free unofficial patches are available for a new Windows zero-day vulnerability dubbed 'EventLogCrasher' that lets attackers remotely crash the Event Log service on devices within the same Windows domain. | Vulnerebility | |
4.2.24 | Exploring the Latest Mispadu Stealer Variant | Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019. We found this activity as part of the Unit 42 Managed Threat Hunting offering. | Malware blog | Palo Alto |
4.2.24 | ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign | Unit 42 researchers discovered a large-scale campaign we call ApateWeb that uses a network of over 130,000 domains to deliver scareware, potentially unwanted programs (PUPs) and other scam pages. | Spam blog | Palo Alto |
4.2.24 | Threat Assessment: BianLian | Unit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most active groups based on leak site data we’ve gathered. | BigBrother blog | Palo Alto |
4.2.24 | Financial Fraud APK Campaign | During our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. | OS Blog | Palo Alto |
4.2.24 | Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors | Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter. | Ransom blog | Cisco Blog |
4.2.24 | OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges | Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with Ve | Vulnerebility blog | Cisco Blog |
4.2.24 | Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers | Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system. | Malware blog | Cisco Blog |
4.2.24 | Grandoreiro banking malware disrupted – Week in security with Tony Anscombe | The banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windows | Malware blog | Eset |
4.2.24 | VajraSpy: A Patchwork of espionage apps | ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group | APT blog | Eset |
4.2.24 | ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora | An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes | Cyber blog | Eset |
4.2.24 | ESET takes part in global operation to disrupt the Grandoreiro banking trojan | ESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology | Malware blog | Eset |
4.2.24 | Cyber: The Swiss army knife of tradecraft | In today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike | Cyber blog | Eset |
4.2.24 | Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony Anscombe | The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK | APT blog | Eset |
4.2.24 | Assessing and mitigating supply chain cybersecurity risks | Blindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk management | Cyber blog | Eset |
4.2.24 | NSPX30: A sophisticated AitM-enabled implant evolving since 2005 | ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood | APT blog | Eset |
4.2.24 | Break the fake: The race is on to stop AI voice cloning scams | As AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detection | AI blog | Eset |
3.2.24 | CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday | CISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday. | BigBrothers | BleepingComputer |
3.2.24 | Hackers push USB malware payloads via news, media hosting sites | A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. | Virus | |
3.2.24 | Police seize record 50,000 Bitcoin from now-defunct piracy site | The police in Saxony, eastern Germany, have seized 50,000 Bitcoin from the former operator of the pirate site movie2k.to through a voluntary deposit to a state-controlled wallet. | Cryptocurrency | |
3.2.24 | Europcar denies data breach of 50 million users, says data is fake | Car rental company Europcar says it has not suffered a data breach and that shared customer data is fake after a threat actor claimed to be selling the personal info of 50 million customers. | Incindent | |
3.2.24 | Exploit released for Android local elevation flaw impacting 7 OEMs | A proof-of-concept (PoC) exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers (OEMs) is now publicly available on GitHub. However, as the exploit requires local access, its release will mostly be helpful to researchers. | OS | |
3.2.24 | CISA warns of patched iPhone kernel bug now exploited in attacks | CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks. | BigBrothers | BleepingComputer |
3.2.24 | FBI disrupts Chinese botnet by wiping malware from infected routers | The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. | BotNet | |
3.2.24 | CISA: Vendors must secure SOHO routers against Volt Typhoon attacks | CISA has urged manufacturers of small office/home office (SOHO) routers to ensure their devices' security against ongoing attacks attempting to hijack them, especially those coordinated by Chinese state-backed hacking group Volt Typhoon (Bronze Silhouette). | BigBrothers | |
3.2.24 | Johnson Controls says ransomware attack cost $27 million, data stolen | Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data. | Ransom | |
3.2.24 | Ivanti warns of new Connect Secure zero-day exploited in attacks | Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation. | Vulnerebility | |
3.2.24 | New Linux glibc flaw lets attackers get root on major distros | Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc). | Vulnerebility | |
3.2.24 | Online ransomware decryptor helps recover partially encrypted files | CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption. | Ransom | |
3.2.24 | US charges two more suspects with DraftKing account hacks | The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack. | CyberCrime | BleepingComputer |
3.2.24 | Vastaamo hacker traced via ‘untraceable’ Monero transactions, police says | Julius Aleksanteri Kivimäki, the suspect believed to be behind an attack against one of Finland's largest psychotherapy clinics, Vastaamo, was allegedly identified by tracing what has been believed to be untraceable Monero transactions. | Cryptocurrency | |
3.2.24 | A mishandled GitHub token exposed Mercedes-Benz source code | A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. | Incindent | |
3.2.24 | Microsoft Teams phishing pushes DarkGate malware via group chats | New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems. | Phishing | |
3.2.24 | Citibank sued over failure to defend customers against hacks, fraud | New York Attorney General Letitia James sued Citibank over its alleged failure to defend customers against hacks and scams and refusal to reimburse victims after allowing fraudsters to steal millions from their accounts. | Incindent | |
3.2.24 | Police disrupt Grandoreiro banking malware operation, make arrests | The Federal Police of Brazil and cybersecurity researchers have disrupted the Grandoreiro banking malware operation, which has been targeting Spanish-speaking countries with financial fraud since 2017. | CyberCrime | |
3.2.24 | Keenan warns 1.5 million people of data breach after summer cyberattack | Keenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack. | Incindent | |
3.2.24 | U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks | The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian | BigBrothers | The Hacker News |
3.2.24 | Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account | The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. | Vulnerebility | The Hacker News |
3.2.24 | AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset | Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German | Incindent | The Hacker News |
3.2.24 | Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks | Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, | APT | The Hacker News |
3.2.24 | DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain | Virus | The Hacker News |
3.2.24 | Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents | A former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New York | BigBrothers | The Hacker News |
3.2.24 | INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs | An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP | CyberCrime | The Hacker News |
3.2.24 | Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs | Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized | Incindent | The Hacker News |
2.2.24 | 45k Jenkins servers exposed to RCE attacks using public exploits | Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation. | Vulnerebility | BleepingComputer |
2.2.24 | Keenan warns 1.5 million people of data breach after summer cyberattack | Keenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack. | Incindent | |
2.2.24 | Energy giant Schneider Electric hit by Cactus ransomware attack | Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. | Ransom | |
2.2.24 | Microsoft says Outlook apps can’t connect to Outlook.com | Microsoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account. | Security | |
2.2.24 | FBI: Tech support scams now use couriers to collect victims' money | Today, the FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams. | BigBrothers | |
2.2.24 | Ransomware payments drop to record low as victims refuse to pay | The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware. | Ransom | |
2.2.24 | DHS employees jailed for stealing data of 200K U.S. govt workers | Three former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees. | BigBrothers | |
2.2.24 | Exploits released for critical Jenkins RCE flaw, patch now | Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. | Exploit | |
2.2.24 | The Week in Ransomware - January 26th 2024 - Govts strike back | Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. | Ransom | |
2.2.24 | Kansas City public transportation authority hit by ransomware | The Kansas City Area Transportation Authority (KCATA) announced it was targeted by a ransomware attack on Tuesday, January 23. | Ransom | |
2.2.24 | Microsoft releases first Windows Server 2025 preview build | Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. | OS | BleepingComputer |
2.2.24 | FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network | The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to | Virus | The Hacker News |
2.2.24 | Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking Campaign | Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat . | Cryptocurrency | The Hacker News |
2.2.24 | U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO Routers | The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) | BotNet | The Hacker News |
2.2.24 | HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining | Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world | Virus | The Hacker News |
2.2.24 | Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities | Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups | Exploit | The Hacker News |
2.2.24 | CISA Warns of Active Exploitation of Flaw in Apple iOS and macOS | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, | BigBrothers | The Hacker News |
1.2.24 | Microsoft introduces flighting for Windows Server insiders | Microsoft has launched flighting for Windows Server systems enrolled in its Windows Insider open software testing program. | OS | |
1.2.24 | Ukraine: Hack wiped 2 petabytes of data from Russian research center | The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data. | Virus | |
1.2.24 | Microsoft reveals how hackers breached its Exchange Online accounts | Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. | Hack | |
1.2.24 | Role of Wazuh in building a robust cybersecurity architecture | Leveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits. Learn more from Wazuh about the benefits of open source solutions. | Security | |
1.2.24 | Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice | The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. | Congress | |
1.2.24 | 23andMe data breach: Hackers stole raw genotype data, health reports | Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. | Incindent | |
1.2.24 | Blackwood hackers hijack WPS Office update to install malware | A previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals. | Virus | |
1.2.24 | Russian TrickBot malware dev sentenced to 64 months in prison | Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide. | Virus | |
1.2.24 | iPhone apps abuse iOS push notifications to collect user data | Numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking. | OS | |
1.2.24 | Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo | Security researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition. | Congress | |
1.2.24 | Cisco warns of critical RCE flaw in communications software | Cisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue. | Vulnerebility | |
1.2.24 | Hackers target WordPress database plugin active on 1 million sites | Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours. | CyberCrime | |
1.2.24 | HPE: Russian hackers breached its security team’s email accounts | Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. | Incindent | |
1.2.24 | VexTrio TDS: Inside a massive 70,000-domain cybercrime operation | A previously unknown traffic distribution system (TDS) named 'VexTrio' has been active since at least 2017, aiding 60 affiliates in their cybercrime operations through a massive network of 70,000 sites. | CyberCrime | |
1.2.24 | Over 5,300 GitLab servers exposed to zero-click account takeover attacks | Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month. | Vulnerebility | |
1.2.24 | UK says AI will empower ransomware over the next two years | The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware. | AI | |
1.2.24 | Global fintech firm EquiLend offline after recent cyberattack | New York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in a Monday cyberattack. | Attack | |
1.2.24 | How to secure AD passwords without sacrificing end-user experience | To increase password security, regulatory bodies recommend longer and unique passwords. Despite this, many still stick to using the same easy-to-guess passwords for the sake of convenience. | Security | |
1.2.24 | Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024 | Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits. | Congress | |
1.2.24 | Windows 11 KB5034204 update fixes Bluetooth audio issues, 24 bugs | Microsoft released the January 2024 preview update for Windows 11 versions 22H2 and 23H2, which comes with Bluetooth audio bug fixes and addresses 24 known issues. | OS | |
1.2.24 | Microsoft: Recent updates cause Sysprep Windows validation errors | Microsoft says admins are seeing 0x80073cf2 errors when using the System Preparation (Sysprep) tool to validate Windows installations for deployment after installing recent Windows 10 updates. | OS | BleepingComputer |
1.2.24 | RunC Flaws Enable Container Escapes, Granting Attackers Host Access | Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the | Exploit | The Hacker News |
1.2.24 | Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation | Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. | Exploit | The Hacker News |
1.2.24 | Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware | Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for | Phishing | The Hacker News |
1.2.24 | The SEC Won't Let CISOs Be: Understanding New SaaS Cybersecurity Rules | The SEC isn't giving SaaS a free pass. Applicable public companies, known as "registrants," are now subject to cyber incident disclosure and cybersecurity | BigBrothers | The Hacker News |
1.2.24 | Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware | A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in | Cryptocurrency | The Hacker News |
1.2.24 | Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware | A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust- | Virus | The Hacker News |
1.2.24 | New Glibc Flaw Grants Attackers Root Access on Major Linux Distros | Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka | Vulnerebility | The Hacker News |
31.1.24 | Exploit released for Fortra GoAnywhere MFT auth bypass bug | Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal. | Exploit | |
31.1.24 | Water services giant Veolia North America hit by ransomware attack | Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. | Ransom | |
31.1.24 | Trello API abused to link email addresses to 15 million accounts | An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. | Incindent | |
31.1.24 | X adds passkeys support for iOS users in the United States | X, formerly Twitter, announced today that iOS users in the United States can now log into their accounts using passkeys. | Social | |
31.1.24 | Kasseika ransomware uses antivirus driver to kill other antiviruses | A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. | Ransom | |
31.1.24 | Windows 10 KB5034203 preview update adds EU DMA compliance | Microsoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act (DMA) compliance in the European Economic Area (EEA) to allow European users to uninstall all apps in Windows by March 6. | OS | |
31.1.24 | Jason’s Deli says customer data exposed in credential stuffing attack | Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks. | Attack | |
31.1.24 | Fortra warns of new critical GoAnywhere MFT auth bypass, patch now | Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user. | Vulnerebility | |
31.1.24 | US, UK, Australia sanction REvil hacker behind Medibank data breach | The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. | Ransom | |
31.1.24 | SEC confirms X account was hacked in SIM swapping attack | The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. | BigBrothers | |
31.1.24 | Cracked macOS apps drain wallets using scripts fetched from DNS records | Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts. | OS | |
31.1.24 | Malicious web redirect scripts stealth up to hide on hacked sites | Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms. | Virus | |
31.1.24 | Apple fixes first zero-day bug exploited in attacks this year | Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. | OS | |
31.1.24 | Ivanti: VPN appliances vulnerable if pushing configs after mitigation | Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. | Vulnerebility | |
31.1.24 | loanDepot cyberattack causes data breach for 16.6 million people | Mortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier this month. | Incindent | |
31.1.24 | Trezor support site breach exposes personal data of 66,000 customers | Trezor issued an alert following a security breach on January 17, 2024, when unauthorized access was gained to their third-party support ticketing portal. | Cryptocurrency | |
31.1.24 | Hackers start exploiting critical Atlassian Confluence RCE flaw | Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers. | Exploit | |
31.1.24 | Tietoevry ransomware attack causes outages for Swedish firms, cities | Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered an Akira ransomware attack impacting cloud hosting customers in one of its data centers in Sweden. | Ransom | |
31.1.24 | Watch out for "I can't believe he is gone" Facebook phishing posts | A widespread Facebook phishing campaign stating, "I can't believe he is gone. I'm gonna miss him so much," leads unsuspecting users to a website that steals your Facebook credentials. | Social | |
31.1.24 | Brave to end 'Strict' fingerprinting protection as it breaks websites | Brave Software has announced plans to deprecate the 'Strict' fingerprinting protection mode in its privacy-focused Brave Browser because it causes many sites to function incorrectly. | Safety | |
31.1.24 | Brazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top Operatives | A Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil | Virus | The Hacker News |
31.1.24 | URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite | GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to | Vulnerebility | The Hacker News |
31.1.24 | China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz | The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin | APT | The Hacker News |
31.1.24 | Italian Data Protection Watchdog Accuses ChatGPT of Privacy Violations | Italy's data protection authority (DPA) has notified ChatGPT-maker OpenAI of supposedly violating privacy laws in the region. "The available evidence pointed | AI | The Hacker News |
31.1.24 | New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility | Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure was | Virus | The Hacker News |
30.1.24 | Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws | Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to | Vulnerebility | The Hacker News |
30.1.24 | Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords | A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when | Vulnerebility | The Hacker News |
30.1.24 | Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and Golang | Cybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust . Fortinet FortiGuard Labs, which | Ransom | The Hacker News |
29.1.24 | NSA Admits Secretly Buying Your Internet Browsing Data without Warrants | The U.S. National Security Agency (NSA) has admitted to buying internet browsing records from data brokers to identify the websites and apps | BigBrothers | The Hacker News |
29.1.24 | Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines | Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information | Virus | The Hacker News |
27.1.24 | AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks | Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access | Virus | The Hacker News |
26.1.24 | Perfecting the Defense-in-Depth Strategy with Automation | Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom | Security | The Hacker News |
26.1.24 | Malicious Ads on Google Target Chinese Users with Fake Messaging Apps | Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising | Virus | The Hacker News |
26.1.24 | Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs | Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have | APT | The Hacker News |
26.1.24 | Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree | 40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot | CyberCrime | The Hacker News |
26.1.24 | Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems | Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could | Vulnerebility | The Hacker News |
26.1.24 | From Megabits to Terabits: Gcore Radar Warns of a New Era of DDoS Attacks | As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track | Attack | The Hacker News |
26.1.24 | SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks | Cybersecurity researchers have shed light on the command-and-control (C2) server workings of a known malware family called SystemBC . "SystemBC can | Virus | The Hacker News |
26.1.24 | Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP! | The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved | Vulnerebility | The Hacker News |
26.1.24 | LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks | Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks. The findings | Virus | The Hacker News |
25.1.24 | China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware | A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from | Hack | The Hacker News |
25.1.24 | New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits | A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised | Virus | The Hacker News |
24.1.24 | Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach | Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud email | Hack | The Hacker News |
24.1.24 | Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters | Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors | Exploit | The Hacker News |
24.1.24 | Kasseika Ransomware Using BYOVD Trick to Disarm Security Pre-Encryption | The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver ( BYOVD ) attack to disarm security- | Ransom | The Hacker News |
24.1.24 | U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach | Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware | Ransom | The Hacker News |
23.1.24 | VexTrio: The Uber of Cybercrime - Brokering Malware for 60+ Affiliates | The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of | CyberCrime | The Hacker News |
23.1.24 | Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub | Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from | Virus | The Hacker News |
23.1.24 | "Activator" Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets | Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system | OS | The Hacker News |
23.1.24 | BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time | Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of | Incindent | The Hacker News |
23.1.24 | ~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation | Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence | Vulnerebility | The Hacker News |
23.1.24 | Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now | Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active | OS | The Hacker News |
23.1.24 | North Korean Hackers Weaponize Research Lures to Deliver RokRAT Backdoor | Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known | Virus | The Hacker News |
23.1.24 | MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries | Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply | OS | The Hacker News |
22.1.24 | NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers | Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from | Virus | The Hacker News |
22.1.24 | FTC Bans InMarket for Selling Precise User Location Without Consent | The U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location | BigBrothers | The Hacker News |
22.1.24 | Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks | Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver | Exploit | The Hacker News |
21.1.24 | Court charges dev with hacking after cybersecurity issue disclosure | A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorized access to external computer systems and spying on data. | Cyber | |
21.1.24 | Researchers link 3AM ransomware to Conti, Royal cybercrime gangs | Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang. | Ransom | |
21.1.24 | Meta won't remove fake Instagram profiles that are clearly catfishing | Meta seems to be falling short of effectively tackling fake Instagram profiles even when there are sufficient signs to indicate that a profile is misusing someone else's photos and identity. | Social | |
21.1.24 | Russian hackers stole Microsoft corporate emails in month-long breach | Microsoft warned Friday night that some of its corporate email accounts were breached and data stolen by a Russian state-sponsored hacking group known as Midnight Blizzard. | Incindent | |
21.1.24 | BreachForums hacking forum admin sentenced to 20 years supervised release | Conor Brian Fitzpatrick was sentenced to 20 years of supervised release today in the Eastern District of Virginia for operating the notorious BreachForums hacking forum, known for the sale and leaking of personal data for hundreds of millions of people worldwide. | Cyber | |
21.1.24 | Payoneer accounts in Argentina hacked in 2FA bypass attacks | Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. | Hack | |
21.1.24 | CISA emergency directive: Mitigate Ivanti zero-days immediately | CISA issued this year's first emergency directive ordering Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate two Ivanti Connect Secure and Ivanti Policy Secure zero-day flaws in response to widespread and active exploitation by multiple threat actors. | BigBrothers | |
21.1.24 | FTC bans one more data broker from selling your location info | The U.S. Federal Trade Commission (FTC) continues to target data brokers, this time in a settlement with InMarket Media, which bans the company from selling Americans' precise location data. | BigBrothers | |
21.1.24 | Chinese hackers exploit VMware bug as zero-day for two years | A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021. | Vulnerebility | |
21.1.24 | Vans, North Face owner says ransomware breach affects 35 million people | VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35 million customers had their personal information stolen in a December ransomware attack. | Ransom | |
21.1.24 | VMware confirms critical vCenter flaw now exploited in attacks | VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation. | Exploit | |
21.1.24 | TeamViewer abused to breach networks in new ransomware attacks | Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. | Ransom | |
21.1.24 | Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years | An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been | BigBrothers | The Hacker News |
20.1.24 | Parrot TDS: A Persistent and Evolving Malware Campaign | This campaign is unique in its methodology, employing a source spoofing technique to target a broad spectrum of token holders. It specifically focuses on more than 100 highly popular projects, aiming its attacks at token holders. | Malware blog | Palo Alto |
20.1.24 | CHECK POINT RESEARCH ALERTS ON A NEW NFT AIRDROP CAMPAIGN | A traffic direction system (TDS) nicknamed Parrot TDS has been publicly reported as active since October 2021. Websites with Parrot TDS have malicious scripts injected into existing JavaScript code hosted on the server. This TDS is easily identifiable by keywords found in the injected JavaScript that we will explore to show the evolution of this threat. | OS Blog | Checkpoint |
20.1.24 | Why many CISOs consider quitting – Week in security with Tony Anscombe | The job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failings | Security blog | Eset |
20.1.24 | Virtual kidnapping: How to see through this terrifying scam | Phone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victims | Spam blog | Eset |
20.1.24 | Is Temu safe? What to know before you ‘shop like a billionaire’ | Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible deal | Spam blog | Eset |
20.1.24 | The 7 deadly cloud security sins and how SMBs can do things better | By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk | Security blog | Eset |
20.1.24 | CISA: Critical Ivanti auth bypass bug now actively exploited | CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) and MobileIron Core device management software (patched in August 2023) is now under active exploitation. | Exploit | |
20.1.24 | Kansas State University cyberattack disrupts IT network and services | Kansas State University (K-State) announced it is managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services on Canvas and Mediasite. | Incindent | |
20.1.24 | Haier hits Home Assistant plugin dev with takedown notice | Appliances giant Haier reportedly issued a takedown notice to a software developer for creating Home Assistant integration plugins for the company's home appliances and releasing them on GitHub. | Security | |
20.1.24 | US govt wants BreachForums admin sentenced to 15 years in prison | The United States government has recommended that Conor Brian Fitzpatrick, the creator and lead administrator of the now-defunct BreachForums hacking forums, receive a sentence of 15 years in prison. | CyberCrime | |
20.1.24 | Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets | Learn how threat actors utilize credentials to break into privileged IT infrastructure to create data breaches and distribute ransomware. | Ransom | |
20.1.24 | Google: Russian FSB hackers deploy new Spica backdoor malware | Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool. | BigBrothers | |
20.1.24 | Docker hosts hacked in ongoing website traffic theft scheme | A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy. | Cryptocurrency | |
20.1.24 | Have I Been Pwned adds 71 million emails from Naz.API stolen account list | Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. | Security | |
20.1.24 | Microsoft: Iranian hackers target researchers with new MediaPl malware | Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. | Virus | |
20.1.24 | Bigpanzi botnet infects 170,000 Android TV boxes with malware | A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. | OS | |
20.1.24 | CISA pushes federal agencies to patch Citrix RCE within a week | Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks. | Exploit | |
20.1.24 | iShutdown scripts can help detect iOS spyware on your iPhone | Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events. | OS | |
20.1.24 | AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks | A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. | Vulnerebility | |
20.1.24 | GitHub rotates keys to mitigate impact of credential-exposing flaw | GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. | Vulnerebility | |
20.1.24 | CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch | Exploit | The Hacker News |
20.1.24 | Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack | Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from | APT | The Hacker News |
20.1.24 | Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware | The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families | Phishing | The Hacker News |
19.1.24 | MacOS info-stealers quickly evolve to evade XProtect detection | Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently. | OS | |
19.1.24 | Citrix warns of new Netscaler zero-days exploited in attacks | Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities. | Vulnerebility | |
19.1.24 | Google fixes first actively exploited Chrome zero-day of 2024 | Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. | Vulnerebility | |
19.1.24 | Majorca city Calvià extorted for $11M in ransomware attack | The Calvià City Council in Majorca announced it was targeted by a ransomware attack on Saturday, which impacted municipal services. | Ransom | |
19.1.24 | FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials | CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. | BigBrothers | |
19.1.24 | PixieFail flaws impact PXE network boot in enterprise systems | A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers. | Vulnerebility | |
19.1.24 | Atlassian warns of critical RCE flaw in older Confluence versions | Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. | Vulnerebility | |
19.1.24 | Ivanti Connect Secure zero-days now under mass exploitation | Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) appliances are now under mass exploitation. | Vulnerebility | |
19.1.24 | US court docs expose fake antivirus renewal phishing tactics | In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails. | Phishing | |
19.1.24 | Microsoft working on a fix for Windows 10 0x80070643 errors | Microsoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability. | Vulnerebility | |
19.1.24 | Windows SmartScreen flaw exploited to drop Phemedrone malware | A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files. | Exploit | |
19.1.24 | Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks | Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks. | Vulnerebility | |
19.1.24 | Latest Adblock update causes massive YouTube performance hit | Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension. | Security | |
19.1.24 | Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software | Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected | OS | The Hacker News |
19.1.24 | Npm Trojan Bypasses UAC, Installs AnyDesk with "Oscompatible" Package | A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The | Virus | The Hacker News |
19.1.24 | U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile | BigBrothers | The Hacker News |
19.1.24 | New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic | Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the | Virus | The Hacker News |
19.1.24 | Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware | The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever | BigBrothers | The Hacker News |
19.1.24 | TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks | Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could | Vulnerebility | The Hacker News |
19.1.24 | MFA Spamming and Fatigue: When Security Measures Go Wrong | In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard | Hack | The Hacker News |
19.1.24 | PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft | Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified | Vulnerebility | The Hacker News |
18.1.24 | Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts | High-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S. | BigBrothers | The Hacker News |
18.1.24 | PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions | The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat | Hack | The Hacker News |
18.1.24 | Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the | BigBrothers | The Hacker News |
18.1.24 | New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone | Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, | OS | The Hacker News |
18.1.24 | GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials | GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials | Vulnerebility | The Hacker News |
17.1.24 | Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP! | Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are | Vulnerebility | The Hacker News |
17.1.24 | Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability | Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as | Exploit | The Hacker News |
17.1.24 | Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now | Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause | Exploit | The Hacker News |
17.1.24 | Remcos RAT Spreading Through Adult Games in New Attack Wave | The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South | Virus | The Hacker News |
16.1.24 | Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims | The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and | Cryptocurrency | The Hacker News |
16.1.24 | Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer | Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called | Cryptocurrency | The Hacker News |
16.1.24 | Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows | Cybersecurity researchers have disclosed a now-patched security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be.. | Vulnerebility | The Hacker News |
15.1.24 | The new Windows 11 features coming in 2024 | Windows 11 is gearing up to introduce an array of exciting new features in 2024 aimed at enhancing user experience across various aspects of the operating system. | OS | |
15.1.24 | GrapheneOS: Frequent Android auto-reboots block firmware exploits | GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users. | OS | |
15.1.24 | Hacker spins up 1 million virtual servers to illegally mine crypto | A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency. | Cryptocurrency | |
15.1.24 | High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners | Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if | Vulnerebility | The Hacker News |
15.1.24 | Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability | Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector . First | Virus | The Hacker News |
15.1.24 | DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023 | The environmental services industry witnessed an "unprecedented surge" in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half | Attack | The Hacker News |
14.1.24 | New Findings Challenge Attribution in Denmark's Energy Sector Cyberattacks | The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new | BigBrothers | The Hacker News |
14.1.24 | Medusa Ransomware Turning Your Files into Stone | Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. | Ransom blog | Palo Alto |
14.1.24 | Financial Fraud APK Campaign | During our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. | Hacking blog | Palo Alto |
14.1.24 | Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer | Malware, like many complex software systems, relies on the concept of software configuration. Configurations establish guidelines for malware behavior and they are a common feature among the various malware families we examine. | Malware blog | Palo Alto |
14.1.24 | .NET HOOKING – HARMONIZING MANAGED TERRITORY | For a malware researcher, analyst, or reverse engineer, the ability to alter the functionality of certain parts of code is a crucial step, often necessary to reach a meaningful result during the analysis process. | Malware blog | Checkpoint |
14.1.24 | New decryptor for Babuk Tortilla ransomware variant released | Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. | Ransom blog | Cisco Blog |
14.1.24 | Lessons from SEC's X account hack – Week in security with Tony Anscombe | The cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC's X account right ahead of the much-anticipated decision about Bitcoin ETFs | Cryptocurrency blog | Eset |
14.1.24 | A peek behind the curtain: How are sock puppet accounts used in OSINT? | How wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risks | Security blog | Eset |
14.1.24 | Attack of the copycats: How fake messaging apps and app mods could bite you | WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don’t get taken for a ride. | Social blog | Eset |
14.1.24 | Love is in the AI: Finding love online takes on a whole new meaning | Is AI companionship the future of not-so-human connection – and even the cure for loneliness? | AI blog | Eset |
14.1.24 | Cracking the 2023 SANS Holiday Hack Challenge | From ChatNPT to Game Boys and space apps, this year’s challenge took us to the Geese Islands for another rollicking romp of fun | Hacking blog | Eset |
14.1.24 | Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony Anscombe | What are some of the key cybersecurity trends that people and organizations should have on their radars this year? | Security blog | Eset |
14.1.24 | Lost and found: How to locate your missing devices and more | Losing your keys, your wallet – or anything else, really – can be a pain, but there is a wide world of trackers that can help you locate your missing things – with awesome accuracy | Security blog | Eset |
14.1.24 | Say what you will? Your favorite speech-to-text app may be a privacy risk | Typing with your voice? It should go without saying that you need to take some precautions and avoid spilling your secrets. | Security blog | Eset |
13.1.24 | Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches | Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, | Vulnerebility | The Hacker News |
13.1.24 | 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services | A 29-year-old Ukrainian national has been arrested in connection with running a "sophisticated cryptojacking scheme," netting them over $2 million (€1.8 | Cryptocurrency | The Hacker News |
13.1.24 | The Week in Ransomware - January 12th 2024 - Targeting homeowners' data | Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked. | Ransom | |
13.1.24 | CISA: Critical Microsoft SharePoint bug now actively exploited | CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution. | Exploit | |
13.1.24 | GitLab warns of critical zero-click account hijacking vulnerability | GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. | Vulnerebility | |
13.1.24 | Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families | As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day | Exploit | The Hacker News |
12.1.24 | Juniper warns of critical RCE bug in its firewalls and switches | Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. | Vulnerebility | |
12.1.24 | Ivanti Connect Secure zero-days exploited to deploy custom malware | Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. | Vulnerebility | |
12.1.24 | Framework discloses data breach after accountant gets phished | Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. | Incindent | |
12.1.24 | Over 150k WordPress sites at takeover risk via vulnerable plugin | Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. | Vulnerebility | |
12.1.24 | Halara probes breach after hacker leaks data for 950,000 people | Popular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum. | Incindent | |
12.1.24 | Microsoft testing Windows 11 USB 80Gbps support, Copilot on login | Microsoft is now testing support for the USB4 Version 2.0 specification in Windows 11, enabling transfer speeds of up to 80 Gbps over USB Type-C cables. | OS | BleepingComputer |
12.1.24 | Bitwarden adds passkey support to log into web password vaults | The open-source Bitwarden password manager has announced that all users can now log in to their web vaults using a passkey instead of the standard username and password pairs. | Security | |
12.1.24 | Microsoft shares script to update Windows 10 WinRE with BitLocker fixes | Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass. | Vulnerebility | |
12.1.24 | New Balada Injector campaign infects 6,700 WordPress sites | A new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign. | Virus | |
12.1.24 | Finland warns of Akira ransomware wiping NAS and tape backup devices | The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups. | Ransom | |
12.1.24 | Medusa Ransomware on the Rise: From Data Leaks to Physical Threats | The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web | Ransom | The Hacker News |
12.1.24 | Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks | Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency | Cryptocurrency | The Hacker News |
12.1.24 | Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its | Exploit | The Hacker News |
12.1.24 | Threat Actors Increasingly Abusing GitHub for Malicious Purposes | The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads | Virus | The Hacker News |
12.1.24 | Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy | Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute 1 , "only 59% of organizations say | Security | The Hacker News |
12.1.24 | New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems | Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source | Exploit | The Hacker News |
12.1.24 | New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms | A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS | Hack | The Hacker News |
11.1.24 | Mandiant's X account hacked by crypto Drainer-as-a-Service gang | Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack." | Hack | |
11.1.24 | Cisco says critical Unity Connection bug lets attackers get root | Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. | Vulnerebility | |
11.1.24 | Fidelity National Financial: Hackers stole data of 1.3 million people | Fidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers. | BigBrothers | BleepingComputer |
11.1.24 | Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack | A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. | BigBrothers | |
11.1.24 | Ivanti warns of Connect Secure zero-days exploited in attacks | Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. | Exploit | |
11.1.24 | Fake 401K year-end statements used to steal corporate credentials | Threat actors are using communication about personal pension accounts (the 401(k) plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials. | Incindent | BleepingComputer |
11.1.24 | Windows 10 KB5034441 security update fails with 0x80070643 errors | Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. | OS | |
11.1.24 | Microsoft Exchange 2019 has reached end of mainstream support | Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. | OS | |
11.1.24 | ShinyHunters member gets 3 years in prison for breaching 60 firms | The U.S. District Court in Seattle sentenced ShinyHunters member Sebastien Raoult to three years in prison and ordered a restitution of $5,000,000. | CyberCrime | BleepingComputer |
11.1.24 | Nigerian gets 10 years for laundering millions stolen from elderly | A Nigerian man was sentenced on Monday to 10 years and one month in prison for conspiring to launder millions stolen from elderly victims in internet fraud schemes. | CyberCrime | BleepingComputer |
11.1.24 | US SEC’s X account hacked to announce fake Bitcoin ETF approval | The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. | BigBrothers | |
11.1.24 | China claims it cracked Apple's AirDrop to find numbers, email addresses | A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. | BigBrothers | |
11.1.24 | Ransomware victims targeted by fake hack-back offers | Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. | Ransom | BleepingComputer |
11.1.24 | FTC bans data broker from selling Americans’ location data | Today, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes. | BigBrothers | |
11.1.24 | Windows 10 KB5034122 update released with fix for shut down bug | Microsoft has released the KB5034122 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes only a small number of fixes due to the holiday season. | OS | |
11.1.24 | CISA warns agencies of fourth flaw used in Triangulation spyware attacks | The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla. | Exploit | |
11.1.24 | Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs | Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities. | OS | BleepingComputer |
11.1.24 | Windows 11 KB5034123 update released with security and Wi-Fi fixes | Microsoft has released the Windows 11 KB5034123 cumulative update for versions 23H2 and 22H2 to fix a variety of issues, including a potential Wi-Fi bug that was fixed in a KIR last month. | OS | |
11.1.24 | Hackers target Microsoft SQL servers in Mimic ransomware attacks | A group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware. | Ransom | |
11.1.24 | Decryptor for Babuk ransomware variant released after hacker arrested | Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator. | Ransom | |
11.1.24 | Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach | The Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company's business division. | Ransom | |
11.1.24 | Criminal IP and Tenable Partner for Swift Vulnerability Detection | Cyber Threat Intelligence (CTI) search engine Criminal IP has established a technical partnership with Tenable. Learn more from Criminal IP about how this partnership can assist in real-time vulnerability and maliciousness scans. | Security | |
11.1.24 | Google Search bug shows blank page in Firefox for Android | Users of the Firefox browser for Android have been reporting that they are seeing a blank page when trying to load the main Google Search site. | OS | BleepingComputer |
11.1.24 | Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload | Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors | OS | The Hacker News |
11.1.24 | Mandiant's X Account Was Hacked Using Brute-Force Attack | The compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a | Attack | The Hacker News |
11.1.24 | Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure | A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to | Vulnerebility | The Hacker News |
11.1.24 | Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software | Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary | Vulnerebility | The Hacker News |
11.1.24 | NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining | A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. "The capabilities of | BotNet | The Hacker News |
10.1.24 | Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware Victims | A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain | Ransom | The Hacker News |
10.1.24 | FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data | The U.S. Federal Trade Commission (FTC) on Tuesday prohibited data broker Outlogic , which was previously known as X-Mode Social , from sharing or | BigBrothers | The Hacker News |
10.1.24 | Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities | Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are | OS | The Hacker News |
10.1.24 | CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing | BigBrothers | The Hacker News |
10.1.24 | Alert: Water Curupira Hackers Actively Distributing PikaBot Loader Malware | A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. "PikaBot's | Virus | The Hacker News |
10.1.24 | Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe | Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing | Exploit | The Hacker News |
9.1.24 | The best Windows 11 features added in 2023 | The year 2023 marks a significant milestone for Windows 11 with the introduction of several new features and improvements. This includes drag and drop for the taskbar, AI, and more. | OS | BleepingComputer |
9.1.24 | Toronto Zoo: Ransomware attack had no impact on animal wellbeing | Toronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations. | Ransom | |
9.1.24 | Netgear, Hyundai latest X accounts hacked to push crypto drainers | The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. | Cryptocurrency | |
9.1.24 | Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos | The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers (ISPs), and Kurdish websites. | BigBrothers | |
9.1.24 | Twilio will ditch its Authy desktop 2FA app in August, goes mobile only | The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication (2FA) app. | Mobil | |
9.1.24 | US mortgage lender loanDepot confirms ransomware attack | Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption. | Ransom | |
9.1.24 | Capital Health attack claimed by LockBit ransomware, risk of data leak | The Lockbit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow. | Ransom | |
9.1.24 | Securing helpdesks from hackers: What we can learn from the MGM breach | In the wake of the MGM Resorts service desk hack, it's clear that organizations need to rethink their approach to securing their help desks. Learn more from Specops Software on how to prevent such incidents. | Incindent | |
9.1.24 | Mortgage firm loanDepot cyberattack impacts IT systems, payment portal | U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. | Attack | |
9.1.24 | Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months | A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains. | Virus | |
9.1.24 | KyberSlash attacks put quantum encryption projects at risk | Multiple implementations of the Kyber key encapsulation mechanism for quantum-safe encryption, are vulnerable to a set of flaws collectively referred to as KyberSlash, which could allow the recovery of secret keys. | Attack | |
9.1.24 | Google: Malware abusing API is standard token theft, not an API issue | Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. | Virus | |
9.1.24 | X users fed up with constant stream of malicious crypto ads | Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams. | Cryptocurrency | |
9.1.24 | Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager | A security flaw has been disclosed in Kyocera's Device Manager product that could be exploited by bad actors to carry out malicious activities on affected | Vulnerebility | The Hacker News |
9.1.24 | Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer | Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information | Virus | The Hacker News |
9.1.24 | Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals | Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that's equipped to bypass | Virus | The Hacker News |
7.1.24 | Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy | Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, "only 59% of organizations say their | Security | The Hacker News |
7.1.24 | NIST Warns of Security and Privacy Risks from Rapid AI System Deployment | The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of | AI | The Hacker News |
7.1.24 | DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud | The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace , which is estimated to | CyberCrime | The Hacker News |
7.1.24 | North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023 | Threat actors affiliated with the Democratic People's Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency | Cryptocurrency | The Hacker News |
7.1.24 | Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies | Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands | BigBrothers | The Hacker News |
6.1.24 | The Week in Ransomware - January 5th 2024 - Secret decryptors | With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. | Ransom | |
6.1.24 | US charged 19 suspects linked to xDedic cybercrime marketplace | The U.S. Department of Justice announced the end of a transnational investigation into the dark web xDedic cybercrime marketplace, charging 19 suspects for their involvement in running and using the market's services. | CyberCrime | |
6.1.24 | BreachForums admin jailed again for using a VPN, unmonitored PC | The administrator behind the notorious BreachForums hacking forum has been arrested again for breaking pretrial release conditions, including using an unmonitored computer and a VPN. | CyberCrime | |
6.1.24 | Hackers target Apache RocketMQ servers vulnerable to RCE attacks | Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. | Vulnerebility | |
6.1.24 | Web3 security firm CertiK's X account hacked to push crypto drainer | The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. | Social | |
6.1.24 | Memorial University recovers from cyberattack, delays semester start | The Memorial University of Newfoundland (MUN) continues to deal with the effects of a cyberattack that occurred in late December and postponed the start of classes in one campus. | Incindent | |
6.1.24 | Crypto wallet founder loses $125,000 to fake airdrop website | A crypto wallet service co-founder shares with the world his agony after losing $125,000 to a crypto scam. The startup CEO, who at the time believed he was on a legitimate cryptocurrency airdrop website, realized after his loss that the domain he'd went on was setup for the purposes of phishing unsuspecting users. | Cryptocurrency | |
6.1.24 | Ivanti warns critical EPM bug lets hackers hijack enrolled devices | Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server. | Vulnerebility | |
6.1.24 | Russian hackers wiped thousands of systems in KyivStar attack | The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped all systems on the telecom operator's core network. | BigBrothers | |
6.1.24 | Hackers hijack govt and business accounts on X for crypto scams | Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams, phishing sites, and sites with crypto drainers. | Social | |
6.1.24 | Zeppelin ransomware source code sold for $500 on hacking forum | A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. | Ransom | |
6.1.24 | FTC offers $25,000 prize for detecting AI-enabled voice cloning | The U.S. Federal Trade Commission (FTC) has started accepting submissions for its Voice Cloning Challenge, a public competition with a $25,000 top prize for ideas that protect consumers from the danger of AI-enabled voice cloning for fraudulent activity. | BigBrothers | |
6.1.24 | 'everything' blocks devs from removing their own npm packages | Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it impossible for all npm authors to unpublish their packages from the registry. | Virus | |
6.1.24 | 'everything' blocks devs from removing their own npm packages | The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. | Cryptocurrency | |
6.1.24 | Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware | The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice . The findings come from | BigBrothers | The Hacker News |
5.1.24 | SpectralBlur: New macOS Backdoor Threat from North Korean Hackers | Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has | Apple | The Hacker News |
5.1.24 | Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware | Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator | Hack | The Hacker News |
5.1.24 | Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution | Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could | Vulnerebility | The Hacker News |
5.1.24 | Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months | Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator | BigBrothers | The Hacker News |
5.1.24 | New Bandook RAT Variant Resurfaces, Targeting Windows Machines | A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows | Virus | The Hacker News |
5.1.24 | Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners | Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a | Virus | The Hacker News |
5.1.24 | UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT | The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from | Virus | The Hacker News |
4.1.24 | Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack | American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an.. | Cryptocurrency | |
4.1.24 | Mandiant’s account on X hacked to push cryptocurrency scam | The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. | Cryptocurrency | |
4.1.24 | Hacker hijacks Orange Spain RIPE account to cause BGP havoc | Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. | Hack | |
4.1.24 | Nigerian hacker arrested for stealing $7.5M from charities | A Nigerian national was arrested in Ghana and is facing charges related to business email compromise (BEC) attacks that caused a charitable organization in the United States to lose more than $7.5 million. | Spam | |
4.1.24 | PornHub blocks North Carolina, Montana over new age verification laws | Adult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Carolina as new age verifications laws go into effect. | Security | |
4.1.24 | LastPass now requires 12-character master passwords for better security | LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. | Incindent | |
4.1.24 | Data breach at healthcare tech firm impacts 4.5 million patients | HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. | Incindent | |
4.1.24 | Nearly 11 million SSH servers vulnerable to new Terrapin attacks | Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. | Attack | |
4.1.24 | CISA warns of actively exploited bugs in Chrome and Excel parsing library | The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel. | BigBrothers | |
4.1.24 | Steam drops support for Windows 7 and 8.1 to boost security | Steam is no longer supported on Windows 7, Windows 8, and Windows 8.1 as of January 1, with the company recommending users upgrade to a newer operating system. | Security | |
4.1.24 | Orbit Chain loses $86 million in the last fintech hack of 2023 | Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin. | Incindent | |
4.1.24 | Online museum collections down after cyberattack on service provider | Museum software solutions provider Gallery Systems has disclosed that its ongoing IT outages were caused by a ransomware attack last week. | Ransom | |
4.1.24 | Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data | The U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers, and a limited amount of personal information might have been exposed, according to an announcement by the parent company, Xerox Corporation. | Ransom | |
4.1.24 | Google Groups is ending support for Usenet to combat spam | Google has officially announced it's ceasing support for Usenet groups on its Google Groups platform, a move partly attributed to the platform's increasing struggle with spam content. | Spam | |
4.1.24 | Victoria court recordings exposed in reported ransomware attack | Australia's Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack. | Ransom | |
4.1.24 | The law enforcement operations targeting cybercrime in 2023 | In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. | CyberCrime | |
4.1.24 | The biggest cybersecurity and cyberattack stories of 2023 | 2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. | Security | |
3.1.24 | Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset | Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user.. | Virus | |
3.1.24 | SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails | A new exploitation technique called Simple Mail Transfer Protocol ( SMTP ) smuggling can be weaponized by threat actors to send spoofed emails.. | Exploit | The Hacker News |
3.1.24 | DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation | The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it.. | Spam | The Hacker News |
3.1.24 | Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode' | Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought.. | Security | |
1.1.24 | New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections | Security researchers have detailed a new variant of a dynamic link library ( DLL ) search order hijacking technique that could be used by threat actors.. | Hack | The Hacker News |
1.1.24 | New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security | Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell ( SSH ) cryptographic network protocol that.. | ||
1.1.24 | New JinxLoader Targeting Users with Formbook and XLoader Malware | A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor.. | Virus | The Hacker News |