Today's cybersecurity headlines are brought to you by ThreatPerspective
| Follow @EthHackingNews |
| Follow @EthHackingNews |
Russian Authorities Arrest Three Suspects Behind Mamont Android Banking Trojan
A recent arrest by Russian authorities has shed light on a sophisticated Android banking trojan known as Mamont, which has been linked to over 300 cybercrimes. In this article, we will delve into the world of mobile banking threats and explore the intricacies of the Mamont malware.
Published: Sat Mar 29 16:08:40 2025 by llama3.2 3B Q4_K_M
Cybersecurity experts have sounded the alarm about the exploitation of Ivanti's CVE-2025-0282 vulnerability by malicious actors. The emergence of RESURGE as a variant of the SPAWN ecosystem underscores the need for prompt patching and mitigation strategies to prevent unauthorized access to critical infrastructure.
Stay ahead of emerging threats with our expert insights, exclusive resources, and practical strategies. Follow us on Twitter and LinkedIn to stay informed about the latest developments in the world of cybersecurity.
Published: Sun Mar 30 00:32:31 2025 by llama3.2 3B Q4_K_M
A new Android malware has been discovered by researchers at ThreatFabric, which tricks users into providing their seed phrase for cryptocurrency wallets via social engineering tactics. With its sophisticated capabilities and ability to gain full control over devices, Crocodilus presents a significant threat to Android users worldwide. Learn more about this emerging threat in our detailed analysis of the new malware.
Published: Sun Mar 30 09:53:17 2025 by llama3.2 3B Q4_K_M
The increasing complexity of cyber threats necessitates a comprehensive understanding of the various tactics employed by threat actors. This article delves into recent malware-related news and trends, highlighting the need for improved cybersecurity awareness and education. With new threats emerging every day, it is essential that we stay informed and adapt our strategies to address these evolving risks.
Published: Sun Mar 30 11:57:18 2025 by llama3.2 3B Q4_K_M
Recent malware threats have highlighted the growing sophistication of threat actors and their willingness to target high-profile targets. From critical vulnerabilities in Adobe ColdFusion to ransomware attacks on major financial institutions, the threat landscape is constantly evolving. This article will delve into some of the most notable examples of malware threats that have emerged in recent times, highlighting the tactics used by these threat actors and the potential consequences for organizations and individuals alike.
Published: Sun Mar 30 12:22:06 2025 by llama3.2 3B Q4_K_M
Oracle Health has fallen victim to an information leak attack that exposed patient data stored by American hospitals, highlighting the growing concern over cybersecurity breaches. In this article, we delve into the details of the breach, explore related developments in the world of cybersecurity, and examine the broader implications for organizations seeking to protect themselves from these threats.
Published: Sun Mar 30 18:58:57 2025 by llama3.2 3B Q4_K_M
China has launched a significant crackdown on personal information collection and use, targeting six key settings including apps, software development kits, wearables, facial recognition technology, offline data collection, and employers. The move aims to promote data protection and cybersecurity, while also addressing concerns around transparency and accountability in the tech industry. As the global tech landscape continues to evolve, it's essential to stay informed about emerging trends and regulatory developments.
Published: Sun Mar 30 20:08:25 2025 by llama3.2 3B Q4_K_M
CISA has issued a warning about the RESURGE malware, which is being used to exploit a vulnerability in Ivanti Connect Secure appliances. This malicious code can lead to unauthenticated remote code execution and privilege escalation if left unpatched. The affected appliances include Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Ivanti has released an update that addresses the vulnerability, but it is recommended that users take immediate action to patch their systems.
Published: Sun Mar 30 20:37:21 2025 by llama3.2 3B Q4_K_M
The assumption that cloud providers like AWS are fully responsible for securing an organization's environment can lead to devastating consequences. This article delves into the Shared Responsibility Model and highlights the importance of taking proactive measures to protect one's cloud environment from potential threats, emphasizing the customer's responsibility in security decisions.
Published: Mon Mar 31 05:56:11 2025 by llama3.2 3B Q4_K_M
An unsecured database belonging to South Korea-based website GenNomis has been exposed, revealing tens of thousands of explicit images generated by AI, including child sexual abuse material. This disturbing finding sheds light on the dark side of generative AI, highlighting the ease with which malicious actors can create and distribute harmful content using these powerful tools.
Published: Mon Mar 31 07:08:49 2025 by llama3.2 3B Q4_K_M
A recent surge in cybersecurity breaches and vulnerabilities highlights the need for vigilance and proactive measures to protect against emerging threats. This article provides a comprehensive analysis of the current state of cybersecurity threats, exploring the various types of attacks, vulnerabilities, and exploits that are currently plaguing the online landscape.
Published: Mon Mar 31 07:18:34 2025 by llama3.2 3B Q4_K_M
Awareness is key when it comes to cloud security; understand your responsibilities within the AWS ecosystem and take proactive measures to protect your business from emerging threats.
Published: Mon Mar 31 07:25:44 2025 by llama3.2 3B Q4_K_M
Russia-linked hacking group Gamaredon has been linked to a recent phishing campaign aimed at deploying the Remcos RAT (Remote Access Trojans) in Ukraine. The attackers used Russian words related to troop movement as lures, disguising malicious files as Microsoft Office documents. This is part of an ongoing effort by this group to compromise systems through sophisticated social engineering tactics.
Published: Mon Mar 31 07:40:59 2025 by llama3.2 3B Q4_K_M
Morphing Meerkat is a sophisticated phishing-as-a-service platform exploiting DNS MX records for large-scale cyber attacks. Targeting over 100 brands, it has been active for at least five years, using compromised WordPress sites, open redirects, and MX records to tailor fake login pages.
Published: Mon Mar 31 07:59:55 2025 by llama3.2 3B Q4_K_M
A recent report from Patchstack has highlighted a concerning trend among threat actors, who have been exploiting four different security vulnerabilities in WordPress since the start of the year. These vulnerabilities pose a significant risk to WordPress sites, as they can be used to inject malicious code and compromise user data.
The first vulnerability identified is CVE-2024-27956, which poses an unauthenticated arbitrary SQL execution risk due to the Automatic Plugin - AI content generator and auto poster plugin. Next, there is CVE-2024-25600, a remote code execution (RCE) vulnerability in the Bricks theme that has been found by Patchstack. The RCE weakness enables attackers to execute arbitrary code on the WordPress site remotely.
Furthermore, CVE-2024-8353 is another unauthenticated PHP object injection vulnerability in GiveWP plugin that has been identified by Patchstack. This weakness allows attackers to inject malicious code into the WordPress site's PHP environment, which can be used to execute arbitrary commands or inject malware.
Lastly, there is CVE-2024-4345, an arbitrary file upload vulnerability in Startklar Elementor Addons for WordPress. The file upload vulnerability could potentially allow attackers to inject malicious files onto the site, including executables that can be run by the server's PHP environment.
Sucuri researcher Puja Srivastava has highlighted the potential impact of these vulnerabilities on WordPress sites, noting that threat actors are exploiting these weaknesses to stage malware and deliver it to vulnerable sites. By staying informed and taking proactive steps to secure their sites, users can reduce the risk of falling victim to these types of attacks.
To learn more about these vulnerabilities and how to protect yourself against them, be sure to check out the full report from Patchstack.
Published: Mon Mar 31 09:18:24 2025 by llama3.2 3B Q4_K_M
Russia-linked Gamaredon targets Ukraine with a sophisticated phishing campaign using troop-related lures to deploy Remcos RAT via PowerShell downloader, demonstrating advanced tactics employed by this notorious group.
Published: Mon Mar 31 09:40:36 2025 by llama3.2 3B Q4_K_M
CoffeeLoader, a sophisticated malware packager that leverages GPU-based packing techniques to evade detection, has been identified as a significant threat in the world of cyber threats. This article provides an in-depth analysis of CoffeeLoader's modus operandi and implications, highlighting the need for proactive cybersecurity measures to mitigate its risks.
Published: Mon Mar 31 10:01:46 2025 by llama3.2 3B Q4_K_M
In a disturbing turn of events, North Korean hackers have adopted ClickFix attacks to compromise cryptocurrency firms. The Lazarus group's latest campaign serves as a stark reminder of the ever-present threat posed by North Korean cyber-attacks. Stay informed and take proactive steps to protect yourself against these insidious tactics.
Published: Mon Mar 31 11:23:17 2025 by llama3.2 3B Q4_K_M
Hackers are using the WordPress mu-plugins directory to run malicious code on millions of sites. The technique involves exploiting known vulnerabilities in plugins and themes or weak admin account credentials. Site admins can protect themselves by applying regular security updates, disabling unused plugins, and strengthening their user accounts.
Published: Mon Mar 31 12:40:33 2025 by llama3.2 3B Q4_K_M
Check Point Breach: The "Highly Sensitive" Data Scandal that Left Many Questions Unanswered
A recent cybercrime forum post claimed to have obtained highly sensitive data from Check Point, an American-Israeli security company. However, Check Point has denied the allegations, stating that the breach was limited and contained only outdated information. This article will delve into the details of the incident, the response from Check Point, and the implications for the cybersecurity industry.
Published: Mon Mar 31 12:48:14 2025 by llama3.2 3B Q4_K_M
Russian hackers have been spotted exploiting a recently-patched Microsoft Windows zero-day vulnerability, resulting in the deployment of malware and backdoors. According to Trend Micro researchers, the attackers are believed to be affiliated with the suspected Russian hacking group Water Gamayun. This attack highlights the ongoing threat posed by sophisticated malware campaigns and underscores the importance of staying vigilant in detecting and mitigating such attacks.
Published: Mon Mar 31 13:11:37 2025 by llama3.2 3B Q4_K_M
Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks; Lucid offers subscription-based model with access to 1,000 phishing domains and pro-grade spamming tools. The attack targets users across 88 countries, utilizing end-to-end encrypted messaging platforms like iMessage and RCS.
Published: Mon Mar 31 14:23:33 2025 by llama3.2 3B Q4_K_M
Oracle Cloud's denial of a digital break-in is now in clear dispute as experts question the company's security expertise amid allegations of data theft. The situation highlights the ongoing struggle between cloud providers and cyber threats, emphasizing the need for robust security protocols and prompt incident response planning.
Published: Mon Mar 31 14:40:59 2025 by llama3.2 3B Q4_K_M
Xiaofeng Wang, a renowned computer scientist, has disappeared along with his wife amidst unexplained FBI raids on their homes. The sudden erasure of his online presence has left many colleagues and friends wondering about the circumstances surrounding his disappearance. As the search for answers continues, concerns about the motivations behind the raid and the potential consequences on the academic community grow.
Published: Mon Mar 31 15:54:12 2025 by llama3.2 3B Q4_K_M
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the Cisco Smart Licensing Utility to its Known Exploited Vulnerabilities (KEV) catalog, marking a significant development in the ongoing cat-and-mouse game between cybersecurity professionals and malicious actors. This article provides an in-depth analysis of the vulnerability, its implications, and the necessary steps organizations must take to protect themselves from potential exploitation.
Published: Mon Mar 31 16:16:04 2025 by llama3.2 3B Q4_K_M
Oracle has been accused of pedantry in its handling of reported security breaches on its cloud and health services, sparking calls for greater transparency and accountability from the IT giant.
Published: Mon Mar 31 17:38:04 2025 by llama3.2 3B Q4_K_M
A top computer security professor and his wife have vanished after a federal raid on their homes in Indiana. The FBI and local police were involved in the search, but no further details have been released about what led to their disappearance.
Published: Mon Mar 31 18:47:02 2025 by llama3.2 3B Q4_K_M
Oracle faces mounting criticism over two recent security breaches in its cloud services, which allegedly resulted in the theft of sensitive customer data. The company's lack of transparency has sparked concerns about its commitment to customer data protection.
Published: Mon Mar 31 18:58:21 2025 by llama3.2 3B Q4_K_M
CISA warns of a new strain of malware targeting a critical vulnerability in Ivanti software, which has serious implications for enterprise security. Organizations must take immediate action to patch their systems and protect themselves against this threat.
Published: Mon Mar 31 21:10:52 2025 by llama3.2 3B Q4_K_M
Apple has been fined €150 million by France's competition watchdog over its handling of App Tracking Transparency (ATT) consent practices. The fine highlights concerns about the framework's implementation and raises questions about fairness and effectiveness in safeguarding user data.
Published: Tue Apr 1 01:23:52 2025 by llama3.2 3B Q4_K_M
In a recent discovery, Sucuri researchers exposed the use of WordPress malware targeting sites through the mu-plugins directory, allowing attackers to evade detection and inject malicious code stealthily. The third malware detected by Sucuri is a JavaScript injector that replaces site images with explicit content and hijacks links to open malicious popups. This reveals how attackers are exploiting vulnerabilities in the mu-plugins directory to maintain persistence and manipulate traffic for malicious purposes.
The attacks employ obfuscated PHP, utilizing functions like eval() to run arbitrary code stealthily. Two cases of malware have been identified: a fake update redirect (redirect.php) that tricks users into executing malicious code, leading to data theft and further infections; and a Remote Code Execution Webshell that enables persistent control and ongoing infections.
The discovery highlights the need for strong security measures, such as regular monitoring, file integrity checks, and web application firewalls. It underscores the creativity and persistence of attackers in hiding malware deep within WordPress installations, emphasizing the importance of proactive security measures to prevent these types of sophisticated attacks.
Published: Tue Apr 1 03:44:59 2025 by llama3.2 3B Q4_K_M
A young intern at Britain's top eavesdropping government agency has been found guilty of taking sensitive information home on the first day of his trial, highlighting the importance of maintaining strict security protocols and handling sensitive data with care.
Published: Tue Apr 1 05:03:40 2025 by llama3.2 3B Q4_K_M
UK introduces landmark Cyber Security and Resilience Bill to protect critical infrastructure from cyber threats.
Published: Tue Apr 1 07:14:26 2025 by llama3.2 3B Q4_K_M
Recent updates in the cybersecurity space include critical patches for Apple devices, newly discovered vulnerabilities in solar power systems, a ransomware decryptor tool, GitHub's supply chain attack, and a new AI security report. Stay ahead of emerging threats with the latest information from THN Weekly Recap.
Published: Tue Apr 1 07:27:01 2025 by llama3.2 3B Q4_K_M
A coordinated login scan campaign targeting Palo Alto Networks' PAN-OS GlobalProtect gateways has been detected by GreyNoise, with nearly 24,000 unique IP addresses attempting to access these portals. The surge in activity, which commenced on March 17, 2025, suggests a systemic approach to testing network defenses and potentially paving the way for later exploitation.
Published: Tue Apr 1 07:35:44 2025 by llama3.2 3B Q4_K_M
Earth Alux: A Sophisticated China-Linked Threat Actor Exploits Vulnerabilities to Launch Multi-Stage Cyber Intrusions
Published: Tue Apr 1 07:45:56 2025 by llama3.2 3B Q4_K_M
A recent case study reveals a critical vulnerability in a global retailer's Facebook pixel implementation, which could have led to substantial fines and financial losses. Learn how this issue unfolded and why it matters for online security in our latest article.
Published: Tue Apr 1 08:02:53 2025 by llama3.2 3B Q4_K_M
A recent report by Forescout Vedere Labs has uncovered 46 critical security flaws in solar power systems manufactured by Sungrow, Growatt, and SMA. This alarming discovery highlights the vulnerability of these high-stakes energy infrastructure systems to cyber threats, posing a significant threat to the stability and security of the global energy grid.
Published: Tue Apr 1 08:14:49 2025 by llama3.2 3B Q4_K_M
A recent string of high-profile cyber attacks has left experts scrambling to address the growing threat landscape. From critical infrastructure vulnerabilities to sophisticated phishing campaigns, it appears that no organization is immune to the dangers of a rapidly evolving digital world.
Published: Tue Apr 1 08:34:24 2025 by llama3.2 3B Q4_K_M
Google has recently rolled out a simplified end-to-end encryption model specifically designed for its business users, enabling them to send encrypted emails without the need for complex certificate management.
Published: Tue Apr 1 10:02:51 2025 by llama3.2 3B Q4_K_M
Apple has released critical security patches for older iOS and macOS versions, addressing zero-day exploits and numerous other security vulnerabilities.
Published: Tue Apr 1 10:22:44 2025 by llama3.2 3B Q4_K_M
A new critical authentication bypass bug in the CrushFTP file transfer software has been exploited by attackers, leaving numerous devices running unpatched versions vulnerable to remote access.
Published: Tue Apr 1 10:33:59 2025 by llama3.2 3B Q4_K_M
Microsoft Celebrates 50 Years: A Journey Marked by Triumphs and Tragedies
Published: Tue Apr 1 10:46:37 2025 by llama3.2 3B Q4_K_M
A new phishing-as-a-service (PhaaS) platform called Lucid has been identified as the mastermind behind a massive global attack, targeting 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android. With its sophisticated phishing tactics and high success rates, Lucid poses a significant threat to global financial security, requiring immediate action from financial institutions and cybersecurity experts.
Published: Tue Apr 1 11:06:33 2025 by llama3.2 3B Q4_K_M
Apple has released a critical security patch for three vulnerabilities (CVE-2025-24085, CVE-2025-24200, and CVE-2025-24201) that have been actively exploited in the wild. The update covers various devices running on older operating systems and addresses significant risks to user data and device security.
Published: Tue Apr 1 11:21:09 2025 by llama3.2 3B Q4_K_M
CrushFTP CVE-2025-2825: A critical vulnerability has been actively exploited in the wild, putting unpatched devices at risk of unauthorized access. System administrators must take immediate action to patch their software or implement temporary security measures to protect against this attack.
Published: Tue Apr 1 11:41:34 2025 by llama3.2 3B Q4_K_M
Acronis Threat Research Unit uncovers a complex malware delivery chain involving Visual Basic script, batch file, and PowerShell to deploy high-profile malware like DCRat or Rhadamanthys infostealer. Discover the full details behind this sophisticated scheme in our latest article. Read more.
Published: Tue Apr 1 12:59:00 2025 by llama3.2 3B Q4_K_M
Cloud security experts are warning of a rising threat actor known as JINX-0126, who has been exploiting publicly-exposed PostgreSQL instances with weak or predictable credentials. The malicious actors behind this campaign have been utilizing fileless techniques to deploy cryptocurrency miners on compromised servers, leaving a trail of devastation in their wake.
Published: Tue Apr 1 13:06:40 2025 by llama3.2 3B Q4_K_M
Google has introduced a groundbreaking end-to-end encryption feature for its Enterprise Gmail users, allowing them to send encrypted emails to any user with the click of a button. This innovative update utilizes client-side encryption (CSE) to provide unparalleled security and peace of mind for its users.
Published: Tue Apr 1 13:16:52 2025 by llama3.2 3B Q4_K_M
Canon printer driver flaw: A critical code execution vulnerability has been discovered, posing a significant risk to users. The vulnerability, CVE-2025-1268, affects certain Canon printer drivers and could allow attackers to execute arbitrary code or prevent printing.
Published: Tue Apr 1 14:37:47 2025 by llama3.2 3B Q4_K_M
A US National Security Adviser has been accused of using his personal Gmail account for highly technical conversations with colleagues at other government agencies, raising questions about the security protocols in place within the administration. The revelation has sparked a heated debate about the role of personal accounts in national security discussions and whether sensitive information was inadvertently compromised as a result of the adviser's actions.
Published: Tue Apr 1 19:03:55 2025 by llama3.2 3B Q4_K_M
Senior members of the US National Security Council, including National Security Adviser Michael Waltz, have been accused of using their personal Gmail accounts to exchange sensitive information, sparking concerns about the security of sensitive information within the US government. The incident highlights the need for robust security measures to protect sensitive information and raises questions about Waltz's ability to maintain his security posture.
Published: Tue Apr 1 21:14:33 2025 by llama3.2 3B Q4_K_M
Apple has belatedly patched CVE-2025-24200 and other security vulnerabilities in its older operating systems, addressing a patching delay that had raised concerns about user safety. This update brings some relief to users who have been vulnerable to exploitation by attackers.
Published: Wed Apr 2 01:44:31 2025 by llama3.2 3B Q4_K_M
North Korea's fake tech workers are targeting European employers with sophisticated scams, including using generative AI and fake personas. The FBI has issued guidance on how to spot these scammers and reduce the risk of falling victim to their tactics.
Published: Wed Apr 2 01:53:36 2025 by llama3.2 3B Q4_K_M
Recently discovered malware loaders are employing advanced evasion techniques to evade detection and establish persistence on compromised systems. The SHELBYLOADER and Hijack Loader malware loaders utilize GitHub for command-and-control operations and call stack spoofing, respectively, to bypass traditional security software and inject malicious code into the system. Understanding these TTPs is crucial for organizations to stay ahead of emerging threats.
Published: Wed Apr 2 02:06:00 2025 by llama3.2 3B Q4_K_M
| Follow @EthHackingNews |