Today's cybersecurity headlines are brought to you by ThreatPerspective
| Follow @EthHackingNews |
| Follow @EthHackingNews |
Lee Enterprises, a prominent newspaper publishing giant in the United States, has recently suffered a devastating cyberattack that has left its operations severely disrupted for over two weeks. The attack, which involved ransomware, has resulted in significant delays and disruptions to the distribution of print publications across the country, as well as limitations on online operations. In this article, we will delve into the details of the breach, its impact on Lee Enterprises' operations, and the measures being taken by the company to recover from the attack.
Published: Tue Feb 18 07:28:49 2025 by llama3.2 3B Q4_K_M
Indian authorities have seized over $200 million worth of cryptocurrency and assets linked to the collapsed BitConnect crypto scam, bringing another significant blow to one of the most notorious crypto scams in recent history. The Directorate of Enforcement has confirmed that it has recovered "various cryptocurrencies" valued at Rs. 1646 Crore ($190 million), along with Rs. 486 Crore ($56 million) worth of "movable and immovable properties" connected to the scandal.
Published: Tue Feb 18 07:39:27 2025 by llama3.2 3B Q4_K_M
Juniper Networks has issued a critical security advisory to address a severe vulnerability in its Session Smart Router products that could allow network-based attackers to bypass authentication and take control of susceptible devices. The vulnerability, tracked as CVE-2025-21589, carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3.
Published: Tue Feb 18 08:04:38 2025 by llama3.2 3B Q4_K_M
Recent data from Picus Labs' Red Report 2025 suggests that the hype surrounding AI-driven attacks may be overstated. Instead, tried-and-true tactics, techniques, and procedures (TTPs) remain the dominant force in the cyber threat landscape. Learn more about the most critical findings and trends shaping the year's most deployed adversarial campaigns and what steps cybersecurity teams need to take to respond to them.
Published: Tue Feb 18 08:13:22 2025 by llama3.2 3B Q4_K_M
A recently uncovered campaign by APT41, known as RevivalStone, has targeted Japanese firms in a sophisticated espionage operation. The group's use of custom toolsets and techniques highlights its ability to bypass security software and establish covert channels for persistent remote access. This article provides an in-depth look at the RevivalStone campaign and the implications for organizations worldwide.
Published: Tue Feb 18 08:22:34 2025 by llama3.2 3B Q4_K_M
Recent developments in the world of cybersecurity have revealed several significant threats, including vulnerabilities in Xerox printers that could allow attackers to capture Windows Active Directory credentials. These issues highlight the need for immediate attention from organizations to patch their systems and implement robust security measures. In addition, a vulnerability has been identified in a widely deployed healthcare software that could enable threat actors to access sensitive data. The importance of user behavior and password management is also emphasized, as well as the growing concern of identity debt in cybersecurity.
Published: Tue Feb 18 08:29:26 2025 by llama3.2 3B Q4_K_M
In recent times, cybercriminals have been exploiting various vulnerabilities to deploy malicious code on e-commerce sites, aiming to steal sensitive payment information from unsuspecting users. One such campaign has recently come to light, where threat actors have taken advantage of the "onerror" event in image tags to inject malware into websites running Magento platforms. This new attack vector is a significant escalation in the tactics employed by cybercriminals, and it poses a significant threat to the security of e-commerce sites.
Published: Tue Feb 18 08:37:12 2025 by llama3.2 3B Q4_K_M
Xerox VersaLink C7025 Multifunction printer flaws have been discovered, potentially exposing Windows Active Directory credentials to attackers. The vulnerabilities were identified by Rapid7 researchers and impact Xerox Versalink MFPs with Firmware Version 57.69.91 and earlier.
Published: Tue Feb 18 09:03:01 2025 by llama3.2 3B Q4_K_M
A new variant of the XCSSET macOS malware has been discovered by Microsoft Threat Intelligence, boasting enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. This latest development highlights the ever-evolving threat landscape of cybersecurity, where attackers continually push the boundaries of what is possible with malware.
Published: Tue Feb 18 09:24:29 2025 by llama3.2 3B Q4_K_M
Fintech giant Finastra has been notified of a data breach that occurred in October 2024, resulting in the theft of personal information from unknown attackers. The company is providing notification letters and free credit monitoring services to affected individuals, but it is essential for those whose personal data was stolen to take additional steps to safeguard their identities.
Published: Tue Feb 18 11:01:57 2025 by llama3.2 3B Q4_K_M
US newspaper publisher Lee Enterprises has been hit by a "cybersecurity attack" according to a regulatory filing. The breach resulted in disruptions to various business operations and left many wondering if the attack was actually ransomware. As the company navigates this complex situation, it raises questions about preparedness, transparency, and accountability.
Published: Tue Feb 18 11:34:35 2025 by llama3.2 3B Q4_K_M
Researchers have disclosed two brand-new vulnerabilities in OpenSSH, a widely used open source implementation of the SSH protocol, that could be exploited by attackers to perform machine-in-the-middle (MitM) attacks on the client and pre-authentication denial-of-service (DoS) attacks on both the client and server.
Published: Tue Feb 18 11:54:32 2025 by llama3.2 3B Q4_K_M
The FBI and CISA are calling on the software development community to take action against buffer overflows, a type of memory corruption bug that can lead to catastrophic consequences. The agencies argue that testing, inspections, and safe coding practices can help prevent these issues, while also emphasizing the importance of cultural and personal factors in driving adoption of new technologies.
Published: Tue Feb 18 12:06:16 2025 by llama3.2 3B Q4_K_M
New OpenSSH Flaws Expose Critical Vulnerabilities to Man-in-the-Middle and Denial-of-Service Attacks
A recent discovery of two critical vulnerabilities in the widely used OpenSSH secure networking utility suite has highlighted the need for users to prioritize software security and stay up-to-date with the latest patches and updates. Follow us for more exclusive content on cybersecurity news, trends, and expert insights.
Published: Tue Feb 18 12:17:58 2025 by llama3.2 3B Q4_K_M
Recent analysis by Trend Micro revealed a novel technique used by Chinese state-sponsored threat actor Mustang Panda to evade detection and maintain control over infected systems. By exploiting legitimate Microsoft Windows utilities, these hackers are able to bypass security measures and continue their malicious activities undetected.
Published: Tue Feb 18 12:28:31 2025 by llama3.2 3B Q4_K_M
A new malware campaign known as FrigidStealer is targeting macOS users via fake browser updates, delivering a sophisticated information stealer designed specifically for Apple's operating system. The threat actor behind this malicious payload leverages fake update themed lures to distribute the malware, and its complexity highlights the evolving nature of cyber threats. Stay informed about emerging threats like FrigidStealer and take proactive measures to protect yourself from these ongoing cyber attacks.
Published: Tue Feb 18 12:37:42 2025 by llama3.2 3B Q4_K_M
A new wave of cyber espionage has hit Japanese organizations, specifically those in the manufacturing, materials, and energy sectors. Researchers from cybersecurity firm LAC have uncovered a new campaign dubbed RevivalStone, carried out by the China-linked APT group Winnti since March 2024. This article delves into the details of the attack and its implications for global security.
Published: Tue Feb 18 12:57:08 2025 by llama3.2 3B Q4_K_M
Chinese hackers abuse Microsoft APP-v tool to evade antivirus detection, injecting malware into legitimate processes via a vulnerability in the Application Virtualization (App-V) utility. This allows them to bypass traditional antivirus software and maintain undetected access to compromised systems.
Published: Tue Feb 18 14:20:27 2025 by llama3.2 3B Q4_K_M
Juniper Networks has issued a critical security update to address a severe authentication bypass vulnerability in its Session Smart routers, which could allow network-based attackers to gain unauthorized access to critical infrastructure. Organizations that use Juniper routers are advised to upgrade to patched software versions and take other necessary precautions to prevent similar incidents.
Published: Tue Feb 18 14:31:23 2025 by llama3.2 3B Q4_K_M
The use of phishing pages has evolved, with malicious actors now exploiting mobile wallets like Apple and Google to steal sensitive information. A new form of mobile fraud, dubbed "ghost tap," is on the rise, allowing cybercriminals to cash out mobile wallets by obtaining real point-of-sale terminals and using tap-to-pay on phone after phone. This article delves into the world of mobile phishing, exploring its tactics and implications for financial institutions.
Published: Tue Feb 18 14:39:25 2025 by llama3.2 3B Q4_K_M
Venture capital giant Insight Partners suffered a sophisticated social engineering attack that compromised some of its information systems, according to a statement released by the company. The breach occurred on January 16 and did not result in any additional disruptions to Insight's operations. While details regarding the nature of the attack are still unknown, the company has assured stakeholders that it will work diligently to determine the scope of the incident with the support of cybersecurity experts.
Published: Tue Feb 18 16:03:50 2025 by llama3.2 3B Q4_K_M
A recent report has uncovered a new variant of Snake Keylogger, which inflicts Windows systems with an AutoIt-compiled payload. The malware logs keystrokes, captures screenshots, and collects clipboard data to steal sensitive information, making it essential for users to stay vigilant and protect their systems from this new threat.
Published: Tue Feb 18 16:16:22 2025 by llama3.2 3B Q4_K_M
The Department of Government Efficiency's pursuit of sensitive data has sparked widespread concern among lawmakers, advocacy groups, and individual Americans. At least eight ongoing lawsuits have been filed against DOGE, with plaintiffs alleging that the agency's actions violate the Privacy Act and other laws. These suits involve a range of federal agencies, including the Office of Personnel Management, the Department of the Treasury, the Department of Education, and the Federal Emergency Management Agency. The outcome of these lawsuits is uncertain, but one thing is clear: the Department of Government Efficiency's quest for data has ignited a fierce debate about the limits of government power and the importance of protecting individual privacy.
Published: Tue Feb 18 16:26:59 2025 by llama3.2 3B Q4_K_M
Microsoft has detected a new variant of the XCSSET macOS malware family with enhanced features, including improved infection methods, obfuscation techniques, and enhanced payloads. The latest threat marks the first publicly known update since 2022 and raises concerns among developers and users.
Published: Tue Feb 18 17:47:33 2025 by llama3.2 3B Q4_K_M
In a recent move, Juniper Networks has addressed a critical flaw in their Session Smart Router products, which could allow attackers to bypass authentication and gain full control of the device. The vulnerability, tracked as CVE-2025-21589, presents a significant risk to network administrators and security professionals who rely on these routers for their operations. To stay ahead of this threat, it's essential to apply the latest software update immediately and remain informed about emerging vulnerabilities in the field of cybersecurity.
Published: Tue Feb 18 18:14:35 2025 by llama3.2 3B Q4_K_M
A growing number of cyber attacks are targeting Palo Alto Networks firewalls due to a combination of vulnerabilities in the PAN-OS software. Organizations must take immediate action to patch these vulnerabilities and secure their systems to avoid potential breaches.
Published: Tue Feb 18 19:39:21 2025 by llama3.2 3B Q4_K_M
Healthcare provider Health Net Federal Services has agreed to pay $11 million to settle claims of falsely certifying compliance with information security requirements in a contract with the Department of Defense, potentially putting millions of people at risk. The settlement highlights the need for greater accountability and transparency within the healthcare industry.
Published: Tue Feb 18 21:02:50 2025 by llama3.2 3B Q4_K_M
CISA has added two critical security flaws to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, affecting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN respectively, pose a significant threat to organizations worldwide. Stay informed about the latest cybersecurity threats and learn how to protect your organization from successful exploitation.
Published: Wed Feb 19 00:25:15 2025 by llama3.2 3B Q4_K_M
U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog, signaling a growing concern for cybersecurity as threat actors continue to exploit critical vulnerabilities in various software systems.
Published: Wed Feb 19 01:46:52 2025 by llama3.2 3B Q4_K_M
A London-based talent agency has self-reported itself to the UK's data protection watchdog following claims from notorious ransomware crew Rhysida. The Agency, which represents luminaries of stage and screen across the Film, TV, and Theatre industries, is holding its data to ransom after Rhysida published a montage of stolen documents and passport scans on its website. With recovery costs estimated at £1.6 million ($2 million), The Agency's move highlights the growing threat posed by ransomware gangs like Rhysida.
Published: Wed Feb 19 03:56:32 2025 by llama3.2 3B Q4_K_M
StaryDobry, a large-scale attack involving trojanized game installers that deployed a cryptocurrency miner on compromised Windows hosts, has left cybersecurity experts puzzled. The campaign, which targeted individuals and businesses worldwide, had a notable presence in several countries. Researchers have identified key components of the attack, but the identity of the attackers remains unknown.
Published: Wed Feb 19 05:05:06 2025 by llama3.2 3B Q4_K_M
Researchers have discovered that Russian state-aligned groups are targeting Signal users via device-linking phishing campaigns, exploiting the legitimate "Linked Devices" feature in the app to gain unauthorized access to accounts. To protect yourself from these attacks, make sure you update your Signal application and follow best practices for password management, QR code interaction, and security settings.
Published: Wed Feb 19 06:13:23 2025 by llama3.2 3B Q4_K_M
The world of cybersecurity is rapidly evolving, with Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) being called upon to adapt and innovate in order to meet the growing demand for advanced security services. The emergence of virtual Chief Information Security Officers (vCISO) services promises to deliver high-level cybersecurity leadership without the cost of a full-time hire, presenting both opportunities and challenges for these service providers.
Published: Wed Feb 19 06:26:44 2025 by llama3.2 3B Q4_K_M
A new variant of the Snake Keylogger malware has been discovered that leverages AutoIt scripting to evade detection and target Windows users in several countries, including China, Turkey, Indonesia, Taiwan, and Spain. The malware has been responsible for over 280 million blocked infection attempts worldwide since its discovery at the start of the year.
Published: Wed Feb 19 07:47:01 2025 by llama3.2 3B Q4_K_M
In light of recent discoveries, two critical OpenSSH vulnerabilities have been identified, allowing for Man-in-the-Middle (MitM) and Denial-of-Service (DoS) attacks. The Qualys Threat Research Unit has reported these vulnerabilities, which could be exploited by attackers to compromise SSH connections and disrupt operations. By applying the latest version of OpenSSH and configuring servers accordingly, organizations can reduce their risk of being compromised by these threats.
Published: Wed Feb 19 08:07:11 2025 by llama3.2 3B Q4_K_M
Venture capital firm Insight Partners recently disclosed a sophisticated social engineering attack that exploited its information systems, resulting in unauthorized access to certain company data. The breach highlights the importance of effective social engineering defenses and the need for companies to remain vigilant in protecting their sensitive data.
Published: Wed Feb 19 09:28:04 2025 by llama3.2 3B Q4_K_M
Palo Alto Networks has warned about an actively exploited firewall bug, allowing threat actors to breach PAN-OS firewalls using a chain of vulnerabilities. The issue affects thousands of devices and highlights the need for timely patching and security updates. Organizations must take immediate action to protect themselves against this attack.
Published: Wed Feb 19 11:10:02 2025 by llama3.2 3B Q4_K_M
The browser is no longer just a productivity tool—it is a primary attack surface attackers have weaponized to bypass traditional security defenses. Learn how organizations are addressing this new reality and staying ahead of emerging threats in the browser.
Published: Wed Feb 19 11:18:15 2025 by llama3.2 3B Q4_K_M
Australian fertility services giant Genea has announced that an unauthorized third party gained access to their network, prompting concerns about personal information and its potential exposure. The company is working to restore servers taken offline as part of a containment effort, while notifying relevant individuals if necessary.
Published: Wed Feb 19 12:41:35 2025 by llama3.2 3B Q4_K_M
Hackers have been exploiting a vulnerability in Signal's linked devices feature, allowing them to hijack accounts via malicious QR codes. This technique has been observed by Google's threat intelligence teams, which have identified multiple Russia-aligned threat actors as being behind the attacks. Users are advised to be vigilant and take necessary precautions when using messaging apps, especially those that offer end-to-end encryption.
Published: Wed Feb 19 12:51:18 2025 by llama3.2 3B Q4_K_M
In a shocking revelation, Health Net Federal Services has agreed to pay $11,253,400 to settle allegations that it faked compliance with infosec requirements in a government contract. The settlement highlights the need for robust cybersecurity measures in the healthcare sector and serves as a stark reminder of the critical role that effective cybersecurity plays in safeguarding sensitive information.
Published: Wed Feb 19 14:16:30 2025 by llama3.2 3B Q4_K_M
CISA and FBI have issued a joint advisory warning of the Ghost ransomware threat, highlighting its impact on over 70 countries and various industries. To defend against this malicious software, network defenders are advised to take specific measures, including regular backups, patching vulnerabilities, and implementing robust security protocols.
Published: Wed Feb 19 15:43:36 2025 by llama3.2 3B Q4_K_M
A former US Army soldier has pleaded guilty to hacking into AT&T and Verizon, compromising the phone records of over 100 million customers. The breach highlights the critical importance of cybersecurity and raises questions about vetting processes for military personnel.
Published: Wed Feb 19 16:03:59 2025 by llama3.2 3B Q4_K_M
Despite controversy surrounding her past security clearance issues, Katie Arrington has been appointed as the new Chief Information Security Officer (CISO) of the Department of Defense (DoD). Her experience in developing cybersecurity standards and policies for contractors and vendors will be crucial in protecting the US government's military secrets. However, questions remain about whether her security clearance has been reinstated.
Published: Wed Feb 19 16:14:18 2025 by llama3.2 3B Q4_K_M
A recent report by Google's Threat Intelligence Group has revealed that Russia-linked Advanced Persistent Threat (APT) groups are targeting Signal messenger, a popular encrypted messaging application. These threat actors have been exploiting vulnerabilities in Signal's "linked devices" feature to hijack accounts and spy on users. As the use of malicious QR codes becomes increasingly sophisticated, it is essential for individuals and organizations to stay informed and updated on the latest cybersecurity threats.
Published: Wed Feb 19 16:35:01 2025 by llama3.2 3B Q4_K_M
Russia-Backed Hackers Exploit Signal's Linked Devices Feature to Circumvent Encryption
Published: Wed Feb 19 17:57:45 2025 by llama3.2 3B Q4_K_M
A 19-year-old engineer known online as "Big Balls" has joined the Cybersecurity and Infrastructure Security Agency (CISA), a division of the Department of Homeland Security (DHS). Despite his association with a cybercriminal community, Coristine's appointment at CISA is seen as an opportunity to bring a unique perspective to the agency's efforts to combat cyber threats. However, some experts are skeptical about the wisdom of hiring someone with a history of involvement in cybercrime.
Published: Wed Feb 19 21:12:32 2025 by llama3.2 3B Q4_K_M
A US Army soldier has admitted to participating in a Snowflake extortion scheme, which involved compromising sensitive information from high-profile individuals and companies. The investigation into this scandal has revealed a complex web of deceit, with multiple suspects and sophisticated tactics at play. As the case continues to unfold, it remains to be seen how far-reaching the consequences will be for those involved.
Published: Wed Feb 19 22:21:50 2025 by llama3.2 3B Q4_K_M
Citrix has issued an urgent update to address a high-severity security flaw discovered in its popular NetScaler Console and Agent solutions. The vulnerability, tracked as CVE-2024-12284, carries a critical CVSS score of 8.8 out of a maximum of 10.0.
Published: Wed Feb 19 23:29:36 2025 by llama3.2 3B Q4_K_M
Palo Alto Networks has warned that the vulnerability CVE-2025-0111 is actively exploited with two other flaws to compromise PAN-OS firewalls. Organizations must take immediate action to patch their systems and implement strict controls on network access to minimize the risk of exploitation. The consequences of inaction can be severe, including unauthorized access to sensitive data, financial losses, and reputational damage.
Published: Thu Feb 20 01:55:58 2025 by llama3.2 3B Q4_K_M
New NailaoLocker Ransomware Campaign Targets EU Healthcare Organizations: A Shift in Tactics by Chinese State-Sponsored Actors Raises Concerns
Published: Thu Feb 20 03:03:22 2025 by llama3.2 3B Q4_K_M
The Ghost ransomware crew remains active and potent, targeting unpatched systems and exploiting known vulnerabilities to infect targets. By understanding their tactics and taking proactive measures, organizations can reduce their risk of falling prey to this threat.
Published: Thu Feb 20 03:25:08 2025 by llama3.2 3B Q4_K_M
The Medusa ransomware gang has targeted HCRG Care Group, a UK-based private health and social services provider, demanding $2 million in exchange for not leaking stolen data online. With its vast network of employees and significant annual turnover, HCRG is undoubtedly a high-profile target, highlighting the need for heightened vigilance and proactive defense measures in the face of emerging threats.
Published: Thu Feb 20 03:53:34 2025 by llama3.2 3B Q4_K_M
A recent case involving Breeze Liu highlights the inadequacies of tech giants' content moderation policies, emphasizing the need for more effective measures to tackle digital abuse on the web. With progress made through policy changes in the US Congress, it is essential that technology companies continue to work towards creating a safer online environment.
Published: Thu Feb 20 05:03:39 2025 by llama3.2 3B Q4_K_M
Citrix has released security updates to address a high-severity privilege escalation vulnerability in its NetScaler Console (formerly NetScaler ADM) and NetScaler Agent products, which could allow authenticated attackers to escalate privileges under certain conditions. Customers are advised to update their products as soon as possible due to the lack of workarounds available to address this vulnerability.
Published: Thu Feb 20 05:36:39 2025 by llama3.2 3B Q4_K_M
Two men have been arrested in connection with a July cryptocurrency fraud targeting an elderly pensioner from Aberdeen, as part of a growing effort to combat high-profile scams targeting vulnerable adults. In recent years, such scams have resulted in billions of dollars lost for cybercriminals and highlight the need for continued vigilance and education when it comes to digital security.
Published: Thu Feb 20 06:48:02 2025 by llama3.2 3B Q4_K_M
Google's advertising platform has been found to be selling sensitive data on American citizens to foreign advertisers, including those from China, despite the company's own rules against it. This revelation highlights a complex web of loopholes and lack of transparency in Google's advertising ecosystem, and raises serious concerns for national security and individual privacy.
Published: Thu Feb 20 07:07:34 2025 by llama3.2 3B Q4_K_M
In recent years, the digital landscape has witnessed a significant evolution in its approach to online safety, but despite this progress, many individuals continue to face formidable challenges in their quest for digital security. This article explores the harrowing experience of Breeze Liu, a prominent advocate for victims of intimate image abuse, who shares her ordeal with WIRED, highlighting the ongoing struggle for digital safety and the need for greater accountability from tech giants.
Published: Thu Feb 20 07:18:50 2025 by llama3.2 3B Q4_K_M
The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments - by March 31st, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. Learn more about the PCI DSS 4.0 mandate and how businesses can prepare for compliance.
Published: Thu Feb 20 07:27:21 2025 by llama3.2 3B Q4_K_M
Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware, a previously unknown threat activity cluster that targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker.
Published: Thu Feb 20 07:37:15 2025 by llama3.2 3B Q4_K_M
In a surprising twist, cybercriminals have been found exploiting the Eclipse Foundation's legitimate application to distribute malware via ZIP archives. The XLoader malware, a successor to Formbook, has been detected in the wild and is available for sale under a Malware-as-a-Service model. This new threat highlights the need for robust security measures to protect against such threats.
Published: Thu Feb 20 07:44:29 2025 by llama3.2 3B Q4_K_M
Ring's new Outdoor Cam Plus offers unparalleled security features and 2K video capabilities, making it a game-changer for homeowners looking to upgrade their outdoor security systems.
Published: Thu Feb 20 10:36:35 2025 by llama3.2 3B Q4_K_M
Chinese hackers have been using custom malware, JumbledPath, developed by the Salt Typhoon group, to spy on US telecom networks. This sophisticated operation has significant implications for national security and highlights the need for robust cybersecurity measures to safeguard networks. The Salt Typhon group's tactics involve exploiting vulnerabilities, often through stolen credentials or zero-day exploits, making it essential for admins to apply patches to edge networking devices as soon as they become available.
Published: Thu Feb 20 10:46:00 2025 by llama3.2 3B Q4_K_M
Unlocking the Power of Large Language Models in Cybersecurity: Integrating LLMs into Security Operations using Wazuh
Published: Thu Feb 20 11:04:28 2025 by llama3.2 3B Q4_K_M
Microsoft fixes a high-severity elevation of privilege vulnerability in its Power Pages platform, tracked as CVE-2025-24989, which allowed unauthorized actors to elevate their privileges over a network. The company has already applied fixes and provided guidance to impacted clients.
Published: Thu Feb 20 11:16:14 2025 by llama3.2 3B Q4_K_M
Darcula PhaaS, a phishing-as-a-service platform, has expanded its capabilities to auto-generate phishing kits for any brand, making it increasingly challenging to detect and stop phishing campaigns. With this new feature, users can create customized phishing pages without requiring technical expertise, further enhancing the platform's malicious capacity.
Published: Thu Feb 20 11:24:21 2025 by llama3.2 3B Q4_K_M
NioCorp Developments has reported a significant loss of $500,000 due to a business email compromise scheme on Valentine's Day. The incident highlights the vulnerability of companies in the development stage and emphasizes the need for robust cybersecurity measures and employee awareness.
Published: Thu Feb 20 11:38:01 2025 by llama3.2 3B Q4_K_M
Critical flaws in Mongoose library expose MongoDB to data theft and code execution. Mongoose's widespread adoption makes it a prime target for hackers looking to exploit vulnerabilities and gain access to sensitive data. Users must upgrade to the latest version of Mongoose to mitigate this threat.
Published: Thu Feb 20 11:54:17 2025 by llama3.2 3B Q4_K_M
North Korean hackers are targeting freelance software developers through a job scam, using spear-phishing tactics and malware families known as BeaverTail and InvisibleFerret to steal cryptocurrency wallets and login information. The campaign, codenamed DeceptiveDevelopment, has been ongoing since at least late 2023. Freelance developers who work on cryptocurrency-related projects are the primary targets of this campaign.
Published: Thu Feb 20 12:13:20 2025 by llama3.2 3B Q4_K_M
A recent cyber attack campaign, codenamed "Green Nailao," has been identified as a sophisticated attack vector utilized by Chinese-linked threat actors to exploit vulnerabilities in Check Point network gateway security products, ultimately leading to the deployment of ransomware called NailaoLocker. This article will delve into the details of this campaign, exploring its tactics, techniques, and procedures (TTPs), the involved parties, and the potential implications for organizations vulnerable to such attacks.
Published: Thu Feb 20 12:23:26 2025 by llama3.2 3B Q4_K_M
NailaoLocker Ransomware Campaign: A New Threat to EU Healthcare Organizations
A novel ransomware threat has been identified as targeting European healthcare-related entities since June 2024. The malicious campaign, dubbed as NailaoLocker, exploits a zero-day vulnerability in Check Point Security Gateways and leverages sophisticated evasion techniques.
Published: Thu Feb 20 12:47:58 2025 by llama3.2 3B Q4_K_M
Black Basta ransomware gang's internal chat logs have been leaked online, revealing a wealth of sensitive information about their operations. The leak exposes the gang's tactics, techniques, and procedures, shedding light on their leadership structure and internal conflicts. As organizations continue to face the threat of ransomware attacks, understanding these details is crucial in developing effective strategies for prevention and mitigation.
Published: Thu Feb 20 22:11:35 2025 by llama3.2 3B Q4_K_M
A significant settlement has been reached between Health Net Federal Services (HNFS) and Centene Corporation following allegations that HNFS failed to adhere to required cybersecurity measures in its Defense Health Agency (DHA) TRICARE contract. The total sum of $11,253,400 was paid to settle these claims, serving as a stark reminder for all organizations dealing with sensitive data the importance of prioritizing security standards.
Published: Thu Feb 20 22:24:57 2025 by llama3.2 3B Q4_K_M
Thousands of trafficked scammers are awaiting return to Thailand as part of a major crackdown on the pervasive criminal activity across its border with Myanmar. The world has long been aware of human trafficking, but a growing concern is emerging – trafficked scammers being exploited to run call centers that scam vulnerable individuals from around the globe.
Published: Thu Feb 20 22:34:04 2025 by llama3.2 3B Q4_K_M
Linux kernel maintainers are debating whether to integrate Rust programming language into the core codebase, with some arguing that it can improve memory safety and others expressing concerns about the impact on existing codebases. The decision is likely to have significant implications for the future of Linux development.
Published: Thu Feb 20 22:41:55 2025 by llama3.2 3B Q4_K_M
Microsoft has expanded its Copilot bug bounty program to include new types of vulnerabilities and increased payouts for moderate-severity flaws, as the company seeks to improve the security and reliability of its generative AI assistants.
Published: Thu Feb 20 23:21:59 2025 by llama3.2 3B Q4_K_M
Microsoft's popular website-building SaaS solution Power Pages has been compromised by a high-severity vulnerability that allows unauthorized users to elevate privileges over a network. The bug was discovered by Microsoft staffer Raj Kumar and had already been exploited by attackers before the software giant released a fix, which is now in effect.
Published: Thu Feb 20 23:34:55 2025 by llama3.2 3B Q4_K_M
The National Institute of Standards and Technology is bracing for mass firings as part of a larger purge orchestrated by billionaire Elon Musk's Department of Government Efficiency. The layoffs could have significant economic consequences for the US, threatening America's scientific foundation and the country's position in the global AI landscape.
Published: Thu Feb 20 23:48:17 2025 by llama3.2 3B Q4_K_M
Chinese cyber espionage group Salt Typhoon has been using custom-made malware called JumbledPath to spy on US telecom providers, demonstrating its expertise in evading detection and maintaining operational security. The group's sophistication and scope are a testament to its resources and capabilities.
Published: Fri Feb 21 00:10:21 2025 by llama3.2 3B Q4_K_M
Ivanti, a leading provider of endpoint management solutions, has been plagued by four critical path traversal vulnerabilities in its Endpoint Manager product. These severe flaws have left many organizations vulnerable to potential cyber threats. In this article, we will delve deeper into the nature of these vulnerabilities and why patching is essential to protect against them.
Published: Fri Feb 21 01:23:12 2025 by llama3.2 3B Q4_K_M
Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. The threat actor demonstrated their ability to persist in target environments across equipment from multiple vendors for extended periods, maintaining access in one instance for over three years.
The Salt Typhoon group has been observed capturing SNMP, TACACS, and RADIUS traffic, as well as utilizing bespoke utilities to execute packet captures and clear logs. This campaign highlights the growing concern of state-sponsored hackers targeting major U.S. telecommunications networks. The use of legitimate credentials, exploiting known security flaws, and leveraging living-off-the-land techniques on network devices made them a formidable threat.
Published: Fri Feb 21 02:37:29 2025 by llama3.2 3B Q4_K_M
A high-severity security flaw has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), highlighting the need for Craft CMS users to address a code injection vulnerability that allows remote code execution. The vulnerability affects versions 4 and 5 of the software, with compromised user security keys being impacted.
Published: Fri Feb 21 02:48:10 2025 by llama3.2 3B Q4_K_M
The Black Basta ransomware gang's internal conflicts have been exposed in a shocking leak of hundreds of thousands of internal messages. The data reveals a complex web of infighting and power struggles, with key figures vying for control and influence within the group. According to threat intelligence teams, the conflict was largely driven by a single figure known as "Tramp", who is believed to be the leader of Black Basta. As cybersecurity experts analyze the leaked messages, they are likely to uncover even more valuable insights into this notorious group's tactics and strategies.
Published: Fri Feb 21 07:12:10 2025 by llama3.2 3B Q4_K_M
The digital landscape has never been more complex, with identity security emerging as a critical vulnerability for businesses. From device code phishing to JavaScript implants, Chinese hackers exploiting vulnerabilities in targeted attacks, and Signal's linked devices feature being used to hijack accounts via malicious QR codes, the threats are numerous and varied. With a PostgreSQL vulnerability exploited alongside a BeyondTrust zero-day, it is clear that robust security measures are essential to protect businesses from these emerging threats. This article provides an in-depth examination of the alarming state of identity security and offers practical solutions for organizations to build resilience and slash security debt.
Published: Fri Feb 21 07:21:01 2025 by llama3.2 3B Q4_K_M
The rise of AI-powered deception is threatening democratic processes worldwide. As AI-generated content becomes increasingly sophisticated, it's becoming difficult to separate fact from fiction. This article explores the impact of AI-powered deception on democratic processes and provides insights into how to educate people and organizations about these tactics and how to resist them.
Published: Fri Feb 21 07:29:46 2025 by llama3.2 3B Q4_K_M
CISA has added two critical vulnerabilities, CVE-2025-23209 affecting Craft CMS and CVE-2025-0111 in Palo Alto Networks PAN-OS, to its Known Exploited Vulnerabilities catalog. These flaws highlight the ever-present threat landscape in cybersecurity and underscore the importance of prompt action when it comes to addressing vulnerabilities like these.
Published: Fri Feb 21 07:58:51 2025 by llama3.2 3B Q4_K_M
Atlassian has patched 12 critical and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira, including two RCE bugs with a CVSS score of 9.8. Users should ensure their software is up-to-date to minimize the risk of a security breach.
Published: Fri Feb 21 08:28:16 2025 by llama3.2 3B Q4_K_M
A notorious ransomware gang has hacked a company representing beloved children's character Paddington Bear, threatening to release sensitive information unless a hefty ransom is paid. The attack highlights the vulnerability of even cherished icons to cyber threats and underscores the need for organizations to prioritize cybersecurity.
Published: Fri Feb 21 09:45:51 2025 by llama3.2 3B Q4_K_M
Android Malware Scams Target Global Users, Exploit Vulnerabilities in Google Play
Published: Fri Feb 21 13:20:33 2025 by llama3.2 3B Q4_K_M
Bybit has suffered what is currently believed to be the largest cryptocurrency theft in history, with a staggering $1.46 billion worth of cryptocurrency stolen from one of its ETH cold wallets.
Published: Fri Feb 21 14:19:22 2025 by llama3.2 3B Q4_K_M
Craft CMS users are advised to upgrade to patched versions or take immediate action to protect against a newly disclosed code injection flaw that has been exploited in real-world attacks.
Published: Fri Feb 21 14:39:01 2025 by llama3.2 3B Q4_K_M
Apple has disabled end-to-end cloud encryption for its iCloud service in the UK following a government order to build a backdoor. The move marks a significant shift in the company's stance on security and privacy, as it prioritizes user safety over government demands.
Published: Fri Feb 21 14:49:48 2025 by llama3.2 3B Q4_K_M
The Great Router Conundrum: Unpacking the Risks of Chinese-Made Home Routers
A closer examination of Chinese-made home routers reveals a complex web of security concerns, government involvement, and industry practices. From vulnerabilities to built-in backdoors, there are numerous risks associated with these devices. In this article, we delve into the intricacies of router security and explore the measures consumers can take to protect themselves.
Summary: The use of Chinese-made home routers has raised significant security concerns, including vulnerabilities, built-in backdoors, and government involvement. As consumers consider their options for securing their homes, it is essential to understand the risks associated with these devices and take steps to protect themselves.
Published: Fri Feb 21 15:17:21 2025 by llama3.2 3B Q4_K_M
China's "censorship-as-a-service" operations have been exposed through a data leak, revealing that a Chinese cybersecurity company, TopSec, plays a key role in monitoring and controlling public opinion. The Shanghai Public Security Bureau has been identified as one of the main clients of this service.
Published: Fri Feb 21 15:27:09 2025 by llama3.2 3B Q4_K_M
Cybercriminals can now clone any brand's website in under 10 minutes using Darcula PhaaS v3, a phishing-as-a-service platform that has reduced the barrier to entry for malicious actors. With this new version of the platform, cybercriminals can create highly convincing phishing pages and convert stolen credit card details into virtual images of victim's cards.
Published: Fri Feb 21 15:34:19 2025 by llama3.2 3B Q4_K_M
A notorious dark web marketplace has leaked over 1 million credit cards, raising concerns about the potential consequences for individuals and businesses. Cybersecurity experts are warning of the ongoing threat posed by underground carding marketplaces and the need for individuals and organizations to prioritize cybersecurity measures.
Published: Fri Feb 21 15:52:45 2025 by llama3.2 3B Q4_K_M
The leaked Black Basta chat logs reveal internal conflicts within the group and provide valuable insights into the tactics used by this notorious ransomware syndicate. Researchers are now analyzing the data to better understand the inner workings of the group and to help law enforcement agencies track down its members.
Published: Fri Feb 21 18:17:21 2025 by llama3.2 3B Q4_K_M
The use of AI-powered surveillance tools by malicious actors poses significant threats to free speech and democracy. A recent report has revealed a cluster of malicious actors using ChatGPT to develop a suspected AI-powered surveillance tool with ties to China, highlighting the need for increased transparency and accountability in the development and deployment of these technologies.
Published: Fri Feb 21 23:39:31 2025 by llama3.2 3B Q4_K_M
A record-breaking $1.46 billion cryptocurrency heist has been confirmed by Bybit, making it the largest single crypto heist in history. The attack exploited a vulnerability in the smart contract logic of one of Bybit's Ethereum cold wallets, allowing hackers to gain control over the wallet and steal its holdings. With this latest breach, the Lazarus Group is once again at the forefront of high-profile cryptocurrency hacks, leaving industry experts to wonder what other vulnerabilities remain unaddressed.
Published: Sat Feb 22 02:50:00 2025 by llama3.2 3B Q4_K_M
| Follow @EthHackingNews |