Follow @EthHackingNews |
The ability to remain installed and undetected makes Perfctl hard to fight. Thousands of machines running Linux have been infected by a malware strain that’s notable for its stealth, the number of misconfigurati
Published: 2024-10-03T23:42:05
When successful, attacks install a backdoor. Getting it to work reliably is another matter. Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely exe
Published: 2024-10-02T21:50:28
With hundreds of courts and agencies affected, chances are one near you is, too. Public records systems that courts and governments rely on to manage voter registrations and legal filings have been riddled with
Published: 2024-09-30T20:30:26
Recall nearly launched as a scraper that stored all its data in plaintext. Microsoft is having another whack at its controversial Recall feature for Copilot+ Windows PCs, after the original version crashed and b
Published: 2024-09-27T17:00:39
Emails, documents, and other untrusted content can plant malicious memories. When security researcher Johann Rehberger recently reported a vulnerability in ChatGPT that allowed attackers to store false informati
Published: 2024-09-24T20:56:26
If you think VMware has gone to the dogs, maybe check it out? OpenStack Dalmatian, the 30th edition of the open source cloud stack, has bounded out of the kennel.
Published: 2024-10-03T02:30:15
Attacks began the day after public disclosure "Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.
Published: 2024-10-02T10:50:45
As eggheads reckon Musk-mobiles need human interventions every 13 miles Owners of Tesla's Cybertruck are reporting that a software update enabling the self-styled Full Self Driving (FSD) has become an option for their giant rolling wedges of stainles
Published: 2024-09-30T23:45:12
Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Exclusive Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vu
Published: 2024-09-30T23:08:37
Blue is the color of some screens after optional KB5043145 update Updated Microsoft's Patch Tuesday preview, KB5043145, arrived last week and is already causing some headaches thanks to serious stability issues.
Published: 2024-09-30T13:07:58
One branch of tech has learned to work together to solve the near-impossible. Now it's our turn Opinion To say cybersecurity is mostly very good is like saying Boeing's Starliner parts mostly work true, but you're still going to be sleeping in the
Published: 2024-09-30T08:56:08
The new search experiment seems to be an extension of Google’s Brand Indicators for Message Identification (BIMI) feature, which is used to display checkmarks in Gmail’s web and mobile apps next to senders who have adopted the verification pl...
Published: 2024-10-04T04:31:09
When Adams turned in his personal cellphone the following day, charging documents say, he said he had changed the password a day prior after learning about the investigation and couldn’t remember it. Adams told investigators he changed th...
Published: 2024-10-02T16:06:42
The Federal Communications Commission is making up to $200 million available to help schools and libraries make their computer systems more secure. The Schools and Libraries Cybersecurity Pilot Program will be used to evaluate whether to f...
Published: 2024-10-02T13:42:05
Arc creator The Browser Company has officially started a bug bounty program to keep its growing Chromium-based browser’s security in check. The company is also launching a new security bulletin to maintain “transparent and proactive communi...
Published: 2024-09-27T17:37:11
The US Department of Justice has charged three Iranian nationals linked with a cyberattack against Donald Trump’s presidential campaign, according to an indictment on Friday. The three hackers, all of whom have ties to Iran’s Islamic Revolu...
Published: 2024-09-27T16:51:38
Google took a page out of a familiar playbook in court this week, defending itself from claims of anticompetitive conduct by raising security concerns. While the government argues it locked up the ad tech market to make more money, Google’s...
Published: 2024-09-26T09:04:58
Assa Abloy, the major Swedish conglomerate that owns a whole lot of lock and security companies like Kwikset, Level lock, and the non-US version of Yale, is partnering with Boston Dynamics to build a new digital door access system that enab...
Published: 2024-09-23T16:31:14
Telegram will now turn over a user’s phone number and IP address if it receives a request from authorities, according to its just-updated privacy policy: If Telegram receives a valid order from the relevant judicial authorities that confirm...
Published: 2024-09-23T14:59:03
Microsoft made security its No. 1 priority for every employee earlier this year, following years of security issues and a scathing report from the US Cyber Safety Review Board. Nearly six months after Microsoft CEO Satya Nadella told the en...
Published: 2024-09-23T11:00:00
A security researcher revealed a “catastrophic” vulnerability in the Arc browser that would have allowed attackers to insert arbitrary code into other users’ browser sessions with little more than an easily findable user ID. The vulnerabili...
Published: 2024-09-20T12:12:39
Nuclear waste processing facility Sellafield has been fined 332,500 ($440k) by the Office for Nuclear Regulation (ONR) for failing to adhere to cybersecurity standards and putting sensitive nuclear information at risk over four years, from 2019 to
Published: 2024-10-04T08:57:35
A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. [...]
Published: 2024-10-03T18:33:38
The national Dutch police (Politie) says that a state actor was likely behind the data breach it detected last week. [...]
Published: 2024-10-03T14:56:35
Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target United States government employees and nonprofit organizations from Russia and worldwide in spear-phishing attacks. [...]
Published: 2024-10-03T13:58:09
Approximately 5% of all Adobe Commerce and Magento online stores, or 4,275 in absolute numbers, have been hacked in "CosmicSting" attacks. [...]
Published: 2024-10-03T13:19:37
A Linux malware named "perfctl" has been targeting Linux servers and workstations for at least three years, remaining largely undetected through high levels of evasion and the use of rootkits. [...]
Published: 2024-10-03T10:33:51
The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware. [...]
Published: 2024-10-02T16:01:53
CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks. [...]
Published: 2024-10-02T14:55:38
In what might be described as a real-life Black Mirror episode, a Harvard student uses facial recognition with $379 Meta Ray-Ban 2 smart sunglasses - to dig up personal data on every face he sees in real time.Continue ReadingCategory: TechnologyTags:...
Published: 2024-10-02T22:10:52
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researcher...
Published: 2024-10-03T13:05:52
The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past de...
Published: 2024-09-26T14:54:07
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes...
Published: 2024-09-19T19:39:09
Not a great look when the iGiant just launched its first password manager Apple just fixed a duo of security bugs in iOS 18.0.1 and iPadOS 18.0.1, one of which might cause users' saved passwords to be read aloud. It's hardly an ideal situation for the visually impaired.
Published: 2024-10-04T11:54:16
Get together with the European cybersecurity community at a two-day conference in London this December Sponsored Post This year's CyberThreat returns to London to provide a place for cybersecurity professionals to share experiences, new tools and techniques to help organisations stay ahead of the latest cyber threats.
Published: 2024-10-04T08:02:06
'You can build this in a few days even as a very na ve developer' A pair of inventive Harvard undergraduates have created what they believe could be one of the most intrusive devices ever built a wake-up call, they tell The Register, for the world to take privacy seriously in the AI era.
Published: 2024-10-04T06:32:05
Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of stealing shoppers' payment card info as they order stuff online.
Published: 2024-10-04T03:42:08
Best way to boost your package is to leave, or pretend to A survey of nearly 700 CISOs in the US and Canada has found their pay has risen over the past year to an average of $565,000 and a median of $403,000, with the top 10 percent of execs pulling in over $1 million.
Published: 2024-10-03T14:01:08
Fraudsters targeted local government, colleges, and construction firms in Texas and North Carolina Two British-Nigerian men were sentenced for serious business email compromise schemes in the US this week, netting them millions of dollars from local government entities, construction companies, and colleges.
Published: 2024-10-03T12:30:18
Crooks 'like a sysadmin, with a malicious slant' Exclusive An extortionist armed with a new variant of MedusaLocker ransomware has infected more than 100 organizations a month since at least 2022, according to Cisco Talos, which recently discovered a "substantial" Windows credential data dump that sheds light on the criminal and their victims.
Published: 2024-10-03T10:00:09
Managing the endless stream of cookie banners leaves little energy for anything else Fewer than one in five Brits report being happy with the way their personal data is handled by big tech companies, yet the furthest many will go is to reject optional cookies on the web.
Published: 2024-10-03T09:15:13
With 14 serious security flaws found, what a gift for spies and crooks Fourteen newly found bugs in DrayTek Vigor routers including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating could be abused by crooks looking to seize control of the equipment to then steal sensitive data, deploy ransomware, and launch denial-of-service attacks.
Published: 2024-10-02T21:33:09
Poor use of PHP include() strikes again Two trivial but critical security holes have been found in Optigo's Spectra Aggregation Switch, and so far no patch is available.
Published: 2024-10-02T20:39:50
Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline NIST has made some progress clearing its backlog of security vulnerability reports to process though it's not quite on target as hoped.
Published: 2024-10-02T12:31:05
Attacks began the day after public disclosure "Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.
Published: 2024-10-02T10:50:45
Bother, given the White House has bet big on RPKI just like we all rely on immature internet infrastructure that usually works The Resource Public Key Infrastructure (RPKI) protocol has "software vulnerabilities, inconsistent specifications, and operational challenges" according to a pre-press paper from a trio of German researchers.
Published: 2024-10-02T06:31:07
And what looks like proof stolen data was never deleted even after ransom paid Building on the success of what's known around here as LockBit Leak Week in February, the authorities say they've arrested a further four individuals with ties to the now-scuppered LockBit ransomware empire.
Published: 2024-10-01T17:35:00
Ransomware criminals believed to have taken orders from intel services The relationship between infamous cybercrime outfit Evil Corp and the Russian state is thought to be extraordinarily close, so close that intelligence officials allegedly ordered the criminals to carry out cyberattacks on NATO members.
Published: 2024-10-01T15:35:16
Aleksandr Ryzhenkov alleged to have extorted around $100M from victims, built 60 LockBit attacks The latest installment of the National Crime Agency's (NCA) series of ransomware revelations from February's LockBit Leak Week emerges today as the agency identifies a man it not only believes is a member of the long-running Evil Corp crime group but also a LockBit affiliate.
Published: 2024-10-01T14:08:10
Full names, contact details, and company info all the fixings for a phishing holiday Data allegedly belonging to more than 304,000 customers of Australian camera and tech e-tailer digiDirect has been leaked to an online cyber crime forum.
Published: 2024-10-01T00:26:06
Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Exclusive Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment.
Published: 2024-09-30T23:08:37
Only level-one trauma unit in 400 miles crippled Ransomware scumbags have caused a vital hospital to turn away ambulances after infecting its computer systems with malware.
Published: 2024-09-30T22:16:18
At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue' T-Mobile US has agreed to fork out $31.5 million to improve its cybersecurity and pay a fine after a string of network intrusions affected millions of customers between 2021 and 2023.
Published: 2024-09-30T21:59:17
It's election year for more than 50 countries and the Islamic Republic threatens a bunch of them US and UK national security agencies are jointly warning about Iranian spearphishing campaigns, which remain an ongoing threat to various industries and governments.
Published: 2024-09-30T13:35:14
Only 2 out of 5 tested products were equitable across demographics A study by the US General Services Administration (GSA) has revealed that five remote identity verification (RiDV) technologies are unreliable, inconsistent, and marred by bias across different demographic groups.
Published: 2024-09-30T12:40:11
Ransomware? More like 'we don't care' for everyone but CISOs Efficiency and scalability are key benefits of enterprise cloud computing, but they come at a cost. Security threats specific to cloud environments are the leading cause of concern among top executives and they're also the ones organizations are least prepared to address.
Published: 2024-09-30T11:30:17
LLMs are helpful, but don't use them for anything important AI models just can't seem to stop making things up. As two recent studies point out, that proclivity underscores prior warnings not to rely on AI advice for anything that really matters.
Published: 2024-09-30T03:59:07
Plus: UK man charged with compromising firms for stock secrets; ransomware actor foils self; and more Infosec In Brief Put away that screwdriver and USB charging cable the latest way to steal a Kia just requires a cellphone and the victim's license plate number.
Published: 2024-09-30T03:02:09
Plus: SpaceX plans Vietnam investment; Yahoo! Japan content moderation secrets; LG offloads Chinese display factory; and more ASIA IN BRIEF It's not often The Register writes about a cryptocurrency outfit being on the right side of a scam or crime, but last week crypto exchange Binance claimed it helped Indian authorities to investigate a scam gaming app.
Published: 2024-09-30T01:28:05
Alethe Denis exposes tricks that made you fall for that return-to-office survey Interview A hacker walked into a "very big city" building on a Wednesday morning with no keys to any doors or elevators, determined to steal sensitive data by breaking into both the physical space and the corporate Wi-Fi network.
Published: 2024-09-29T16:39:06
Snoops allegedly camped out in inboxes well into September The US Department of Justice has charged three Iranians for their involvement in a "wide-ranging hacking campaign" during which they allegedly stole massive amounts of materials from Donald Trump's 2024 presidential campaign and then leaked the information to media organizations.
Published: 2024-09-27T21:45:04
AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more Microsoft has revised the Recall feature for its Copilot+ PCs and insists that the self-surveillance system is secure.
Published: 2024-09-27T20:18:09
Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda Microsoft's latest threat intelligence blog issues a warning to all organizations about Storm-0501's recent shift in tactics, targeting, and backdooring hybrid cloud environments.
Published: 2024-09-27T13:35:11
33% of cloud environments using the toolkit impacted, we're told A critical bug in Nvidia's widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host.
Published: 2024-09-26T21:42:46
More 9.8 bugs? Ay, papi! Aruba access points running AOS-8 and AOS-10 need to be patched urgently after HPE emitted fixes for three critical flaws in its networking subsidiary's networking access points.
Published: 2024-09-26T19:30:14
No patches yet, can be mitigated, requires user interaction Final update After days of anticipation, what was billed as one or more critical unauthenticated remote-code execution vulnerabilities in all Linux systems was today finally revealed.
Published: 2024-09-26T17:34:01
Attackers got 10K people to download 'trusted' web3 brand cheat before Mountain View intervened The latest in a long line of cryptocurrency wallet-draining attacks has stolen $70,000 from people who downloaded a dodgy app in a single campaign researchers describe as a world-first.
Published: 2024-09-26T14:08:09
See it, say it not sorted just yet as network access remains offline Updated A cybersecurity incident is being probed at Network Rail, the UK non-departmental public body responsible for repairing and developing train infrastructure, after unsavory messaging was displayed to those connecting to major stations' free Wi-Fi portals.
Published: 2024-09-26T10:29:53
Access to account info needed to tackle benefit fraud, latest bill claims Privacy campaigners are criticizing UK proposals to force banks to share data from the accounts of government benefit claimants, saying the ploy amounts to "a financial snoopers' charter targeted to automate suspicion."
Published: 2024-09-26T08:31:06
That escalated quickly Updated WordPress on Wednesday escalated its conflict with WP Engine, a hosting provider, by blocking the latter's servers from accessing WordPress.org resources and therefore from potentially vital software updates.
Published: 2024-09-26T01:45:09
Expecting a longer storm season this year? Updated Another Beijing-linked cyberspy crew, this one dubbed Salt Typhoon, has reportedly been spotted on networks belonging to US internet service providers in stealthy data-stealing missions and potential preparation for future cyberattacks.
Published: 2024-09-25T21:46:09
Extorting underfunded public services for $1M isn't a good look Despite being top of the ransomware tree at the moment, RansomHub specifically, one of its affiliates clearly isn't that bright as they are reportedly trying to extort Delaware Libraries for around $1 million.
Published: 2024-09-25T17:30:14
Taipei laughs it off and so does Beijing, which says political slurs hit sites nobody reads anyway Taiwan has dismissed Chinese allegations that its military sponsored a recent wave of anti-Beijing cyber attacks.
Published: 2024-09-25T01:25:34
Argues worse could happen if it loses kernel access CrowdStrike is "deeply sorry" for the "perfect storm of issues" that saw its faulty software update crash millions of Windows machines, leading to the grounding of thousands of planes, passengers stranded at airports, the cancellation of surgeries, and disruption to emergency services hotlines among many more inconveniences.
Published: 2024-09-25T01:23:43
Four Chocolate Factory trackers cracked the Top 25 in all regions Google, once again, is the "undisputed leader" when it comes to monitoring people's behavior on the internet, according to Kaspersky's annual web tracking report.
Published: 2024-09-24T19:45:12
Severe incidents may be down, but Putin had to throw one in for good measure Russia's use of malware to support its military efforts in Ukraine is showing no signs of waning while its tactics continually evolve to bypass protections.
Published: 2024-09-24T18:30:11
Thousands of devices remain vulnerable, US most exposed to the threat Tens of thousands of fuel storage tanks in critical infrastructure facilities remain vulnerable to zero-day attacks due to buggy Automatic Tank Gauge systems from multiple vendors, say infosec researchers.
Published: 2024-09-24T15:30:11
Mandiant publishes cheat sheet for weeding out fraudulent IT staff Against a backdrop of rising exposure to North Korean agents seeking (mainly) US IT roles, organizations now have a cheat sheet to help spot potential operatives.
Published: 2024-09-24T12:01:07
How to protect personal data Partner Content For people who haven't personally experienced them, terms like data leak or data breach may seem unfamiliar and foreign - much like visiting a new destination abroad.
Published: 2024-09-24T09:22:10
Back story to replacement for banned security app isn't enormously reassuring Some US-based users of Kaspersky antivirus products have found their software replaced by product from by a low-profile entity named "UltraAV" a change they didn't ask for, and which has delivered them untested and largely unknown software from a source with a limited track record.
Published: 2024-09-24T01:01:12
Maybe a spell in a French cell changed Durov's mind In a volte-face, Telegram CEO Pavel Durov announced that the made-in-Russia messaging platform will become a lot less cozy for criminals.
Published: 2024-09-23T22:10:14
Still no R word, but smells like ransomware from here A "cybersecurity issue" has shut down MoneyGram's systems and payment services since Friday, and the fintech leader has yet to update customers as to when it expects to have its global money transfer services back up and running.
Published: 2024-09-23T21:32:50
11M devices exposed to trojan, Kaspersky says Updated The Necro trojan is once again making a move against Android users, with up to eleven million individuals thought to be exposed to infected apps.
Published: 2024-09-23T21:30:10
After decades of relying on buttons, switches, and toggles, the Pentagon has embraced simple, ergonomic video-game-style controllers already familiar to millions of potential recruits.
Published: 2024-10-04T11:30:00
From Trump campaign signs to Planned Parenthood bumper stickers, license plate readers around the US are creating searchable databases that reveal Americans’ political leanings and more.
Published: 2024-10-03T10:30:00
US Immigration and Customs Enforcement’s one-year contract with Paragon’s US subsidiary comes amid the Biden administration’s years-long crackdown on commercial spyware vendors.
Published: 2024-10-01T18:15:53
UK law enforcement and international partners have released new details about the cybercriminal gang Evil Corp, including its use of the Lockbit ransomware platform and ties to Russian intelligence.
Published: 2024-10-01T16:59:21
Scamming operations that once originated in Southeast Asia are now proliferating around the world, likely raking in billions of dollars in the process.
Published: 2024-09-30T10:00:00
Plus: The US Justice Department indicts three Iranians over Trump campaign hack, EU regulators fine Meta $100 million for a password security lapse, and the Tor Project enters a new phase.
Published: 2024-09-28T10:30:00
A handful of Tesla’s electric pickup trucks are armed and ready for battle in the hands of Chechen forces fighting in Ukraine as part of Russia’s ongoing invasion. Can the EV take the heat?
Published: 2024-09-27T10:00:00
As Israel intensifies its attacks on Lebanon, eerie messages have been arriving on the phones of civilians on both sides of the border, with authorities in each country accusing the other of psychological warfare.
Published: 2024-09-26T12:24:17
Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will the latest in a plague of web bugs that’s affected a dozen carmakers.
Published: 2024-09-26T11:00:00
The US government says outlets like RT work closely with Russian intelligence, and platforms have removed or banned their content. But they’re still influential all around the world.
Published: 2024-09-24T11:30:00
Plus: The FBI dismantles the largest-ever China-backed botnet, the DOJ charges two men with a $243 million crypto theft, Apple’s MacOS Sequoia breaks cybersecurity tools, and more.
Published: 2024-09-21T10:30:00
The explosion of thousands of rigged pagers and walkie-talkies will likely make Hezbollah operatives fear any means of electronic communication. It’s having the same effect on the Lebanese population.
Published: 2024-09-19T14:16:21
Thousands of beepers and two-way radios exploded in attacks against Hezbollah, but mainstream consumer devices like smartphones aren’t likely to be weaponized the same way.
Published: 2024-09-19T13:57:47
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities -
Published: 2024-10-04T15:23:00
Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (
Published: 2024-10-04T15:20:00
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was
Published: 2024-10-04T14:41:00
Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that's responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface. "This
Published: 2024-10-03T22:30:00
For years, securing a company’s systems was synonymous with securing its “perimeter.” There was what was safe “inside” and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem
Published: 2024-10-03T20:36:00
Misconfigured and vulnerable Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated techniques," Aqua security researchers Assaf Morag and Idan Revivo said in a report shared with The Hacker
Published: 2024-10-03T19:45:00
Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries. The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37, which is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima,
Published: 2024-10-03T18:30:00
INTERPOL has announced the arrest of eight individuals in C te d'Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said. One such threat involved a large-scale phishing scam targeting Swiss citizens that resulted in financial losses to the tune
Published: 2024-10-03T14:40:00
A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K. who
Published: 2024-10-03T12:45:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity. "An
Published: 2024-10-03T11:36:00
A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB. The campaign is part of a consumer investment fraud scheme that's also widely known as pig butchering, in which prospective victims are lured into making investments in cryptocurrency or other financial
Published: 2024-10-02T22:24:00
A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. "The
Published: 2024-10-02T20:51:00
A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applications. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor infection,"
Published: 2024-10-02T20:38:00
A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. "These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks," Forescout
Published: 2024-10-02T18:30:00
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,
Published: 2024-10-02T17:43:00
Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1. Interactivity Having the ability to interact with the
Published: 2024-10-02T16:30:00
Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. "While the attackers didn't succeed in deploying ransomware on the networks of any of the organizations affected, it is likely that the attacks were financially motivated," Symantec, part of Broadcom, said in a
Published: 2024-10-02T15:30:00
Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a severe security flaw in Zimbra's postjournal service that could enable unauthenticated attackers to
Published: 2024-10-02T11:26:00
A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets. "The attack targeted users of Atomic, Trust Wallet, Metamask, Ronin, TronLink, Exodus, and other prominent wallets in the crypto ecosystem,"
Published: 2024-10-02T11:01:00
The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in
Published: 2024-10-01T22:04:00
Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security
Published: 2024-10-01T16:00:00
More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages," Palo Alto Networks Unit 42 researchers Shehroze Farooqi,
Published: 2024-10-01T12:02:00
Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis. The attacks
Published: 2024-10-01T10:42:00
The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges related to securities fraud, wire fraud, and five counts of computer fraud. According to the court
Published: 2024-10-01T07:32:00
Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But it wasn't all good news Kaspersky's forced exit from the US market left users with more
Published: 2024-09-30T18:39:00
Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher
Published: 2024-09-30T17:25:00
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft). Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn’t a new technique so
Published: 2024-09-30T16:50:00
Imagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock
Published: 2024-09-30T16:00:00
The Irish Data Protection Commission (DPC) has fined Meta 91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems. The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union's
Published: 2024-09-30T11:42:00
Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake
Published: 2024-09-28T15:24:00
U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy
Published: 2024-09-28T11:33:00
Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.8)
Published: 2024-09-27T21:14:00
A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. "A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print
Published: 2024-09-27T18:03:00
As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” techniques is especially alarming.
Published: 2024-09-27T16:56:00
The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent
Published: 2024-09-27T16:41:00
In today's fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you're a seasoned cyber professional or just starting your journey, signing up for the GIAC Newsletter ensures you're always informed and equipped for
Published: 2024-09-27T14:34:00
Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departure from previously observed delivery vectors such as compromised or fake websites, or phishing emails bearing PDF
Published: 2024-09-27T14:30:00
The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The virtual currency exchanges, Cryptex and PM2BTC, have been alleged to facilitate the laundering of cryptocurrencies possibly obtained through
Published: 2024-09-27T13:17:00
A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.2 and
Published: 2024-09-27T11:24:00
Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription," security
Published: 2024-09-26T21:32:00
Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima. "These samples enhance Sparkling Pisces' already extensive arsenal
Published: 2024-09-26T17:58:00
Imagine trying to find a needle in a haystack, but the haystack is on fire, and there are a million other needles you also need to find. That's what dealing with security alerts can feel like. SIEM was supposed to make this easier, but somewhere along the way, it became part of the problem. Too many alerts, too much noise, and not enough time to actually stop threats. It's time for a change.
Published: 2024-09-26T17:58:00
Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don’t have the time - or the budget - to
Published: 2024-09-26T16:30:00
As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection detected as far back as December 2022. The
Published: 2024-09-26T16:13:00
An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant. "Between late 2022 to present, SloppyLemming
Published: 2024-09-26T11:48:00
Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor. "Investigators
Published: 2024-09-26T10:19:00
Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of a codebase, but also makes the switch
Published: 2024-09-25T22:30:00
Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy-Preserving Attribution (PPA) without explicitly seeking users' consent. "Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites," noyb said
Published: 2024-09-25T19:42:00
Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers' systems. "It has a standard set of features commonly found in penetration testing tools and its developer created it using the Rust programming language," Unit 42's Dominik
Published: 2024-09-25T18:08:00
A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of any information the user typed or responses received by ChatGPT, including any future chat sessions
Published: 2024-09-25T17:17:00
perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. Aqua Nautilus researchers shed light on a Linux malware, dubbed perfctl malware, that over the past 3-4 years targeted misconfigured Linux servers. The malicious code was used to drop cryptocurrency miners and proxyjacking software. Perfctl is an elusive […]
Published: 2024-10-04T12:49:39
Microsoft and the U.S. DoJ seized over 100 domains used by the Russia-linked Callisto Group for launching attacks on U.S. government and nonprofits. The Justice Department revealed the unsealing of a warrant to seize 41 domains used by Russia-linked Callisto Group (formerly SEABORGIUM, also known as COLDRIVER) for computer fraud in the United States. US […]
Published: 2024-10-04T07:04:14
The Dutch government blames a “state actor” for hacking a police system, exposing the contact details of all police officers, according to the justice minister. The Dutch police blame a state actor for the recent data breach that exposed officers’ contact details, the justice minister told lawmakers. The incident took place on September 26, 2024, […]
Published: 2024-10-03T21:27:34
Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. The flaw is an Improper Restriction […]
Published: 2024-10-03T14:36:12
Cloudflare recently mitigated a new record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion packets per second (Pps). Cloudflare reported that starting from early September, it has mitigated over 100 hyper-volumetric L3/4 DDoS attacks, with many exceeding 2 billion Pps and 3 Tbps. The largest DDoS attack peaked at 3.8 Tbps, that is the […]
Published: 2024-10-03T13:01:17
Telegram fulfilled over a dozen U.S. law enforcement data requests this year, potentially revealing the IP addresses or phone numbers of 100+ users. Independent website 404 Media first revealed that in 2024 Telegram has fulfilled more than a dozen law enforcement data requests from the U.S. authorities. The social media platform “potentially revealed” that it […]
Published: 2024-10-03T05:11:07
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Endpoint Manager (EPM) vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-29824 (CVSS score of 9.6) to its Known Exploited Vulnerabilities (KEV) catalog. In May, Ivanti rolled out security patches to […]
Published: 2024-10-02T19:29:45
Multiple flaws in DrayTek residential and enterprise routers can be exploited to fully compromise vulnerable devices. Forescout researchers discovered 14 new vulnerabilities in DrayTek routers, two of which have been rated as critical. Of the 14 security flaws nine are rated high, and three are rated medium in severity. The flaws impact residential and enterprise […]
Published: 2024-10-02T18:11:33
The Rhadamanthys information stealer has been upgraded with advanced features, including the use of artificial intelligence (AI) for optical character recognition (OCR). Researchers at the Recorded Future’s Insikt group have documented the evolution of the Rhadamanthys info stealer. The malware was first identified in 2022, and since then it has been upgraded with advanced features, […]
Published: 2024-10-02T13:42:02
Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor’s Zimbra Collaboration. Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed vulnerability, tracked as CVE-2024-45519, in Synacor’s Zimbra Collaboration. Starting on September 28, 2024, threat actors have been attempting to exploit the issue to achieve remote code execution on […]
Published: 2024-10-02T09:21:33
Ransowmare Crew Infects 100+ Orgs Monthly With New MedusaLocker Variant
CIA Seeks Informants In North Korea, Iran, And China
Ivanti EPM Vulnerability Exploited In The Wild
Zero-Day Breach At Rackspace Sparks Vendor Blame Game
14 DrayTek Vulns Patched, Including RCE Flaw
Evil Corp/REvil Malware Crime Group Outed As Family Affair
The Fix For BGP's Weaknesses Has Issues Of Its Own
NIST's Security Flaw Database Still Backlogged With 17k+ Unprocessed Bugs. Not Great
Record Breaking DDoS Attack Peaked At 3.8 Tbps, 2.14 Billion Pps
More LockBit Hackers Arrested, Unmasked As Servers Siezed
T-Mobile Pays $16 Million Fine For Three Years' Worth Of Data Breaches
Zimbra Mail Servers Under Siege Through RCE Vuln
Cybersecurity Experts Praise Veto Of California's AI Safety Bill
Rackspace Internal Monitoring Web Servers Hit By Zero Day
Ransomware Forces Hospital To Turn Away Ambulances
Organizations Warned Of Exploited SAP, Gpac, And D-Link Vulnerabilities
Systems Used By Courts And Governments Across The US Riddled By Vulnerabilities
US Charges 3 Iranians Over Presidential Campaign Hacking
WMDDH Discloses Data Breach Impacting 127,000
Cloud Threats Have Execs The Most Freaked Out Because They're Not Prepared
Opinion: How To Design A US Data Privacy Law
Attacking Unix Systems Via CUPS, Part I
Critical Nvidia Bug Allows Container Escape, Host Takeover
Five Eyes Agencies Release Guidance On Detecting Active Directory Intrusions
EU Privacy Regulator Fines Meta 91 Million Euros Over Password Storage
Ransomware Hits Critical Infrastructure Hard, Costs Adding UpIndustry Moves for the week of September 30, 2024 - SecurityWeek
In Other News: Doxing With Meta Ray-Ban Glasses, OT Hunting, NVD Backlog
Google Cloud Announces General Availability of New Confidential Computing Options
Collapse of National Security Elites’ Cyber Firm Leaves Bitter Wake
Cybersecurity M&A Roundup: 37 Deals Announced in September 2024
Google Hardens Pixel’s Baseband Security Mitigations
Russia Arrests 96 People Tied to US-Disrupted Cryptocurrency Exchanges
Apple iOS 18.0.1 Patches Password Exposure and Audio Snippet Bugs
Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group
CISO Salary Surge: Fewer Job Changes, Bigger Paychecks for Experienced Cybersecurity Leaders
CISA Kicks Off 21st Anniversary of Cybersecurity Awareness Month
CISA Releases Anonymous Threat Response Guidance and Toolkit for K-12 Schools
Joint ODNI, FBI, and CISA Statement
CISA Releases Plan to Align Operational Cybersecurity Priorities for Federal Agencies
FBI and CISA Release Joint PSA, Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections
CISA Releases Election Security Focused Checklists for Both Cybersecurity and Physical Security
CISA Launches New Portal to Improve Cyber Reporting
Election Security Partners Host 7th Annual Tabletop the Vote Exercise for 2024
Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts
FBI and CISA Release Joint PSA, Just So You Know: Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting
Region 8 Invites You to Secure Our World
CISA Director Jen Easterly Remarks at the Election Center 39th Annual National Conference in Detroit
Learn with Region 8’s Webinar Program
Shaping the legacy of partnership between government and private sector globally: JCDC
SAFECOM and NCSWIC Develop Global Positioning System (GPS) for Public Safety Location Services: Use Cases and Best Practices
Region 10 Team Provides Vital Election Security Training for Idaho
SAFECOM Membership Spotlight ft. Red Grasso, North Carolina Department of Information Technology
SAFECOM Releases New Resource for Cloud Adoption
With Open Source Artificial Intelligence, Don’t Forget the Lessons of Open Source Software
SAFECOM and NCSWIC Publish Fall 2023 Joint SAFECOM-NCSWIC Bi-Annual Meeting Executive Summaries
Subnet Solutions Inc. PowerSYSTEM Center
CISA Adds One Known Exploited Vulnerability to Catalog
Delta Electronics DIAEnergie
TEM Opera Plus FM Family Transmitter
CISA Releases Three Industrial Control Systems Advisories
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Releases Two Industrial Control Systems Advisories
Optigo Networks ONS-S8 Spectra Aggregation Switch
ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations
Mitsubishi Electric MELSEC iQ-F FX5-OPC
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA’s VDP Platform 2023 Annual Report Showcases Success
Advantech ADAM-5630
goTenna Pro ATAK Plugin
Cisco Releases Security Updates for IOS and IOS XE Software
Atelmo Atemio AM 520 HD Full HD Satellite Receiver
CISA Releases Five Industrial Control Systems Advisories
ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises
Advantech ADAM-5550
goTenna Pro X and Pro X2
Citrix Releases Security Updates for XenServer and Citrix Hypervisor
CISA Warns of Hurricane-Related Scams
Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means
Alisonic Sibylla
Moxa MXview One
CISA Adds One Known Exploited Vulnerability to Catalog
Franklin Fueling Systems TS-550 EVO
OMNTEC Proteus Tank Monitoring
OPW Fuel Management Systems SiteSentinel
Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE
[webapps] reNgine 2.2.0 - Command Injection (Authenticated)
[webapps] openSIS 9.1 - SQLi (Authenticated)
[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
[webapps] NoteMark < 0.13.0 - Stored XSS
[webapps] Gitea 1.22.0 - Stored XSS
[webapps] Invesalius3 - Remote Code Execution
[dos] Windows TCP/IP - RCE Checker and Denial of Service
[webapps] Aurba 501 - Authenticated RCE
[webapps] HughesNet HT2000W Satellite Modem - Password Reset
[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure
[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
[webapps] Helpdeskz v2.0.2 - Stored XSS
[webapps] Calibre-web 0.6.21 - Stored XSS
[webapps] Devika v1 - Path Traversal via 'snapshot_path'
[local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path
[local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path
[local] Oracle Database 12c Release 1 - Unquoted Service Path
[webapps] Ivanti vADC 9.9 - Authentication Bypass
[local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation
[webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection
[webapps] Azon Dominator Affiliate Marketing Script - SQL Injection
[webapps] Microweber 2.0.15 - Stored XSS
[webapps] Customer Support System 1.0 - Stored XSS
[webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)
[webapps] SolarWinds Platform 2024.1 SR1 - Race Condition
[webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
[webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
[webapps] Boelter Blue System Management 1.3 - SQL Injection
[webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)
[webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)
[webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.
[webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
[webapps] XMB 1.9.12.06 - Stored XSS
[webapps] Carbon Forum 5.9.0 - Stored XSS
[webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)
[webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)
[webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)
[webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)
[webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)
[webapps] Dotclear 2.29 - Remote Code Execution (RCE)
[webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)
[webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)
[webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)
[webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)
[webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)
[webapps] Aquatronica Control System 5.1.6 - Information Disclosure
[webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)
[webapps] ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)
Some SIM / USIM card security (and ecosystem) info
SEC Consult SA-20240930-0 :: Local Privilege Escalation via MSI Installer in Nitro PDF Pro (CVE-2024-35288)
Backdoor.Win32.Benju.a / Unauthenticated Remote Command Execution
Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH)
Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE)
Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH)
Backdoor.Win32.Boiling / Remote Command Execution
Defense in depth -- the Microsoft way (part 88): a SINGLE command line shows about 20, 000 instances of CWE-73
SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214)
Apple iOS 17.2.1 - Screen Time Passcode Retrieval (Mitigation Bypass)
CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204
Submit Exploit CVE-2024-42831
Stored XSS in "Edit Profile" - htmlyv2.9.9
Stored XSS in "Menu Editor" - htmlyv2.9.9
Backdoor.Win32.BlackAngel.13 / Unauthenticated Remote Command Execution
Re[2]: cups-browsed vulnerable to DDoS amplification attack
Re: cups-browsed vulnerable to DDoS amplification attack
Re: cups-browsed vulnerable to DDoS amplification attack
cups-browsed vulnerable to DDoS amplification attack
PowerDNS Security Advisory 2024-04
CVE-2024-47554: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
CVE-2024-47561: Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Multiple vulnerabilities in Jenkins and Jenkins plugins
CVE-2024-45772: Apache Lucene Replicator: Deserialization of Untrusted Data
Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses
Re: List linux CVEs for a given stable release?
Re: CUPS printing system vulnerabilities
Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses
Re: CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses
Re: CUPS printing system vulnerabilities
Android 15 QPR1 Beta 2 brings significant updates to Android tablets, including desktop windowing and the return of lock screen widgets. Learn more about the new features and improvements in this latest iteration of the Android operating system.
Published: Wed Sep 25 22:10:10 2024
The world of cybersecurity is constantly evolving, and with it comes a multitude of threats that can compromise your device, steal your personal information, or disrupt your online activities. At the heart of these threats are malicious software programs known as malware. In this comprehensive guide, we will delve into the world of malware, exploring its definition, types, delivery methods, and prevention strategies.
Published: Wed Sep 25 22:32:18 2024
A critical Ivanti vTM application delivery controller vulnerability is currently being actively exploited by threat actors, allowing remote unauthenticated attackers to bypass authentication on Internet-exposed vTM admin panels. This vulnerability could potentially lead to the creation of rogue administrator users, posing significant risks to organizations relying on this application delivery controller to manage their network traffic and applications.
Published: Wed Sep 25 23:48:06 2024
Discover the best practices and challenges associated with multi-cloud security in this comprehensive guide. Learn how to develop a solid multi-cloud security strategy that protects your data and resources in a multi-cloud environment.
Published: Thu Sep 26 00:14:50 2024
In a significant update, Microsoft has addressed a critical zero-day vulnerability in its Windows Smart App Control and SmartScreen security features. This vulnerability, identified as CVE-2024-38217, has been actively exploited by threat actors since 2018, posing a significant risk to users worldwide. Microsoft's September 2024 Patch Tuesday update includes fixes for four zero-day vulnerabilities, including this one, highlighting the need for prioritizing patching updates and staying vigilant in the face of evolving cybersecurity threats.
Published: Thu Sep 26 00:39:15 2024
WordPress.org has blocked WP Engine's servers from accessing WordPress.org resources, potentially putting millions of websites at risk. The move is seen as a major blow to the web hosting provider and raises questions about corporate responsibility, intellectual property rights, and the future of open-source projects.
Published: Thu Sep 26 00:44:37 2024
China's Salt Typhoon cyber spies are deep inside US ISPs, a disturbing development that highlights the ongoing cat-and-mouse game between Chinese state-sponsored hackers and US authorities.
Published: Thu Sep 26 00:51:59 2024
China has issued a stern warning to Taiwan over network security precautions amid escalating tensions over the status of Taiwan. The Ministry of State Security claimed that a group linked to Taiwan's military was behind recent cyber attacks, but Taiwan's government denies the allegations. As tensions continue to escalate, it is essential to take steps to prevent cyber attacks and protect online systems from state-sponsored malware.
Published: Thu Sep 26 01:05:01 2024
Tens of thousands of fuel storage tanks in critical infrastructure facilities remain vulnerable to zero-day attacks due to buggy Automatic Tank Gauge systems from multiple vendors, say infosec researchers. The recent discovery of ten critical security bugs in these devices has raised significant concerns about the potential for cyberattacks on fuel storage tanks, highlighting the need for better security measures in the energy sector.
Published: Thu Sep 26 02:02:04 2024
Uncovering the Hidden Dangers: A Guide to Identifying North Korean IT Operatives
Published: Thu Sep 26 02:08:04 2024
The US government's recent ban on Kaspersky selling its products stateside has led to the sudden appearance of UltraAV as a mandatory antivirus software for some Windows systems. The low-profile brand raises concerns about security implications and the role of government regulation in shaping the cybersecurity industry, prompting users to question whether this new brand can provide adequate protection.
Published: Thu Sep 26 02:25:35 2024
As ransomware continues to make headlines due to its impact on global financial institutions, it's essential to understand the threat and take steps to protect yourself. From high-profile attacks on organizations like MoneyGram to individual users, ransomware is a growing concern that requires attention.
Published: Thu Sep 26 02:39:53 2024
Necro malware has been found on several popular Android apps, including Wuta Camera and Max Browser, leaving thousands of users vulnerable to cyber threats. With its ability to deliver intrusive ads and steal money through fake subscription payments, this malware campaign is a stark reminder of the need for vigilance when downloading mobile apps from unverified sources.
Published: Thu Sep 26 02:50:54 2024
Microsoft Unveils Comprehensive Secure Future Initiative to Enhance Cybersecurity and Protect Global Citizens
Published: Thu Sep 26 03:00:10 2024
Ransomware: The Hidden Threat Lurking in Your Digital Footprints
Published: Thu Sep 26 03:12:37 2024
A new post-exploitation red team tool called Splinter has emerged in the wild, prompting cybersecurity researchers to raise an alarm about its potential threat. The Splinter tool is built using the Rust programming language and boasts a range of features commonly found in penetration testing tools, making it a valuable target for threat actors seeking to compromise organizations. While there is no information available on who created the tool, its impact could be significant if misused.
Published: Thu Sep 26 04:42:40 2024
The cybersecurity industry has long awaited a solution to Security Orchestration, Automation, and Response (SOAR)'s unfulfilled promises. A new technology called Agentic AI has emerged as a potential game-changer, promising to address the fundamental challenges of SOC automation that have hindered previous solutions. With its advanced generative capabilities, Agentic AI can automate complex tasks, providing real-time insights and enabling organizations to respond quickly and effectively to emerging threats.
Published: Thu Sep 26 05:03:51 2024
A joint cybersecurity advisory by the FBI and CISA reveals that a Russian state-sponsored advanced persistent threat actor has been targeting various U.S. state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks, for over two years. The actor's sophisticated tactics and techniques have allowed it to successfully breach numerous networks, compromise sensitive information, and potentially disrupt critical infrastructure. Organizations are urged to take immediate action to secure their networks and systems in response to this threat.
Published: Thu Sep 26 05:36:13 2024
Learn how to protect yourself from ransomware attacks with our comprehensive guide, featuring expert advice on prevention, detection, and removal techniques. Discover the latest threats and trends in the world of cybersecurity.
Published: Thu Sep 26 05:40:38 2024
Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns: A Devastating Blow to Trust and Transparency in the Cybersecurity Industry
In a move that has left many in the cybersecurity community on edge, Kaspersky, a renowned antivirus software provider, has begun the process of exiting the United States market. This development is a result of a formal ban imposed by the U.S. government due to national security concerns, which was implemented as part of a broader crackdown on Russian-owned companies and their alleged ties to the country's government.
Published: Thu Sep 26 05:46:54 2024
While mandatory password expiration policies may have been sufficient in the past, they are no longer considered an effective solution to safeguard sensitive information. Instead, organizations must adopt robust authentication mechanisms, multifactor authentication, and effective password management policies to protect their users' online presence.
Published: Thu Sep 26 07:23:51 2024
Discord has unveiled a groundbreaking new protocol called DAVE, which promises to provide unparalleled protection for sensitive communications via audio and video calls. By utilizing this protocol, users can rest assured that their conversations will remain private and secure.
Published: Thu Sep 26 07:36:28 2024
Uncovering the complexities of North Korea's state-sponsored cyber threat, this article provides an in-depth examination of the Lazarus Group's activities and tactics.
Published: Thu Sep 26 08:12:47 2024
A critical vulnerability has been identified in the popular GeoServer software, allowing for Remote Code Execution (RCE) by unauthenticated users. Understanding the risks and implications of this vulnerability is essential for software developers and users to protect themselves against potential attacks.
Published: Thu Sep 26 08:23:39 2024
Noyb takes on Mozilla: a new complaint raises concerns over Firefox's tracking feature Privacy-Preserving Attribution (PPA), highlighting the ongoing debate over data tracking and user consent in the digital age. The incident underscores the importance of transparency, user agency, and clear policies regarding data collection practices.
Published: Thu Sep 26 08:40:22 2024
The Dark Web Breach: Uncovering the Alarming Consequences of Exposed Congressional Staffer Data
Published: Thu Sep 26 08:56:20 2024
The Necro Trojan malware has resurfaced on Android devices, infecting 11 million users across popular apps and game mods. With its advanced obfuscation techniques and steganography methods, this new variant poses a significant threat to mobile security. Read the full article to learn more about the resurgence of Necro Trojan and how to protect yourself against this malicious malware.
Published: Thu Sep 26 09:15:19 2024
Ransomware has become a growing threat to global cybersecurity, with various types of malware using social engineering tactics, malicious ads, and other methods to spread infections. By understanding the risks and taking proactive measures, individuals and businesses can protect themselves from these cyber threats and reduce their chances of falling victim to a ransomware attack.
Published: Thu Sep 26 09:52:13 2024
Israel has been accused of infiltrating Lebanese telecom networks, allowing it to send targeted warnings to specific individuals and groups, sparking concerns about escalating conflict in the region.
Published: Thu Sep 26 11:20:05 2024
Telegram's decision to provide user data to law enforcement in response to legal requests marks a significant shift in the platform's policy on user data. As the company navigates regulatory requirements and balances security with compliance, its users will be watching closely to see how this evolution unfolds.
Published: Thu Sep 26 11:37:03 2024
In a recent security alert, Nvidia has revealed a critical vulnerability in its widely used Container Toolkit that could allow a rogue user or software to escape their containers and take complete control of the underlying host. The bug, tracked as CVE-2024-0132, earned a 9.0 out of 10 CVSS severity rating, making it one of the most critical security issues in recent times.
Published: Fri Sep 27 17:08:04 2024
In a high-stakes antitrust trial, Google has taken the defense that its closed ad ecosystem is not anticompetitive, but rather safer for users. The Department of Justice (DOJ) claims that Google's dominance in the ad tech market stifles competition, while Google argues that a more controlled environment protects both advertisers and publishers from malicious actors.
Published: Fri Sep 27 17:33:22 2024
Microsoft's latest AI-powered feature, Recall, aims to enhance user productivity by providing a visual activity log of Windows desktop activities. However, concerns over privacy and security have been raised, prompting the company to revise its design and implementation.
Published: Fri Sep 27 20:33:53 2024
Hewlett Packard Enterprise (HPE) has released patches for three critical security vulnerabilities in its networking subsidiary's Proprietary Access Protocol Interface (PAPI), raising concerns among sysadmins. The patches aim to address flaws found in Aruba's AOS-8 and AOS-10 operating systems, which are rated 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS). This development underscores the importance of ongoing vigilance in addressing emerging vulnerabilities and staying abreast of the latest developments in network security.
Published: Fri Sep 27 21:13:13 2024
Researchers have identified a world-first mobile crypto-draining attack on Google's Play Store, targeting web3 users exclusively with a dodgy app dubbed "WalletConnect." The attackers stole $70,000 from victims who downloaded the malicious app, which was masqueraded as an official WalletConnect protocol app. This incident highlights the need for advanced security solutions and cybersecurity awareness to protect web3 users from such malicious activities.
Published: Fri Sep 27 21:29:44 2024
Progress Software has released a patch for WhatsUp Gold addressing six critical security flaws, including two rated at CVSS 8.8 and one at CVSS 9.8, in an effort to mitigate the threat posed by malicious actors.
Published: Fri Sep 27 22:07:41 2024
Four critical vulnerabilities have been discovered in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. Learn more about the discovery and how you can protect your organization from these potential threats.
Published: Fri Sep 27 22:22:19 2024
The U.S. government has taken a major step in its efforts to combat cybercrime and money laundering by imposing sanctions on two cryptocurrency exchanges, Cryptex and PM2BTC. The move is part of an ongoing law enforcement crackdown called Operation Endgame and is aimed at disrupting networks that facilitate illicit activities. Two Russian nationals have been charged with involvement in the operation of several money laundering services offered to cybercriminals.
Published: Fri Sep 27 23:06:11 2024
A critical vulnerability in NVIDIA's container toolkit has exposed hosts to complete takeover, highlighting the importance of prioritizing cloud security. With patches now available, organizations must take immediate action to safeguard their operations.
Published: Fri Sep 27 23:14:40 2024
A recent discovery by cybersecurity researchers has revealed a set of critical vulnerabilities in Kia vehicles that could potentially allow hackers to remotely control key functions using only a license plate. The implications are alarming, highlighting the need for urgent attention and action from automotive manufacturers, governments, and consumers alike.
Published: Fri Sep 27 23:20:09 2024
North Korean hackers, attributed to group Kimsuky or APT43, have deployed two new malware strains dubbed KLogExe and FPSpy in targeted attacks. These malware strains represent enhancements to Sparkling Pisces' existing arsenal, highlighting the group's continuous evolution and increasing capabilities.
Published: Fri Sep 27 23:48:32 2024
The Hacker News presents a comprehensive guide to reclaiming control from overwhelmed Security Information and Event Management (SIEM) systems, providing actionable insights for organizations seeking to transform their approach to security.
Published: Fri Sep 27 23:54:07 2024
The Tor Project and Tails OS have merged operations to enhance collaboration, expand training, outreach, and strengthen their efforts to protect users globally from digital surveillance and censorship.
Published: Sat Sep 28 00:22:57 2024
UK train stations have been hit by a sophisticated cyberattack spreading an anti-Islam message on public Wi-Fi networks. The attack has raised concerns about the potential for hate speech and propaganda on public platforms. As the use of public Wi-Fi networks continues to grow, so too does the risk of attacks like this one. It is essential that we prioritize cybersecurity and take steps to protect ourselves from such threats.
Published: Sat Sep 28 00:40:12 2024
The U.S. government has sanctioned two cryptocurrency exchanges, Cryptex and PM2BTC, for allegedly facilitating cybercrime and money laundering. The sanctions are part of a broader effort to combat Russian money laundering operations and hold accountable those who facilitate illicit activities in the cryptocurrency industry.
Published: Sat Sep 28 01:22:53 2024
A recent discovery by cybersecurity researchers has uncovered a malicious Android app that masqueraded as the legitimate WalletConnect open-source protocol, leading to the theft of approximately $70,000 in cryptocurrency over a period of nearly five months. Learn more about this sophisticated deception and how you can protect yourself from similar threats.
Published: Sat Sep 28 07:50:40 2024
A recent cyberattack on the Kuwait Health Ministry has left the country's hospitals reeling, with multiple systems disrupted and the Sahel healthcare app disabled. The attack highlights the growing threat posed by cyberattacks on healthcare organizations worldwide and underscores the importance of robust cybersecurity measures to prevent such threats.
Published: Sat Sep 28 08:27:54 2024
Microsoft's latest attempt to bring stability and security updates to its Windows 11 operating system has ended up being a disaster. The company released an optional preview update, known as KB5043145, last week, which has been met with widespread criticism from users and IT professionals alike. According to reports from Microsoft's support article and the company's feedback forum, this latest update has caused a plethora of problems, including stability issues, blue or green screens, and glitches with USB and Wi-Fi connectivity.
Published: Mon Sep 30 09:27:12 2024
Agence France-Presse, one of the world's leading global news agencies, has fallen victim to a sophisticated cyberattack that has left its partners and clients grappling with the implications. The attack, which occurred on Friday, September 30th, 2024, at approximately 10:19 AM, sent shockwaves through the media industry as it impacted AFP's IT systems and content delivery services.
Published: Mon Sep 30 09:41:48 2024
The US government's efforts to implement remote identity verification (RiDV) technology have hit a snag due to the revelation of significant bias, inconsistency, and unreliability in five RiDV products tested across various demographic groups. The study's findings have sparked concerns about inequitable treatment of certain groups within the US government's online platforms.
Published: Mon Sep 30 09:54:24 2024
Cybersecurity experts are sounding the alarm about cloud threats, which have become a major concern for top executives. The latest PwC report reveals that cloud threats are the leading cause of security worry among business leaders, with 42% citing them as their most significant threat.
Published: Mon Sep 30 10:00:23 2024
The increasing reliance on large language models (LLMs) for code generation has raised concerns about the potential for AI-generated package names to be fabricated or inaccurate. A recent study conducted by researchers from the University of Texas at San Antonio, the University of Oklahoma, and Virginia Tech shed light on this pressing concern, highlighting the need for robust security measures and stringent quality control checks when deploying LLMs in public-facing applications.
Published: Mon Sep 30 10:07:22 2024
Cybersecurity threats are becoming increasingly prevalent, with new and sophisticated attacks emerging every day. From ransomware attacks to nation-state-backed cybercrime, individuals and organizations must take proactive measures to protect themselves against these growing threats.
Published: Mon Sep 30 10:14:13 2024
Binance has been praised for helping Indian authorities bust a Chinese scam app that was allegedly operating in the country. The exchange's cooperation highlights the growing importance of international cooperation in combating cross-border cryptocurrency scams.
Published: Mon Sep 30 10:20:10 2024
The recent revelation of critical vulnerabilities in automatic tank gauge (ATG) systems has exposed gas stations and other critical infrastructure facilities to remote attacks, posing significant real-world risks to physical damage, environmental hazards, and economic losses.
Published: Mon Sep 30 10:59:48 2024
Session hijacking has evolved into an identity-based attack that targets cloud-based apps and services. With 147,000 token replay attacks detected by Microsoft in 2023 alone, this new approach to session hijacking poses a significant threat to MFA adoption. Learn more about how Session Hijacking 2.0 is bypassing traditional security controls and what organizations can do to stay ahead of the evolving threat landscape.
Published: Mon Sep 30 11:06:53 2024
Recent incidents highlighted by the Lockbit ransomware gang demonstrate its increasing sophistication and ruthlessness, emphasizing the need for robust cybersecurity measures and increased vigilance in addressing emerging threats.
Published: Mon Sep 30 11:40:23 2024
Israeli intelligence officials have confirmed that their cyber command unit successfully breached the communication network of the Rafic Hariri International Airport in Beirut, Lebanon, prompting an Iranian civilian plane to change course and return to Tehran.
Published: Mon Sep 30 12:33:18 2024
Widespread Vulnerabilities Found in Court and Government Systems Across the US. A recent series of disclosures highlights critical vulnerabilities in commercial platforms used by hundreds of courts and government agencies, raising serious concerns about the security and integrity of these systems.
Published: Mon Sep 30 19:02:57 2024
A recent zero-day exploit in a third-party application highlights the ongoing threat of sophisticated cyber attacks and the importance of robust security measures. The incident serves as a wake-up call for cloud hosting companies to prioritize their security measures and stay ahead of emerging threats.
Published: Mon Sep 30 19:49:11 2024
The University Medical Center in Lubbock, Texas, has been forced to turn away ambulances after a devastating cyberattack by ransomware operators. The attack has severely limited the hospital's operations, putting its patients' lives at risk. As the situation continues to unfold, experts are warning of the potential for immense ripple effects from this type of attack.
Published: Mon Sep 30 19:56:14 2024
Patelco Credit Union has disclosed that its systems were compromised by a ransomware attack this summer, affecting over 1 million individuals. The incident highlights the importance of robust cybersecurity measures and ongoing vigilance. By staying informed and taking necessary steps to secure their personal information, individuals can minimize the risk of falling victim to similar attacks in the future.
Published: Mon Sep 30 20:28:52 2024
Rackspace's internal monitoring web servers were compromised by an attacker who exploited a zero-day vulnerability in a third-party ScienceLogic application, highlighting the importance of proactive security measures and transparent communication in protecting against emerging cyber threats.
Published: Tue Oct 1 08:07:45 2024 by llama3.2 3B Q4_K_M
A new cryptojacking attack has been discovered that exploits vulnerabilities in the Docker API to create a malicious swarm botnet, compromising multiple Docker hosts and expanding the threat actor's control over these compromised systems. The attackers used a combination of Internet scanning tools and the Docker Engine API to gain initial access and deploy cryptocurrency miners on compromised containers, ultimately turning the compromised systems into a botnet for further exploitation.
Published: Tue Oct 1 08:30:08 2024 by llama3.2 3B Q4_K_M
Recent cyberattacks have exposed vulnerabilities in various systems, highlighting the need for enhanced security measures and a proactive approach to protecting sensitive information.
Published: Tue Oct 1 08:51:35 2024 by llama3.2 3B Q4_K_M
Published: Tue Oct 1 11:01:04 2024 by llama3.2 3B Q4_K_M
Four new vulnerabilities have been added to CISA's Known Exploited Vulnerabilities catalog, highlighting the ongoing need for enhanced network security vigilance. The four newly added vulnerabilities include a Command Injection Vulnerability in D-Link DIR-820 Router, an OS Command Injection Vulnerability in DrayTek Multiple Vigor Routers, a Null Pointer Dereference Vulnerability in Motion Spell GPAC, and a Deserialization of Untrusted Data Vulnerability in SAP Commerce Cloud. Organizations must take immediate action to address these known exploited vulnerabilities by conducting vulnerability assessments, implementing patches and updates, configuring firewalls and intrusion detection systems, establishing incident response capabilities, and maintaining accurate records of remediation activities. By doing so, businesses can mitigate potential risks and ensure their networks remain secure in an ever-evolving threat landscape.
Published: Tue Oct 1 11:49:38 2024 by llama3.2 3B Q4_K_M
A recent ransomware attack on UMC Health System has forced the organization to divert patients due to an ongoing IT outage. The hospital has noted that the investigation into the security incident is still ongoing, and updates will be provided when more information becomes available. This cybersecurity incident highlights the need for healthcare organizations to have robust measures in place to protect against such threats.
Published: Tue Oct 1 13:28:41 2024 by llama3.2 3B Q4_K_M
The sanctions imposed on Evil Corp members mark an escalation in the ongoing battle against this notorious group. The recent development highlights the importance of cooperation and education in mitigating the threat posed by these malicious actors, as well as the need for continued awareness and innovation in cybersecurity defenses.
Published: Tue Oct 1 13:55:21 2024 by llama3.2 3B Q4_K_M
The United States Immigration and Customs Enforcement (ICE) agency has signed a lucrative contract worth $2 million with Israeli commercial spyware vendor Paragon Solutions, sparking concerns about the misuse of such technology. As part of a broader effort to reshape the commercial spyware market, the US government aims to prevent the misuse of spyware while promoting its responsible use.
Published: Tue Oct 1 14:18:03 2024 by llama3.2 3B Q4_K_M
Evil Corp, a notorious Russian cybercrime gang with ties to NATO allies, has been making headlines in recent years. In a joint report released by the UK's National Crime Agency (NCA), FBI, and Australian Federal Police, new details have emerged about the group's activities, including its use of Lockbit ransomware platform and ties to Russian intelligence. The US Department of State is offering a $5 million reward for information leading to the arrest of Maksim Yakubets and other members of Evil Corp. Learn more about this evolving threat and how we can stay ahead of it.
Published: Tue Oct 1 14:38:39 2024 by llama3.2 3B Q4_K_M
Rackspace monitoring data was stolen following a zero-day attack on its ScienceLogic SL1 platform, exposing sensitive customer information. The breach highlights the importance of staying vigilant against zero-day attacks and taking swift action to address them.
Published: Tue Oct 1 21:45:54 2024 by llama3.2 3B Q4_K_M
The US government's National Institute of Standards and Technology (NIST) has been struggling to clear its backlog of unprocessed vulnerability reports, leaving many experts and organizations concerned about the impact this may have on global cybersecurity.
Published: Wed Oct 2 08:35:00 2024 by llama3.2 3B Q4_K_M
Published: Wed Oct 2 08:53:16 2024 by llama3.2 3B Q4_K_M
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. This critical flaw, which allows arbitrary file reading on unpatched systems, has resulted in widespread attacks across the globe, with at least seven distinct groups identified as partaking in these exploitation efforts. In light of these findings, it is essential for Magento and Adobe Commerce store owners to take immediate action to protect their systems against this devastating vulnerability.
Published: Wed Oct 2 09:06:31 2024 by llama3.2 3B Q4_K_M
Andariel, a highly sophisticated state-sponsored threat actor, has recently shifted its focus from espionage operations to financially motivated attacks on U.S. organizations, marking a significant escalation of the threat landscape. To stay ahead of these threats, businesses must understand the tactics and techniques employed by Andariel and take proactive measures to protect themselves against state-sponsored attack.
Published: Wed Oct 2 09:39:49 2024 by llama3.2 3B Q4_K_M
Rhadamanthys information stealer, a highly sophisticated AI-driven malware tool, has been upgraded to version 0.7.0 with advanced features including AI-powered Optical Character Recognition (OCR) for extracting cryptocurrency seed phrases from images. This malicious software is designed specifically for stealing sensitive information from infected systems and offers a subscription fee of $250 per month or $550 for 90 days. Stay informed about emerging threats like Rhadamanthys and learn how to protect yourself against sophisticated malware tools.
Published: Wed Oct 2 11:06:27 2024 by llama3.2 3B Q4_K_M
Published: Wed Oct 2 22:30:13 2024 by llama3.2 3B Q4_K_M
OpenStack's 30th edition, Dalmatian, has been released, bringing a new dashboard, improved GPU support, and enhanced security features to the table. This latest iteration promises to further establish OpenStack as a viable alternative to established cloud players like VMware.
Published: Wed Oct 2 22:36:46 2024 by llama3.2 3B Q4_K_M
The Federal Communications Commission (FCC) has unveiled a $200 million pilot program aimed at bolstering the cybersecurity defenses of schools and libraries across the United States, providing funding for advanced firewalls, identity protection services, malware protection, Virtual Private Networks (VPNs), and other measures to combat cyber attacks. The Schools and Libraries Cybersecurity Pilot Program seeks to equip these institutions with the necessary tools and resources to protect against growing threats.
Published: Wed Oct 2 22:44:22 2024 by llama3.2 3B Q4_K_M
Recently disclosed RCE vulnerability in Zimbra email servers has been actively exploited through phishing emails, allowing hackers to gain unauthorized access. Upgrading to newer versions or applying mitigating steps are recommended to prevent further exploitation.
Published: Thu Oct 3 00:04:43 2024 by llama3.2 3B Q4_K_M
Meta glasses have become a tool for surveillance, raising concerns about data privacy and security. A Harvard student has demonstrated how to use facial recognition technology with $379 Meta Ray-Ban 2 smart sunglasses to extract personal information in real-time, sparking questions about consent, privacy, and the potential misuse of such technology.
Published: Thu Oct 3 00:14:04 2024 by llama3.2 3B Q4_K_M
Breaking News: 700K+ Draytek Routers Exposed to Public Internet, Vulnerable to Remote Hijacking and Exploitation
Published: Thu Oct 3 00:20:41 2024 by llama3.2 3B Q4_K_M
Fake trading apps have become a significant threat to global cybersecurity, with a growing number of victims falling prey to these malicious applications. These apps, often disguised as legitimate investment platforms, promise quick financial gains to lure unsuspecting users into making significant investments. As the global landscape continues to evolve, it is essential for users to remain vigilant and take proactive measures to protect themselves from falling victim to such scams.
Published: Thu Oct 3 00:32:27 2024 by llama3.2 3B Q4_K_M
DrayTek router security: 14 new vulnerabilities discovered in millions of devices worldwide, with patches already released by the manufacturer to address these issues.
Published: Thu Oct 3 01:26:01 2024 by llama3.2 3B Q4_K_M
Telegram has shared U.S. user data with law enforcement on over a dozen occasions, potentially revealing IP addresses or phone numbers of hundreds of users. The company's decision to comply with law enforcement requests raises concerns about online privacy and security.
Published: Thu Oct 3 01:43:07 2024 by llama3.2 3B Q4_K_M
Facial Recognition Data Breach: The Rise of Real-Time Surveillance with Meta Glasses
A Harvard student's experiment using facial recognition technology with Meta Ray-Ban 2 smart glasses raises questions about our increasing reliance on surveillance and data collection in everyday life.
Published: Thu Oct 3 03:21:53 2024 by llama3.2 3B Q4_K_M
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a security flaw in Ivanti Endpoint Manager (EPM). The identified vulnerability, tracked as CVE-2024-29824, carries an elevated CVSS score of 9.6 out of a maximum of 10.0, underscoring its critical severity.
Published: Thu Oct 3 03:46:48 2024 by llama3.2 3B Q4_K_M
License plate recognition technology has become an increasingly ubiquitous tool in modern surveillance, raising significant concerns about individual privacy and civil liberties. As companies like DRN collect vast amounts of data on citizens' vehicles, it is essential that policymakers take steps to ensure that these tools are used responsibly and in accordance with human rights standards.
Published: Thu Oct 3 06:33:27 2024 by llama3.2 3B Q4_K_M
Two British-Nigerian men have been sentenced to prison for their involvement in a multimillion-dollar business email scam that targeted various organizations in the United States, including local government entities, colleges, and construction firms. The scammers, Oludayo Kolawole John Adeagbo and Donald Ikenna Echeazu, exploited tactics such as registering domain names similar to those of clients or customers of the victim organizations and preying on unwitting staff to order seemingly routine payments to their own accounts. This article will delve into the details of the scam, the methods used by the scammers, and the impact of the case on law enforcement efforts.
Published: Thu Oct 3 07:46:31 2024 by llama3.2 3B Q4_K_M
In a disturbing trend, cybercriminals are exploiting cloud credentials to operate and resell AI-powered sex chat services, often veering into darker role-playing scenarios, including child sexual exploitation and rape. As researchers warn, the use of stolen cloud credentials can feed an army of AI sex bots, posing significant security risks for organizations.
Published: Thu Oct 3 08:54:54 2024 by llama3.2 3B Q4_K_M
North Korean hackers have been using a new backdoor malware called VeilShell as part of their stealthy cyber attacks, targeting Cambodia and likely other Southeast Asian countries. The malicious activity is believed to be the handiwork of APT37, also known as InkySquid, Reaper, RedEyes, Ricochet Chollima, Ruby Sleet, and ScarCruft. This article provides a detailed analysis of the VeilShell malware and its tactics, highlighting the sophistication of North Korean hackers' attacks and the need for organizations to stay vigilant against such threats.
Published: Thu Oct 3 09:21:45 2024 by llama3.2 3B Q4_K_M
A recent study by Aqua Nautilus has revealed that a Linux malware known as "perfctl" has been secretly mining cryptocurrency using infected servers for years. Dubbed a significant threat to system administrators, the malware remains evasive in its approach to evading detection and removal from compromised systems.
Published: Thu Oct 3 10:52:58 2024 by llama3.2 3B Q4_K_M
The cybersecurity landscape has undergone a significant transformation over the past decade, as traditional perimeter-based security measures have become increasingly obsolete. Non-human identities (NHIs) pose a unique challenge for enterprise security teams and require a comprehensive approach to secrets security to mitigate risks. Discover how organizations can adopt a robust secrets security strategy to bolster their overall security posture and reduce attack surfaces.
Published: Thu Oct 3 11:08:10 2024 by llama3.2 3B Q4_K_M
A newly discovered malware campaign dubbed perfctl is targeting Linux servers for cryptocurrency mining and proxyjacking, leaving cybersecurity experts scrambling to address this emerging threat. To learn more about the perfctl malware campaign and how it can be mitigated, read on for an in-depth examination of the TTPs and countermeasures employed by the attackers.
Published: Thu Oct 3 11:13:55 2024 by llama3.2 3B Q4_K_M
A recent attack exploiting the CosmicSting vulnerability has compromised over 4,000 e-stores, including major organizations such as Ray-Ban and Cisco. The vulnerability is a critical bug that can result in arbitrary code execution, making it essential for store owners to patch their systems immediately.
Published: Thu Oct 3 11:33:51 2024 by llama3.2 3B Q4_K_M
A massive wave of sophisticated attacks dubbed "CosmicSting" has left an alarming number of Adobe Commerce and Magento online stores vulnerable to exploitation, with over 4,000 shops compromised in this unprecedented attack. This article delves into the details of the CosmicSting vulnerability, its impact on e-commerce businesses, and provides actionable advice for protecting against these attacks.
Published: Thu Oct 3 12:44:40 2024 by llama3.2 3B Q4_K_M
The Dutch police force has recently suffered a significant data breach, compromising the personal and professional details of numerous officers. The breach, which was detected last week, is believed to have been carried out by a state actor, according to the national police force, Politie.
Published: Thu Oct 3 15:12:07 2024 by llama3.2 3B Q4_K_M
Google has unveiled a series of innovative security features designed to counter the growing threat posed by 2G exploits and baseband attacks in its latest Pixel devices. The company's efforts come as threat actors continue to employ sophisticated methods to exploit vulnerabilities in cellular basebands, which can potentially lead to remote code execution and other forms of malicious activity.
Published: Thu Oct 3 15:25:05 2024 by llama3.2 3B Q4_K_M
Follow @EthHackingNews |