DATE |
NAME |
CATEGORY |
WEB |
31.12.23 |
Android game dev’s Google Drive misconfig highlights cloud security risks |
Android |
BleepingComputer |
31.12.23 |
New Black Basta decryptor exploits ransomware flaw to recover files |
Ransom |
BleepingComputer |
31.12.23 |
Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks |
Cryptocurrency |
The Hacker News |
30.12.23 |
From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence |
Malware blog |
Palo Alto |
30.12.23 |
Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes |
Exploit blog |
Palo Alto |
30.12.23 |
A year in review: 10 of the biggest security incidents of 2023 |
Incident blog |
Eset |
30.12.23 |
Got a new device? 7 things to do before disposing of your old tech |
Security blog |
Eset |
30.12.23 |
The Week in Ransomware - December 29th 2023 - LockBit targets hospitals |
Ransom |
BleepingComputer |
30.12.23 |
Hospitals ask courts to force cloud storage firm to return stolen data |
Incindent |
BleepingComputer |
30.12.23 |
Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts |
Virus |
BleepingComputer |
30.12.23 |
Steam game mod breached to push password-stealing malware |
Virus |
BleepingComputer |
29.12.23 |
Game mod on Steam breached to push password-stealing malware |
Virus |
BleepingComputer |
29.12.23 |
Eagers Automotive halts trading in response to cyberattack |
Attack |
BleepingComputer |
29.12.23 |
EasyPark discloses data breach that may impact millions of users |
Incindent |
BleepingComputer |
29.12.23 |
Microsoft disables MSIX protocol handler abused in malware attacks |
Virus |
BleepingComputer |
29.12.23 |
Kroll reveals FTX customer info exposed in August data breach |
Incindent |
BleepingComputer |
29.12.23 |
Russian military hackers target Ukraine with new MASEPIE malware |
BigBrothers |
BleepingComputer |
29.12.23 |
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers |
Exploit |
BleepingComputer |
29.12.23 |
Blockchain dev's wallet emptied in "job interview" using npm package |
Cryptocurrency |
BleepingComputer |
29.12.23 |
Ohio Lottery hit by cyberattack claimed by DragonForce ransomware |
Ransom |
BleepingComputer |
29.12.23 |
Lockbit ransomware disrupts emergency care at German hospitals |
Ransom |
BleepingComputer |
29.12.23 |
Albanian Parliament and One Albania Telecom Hit by Cyber Attacks |
BigBrothers |
The Hacker News |
29.12.23 |
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK |
Virus |
The Hacker News |
29.12.23 |
Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks |
APT |
The Hacker News |
29.12.23 |
Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks |
Virus |
The Hacker News |
28.12.23 |
Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service |
Vulnerebility |
The Hacker News |
28.12.23 |
Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature |
Apple |
The Hacker News |
28.12.23 |
New Rugmi Malware Loader Surges with Hundreds of Daily Detections |
Virus |
The Hacker News |
28.12.23 |
Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack |
Vulnerebility |
The Hacker News |
27.12.23 |
Mortgage firm LoanCare warns 1.3 million people of data breach |
Incindent |
BleepingComputer |
27.12.23 |
Panasonic discloses data breach after December 2022 cyberattack |
Incindent |
BleepingComputer |
27.12.23 |
New Xamalicious Android malware installed 330k times on Google Play |
Android |
BleepingComputer |
27.12.23 |
iPhone Triangulation attack abused undocumented hardware feature |
Apple |
BleepingComputer |
27.12.23 |
Barracuda fixes new ESG zero-day exploited by Chinese hackers |
Vulnerebility |
BleepingComputer |
27.12.23 |
Yakult Australia confirms 'cyber incident' after 95 GB data leak |
Incindent |
BleepingComputer |
27.12.23 |
GitHub warns users to enable 2FA before upcoming deadline |
Safety |
BleepingComputer |
27.12.23 |
Integris Health patients get extortion emails after cyberattack |
Incindent |
BleepingComputer |
27.12.23 |
GTA 5 source code reportedly leaked online a year after Rockstar hack |
Incindent |
BleepingComputer |
27.12.23 |
Google Chrome now scans for compromised passwords in the background |
Safety |
BleepingComputer |
27.12.23 |
Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances |
Exploit |
The Hacker News |
27.12.23 |
New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices |
Android |
The Hacker News |
27.12.23 |
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining |
Cryptocurrency |
The Hacker News |
26.12.23 |
Carbanak Banking Malware Resurfaces with New Ransomware Tactics |
Virus |
The Hacker News |
26.12.23 |
Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies |
Phishing |
The Hacker News |
25.12.23 |
Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets |
Malware blog |
Palo Alto |
25.12.23 |
THE RISING THREAT OF PHISHING ATTACKS WITH CRYPTO DRAINERS |
Phishing blog |
Checkpoint |
25.12.23 |
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware |
Malware blog |
Cisco Blog |
25.12.23 |
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang |
BigBrother blog |
Cisco Blog |
25.12.23 |
Key findings from ESET Threat Report H2 2023 – Week in security with Tony Anscombe |
Cyber blog |
Eset |
25.12.23 |
Safeguard the joy: 10 tips for securing your shiny new device |
Safety blog |
Eset |
25.12.23 |
These aren’t the Androids you should be looking for |
OS Blog |
Eset |
25.12.23 |
ESET Threat Report H2 2023 |
Cyber blog |
Eset |
25.12.23 |
ESET Research Podcast: Neanderthals, Mammoths and Telekopye |
Cyber blog |
Eset |
24.12.23 |
‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks |
Spam |
BleepingComputer |
24.12.23 |
Mint Mobile discloses new data breach exposing customer data |
Incindent |
BleepingComputer |
24.12.23 |
The Week in Ransomware - December 22nd 2023 - BlackCat hacked |
Ransom |
BleepingComputer |
24.12.23 |
Ubisoft says it's investigating reports of a new security breach |
Incindent |
BleepingComputer |
24.12.23 |
Nissan Australia cyberattack claimed by Akira ransomware gang |
Ransom |
BleepingComputer |
24.12.23 |
Europol warns 443 online shops infected with credit card stealers |
CyberCrime |
BleepingComputer |
24.12.23 |
Fake VPN Chrome extensions force-installed 1.5 million times |
Hack |
BleepingComputer |
24.12.23 |
Crypto drainer steals $59 million from 63k people in Twitter ad push |
Cryptocurrency |
BleepingComputer |
24.12.23 |
Lapsus$ hacker behind GTA 6 leak gets indefinite hospital sentence |
Incindent |
BleepingComputer |
24.12.23 |
Microsoft: Hackers target defense firms with new FalseFont malware |
Virus |
BleepingComputer |
24.12.23 |
First American takes IT systems offline after cyberattack |
Hack |
BleepingComputer |
24.12.23 |
Microsoft deprecates Defender Application Guard for some Edge users |
Security |
BleepingComputer |
24.12.23 |
OpenAI rolls out imperfect fix for ChatGPT data leak flaw |
AI |
BleepingComputer |
24.12.23 |
BidenCash darkweb market gives 1.9 million credit cards for free |
CyberCrime |
BleepingComputer |
24.12.23 |
Android malware Chameleon disables Fingerprint Unlock to steal PINs |
Android |
BleepingComputer |
24.12.23 |
Fake F5 BIG-IP zero-day warning emails push data wipers |
Vulnerebility |
BleepingComputer |
24.12.23 |
Google fixes 8th Chrome zero-day exploited in attacks this year |
Exploit |
BleepingComputer |
24.12.23 |
Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts |
Cryptocurrency |
BleepingComputer |
24.12.23 |
New phishing attack steals your Instagram backup codes to bypass 2FA |
Phishing |
BleepingComputer |
24.12.23 |
Ivanti releases patches for 13 critical Avalanche RCE flaws |
Vulnerebility |
BleepingComputer |
24.12.23 |
Microsoft fixes Wi-Fi issues triggered by recent Windows updates |
OS |
BleepingComputer |
24.12.23 |
Healthcare software provider data breach impacts 2.7 million |
Incindent |
BleepingComputer |
|
24.12.23 |
The password attacks of 2023: Lessons learned and next steps |
Security |
BleepingComputer |
24.12.23 |
German police takes down Kingdom Market cybercrime marketplace |
CyberCrime |
BleepingComputer |
24.12.23 |
New Web injections campaign steals banking data from 50,000 people |
Hack |
BleepingComputer |
24.12.23 |
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims |
Ransom |
BleepingComputer |
24.12.23 |
Interpol operation arrests 3,500 cybercriminals, seizes $300 million |
CyberCrime |
BleepingComputer |
24.12.23 |
Microsoft confirms Windows 11 Wi-Fi issues, asks for user feedback |
OS |
BleepingComputer |
24.12.23 |
How the FBI seized BlackCat (ALPHV) ransomware’s servers |
Ransom |
BleepingComputer |
24.12.23 |
Terrapin attacks can downgrade security of OpenSSH connections |
Attack |
BleepingComputer |
24.12.23 |
FBI disrupts Blackcat ransomware operation, creates decryption tool |
Ransom |
BleepingComputer |
24.12.23 |
British LAPSUS$ Teen Members Sentenced for High-Profile Attacks |
Attack |
The Hacker News |
23.12.23 |
Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft |
CyberCrime |
The Hacker News |
23.12.23 |
Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities |
Virus |
The Hacker News |
23.12.23 |
Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware |
Virus |
The Hacker News |
23.12.23 |
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware |
Virus |
The Hacker News |
23.12.23 |
Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector |
Virus |
The Hacker News |
23.12.23 |
Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware |
Virus |
The Hacker News |
23.12.23 |
Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication |
Android |
The Hacker News |
23.12.23 |
New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide |
Virus |
The Hacker News |
23.12.23 |
German Authorities Dismantle Dark Web Hub 'Kingdom Market' in Global Operation |
BigBrothers |
The Hacker News |
23.12.23 |
Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware |
Exploit |
The Hacker News |
21.12.23 |
Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP |
Vulnerebility |
The Hacker News |
21.12.23 |
Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster |
Attack |
The Hacker News |
21.12.23 |
Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave |
APT |
The Hacker News |
21.12.23 |
3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals |
CyberCrime |
The Hacker News |
21.12.23 |
New Go-Based JaskaGO Malware Targeting Windows and macOS Systems |
Virus |
The Hacker News |
21.12.23 |
FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool |
Ransom |
The Hacker News |
19.12.23 |
Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team |
Ransom |
The Hacker News |
19.12.23 |
Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts |
Security |
The Hacker News |
19.12.23 |
Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa |
BigBrothers |
The Hacker News |
19.12.23 |
New Malvertising Campaign Distributing PikaBot Disguised as Popular Software |
BotNet |
The Hacker News |
19.12.23 |
Xfinity discloses data breach affecting over 35 million people |
Incindent |
BleepingComputer |
19.12.23 |
December's Windows 11 KB5033375 update breaks Wi-Fi connectivity |
OS |
BleepingComputer |
19.12.23 |
Microsoft discovers critical RCE flaw in Perforce Helix Core Server |
Vulnerebility |
BleepingComputer |
19.12.23 |
Vans and North Face owner VF Corp hit by ransomware attack |
Ransom |
BleepingComputer |
19.12.23 |
Microsoft fixes Windows printer issues with new troubleshooter |
Vulnerebility |
BleepingComputer |
19.12.23 |
FBI: Play ransomware breached 300 victims, including critical orgs |
Ransom |
BleepingComputer |
19.12.23 |
Former IT manager pleads guilty to attacking high school network |
Hack |
BleepingComputer |
19.12.23 |
Mortgage giant Mr. Cooper data breach affects 14.7 million people |
Incindent |
BleepingComputer |
19.12.23 |
WordPress hosting service Kinsta targeted by Google phishing ads |
Phishing |
BleepingComputer |
19.12.23 |
Rhadamanthys Stealer malware evolves with more powerful features |
Virus |
BleepingComputer |
19.12.23 |
What to do when receiving unprompted MFA OTP codes |
Security |
BleepingComputer |
19.12.23 |
Qbot malware returns in campaign targeting hospitality industry |
Virus |
BleepingComputer |
19.12.23 |
8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware |
Virus |
The Hacker News |
19.12.23 |
Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide |
Ransom |
The Hacker News |
19.12.23 |
Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits |
Exploit |
The Hacker News |
19.12.23 |
Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges |
Virus |
The Hacker News |
19.12.23 |
Four U.S. Nationals Charged in $80 Million Pig Butchering Crypto Scam |
Cryptocurrency |
The Hacker News |
19.12.23 |
QakBot Malware Resurfaces with New Tactics, Targeting the Hospitality Industry |
Virus |
The Hacker News |
19.12.23 |
CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats |
BigBrothers |
The Hacker News |
17.12.23 |
MongoDB Suffers Security Breach, Exposing Customer Data |
Incindent |
The Hacker News |
17.12.23 |
MongoDB says customer data was exposed in a cyberattack |
Incindent |
BleepingComputer |
17.12.23 |
QNAP VioStor NVR vulnerability actively exploited by malware botnet |
Exploit |
BleepingComputer |
17.12.23 |
Microsoft unveils new, more secure Windows Protected Print Mode |
Safety |
BleepingComputer |
16.12.23 |
RHADAMANTHYS V0.5.0 – A DEEP DIVE INTO THE STEALER’S COMPONENTS |
Ransom blog |
Checkpoint |
16.12.23 |
Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains |
Malware blog |
Palo Alto |
16.12.23 |
New iOS feature to thwart eavesdropping – Week in security with Tony Anscombe |
OS Blog |
Eset |
16.12.23 |
OilRig’s persistent attacks using cloud service-powered downloaders |
APT blog |
Eset |
16.12.23 |
Delivering trust with DNS security |
Security blog |
Eset |
16.12.23 |
A pernicious potpourri of Python packages in PyPI |
Cyber blog |
Eset |
16.12.23 |
Black Hat Europe 2023: Should we regulate AI? |
Cyber blog |
Eset |
16.12.23 |
Silent but deadly: The rise of zero-click attacks |
Attack blog |
Eset |
16.12.23 |
The Week in Ransomware - December 15th 2023 - Ransomware Drama |
Ransom |
BleepingComputer |
16.12.23 |
Ex-Amazon engineer pleads guilty to hacking crypto exchanges |
Cryptocurrency |
BleepingComputer |
16.12.23 |
CISA urges tech manufacturers to stop using default passwords |
BigBrothers |
BleepingComputer |
16.12.23 |
3CX warns customers to disable SQL database integrations |
Security |
BleepingComputer |
16.12.23 |
Ransomware gang behind threats to Fred Hutch cancer patients |
Ransom |
BleepingComputer |
16.12.23 |
Delta Dental of California data breach exposed info of 7 million people |
Incindent |
BleepingComputer |
16.12.23 |
Kraft Heinz investigates hack claims, says systems ‘operating normally’ |
Incindent |
BleepingComputer |
16.12.23 |
New NKAbuse malware abuses NKN blockchain for stealthy comms |
Virus |
BleepingComputer |
16.12.23 |
Ubiquiti users report having access to others’ UniFi routers, cameras |
Security |
BleepingComputer |
16.12.23 |
US detains suspects behind $80 million 'pig butchering' scheme |
CyberCrime |
BleepingComputer |
16.12.23 |
Ten new Android banking trojans targeted 985 bank apps in 2023 |
Android |
BleepingComputer |
16.12.23 |
Discord adds Security Key support for all users to enhance security |
Security |
BleepingComputer |
16.12.23 |
U.S. nuclear research lab data breach impacts 45,000 people |
Incindent |
BleepingComputer |
16.12.23 |
Ledger dApp supply chain attack steals $600K from crypto wallets |
Cryptocurrency |
BleepingComputer |
16.12.23 |
Microsoft disrupts cybercrime gang behind 750 million fraudulent accounts |
CyberCrime |
BleepingComputer |
16.12.23 |
China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents |
Incindent |
The Hacker News |
16.12.23 |
Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds |
CyberCrime |
The Hacker News |
16.12.23 |
New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks |
BotNet |
The Hacker News |
15.12.23 |
Crypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 Theft |
Cryptocurrency |
The Hacker News |
15.12.23 |
New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now |
Vulnerebility |
The Hacker News |
15.12.23 |
Google's New Tracking Protection in Chrome Blocks Third-Party Cookies |
Safety |
The Hacker News |
15.12.23 |
New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks |
Virus |
The Hacker News |
15.12.23 |
116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems |
Virus |
The Hacker News |
14.12.23 |
Microsoft seizes domains used to sell fraudulent Outlook accounts |
Hack |
BleepingComputer |
14.12.23 |
Stealthy KV-botnet hijacks SOHO routers and VPN devices |
BotNet |
BleepingComputer |
14.12.23 |
BazarCall attacks abuse Google Forms to legitimize phishing emails |
Phishing |
BleepingComputer |
14.12.23 |
French police arrests Russian suspect linked to Hive ransomware |
Ransom |
BleepingComputer |
14.12.23 |
LockBit ransomware now poaching BlackCat, NoEscape affiliates |
Ransom |
BleepingComputer |
14.12.23 |
CISA: Russian hackers target TeamCity servers since September |
BigBrothers |
BleepingComputer |
14.12.23 |
Hackers are exploiting critical Apache Struts flaw using public PoC |
Exploit |
BleepingComputer |
14.12.23 |
New cybercrime market 'OLVX' gains popularity among hackers |
CyberCrime |
BleepingComputer |
14.12.23 |
Microsoft: OAuth apps used to automate BEC and cryptomining attacks |
Cryptocurrency |
BleepingComputer |
14.12.23 |
Ukrainian military says it hacked Russia's federal tax agency |
BigBrothers |
BleepingComputer |
14.12.23 |
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day |
OS |
BleepingComputer |
14.12.23 |
Windows 11 KB5033375 update released with upgraded Copilot AI-assistant |
OS |
BleepingComputer |
14.12.23 |
Windows 10 KB5033372 update released with Copilot for everyone, 20 changes |
OS |
BleepingComputer |
14.12.23 |
Sophos backports RCE fix after attacks on unsupported firewalls |
Vulnerebility |
BleepingComputer |
14.12.23 |
Ukraine's largest mobile carrier Kyivstar down following cyberattack |
Mobil |
BleepingComputer |
14.12.23 |
Cloud engineer gets 2 years for wiping ex-employer’s code repos |
Incindent |
BleepingComputer |
14.12.23 |
Over 1,450 pfSense servers exposed to RCE attacks via bug chain |
Hack |
BleepingComputer |
14.12.23 |
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin |
Vulnerebility |
BleepingComputer |
14.12.23 |
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug |
Virus |
BleepingComputer |
14.12.23 |
Counter-Strike 2 HTML injection bug exposes players’ IP addresses |
Hack |
BleepingComputer |
14.12.23 |
Apple emergency updates fix recent zero-days on older iPhones |
Apple |
BleepingComputer |
14.12.23 |
Cold storage giant Americold discloses data breach after April malware attack |
Incindent |
BleepingComputer |
14.12.23 |
Toyota warns customers of data breach exposing personal, financial info |
Incindent |
BleepingComputer |
14.12.23 |
Kelvin Security hacking group leader arrested in Spain |
CyberCrime |
BleepingComputer |
14.12.23 |
Over 30% of Log4J apps use a vulnerable version of the library |
Vulnerebility |
BleepingComputer |
14.12.23 |
AutoSpill attack steals credentials from Android password managers |
Android |
BleepingComputer |
14.12.23 |
New Pierogi++ Malware by Gaza Cyber Gang Targeting Palestinian Entities |
BigBrothers |
The Hacker News |
14.12.23 |
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders |
BigBrothers |
The Hacker News |
14.12.23 |
Russian SVR-Linked APT29 Targets JetBrains TeamCity Servers in Ongoing Attacks |
APT |
The Hacker News |
14.12.23 |
New Hacker Group 'GambleForce' Tageting APAC Firms Using SQL Injection Attacks |
Hack |
The Hacker News |
14.12.23 |
Microsoft Takes Legal Action to Crack Down on Storm-1152's Cybercrime Network |
CyberCrime |
The Hacker News |
14.12.23 |
BazaCall Phishing Scammers Now Leveraging Google Forms for Deception |
Phishing |
The Hacker News |
13.12.23 |
Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities |
Android |
The Hacker News |
13.12.23 |
Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing |
Exploit |
The Hacker News |
13.12.23 |
Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator |
BigBrothers |
The Hacker News |
13.12.23 |
Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical |
Vulnerebility |
The Hacker News |
13.12.23 |
Unveiling the Cyber Threats to Healthcare: Beyond the Myths |
Cyber |
The Hacker News |
13.12.23 |
Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign |
APT |
The Hacker News |
12.12.23 |
New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam |
Virus |
The Hacker News |
12.12.23 |
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws |
Apple |
The Hacker News |
12.12.23 |
New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now |
Vulnerebility |
The Hacker News |
11.12.23 |
Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor |
APT |
The Hacker News |
11.12.23 |
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans |
APT |
The Hacker News |
11.12.23 |
SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users |
Android |
The Hacker News |
11.12.23 |
New PoolParty Process Injection Techniques Outsmart Top EDR Solutions |
Hack |
The Hacker News |
10.12.23 |
CRYPTO DECEPTION UNVEILED: CHECK POINT RESEARCH REPORTS MANIPULATION OF POOL LIQUIDITY SKYROCKETS TOKEN PRICE BY 22,000%. |
Cryptocurrency blog |
Checkpoint |
10.12.23 |
THE OBVIOUS, THE NORMAL, AND THE ADVANCED: A COMPREHENSIVE ANALYSIS OF OUTLOOK ATTACK VECTORS |
Attack blog |
Checkpoint |
10.12.23 |
Fighting Ursa Aka APT28: Illuminating a Covert Campaign |
APT blog |
Palo Alto |
10.12.23 |
New Tool Set Found Used Against Organizations in the Middle East, Africa and the US |
BigBrother blog |
Palo Alto |
10.12.23 |
Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature |
Exploit blog |
Palo Alto |
10.12.23 |
The malware, attacker trends and more that shaped the threat landscape in 2023 |
Malware blog |
Cisco Blog |
10.12.23 |
Project PowerUp – Helping to keep the lights on in Ukraine in the face of electronic warfare |
BigBrother blog |
Cisco Blog |
10.12.23 |
Surge in deceptive loan apps – Week in security with Tony Anscombe |
Cyber blog |
Eset |
10.12.23 |
Black Hat Europe 2023: The past could return to haunt you |
Cyber blog |
Eset |
10.12.23 |
To tap or not to tap: Are NFC payments safer? |
Safety blog |
Eset |
10.12.23 |
Navigating privacy: Should we put the brakes on car tracking? |
Security blog |
Eset |
10.12.23 |
Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths |
OS Blog |
Eset |
10.12.23 |
SLAM Attack: New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs |
Attack |
The Hacker News |
9.12.23 |
VoBERT: Unstable Log Sequence Anomaly Detection: Introducing Vocabulary-Free BERT |
Security |
Black Hat EU 2023 |
9.12.23 |
Unmasking APTs: An Automated Approach for Real-World Threat Attribution |
APT |
Black Hat EU 2023 |
9.12.23 |
Off The Record - Weaponizing DHCP DNS Dynamic Updates |
Security |
Black Hat EU 2023 |
9.12.23 |
One Million ASUS Routers Under Control: Exploiting ASUS DDNS to MITM Admin Credentials |
Hacking |
Black Hat EU 2023 |
9.12.23 |
Kidnapping Without Hostages: Virtual Kidnapping and the Dark Road Ahead |
AI |
Black Hat EU 2023 |
9.12.23 |
Hacking Your Documentation: Who Should WTFM? |
Hacking |
Black Hat EU 2023 |
9.12.23 |
How We Taught ChatGPT-4 to Break mbedTLS AES With Side-Channel Attacks |
AI |
Black Hat EU 2023 |
9.12.23 |
A Security RISC? The State of Microarchitectural Attacks on RISC-V |
Attack |
Black Hat EU 2023 |
9.12.23 |
Old Code Dies Hard: Finding New Vulnerabilities in Old Third-Party Software Components and the Importance of Having SBoM for IoT/OT Devices |
Vulnerebility |
Black Hat EU 2023 |
9.12.23 |
Illegitimate Data Protection Requests - To Delete or to Address? |
Security |
Black Hat EU 2023 |
9.12.23 |
How I Learned to Stop Worrying and Build a Modern Detection & Response Program |
Security |
Black Hat EU 2023 |
9.12.23 |
Reviving JIT Vulnerabilities: Unleashing the Power of Maglev Compiler Bugs on Chrome Browser |
Exploit |
Black Hat EU 2023 |
9.12.23 |
Deleting Your Domain? Preventing Data Leaks at TLD Scale |
Hacking |
Black Hat EU 2023 |
9.12.23 |
Breaching the Perimeter via Cloud Synchronized Browser Settings PAPER |
Security |
Black Hat EU 2023 |
9.12.23 |
When The Front Door Becomes a Backdoor: The Security Paradox of OSDP |
Virus |
Black Hat EU 2023 |
9.12.23 |
The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools |
Hacking |
Black Hat EU 2023 |
9.12.23 |
Security Through Transparency: Scaling Your Customer Trust Program |
Security |
Black Hat EU 2023 |
9.12.23 |
Collide+Power: The Evolution of Software-based Power Side-Channels Attacks |
Attack |
Black Hat EU 2023 |
9.12.23 |
TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers |
Hacking |
Black Hat EU 2023 |
9.12.23 |
Through the Looking Glass: How Open Source Projects See Vulnerability Disclosure |
Vulnerebility |
Black Hat EU 2023 |
9.12.23 |
Indirect Prompt Injection Into LLMs Using Images and Sounds |
Hacking |
Black Hat EU 2023 |
9.12.23 |
Breaking Theoretical Limits: The Gap Between Virtual NICs and Physical Network Cards |
Hacking |
Black Hat EU 2023 |
9.12.23 |
REDIScovering HeadCrab - A Technical Analysis of a Novel Malware and the Mind Behind It |
Malware |
Black Hat EU 2023 |
9.12.23 |
A Decade After Stuxnet: How Siemens S7 is Still an Attacker's Heaven |
IoT |
Black Hat EU 2023 |
9.12.23 |
TunnelCrack: Leaking VPN Traffic by Manipulating Routing Tables |
Hacking |
Black Hat EU 2023 |
9.12.23 |
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility |
Cryptography |
Black Hat EU 2023 |
9.12.23 |
AutoSpill: Zero Effort Credential Stealing from Mobile Password Managers |
Mobil |
Black Hat EU 2023 |
9.12.23 |
Millions of Patient Records at Risk: The Perils of Legacy Protocols |
IoT |
Black Hat EU 2023 |
9.12.23 |
LogoFAIL: Security Implications of Image Parsing During System Boot |
Hardware |
Black Hat EU 2023 |
9.12.23 |
HODOR: Reducing Attack Surface on Node.js via System Call Limitation |
Hacking |
Black Hat EU 2023 |
9.12.23 |
Evils in the Sparse Texture Memory: Exploit Kernel Based on Undefined Behaviors of Graphic APIs |
Exploit |
Black Hat EU 2023 |
9.12.23 |
Norton Healthcare discloses data breach after May ransomware attack |
Ransom |
BleepingComputer |
9.12.23 |
ALPHV ransomware site outage rumored to be caused by law enforcement |
Ransom |
BleepingComputer |
9.12.23 |
Privilege elevation exploits used in over 50% of insider attacks |
Exploit |
BleepingComputer |
9.12.23 |
Amazon sues REKK fraud gang that stole millions in illicit refunds |
Incindent |
BleepingComputer |
9.12.23 |
New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips |
Attack |
BleepingComputer |
9.12.23 |
Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques |
Virus |
The Hacker News |
9.12.23 |
New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands |
Apple |
The Hacker News |
9.12.23 |
N. Korea's Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks |
Virus |
The Hacker News |
9.12.23 |
Ransomware-as-a-Service: The Growing Threat You Can't Ignore |
Ransom |
The Hacker News |
9.12.23 |
Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software |
Apple |
The Hacker News |
9.12.23 |
WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability |
Vulnerebility |
The Hacker News |
8.12.23 |
Russian military hackers target NATO fast reaction corps |
BigBrothers |
BleepingComputer |
8.12.23 |
23andMe updates user agreement to prevent data breach lawsuits |
Incindent |
BleepingComputer |
8.12.23 |
WordPress fixes POP chain exposing websites to RCE attacks |
Vulnerebility |
BleepingComputer |
8.12.23 |
Russian pleads guilty to running crypto-exchange used by ransomware gangs |
Cryptocurrency |
BleepingComputer |
8.12.23 |
UK and allies expose Russian FSB hacking group, sanction members |
BigBrothers |
BleepingComputer |
8.12.23 |
Meta rolls out default end-to-end encryption on Messenger, Facebook |
Social |
BleepingComputer |
8.12.23 |
Krasue RAT malware hides on Linux servers using embedded rootkits |
Virus |
BleepingComputer |
8.12.23 |
New SLAM attack steals sensitive data from AMD, future Intel CPUs |
Attack |
BleepingComputer |
8.12.23 |
US senator: Govts spy on Apple, Google users via mobile notifications |
BigBrothers |
BleepingComputer |
8.12.23 |
Navy contractor Austal USA confirms cyberattack after data leak |
Incindent |
BleepingComputer |
8.12.23 |
Atlassian patches critical RCE flaws across multiple products |
Vulnerebility |
BleepingComputer |
8.12.23 |
Nissan is investigating cyberattack and potential data breach |
Incindent |
BleepingComputer |
8.12.23 |
"Sierra:21" vulnerabilities impact critical infrastructure routers |
Vulnerebility |
BleepingComputer |
8.12.23 |
HTC Global Services confirms cyberattack after data leaked online |
Incindent |
BleepingComputer |
8.12.23 |
Multiple NFT collections at risk by flaw in open-source library |
Cryptocurrency |
BleepingComputer |
8.12.23 |
Kali Linux 2023.4 released with GNOME 45 and 15 new tools |
OS |
BleepingComputer |
8.12.23 |
Microsoft to let Windows 10 home users buy Extended Security Updates |
OS |
BleepingComputer |
8.12.23 |
Hackers breach US govt agencies using Adobe ColdFusion exploit |
Exploit |
BleepingComputer |
8.12.23 |
Holiday Hackers: How to Safeguard Your Service Desk |
Hack |
BleepingComputer |
8.12.23 |
SpyLoan Android malware on Google Play downloaded 12 million times |
Android |
BleepingComputer |
8.12.23 |
Windows 11 KB5032288 update improves Copilot, fixes 11 bugs |
OS |
BleepingComputer |
8.12.23 |
Microsoft fixes Outlook Desktop crashes when sending emails |
OS |
BleepingComputer |
8.12.23 |
Stealthier version of P2Pinfect malware targets MIPS devices |
Virus |
BleepingComputer |
8.12.23 |
Russian hackers exploiting Outlook bug to hijack Exchange accounts |
Exploit |
BleepingComputer |
8.12.23 |
December Android updates fix critical zero-click RCE flaw |
Android |
BleepingComputer |
8.12.23 |
Tipalti investigates claims of data stolen in ransomware attack |
Ransom |
BleepingComputer |
8.12.23 |
Fake WordPress security advisory pushes backdoor plugin |
Virus |
BleepingComputer |
8.12.23 |
New AeroBlade hackers target aerospace sector in the U.S. |
BigBrothers |
BleepingComputer |
8.12.23 |
Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme |
Cryptocurrency |
The Hacker News |
8.12.23 |
Microsoft Warns of COLDRIVER's Evolving Evasion and Credential-Stealing Tactics |
Hack |
The Hacker News |
8.12.23 |
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices |
OS |
The Hacker News |
8.12.23 |
Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense' |
Exploit |
The Hacker News |
8.12.23 |
Governments May Spy on You by Requesting Push Notifications from Apple and Google |
Phishing |
The Hacker News |
7.12.23 |
New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand |
Virus |
The Hacker News |
7.12.23 |
Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger |
Social |
The Hacker News |
7.12.23 |
Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts |
Hack |
The Hacker News |
7.12.23 |
Sierra:21 - Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks |
Vulnerebility |
The Hacker News |
7.12.23 |
Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers |
Incindent |
The Hacker News |
7.12.23 |
Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution |
Vulnerebility |
The Hacker News |
6.12.23 |
Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks |
Vulnerebility |
The Hacker News |
6.12.23 |
Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack |
Apple |
The Hacker News |
6.12.23 |
Russia's AI-Powered Disinformation Operation Targeting Ukraine, U.S., and Germany |
BigBrothers |
The Hacker News |
6.12.23 |
15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack |
Attack |
The Hacker News |
5.12.23 |
New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace |
BigBrothers |
The Hacker News |
5.12.23 |
Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability |
APT |
The Hacker News |
5.12.23 |
New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks |
Attack |
The Hacker News |
5.12.23 |
New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices |
BotNet |
The Hacker News |
4.12.23 |
LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks |
Attack |
The Hacker News |
4.12.23 |
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware |
Ransom |
The Hacker News |
4.12.23 |
Linux version of Qilin ransomware focuses on VMware ESXi |
Ransom |
BleepingComputer |
4.12.23 |
North Korea's state hackers stole $3 billion in crypto since 2017 |
Cryptocurrency |
BleepingComputer |
4.12.23 |
New proxy malware targets Mac users through pirated software |
Virus |
BleepingComputer |
4.12.23 |
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks |
Vulnerebility |
BleepingComputer |
4.12.23 |
Google Chrome's new cache change could boost performance |
Security |
BleepingComputer |
4.12.23 |
US Health Dept urges hospitals to patch critical Citrix Bleed bug |
Vulnerebility |
BleepingComputer |
2.12.23 |
New Tool Set Found Used Against Organizations in the Middle East, Africa and the US |
BigBrother blog |
Palo Alto |
2.12.23 |
Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature |
Security blog |
Palo Alto |
2.12.23 |
New SugarGh0st RAT targets Uzbekistan government and South Korea |
Malware blog |
Cisco Blog |
2.12.23 |
What is threat hunting? |
Security blog |
Cisco Blog |
2.12.23 |
Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution |
Vulnerebility blog |
Cisco Blog |
2.12.23 |
Teaching appropriate use of AI tech – Week in security with Tony Anscombe |
Cyber blog |
Eset |
2.12.23 |
Executives behaving badly: 5 ways to manage the executive cyberthreat |
Cyber blog |
Eset |
2.12.23 |
Very precisely lost – GPS jamming |
Hacking blog |
Eset |
2.12.23 |
Retail at risk: Top threats facing retailers this holiday season |
Security blog |
Eset |
2.12.23 |
‘Tis the season to be wary: 12 steps to ruin a cybercriminal's day |
Cyber blog |
Eset |
2.12.23 |
Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S. |
Virus |
The Hacker News |
2.12.23 |
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware |
Virus |
The Hacker News |
2.12.23 |
The Week in Ransomware - December 1st 2023 - Police hits affiliates |
Ransom |
BleepingComputer |
2.12.23 |
TrickBot malware dev pleads guilty, faces 35 years in prison |
Virus |
BleepingComputer |
2.12.23 |
Hackers use new Agent Raccoon malware to backdoor US targets |
Virus |
BleepingComputer |
2.12.23 |
French government recommends against using foreign chat apps |
BigBrothers |
BleepingComputer |
2.12.23 |
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks |
Vulnerebility |
BleepingComputer |
2.12.23 |
Windows 10 KB5032278 update adds Copilot AI assistant, fixes 13 bugs |
OS |
BleepingComputer |
2.12.23 |
LogoFAIL attack can install UEFI bootkits through bootup logos |
Attack |
BleepingComputer |
2.12.23 |
US govt sanctions North Korea’s Kimsuky hacking group |
BigBrothers |
BleepingComputer |
2.12.23 |
WhatsApp's new Secret Code feature hides your locked chats |
Social |
BleepingComputer |
2.12.23 |
Apple fixes two new iOS zero-days in emergency updates |
Apple |
BleepingComputer |
2.12.23 |
Capital Health Hospitals hit by cyberattack causing IT outages |
Incindent |
BleepingComputer |
2.12.23 |
Cactus ransomware exploiting Qlik Sense flaws to breach networks |
Ransom |
BleepingComputer |
2.12.23 |
Staples confirms cyberattack behind service outages, delivery issues |
Hack |
BleepingComputer |
2.12.23 |
Zyxel warns of multiple critical vulnerabilities in NAS devices |
Vulnerebility |
BleepingComputer |
2.12.23 |
FjordPhantom Android malware uses virtualization to evade detection |
Android |
BleepingComputer |
2.12.23 |
Dollar Tree hit by third-party data breach impacting 2 million people |
Incindent |
BleepingComputer |
2.12.23 |
SIM swapper gets 8 years in prison for account hacks, crypto theft |
Hack |
BleepingComputer |
2.12.23 |
Microsoft starts testing new Windows 11 Energy Saver feature |
OS |
BleepingComputer |
2.12.23 |
Black Basta ransomware made over $100 million from extortion |
Ransom |
BleepingComputer |
2.12.23 |
Hackers breach US water facility via exposed Unitronics PLCs |
ICS |
BleepingComputer |
2.12.23 |
Japanese Space Agency JAXA hacked in summer cyberattack |
Incindent |
BleepingComputer |
2.12.23 |
US seizes Sinbad crypto mixer used by North Korean Lazarus hackers |
Cryptocurrency |
BleepingComputer |
2.12.23 |
How Continuous Pen Testing Protects Web Apps from Emerging Threats |
Security |
BleepingComputer |
2.12.23 |
Okta: October data breach affects all customer support system users |
Incindent |
BleepingComputer |
2.12.23 |
New BLUFFS attack lets attackers hijack Bluetooth connections |
Attack |
BleepingComputer |
2.12.23 |
Google Chrome emergency update fixes 6th zero-day exploited in 2023 |
Vulnerebility |
BleepingComputer |
2.12.23 |
Qilin ransomware claims attack on automotive giant Yanfeng |
Ransom |
BleepingComputer |
2.12.23 |
Microsoft shares temp fix for Outlook crashes when sending emails |
Vulnerebility |
BleepingComputer |
2.12.23 |
DP World confirms data stolen in cyberattack, no ransomware used |
Ransom |
BleepingComputer |
2.12.23 |
Hackers start exploiting critical ownCloud flaw, patch now |
Exploit |
BleepingComputer |
2.12.23 |
Police dismantle ransomware group behind attacks in 71 countries |
Ransom |
BleepingComputer |
1.12.23 |
New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia |
Android |
The Hacker News |
1.12.23 |
Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats |
Virus |
The Hacker News |
1.12.23 |
Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan |
Virus |
The Hacker News |
1.12.23 |
Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks |
Attack |
The Hacker News |
1.12.23 |
WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password |
Social |
The Hacker News |
1.12.23 |
U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign-Based Agents |
BigBrothers |
The Hacker News |
1.12.23 |
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices |
Vulnerebility |
The Hacker News |
1.12.23 |
Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws |
OS |
The Hacker News |
1.12.23 |
Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails |
Safety |
The Hacker News |
| | | |