H  January(270)  February(280)

DATE

NAME

Info

CATEG.

WEB

24.2.24LockBitNew ScreenConnect RCE flaw exploited in ransomware attacksAttackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks.Ransom

BleepingComputer

24.2.24AvastFTC to ban Avast from selling browsing data for advertising purposesThe U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes.BigBrothers

BleepingComputer

24.2.24Lockbit4LockBit ransomware secretly building next-gen encryptor before takedownLockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week.Ransom

BleepingComputer

24.2.24JoomlaJoomla fixes XSS flaws that could expose sites to RCE attacksFive vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.Vulnerebility

BleepingComputer

24.2.24MicrosoftMicrosoft expands free logging capabilities after May breachMicrosoft has expanded free logging capabilities for all Purview Audit standard customers, including U.S. federal agencies, six months after disclosing that Chinese hackers stole U.S. government emails undetected in an Exchange Online breach between May and June 2023.Incindent

BleepingComputer

24.2.24Google CloudHackers abuse Google Cloud Run in massive banking trojan campaignSecurity researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban.Virus

BleepingComputer

24.2.24AppleFraudsters tried to scam Apple out of 5,000 iPhones worth over $3 millionTwo Chinese nationals face 20 years in prison after being caught and convicted of submitting over 5,000 fake iPhones worth more than $3 million to Apple with the goal of having them replaced with genuine devices.CyberCrime

BleepingComputer

24.2.24SnakeNew SSH-Snake malware steals SSH keys to spread across the networkA threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure.Virus

BleepingComputer

24.2.24Hacker waterUS govt shares cyberattack defense tips for water utilitiesCISA, the FBI, and the Environmental Protection Agency (EPA) shared a list of defense measures U.S. water utilities should implement to better defend their systems against cyberattacksBigBrothers

BleepingComputer

24.2.24Connectwise redScreenConnect critical bug now under attack as exploit code emergesBoth technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.Exploit

BleepingComputer

24.2.24US State DepartmentUS offers $15 million bounty for info on LockBit ransomware gangThe U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information about LockBit ransomware gang members and their associates.Ransom

BleepingComputer

24.2.24VMwareVMware urges admins to remove deprecated, vulnerable auth plug-inVMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched.Vulnerebility

BleepingComputer

24.2.24Wireless chargerVoltSchemer attacks use wireless chargers to inject voice commands, fry phonesA team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger.Hack

BleepingComputer

24.2.24RedisNew Migo malware disables protection features on Redis serversSecurity researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency.Cryptocurrency

BleepingComputer

24.2.24Dormant PyPI Package Compromised to Spread Nova Sentinel MalwareA dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealerVirus

The Hacker News

23.2.24Hacker ScreensConnectWise urges ScreenConnect admins to patch critical RCE flawConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution (RCE) attacks.Vulnerebility

BleepingComputer

23.2.24KnightKnight ransomware source code for sale after leak site shuts downThe alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation.Ransom

BleepingComputer

23.2.24Ransomware Groups, Targeting Preferences, and the Access EconomyRansomware Groups, Targeting Preferences, and the Access EconomyThe cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime.Ransom

BleepingComputer

23.2.24RansomwareCritical infrastructure software maker confirms ransomware attackPSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure.Ransom

BleepingComputer

23.2.24Police arrests hackerPolice arrest LockBit ransomware members, release decryptor in global crackdownLaw enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation.Ransom

BleepingComputer

23.2.24LockBitLockBit ransomware disrupted by global police operationLaw enforcement agencies from 10 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ''Operation Cronos."Ransom

BleepingComputer

23.2.24LazarusNorth Korean hackers linked to defense sector supply-chain attackIn an advisory today Germany's federal intelligence agency (BfV) and South Korea's National Intelligence Service (NIS) warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government.BigBrothers

BleepingComputer

23.2.24CactusCactus ransomware claim to steal 1.5TB of Schneider Electric dataThe Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month.Ransom

BleepingComputer

23.2.24Exchange OnlineOver 28,500 Exchange servers vulnerable to actively exploited bugUp to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting.Exploit

BleepingComputer

23.2.24WordPressHackers exploit critical RCE flaw in Bricks WordPress site builderHackers are actively exploiting a critical remote code execution (RCE) flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites.Exploit

BleepingComputer

23.2.24WyzeWyze camera glitch gave 13,000 users a peek into other homesWyze shared more details on a security incident that impacted thousands of users on Friday and said that at least 13,000 customers could get a peek into other users' homes.Incindent

BleepingComputer

23.2.24AndroidAnatsa Android malware downloaded 150,000 times via Google PlayThe Anatsa banking trojan has been targeting users in Europe by infecting Android devices through malware droppers hosted on Google Play.OS

BleepingComputer

23.2.24Police arrests hackerHacker arrested for selling bank accounts of US, Canadian usersUkraine's cyber police arrested a 31-year-old for running a cybercrime operation that gained access to bank accounts of American and Canadian users and sold them on the dark web.CyberCrime

BleepingComputer

23.2.24World Internet NetworkKeyTrap attack: Internet access disrupted with one DNS packetA serious vulnerability named KeyTrap in the Domain Name System Security Extensions (DNSSEC) feature could be exploited to deny internet access to applications for an extended period.Attack

BleepingComputer

23.2.24Google ChromeNew Google Chrome feature blocks attacks against home networksGoogle is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks.Security

BleepingComputer

23.2.24HackerALPHV ransomware claims loanDepot, Prudential Financial breachesThe ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot.Ransom

BleepingComputer

23.2.24WyzeWyze investigating 'security issue' amid ongoing outageWyze Labs is investigating a security issue while experiencing a service outage that has been causing connectivity issues since this morning.Security

BleepingComputer

23.2.24SolarWindsSolarWinds fixes critical RCE bugs in access rights audit solutionSolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.Vulnerebility

BleepingComputer

23.2.24ServersAlpha ransomware linked to NetWalker operation dismantled in 2021Security researchers analyzing the Alpha ransomware payload and modus operandi discovered overlaps with the now-defunct Netwalker ransomware operation.Ransom

BleepingComputer

23.2.24YomixNorth Korean hackers now launder stolen crypto via YoMix tumblerThe North Korean hacker collective Lazarus, infamous for having carried out numerous large-scale cryptocurrency heists over the years, has switched to using YoMix bitcoin mixer to launder stolen proceeds.APT

BleepingComputer

23.2.24Hacker prisonZeus, IcedID malware gangs leader pleads guilty, faces 40 years in prisonUkrainian national Vyacheslav Igorevich Penchukov, one of the heads of the notorious JabberZeus cybercrime gang, has pleaded guilty to charges related to his leadership roles in the Zeus and IcedID malware groups.CyberCrime

BleepingComputer

23.2.24Microsoft Releases PyRIT - A Red Teaming Tool for Generative AIMicrosoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks inVirusThe Hacker News
23.2.24Researchers Detail Apple's Recent Zero-Click Shortcuts VulnerabilityDetails have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitiveOSThe Hacker News
23.2.24FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing DataThe U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data toBigBrothersThe Hacker News
23.2.24Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessageApple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messagingSecurityThe Hacker News
22.2.24Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network AttacksA recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is aHackThe Hacker News
22.2.24A New Age of HacktivismIn the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions.HackThe Hacker News
22.2.24Russian Government Software Backdoored to Deploy Konni RAT MalwareAn installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remoteVirusThe Hacker News
22.2.24U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware LeadersThe U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leadersRansomThe Hacker News
22.2.24New Wi-Fi Vulnerabilities Expose Android and Linux Devices to HackersCybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devicesVulnerebilityThe Hacker News
21.2.24Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGSThe China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbedAPTThe Hacker News
21.2.24New 'VietCredCare' Stealer Targeting Facebook Advertisers in VietnamFacebook advertisers in Vietnam are the target of a previously unknown information stealer dubbed VietCredCare at least since August 2022. TheSocialThe Hacker News
21.2.24Signal Introduces Usernames, Allowing Users to Keep Their Phone Numbers PrivateEnd-to-end encrypted (E2EE) messaging app Signal said it's piloting a new feature that allows users to create unique usernames (not to be confusedSocialThe Hacker News
21.2.24Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting AttacksCybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-relatedAPTThe Hacker News
21.2.24Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to KnowThe Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms.IncindentThe Hacker News
21.2.24VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at RiskVMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as VulnerebilityThe Hacker News
21.2.24New Migo Malware Targeting Redis Servers for Cryptocurrency MiningA novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency onCryptocurrencyThe Hacker News
20.2.24LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys ReleasedThe U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as intelligence pertaining to itsRansomThe Hacker News
20.2.24New Malicious PyPI Packages Caught Using Covert Side-Loading TacticsCybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging aVirusThe Hacker News
20.2.24New Report Reveals North Korean Hackers Targeting Defense Firms WorldwideNorth Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a jointAPTThe Hacker News
20.2.24Critical Flaws Found in ConnectWise ScreenConnect Software - Patch NowConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including aVulnerebilityThe Hacker News
20.2.24WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ SitesA critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptibleVulnerebilityThe Hacker News
20.2.24Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas NarrativeHackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. ThisBigBrothersThe Hacker News
20.2.24LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement RaidUpdate: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details . An international lawRansomThe Hacker News
19.2.24Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows DevicesMeta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab EmiratesOSThe Hacker News
19.2.24Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New CountriesThe Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observedOSThe Hacker News
19.2.24Russian-Linked Hackers Target 80+ Organizations via Roundcube FlawsThreat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-APTThe Hacker News
19.2.24Iranian Hackers Target Middle East Policy Experts with New BASICSTAR BackdoorThe Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a newAPTThe Hacker News
18.2.24A pictorial representation of threat actor Volt TyphoonThreat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon)Insidious Taurus (aka Volt Typhoon) is identified by U.S. government agencies and international government partners as People’s Republic of China (PRC) state-sponsored cyber actors.APT blogPalo Alto
18.2.24A pictorial representation of a vulnerability like CVE-2023-50358. A laptop screen displays lines of text. A magnifying glass examining the screen has within it a warning icon.New Vulnerability in QNAP QTS Firmware: CVE-2023-50358This article provides technical analysis on a zero-day vulnerability affecting QNAP Network Attached Storage (NAS) devices.Vulnerebility blogPalo Alto
18.2.24THE RISKS OF THE #MONIKERLINK BUG IN MICROSOFT OUTLOOK AND THE BIG PICTURERecently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. Attack blogCheckpoint
18.2.24TinyTurla Next Generation - Turla APT spies on Polish NGOsThis new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.APT blogCisco Blog
18.2.24How are attackers using QR codes in phishing emails and lure documents?QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after.Attack blogCisco Blog
18.2.24Grandoreiro banking malware disrupted – Week in security with Tony AnscombeCyber-insurance and vulnerability scanning – Week in security with Tony AnscombeHere's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signalsVulnerebility blogEset
18.2.24All eyes on AI | Unlocked 403: A cybersecurity podcastAll eyes on AI | Unlocked 403: A cybersecurity podcastArtificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack the basics and examine AI's broader implications.AI blogEset
18.2.24The art of digital sleuthing: How digital forensics unlocks the truthThe art of digital sleuthing: How digital forensics unlocks the truthLearn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tellSecurity blogEset
18.2.24Deepfakes in the global election year of 2024: A weapon of mass deception?Deepfakes in the global election year of 2024: A weapon of mass deception?As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concernBigBrother blogEset
18.2.24WindowsMicrosoft says it fixed a Windows Metadata server issue that’s still brokenMicrosoft claims to have fixed Windows Metadata connection issues which continue to plague customers, causing problems for users trying to manage their printers and other hardware.OS

BleepingComputer

18.2.24Department of StateUS offers up to $15 million for tips on ALPHV ransomware gangThe U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders.Ransom

BleepingComputer

18.2.24LinuxRansomHouse gang automates VMware ESXi attacks with new MrAgent toolThe RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors.Hack

BleepingComputer

18.2.24Hackers ransomwareFBI disrupts Russian Moobot botnet infecting Ubiquiti routersThe FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks.BotNet

BleepingComputer

18.2.24AI hacker security Artificial IntelligenceOpenAI blocks state-sponsored hackers from using ChatGPTOpenAI has removed accounts used by state-sponsored threat groups from Iran, North Korea, China, and Russia, that were abusing its artificial intelligence chatbot, ChatGPT.AI

BleepingComputer

18.2.24IvantiOver 13,000 Ivanti gateways vulnerable to actively exploited bugsThousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched.Exploit

BleepingComputer

18.2.24Three critical application security flaws scanners can’t detectThree critical application security flaws scanners can’t detectIn this article, Outpost24 explains three key limitations of automated vulnerability scanners, emphasizing the significance of manual pen testing in enhancing security.Vulnerebility

BleepingComputer

18.2.24Hackers ransomwareTurla hackers backdoor NGOs with new TinyTurla-NG malwareSecurity researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data.Virus

BleepingComputer

18.2.24QbotNew Qbot malware variant uses fake Adobe installer popup for evasionThe developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December.Virus

BleepingComputer

18.2.24iPhoneNew ‘Gold Pickaxe’ Android, iOS malware steals your face for fraudA new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access.OS

BleepingComputer

18.2.24Micosoft ExchangeMicrosoft: New critical Exchange bug exploited as zero-dayMicrosoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday.OS

BleepingComputer

18.2.24Fulton CountyLockBit claims ransomware attack on Fulton County, GeorgiaThe LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "confidential" documents if a ransom is not paid.Ransom

BleepingComputer

18.2.24ZoomZoom patches critical privilege elevation flaw in Windows appsThe Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.Vulnerebility

BleepingComputer

18.2.24OutlookNew critical Microsoft Outlook RCE bug is trivial to exploitMicrosoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View.Exploit

BleepingComputer

18.2.24Micosoft ExchangeMicrosoft Exchange update enables Extended Protection by defaultMicrosoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update (aka CU14).OS

BleepingComputer

18.2.24Varta BatteriesGerman battery maker Varta halts production after cyberattackBattery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants.Incindent

BleepingComputer

18.2.24UbuntuUbuntu 'command-not-found' tool can be abused to spread malwareA logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users.Virus

BleepingComputer

18.2.24Hacker industry pipelineTrans-Northern Pipelines investigating ALPHV ransomware attack claimsTrans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang. Ransom

BleepingComputer

18.2.24DuckDuckGoDuckDuckGo browser gets end-to-end encrypted sync featureThe DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices.Security

BleepingComputer

18.2.24Prudential FinancialPrudential Financial breached in data theft cyberattackPrudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later.Incindent

BleepingComputer

18.2.24Microsoft Defender for EndpointHackers used new Windows Defender zero-day to drop DarkMe malwareMicrosoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT).Virus

BleepingComputer

18.2.24FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads GuiltyA Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021.CyberCrimeThe Hacker News
17.2.24Microsoft Defender for EndpointHackers used new Windows Defender zero-day to drop DarkMe malwareMicrosoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT).OS

BleepingComputer

17.2.24Windows 10Windows 10 KB5034763 update released with new fixes, changesMicrosoft has released the KB5034763 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes a small number of changes, including the continued rollout of changes to comply with Europe's Digital Markets Act (DMA).OS

BleepingComputer

17.2.24Facebook200,000 Facebook Marketplace user records leaked on hacking forumA threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users.Social

BleepingComputer

17.2.24ClinicIntegris Health says data breach impacts 2.4 million patientsIntegris Health has reported to U.S. authorities that the data breach it suffered last November exposed personal information belonging to almost 2.4 million people.Incindent

BleepingComputer

17.2.24Patch TuesdayMicrosoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flawsToday is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days.OS

BleepingComputer

17.2.24Windows 11Windows 11 KB5034765 update released with Start Menu fixesMicrosoft has released the KB5034765 cumulative update for Windows versions 23H2 and 22H2 to fix several bugs in the OS, including an issue that causes problems with the Start menu.OS

BleepingComputer

17.2.24Crypto hackerHackers mint 1.79 billion crypto tokens from PlayDapp gaming platformHackers are believed to have used a stolen private key to mint and steal over 1.79 billion PLA tokens, a cryptocurrency used within the PlayDapp ecosystem.Cryptocurrency

BleepingComputer

17.2.24BumblebeeBumblebee malware attacks are back after 4-month breakThe Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns.Virus

BleepingComputer

17.2.245 Steps to Improve Your Security Posture in Microsoft Teams5 Steps to Improve Your Security Posture in Microsoft TeamsMicrosoft Teams is susceptible to a growing number of cybersecurity threats as its massive user base is an attractive target for cybercriminals. Learn more from Adaptive Shield on how to increase your Microsoft Teams security posture.Security

BleepingComputer

17.2.24Bank of AmericaBank of America warns customers of data breach after vendor hackBank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year.Incindent

BleepingComputer

17.2.24FBIFBI seizes Warzone RAT infrastructure, arrests malware vendorThe FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation.Virus

BleepingComputer

17.2.24FCCFCC orders telecom carriers to report PII data breaches within 30 daysStarting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements.BigBrothers

BleepingComputer

17.2.24Azure Active DirectoryOngoing Microsoft Azure account hijacking campaign targets executivesA phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives.Phishing

BleepingComputer

17.2.24CISACISA: Roundcube email server bug now exploited in attacksCISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks.Exploit

BleepingComputer

17.2.24IvantiHackers exploit Ivanti SSRF flaw to deploy new DSLog backdoorHackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.Virus

BleepingComputer

17.2.24Key UnlockFree Rhysida ransomware decryptor for Windows exploits RNG flawSouth Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free.Ransom

BleepingComputer

17.2.24HospitalRansomware attack forces 100 Romanian hospitals to go offline100 hospitals across Romania have taken their systems offline after a ransomware attack hit their healthcare management system.Ransom

BleepingComputer

17.2.24Data leakExpressVPN bug has been leaking some DNS requests for yearsExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers.Vulnerebility

BleepingComputer

17.2.24Google Open Sources Magika: AI-Powered File Identification ToolEfficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid frictionAIThe Hacker News
17.2.24CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco AdaptiveRansomThe Hacker News
17.2.24RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job OffersMultiple companies operating in the cryptocurrency sector are the target of an ongoing malware campaign that involves a newly discovered AppleCryptocurrencyThe Hacker News
17.2.24Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing AttacksA malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing AmazonVirusThe Hacker News
16.2.24U.S. State Government Network Breached via Former Employee's AccountThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's networkBigBrothersThe Hacker News
16.2.24U.S. Government Disrupts Russian-Linked Botnet Engaged in Cyber EspionageThe U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country thatBigBrothersThe Hacker News
16.2.24Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG BackdoorThe Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaignVirusThe Hacker News
16.2.24Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated LibrariesA reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoringVulnerebilityThe Hacker News
16.2.24Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware AttacksA Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans,VirusThe Hacker News
15.2.24Critical Exchange Server Flaw (CVE-2024-21410) Under Active ExploitationMicrosoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, aVulnerebilityThe Hacker News
15.2.24Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber AttacksNation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language modelsAIThe Hacker News
15.2.24Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue PackagesCybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend theirHackThe Hacker News
15.2.24Bumblebee Malware Returns with New Tricks, Targeting U.S. BusinessesThe infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a newVirusThe Hacker News
15.2.24DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day VulnerabilityA newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called VirusThe Hacker News
15.2.24Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-DaysMicrosoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024,OSThe Hacker News
15.2.24Glupteba Botnet Evades Detection with Undocumented UEFI BootkitThe Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface ( UEFI ) bootkitVirusThe Hacker News
15.2.24PikaBot Resurfaces with Streamlined Code and Deceptive TacticsThe threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case ofVirusThe Hacker News
15.2.24Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT InfrastructuresThreat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy aVulnerebilityThe Hacker News
15.2.24Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch NowThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting RoundcubeBigBrothersThe Hacker News
12.2.24Rhysida Ransomware Cracked, Free Decryption Tool ReleasedRhysida Ransomware Cracked, Free Decryption Tool ReleasedRansomThe Hacker News
12.2.24CISA and OpenSSF Release Framework for Package Repository SecurityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it's partnering with the Open Source Security Foundation (OpenSSF)BigBrothersThe Hacker News
12.2.24Microsoft Introduces Linux-Like 'sudo' Command to Windows 11Microsoft said it's introducing Sudo for Windows 11 as part of an early preview version to help users execute commands with administratorOSThe Hacker News
12.2.24U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware LeadersThe U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within theBigBrothersThe Hacker News
12.2.24U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key OperatorsThe U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT)VirusThe Hacker News
10.2.24Raspberry RobinRaspberry Robin malware evolves with early access to Windows exploitsRecent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them.VirusBleepingComputer
10.2.24Britain UK FlagUK to replace physical biometric immigration cards with e-visasBy 2025, Britain is set to ditch physical immigration documents like Biometric Residence Permits (BRPs) and Biometric Residence Cards (BRCs) in a bid to make its borders digital, in-line with developed countries like Australia. Understand what these Home Office changes mean for existing BRP and BRC holders, and what you need to do.BigBrothers

BleepingComputer

10.2.24FortinetNew Fortinet RCE bug is actively exploited, CISA confirmsCISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday.Exploit

BleepingComputer

10.2.24Flipper ZeroCanada to ban the Flipper Zero to stop surge in car theftsThe Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.Security

BleepingComputer

10.2.24OutlookMicrosoft: Outlook clients not syncing over Exchange ActiveSyncMicrosoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update.Security

BleepingComputer

10.2.24Hacker Puzzle MysteryNew RustDoor macOS malware impersonates Visual Studio updateA new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.OS

BleepingComputer

10.2.24Hackers cryptocurrencyAmericans lost record $10 billion to fraud in 2023, FTC warnsThe U.S. Federal Trade Commission (FTC) says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year.BigBrothers

BleepingComputer

10.2.24FortinetNew Fortinet RCE flaw in SSL VPN likely exploited in attacksFortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks.Exploit

BleepingComputer

10.2.24Windows 11Microsoft fixes Copilot issue blocking Windows 11 upgradesMicrosoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems.OS

BleepingComputer

10.2.24Hyundai IoniqHyundai Motor Europe hit by Black Basta ransomware attackCar maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.Ransom

BleepingComputer

10.2.24Ransomware Retrospective 2024: Unit 42 Leak Site AnalysisThe ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups. Ransom blogPalo Alto
10.2.24RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYSTwo new 1-day LPE exploits were used by the Raspberry Robin worm before they were publicly disclosed, which means that Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time.Malware blogCheckpoint
10.2.24New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organizationTalos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”Malware blogCisco Blog
10.2.24How are user credentials stolen and used by threat actors?You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can 'log on' with valid account details, and outline our recommendations for defense.Cyber blogCisco Blog
10.2.24OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privilegesOpen Automation Software recently released patches for multiple vulnerabilities in their OAS Engine.  Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with VeVulnerebility blogCisco Blog
10.2.24Grandoreiro banking malware disrupted – Week in security with Tony AnscombeRansomware payments hit a record high in 2023 – Week in security with Tony AnscombeCalled a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous yearRansom blogEset
10.2.24The buck stops here: Why the stakes are high for CISOsHeavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses?Security blogEset
10.2.24Left to their own devices: Security for employees using personal devices for workAs personal devices within corporate networks make for a potentially combustible mix, a cavalier approach to BYOD security won’t cut itSecurity blogEset
10.2.24Could your Valentine be a scammer? How to avoid getting caught in a bad romanceWith Valentine’s Day almost upon us, here’s some timely advice on how to prevent scammers from stealing more than your heartSecurity blogEset
10.2.24Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS DevicesApple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023. The backdoor, OSThe Hacker News
10.2.24Raspberry Robin Malware Upgrades with Discord Spread and New ExploitsThe operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to beExploitThe Hacker News
9.2.24IvantiIvanti: Patch new Connect Secure auth bypass bug immediatelyToday, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately.Vulnerebility

BleepingComputer

9.2.24WindowsMicrosoft unveils new 'Sudo for Windows' feature in Windows 11Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals.OS

BleepingComputer

9.2.24AndroidAndroid XLoader malware can now auto-execute after installationA new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch.OS

BleepingComputer

9.2.24US State DepartmentUS offers $10 million for tips on Hive ransomware leadershipThe U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang.Ransom

BleepingComputer

9.2.24LastPassFake LastPass password manager spotted on Apple’s App StoreLastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials.OS

BleepingComputer

9.2.24HospitalData breaches at Viamedis and Almerys impact 33 million in FranceData breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country.Incindent

BleepingComputer

9.2.24FortinetFortinet warns of new FortiSIEM RCE bugs in confusing disclosureFortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.Vulnerebility

BleepingComputer

9.2.24FacebookFacebook ads push new Ov3r_Stealer password-stealing malwareA new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency.Virus

BleepingComputer

9.2.24Google buildingDenmark orders schools to stop sending student data to GoogleThe Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools.BigBrothers

BleepingComputer

9.2.24Hacker datacenter serversChinese hackers hid in US infrastructure network for 5 yearsThe Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies.APT

BleepingComputer

9.2.24Android shieldGoogle tests blocking side-loaded Android apps with risky permissionsGoogle has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions.OS

BleepingComputer

9.2.24CiscoCritical Cisco bug exposes Expressway gateways to CSRF attacksCisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks.Vulnerebility

BleepingComputer

9.2.24No, 3 million electric toothbrushes were not used in a DDoS attackNo, 3 million electric toothbrushes were not used in a DDoS attackA widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack.Hack

BleepingComputer

9.2.24CiscoCritical Cisco bug exposes Expressway gateways to CSRF attacksCisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks.Vulnerebility

BleepingComputer

9.2.24No, 3 million electric toothbrushes were not used in a DDoS attackNo, 3 million electric toothbrushes were not used in a DDoS attackA widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack.Attack

BleepingComputer

9.2.24LinuxCritical flaw in Shim bootloader impacts major Linux distrosA critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms.Vulnerebility

BleepingComputer

9.2.24How to Apply Zero Trust to your Active DirectoryHow to Apply Zero Trust to your Active DirectoryWith cyberattacks happening everyday, how can we apply zero trust principles towards keeping our Active Directory secure? Learn more from Specops Software on how to apply zero trust principles.Security

BleepingComputer

9.2.24MoqHao Android Malware Evolves with Auto-Execution CapabilityThreat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiringOS

The Hacker News

9.2.24New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered AttackSixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote . "This malware utilizes theVirusThe Hacker News
9.2.24Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active ExploitationFortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762ExploitThe Hacker News
9.2.24Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA GatewaysIvanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allowVulnerebilityThe Hacker News
9.2.24Stealthy Zardoor Backdoor Targets Saudi Islamic Charity OrganizationAn unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop aVirusThe Hacker News
8.2.24Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a DecadeThe U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into someBigBrothersThe Hacker News
8.2.24HijackLoader Evolves: Researchers Decode the Latest Evasion MethodsThe threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to beVirusThe Hacker News
8.2.24Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in SingaporeGoogle has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions toOSThe Hacker News
8.2.24Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South KoreaThe North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called APTThe Hacker News
8.2.24Critical Patches Released for New Flaws in Cisco, Fortinet, VMware ProductsCisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploitedExploitThe Hacker News
8.2.24After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce BackThe threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands toBotNetThe Hacker News
7.2.24HackerChinese hackers fail to rebuild botnet after FBI takedownChinese Volt Typhoon state hackers failed to revive a botnet recently taken down by the FBI, which was previously used in attacks targeting critical infrastructure across the United States.BotNet

BleepingComputer

7.2.24Money BillRansomware payments reached record $1.1 billion in 2023Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs.Ransom

BleepingComputer

7.2.24FortinetFortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in errorIt turns out that critical Fortinet FortiSIEM vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 are not new and have been published this year in error.Vulnerebility

BleepingComputer

7.2.24HackersChinese hackers infect Dutch military network with malwareA Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.BigBrothers

BleepingComputer

7.2.24HealthcareData breach at French healthcare services firm puts millions at riskFrench healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country.Incindent

BleepingComputer

7.2.24JetBrainsJetBrains warns of new TeamCity auth bypass vulnerabilityJetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges.Vulnerebility

BleepingComputer

7.2.24GoogleGoogle says spyware vendors behind most zero-days it discoversCommercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide.BigBrothers

BleepingComputer

7.2.24VerizonVerizon insider data breach hits over 63,000 employeesVerizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information.Incindent

BleepingComputer

7.2.24Data theft data breach hacker cyberattackHackers steal data of 2 million in SQL injection, XSS attacksA threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site scripting (XSS) attacks.Incindent

BleepingComputer

7.2.24OutlookMicrosoft Outlook December updates trigger ICS security alertsMicrosoft is investigating an issue that triggers Outlook security alerts when trying to open .ICS calendar files after installing December 2023 Patch Tuesday Office security updates.ICSBleepingComputer
7.2.24US State DepartmentUS announces visa ban on those linked to commercial spywareSecretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States.BigBrothers

BleepingComputer

7.2.24HPEHPE investigates new breach after data for sale on hacking forumHewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information.Incindent

BleepingComputer

7.2.24IvantiNewest Ivanti SSRF zero-day now under mass exploitationAn Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers.Vulnerebility

BleepingComputer

7.2.24Windows ServerMicrosoft is bringing the Linux sudo command to Windows ServerMicrosoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications.OS

BleepingComputer

7.2.24Windows ServerMicrosoft is bringing the Linux sudo command to Windows ServerMicrosoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications.OSBleepingComputer
7.2.24Package ContainerLeaky Vessels flaws allow hackers to escape Docker, runc containersFour vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.VulnerebilityBleepingComputer
7.2.24Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux DistrosThe maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote codeVulnerebilityThe Hacker News
7.2.24Global Coalition and Tech Giants Unite Against Commercial Spyware AbuseA coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft,BigBrothersThe Hacker News
7.2.24Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military NetworkChinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "ThisExploitThe Hacker News
7.2.24Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch NowJetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD)VulnerebilityThe Hacker News
6.2.24Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and CredentialsThreat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealerVirusThe Hacker News
6.2.24High Severity Flaws Found in Azure HDInsight Spark, Kafka, and Hadoop ServicesThree new security vulnerabilities have been discovered in Azure HDInsight's Apache Hadoop , Kafka , and Spark services that could be exploited toVulnerebilityThe Hacker News
6.2.24Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal DataEmployment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumentedIncindentThe Hacker News
6.2.24Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass ExploitationA recently disclosed server-side request forgery ( SSRF ) vulnerability impacting Ivanti Connect Secure and Policy Secure products has comeExploitThe Hacker News
6.2.24U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware SurveillanceThe U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use ofBigBrothersThe Hacker News
6.2.24Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money LaunderingA 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related toCryptocurrencyThe Hacker News
5.2.24Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy MalwareThe threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remoteOSThe Hacker News
5.2.24Pegasus Spyware Targeted iPhones of Journalists and Activists in JordanThe iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSOOSThe Hacker News
5.2.24New Mispadu Banking Trojan Exploiting Windows SmartScreen FlawThe threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw toExploitThe Hacker News
4.2.24CloroxClorox says cyberattack caused $49 million in expensesClorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident.Incindent

BleepingComputer

4.2.24Google ChromeCheck if you're in Google Chrome's third-party cookie phaseout testGoogle has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test.Security

BleepingComputer

4.2.24MastodonMastodon vulnerability allows attackers to take over accountsMastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account.Vulnerebility

BleepingComputer

4.2.24hospital wardThe Week in Ransomware - February 2nd 2024 - No honor among thievesAttacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks.Ransom

BleepingComputer

4.2.24AnyDeskAnyDesk says hackers breached its production servers, reset passwordsAnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.IncindentBleepingComputer
4.2.24Lurie Children'sLurie Children's Hospital took systems offline after cyberattackLurie Children's Hospital in Chicago was forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances.Incindent

BleepingComputer

4.2.24Department of Justice DOJBTC-e server admin indicted for laundering ransom payments, stolen cryptoAliaksandr Klimenka, a Belarusian and Cypriot national, has been indicted in the U.S. for his involvement in an international cybercrime money laundering operation.Cryptocurrency

BleepingComputer

4.2.24Hacker ScreensInterpol operation Synergia takes down 1,300 servers used for cybercrimeAn international law enforcement operation code-named 'Synergia' has taken down over 1,300 command and control servers used in ransomware, phishing, and malware campaigns.BigBrothers

BleepingComputer

4.2.24BlackbaudFTC orders Blackbaud to boost security after massive data breachBlackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people.Incindent

BleepingComputer

4.2.24CloudflareCloudflare hacked using auth tokens stolen in Okta attackCloudflare disclosed today that its internal Atlassian server was breached by a suspected 'nation state attacker' who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system.Incindent

BleepingComputer

4.2.24OutlookMicrosoft fixes connection issue affecting Outlook email appsMicrosoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts.Vulnerebility

BleepingComputer

4.2.24Android malwareMore Android apps riddled with malware spotted on Google PlayAn Android remote access trojan (RAT) known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023.OS

BleepingComputer

4.2.24PurpleFoxPurpleFox malware infects thousands of computers in UkraineThe Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country.Virus

BleepingComputer

4.2.24Google Pixel 7Google shares fix for Pixel phones hit by bad system updateGoogle has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update.Vulnerebility

BleepingComputer

4.2.24WindowsNew Windows Event Log zero-day flaw gets unofficial patchesFree unofficial patches are available for a new Windows zero-day vulnerability dubbed 'EventLogCrasher' that lets attackers remotely crash the Event Log service on devices within the same Windows domain.Vulnerebility

BleepingComputer

4.2.24Exploring the Latest Mispadu Stealer VariantUnit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019. We found this activity as part of the Unit 42 Managed Threat Hunting offering. Malware blogPalo Alto
4.2.24ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery CampaignUnit 42 researchers discovered a large-scale campaign we call ApateWeb that uses a network of over 130,000 domains to deliver scareware, potentially unwanted programs (PUPs) and other scam pages.Spam blogPalo Alto
4.2.24Threat Assessment: BianLianUnit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most active groups based on leak site data we’ve gathered.BigBrother blogPalo Alto
4.2.24Financial Fraud APK CampaignDuring our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files.OS BlogPalo Alto
4.2.24Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectorsTalos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter.Ransom blogCisco Blog
4.2.24OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privilegesOpen Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with VeVulnerebility blogCisco Blog
4.2.24Exploring malicious Windows drivers (Part 1): Introduction to the kernel and driversMalicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.Malware blogCisco Blog
4.2.24Grandoreiro banking malware disrupted – Week in security with Tony AnscombeGrandoreiro banking malware disrupted – Week in security with Tony AnscombeThe banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windowsMalware blogEset
4.2.24VajraSpy: A Patchwork of espionage appsVajraSpy: A Patchwork of espionage appsESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT groupAPT blogEset
4.2.24ESET Research Podcast: ChatGPT, the MOVEit hack, and PandoraESET Research Podcast: ChatGPT, the MOVEit hack, and PandoraAn AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxesCyber blogEset
4.2.24ESET takes part in global operation to disrupt the Grandoreiro banking trojanESET takes part in global operation to disrupt the Grandoreiro banking trojanESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimologyMalware blogEset
4.2.24Cyber: The Swiss army knife of tradecraftCyber: The Swiss army knife of tradecraftIn today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alikeCyber blogEset
4.2.24Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony AnscombeBlackwood hijacks software updates to deploy NSPX30 – Week in security with Tony AnscombeThe previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UKAPT blogEset
4.2.24Assessing and mitigating supply chain cybersecurity risksAssessing and mitigating supply chain cybersecurity risksBlindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk managementCyber blogEset
4.2.24NSPX30: A sophisticated AitM-enabled implant evolving since 2005NSPX30: A sophisticated AitM-enabled implant evolving since 2005ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named BlackwoodAPT blogEset
4.2.24Break the fake: The race is on to stop AI voice cloning scamsBreak the fake: The race is on to stop AI voice cloning scamsAs AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detectionAI blogEset

3.2.24

CISACISA orders federal agencies to disconnect Ivanti VPN appliances by SaturdayCISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday.BigBrothersBleepingComputer

3.2.24

hacker shhHackers push USB malware payloads via news, media hosting sitesA financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content.Virus

BleepingComputer

3.2.24

Bitcoin LockPolice seize record 50,000 Bitcoin from now-defunct piracy siteThe police in Saxony, eastern Germany, have seized 50,000 Bitcoin from the former operator of the pirate site movie2k.to through a voluntary deposit to a state-controlled wallet.Cryptocurrency

BleepingComputer

3.2.24

Hacker smileyEuropcar denies data breach of 50 million users, says data is fakeCar rental company Europcar says it has not suffered a data breach and that shared customer data is fake after a threat actor claimed to be selling the personal info of 50 million customers.Incindent

BleepingComputer

3.2.24

Android-finalExploit released for Android local elevation flaw impacting 7 OEMsA proof-of-concept (PoC) exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers (OEMs) is now publicly available on GitHub. However, as the exploit requires local access, its release will mostly be helpful to researchers.OS

BleepingComputer

3.2.24

CISACISA warns of patched iPhone kernel bug now exploited in attacksCISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks.BigBrothersBleepingComputer

3.2.24

FBIFBI disrupts Chinese botnet by wiping malware from infected routersThe FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure.BotNet

BleepingComputer

3.2.24

CISACISA: Vendors must secure SOHO routers against Volt Typhoon attacksCISA has urged manufacturers of small office/home office (SOHO) routers to ensure their devices' security against ongoing attacks attempting to hijack them, especially those coordinated by Chinese state-backed hacking group Volt Typhoon (Bronze Silhouette).BigBrothers

BleepingComputer

3.2.24

Johnson ControlsJohnson Controls says ransomware attack cost $27 million, data stolenJohnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data.Ransom

BleepingComputer

3.2.24

IvantiIvanti warns of new Connect Secure zero-day exploited in attacksToday, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation.Vulnerebility

BleepingComputer

3.2.24

LinuxNew Linux glibc flaw lets attackers get root on major distrosUnprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).Vulnerebility

BleepingComputer

3.2.24

White PhoenixOnline ransomware decryptor helps recover partially encrypted filesCyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption.Ransom

BleepingComputer

3.2.24

DraftKingsUS charges two more suspects with DraftKing account hacks​The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack.CyberCrimeBleepingComputer

3.2.24

MoneroVastaamo hacker traced via ‘untraceable’ Monero transactions, police saysJulius Aleksanteri Kivimäki, the suspect believed to be behind an attack against one of Finland's largest psychotherapy clinics, Vastaamo, was allegedly identified by tracing what has been believed to be untraceable Monero transactions.Cryptocurrency

BleepingComputer

3.2.24

Mercedes-BenzA mishandled GitHub token exposed Mercedes-Benz source codeA mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public.Incindent

BleepingComputer

3.2.24

Microsoft TeamsMicrosoft Teams phishing pushes DarkGate malware via group chatsNew phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems.Phishing

BleepingComputer

3.2.24

citibankCitibank sued over failure to defend customers against hacks, fraudNew York Attorney General Letitia James sued Citibank over its alleged failure to defend customers against hacks and scams and refusal to reimburse victims after allowing fraudsters to steal millions from their accounts.Incindent

BleepingComputer

3.2.24

TrojanPolice disrupt Grandoreiro banking malware operation, make arrestsThe Federal Police of Brazil and cybersecurity researchers have disrupted the Grandoreiro banking malware operation, which has been targeting Spanish-speaking countries with financial fraud since 2017.CyberCrime

BleepingComputer

3.2.24

PadlockKeenan warns 1.5 million people of data breach after summer cyberattackKeenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack.Incindent

BleepingComputer

3.2.24

U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber AttacksThe U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the IranianBigBrothersThe Hacker News

3.2.24

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized AccountThe decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account.VulnerebilityThe Hacker News

3.2.24

AnyDesk Hacked: Popular Remote Desktop Software Mandates Password ResetRemote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The GermanIncindentThe Hacker News

3.2.24

Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay AttacksRussian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023,APTThe Hacker News

3.2.24

DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and CryptojackingThe Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strainVirusThe Hacker News

3.2.24

Former CIA Engineer Sentenced to 40 Years for Leaking Classified DocumentsA former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New YorkBigBrothersThe Hacker News

3.2.24

INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPsAn INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IPCyberCrimeThe Hacker News

3.2.24

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal DocsCloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorizedIncindentThe Hacker News

2.2.24

Server Warning45k Jenkins servers exposed to RCE attacks using public exploitsResearchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.VulnerebilityBleepingComputer

2.2.24

PadlockKeenan warns 1.5 million people of data breach after summer cyberattackKeenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack.Incindent

BleepingComputer

2.2.24

Schneider ElectricEnergy giant Schneider Electric hit by Cactus ransomware attackEnergy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter.Ransom

BleepingComputer

2.2.24

OutlookMicrosoft says Outlook apps can’t connect to Outlook.comMicrosoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account.Security

BleepingComputer

2.2.24

FBIFBI: Tech support scams now use couriers to collect victims' money​Today, the FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams.BigBrothers

BleepingComputer

2.2.24

Financial Fraud steal theft money handRansomware payments drop to record low as victims refuse to payThe number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware.Ransom

BleepingComputer

2.2.24

Court gavelDHS employees jailed for stealing data of 200K U.S. govt workersThree former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees.BigBrothers

BleepingComputer

2.2.24

JenkinsExploits released for critical Jenkins RCE flaw, patch nowMultiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks.Exploit

BleepingComputer

2.2.24

Department of Justice DOJThe Week in Ransomware - January 26th 2024 - Govts strike backGovernments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison.Ransom

BleepingComputer

2.2.24

Kansas City public transportation authority hit by ransomwareKansas City public transportation authority hit by ransomwareThe Kansas City Area Transportation Authority (KCATA) announced it was targeted by a ransomware attack on Tuesday, January 23.Ransom

BleepingComputer

2.2.24

Windows ServerMicrosoft releases first Windows Server 2025 preview buildMicrosoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program.OSBleepingComputer

2.2.24

FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your NetworkThe threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability toBotNetThe Hacker News

2.2.24

Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking CampaignExposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat .CryptocurrencyThe Hacker News

2.2.24

U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO RoutersThe U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO)BotNetThe Hacker News

2.2.24

HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto MiningCybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the worldVirusThe Hacker News

2.2.24

Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN VulnerabilitiesGoogle-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groupsExploitThe Hacker News

2.2.24

CISA Warns of Active Exploitation of Flaw in Apple iOS and macOSThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS,BigBrothersThe Hacker News

1.2.24

Windows ServerMicrosoft introduces flighting for Windows Server insidersMicrosoft has launched flighting for Windows Server systems enrolled in its Windows Insider open software testing program.OS

BleepingComputer

1.2.24Hacker UkraineUkraine: Hack wiped 2 petabytes of data from Russian research centerThe Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data.Virus

BleepingComputer

1.2.24

MicrosoftMicrosoft reveals how hackers breached its Exchange Online accountsMicrosoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign.Hack

BleepingComputer

1.2.24

Role of Wazuh in building a robust cybersecurity architectureRole of Wazuh in building a robust cybersecurity architectureLeveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits. Learn more from Wazuh about the benefits of open source solutions.Security

BleepingComputer

1.2.24

Pwn2Own TokyoPwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twiceThe first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.Congress

BleepingComputer

1.2.2423andMe23andMe data breach: Hackers stole raw genotype data, health reportsGenetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27.Incindent

BleepingComputer

1.2.24

China HackerBlackwood hackers hijack WPS Office update to install malwareA previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals.Virus

BleepingComputer

1.2.24

Hacker prisonRussian TrickBot malware dev sentenced to 64 months in prisonRussian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide.Virus

BleepingComputer

1.2.24iPhoneiPhone apps abuse iOS push notifications to collect user dataNumerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking.OS

BleepingComputer

1.2.24

Pwn2Own TokyoTesla hacked again, 24 more zero-days exploited at Pwn2Own TokyoSecurity researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition.Congress

BleepingComputer

1.2.24CiscoCisco warns of critical RCE flaw in communications softwareCisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue.Vulnerebility

BleepingComputer

1.2.24

WordPressHackers target WordPress database plugin active on 1 million sitesMalicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours.CyberCrime

BleepingComputer

1.2.24

HPEHPE: Russian hackers breached its security team’s email accountsHewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments.Incindent

BleepingComputer

1.2.24HackersVexTrio TDS: Inside a massive 70,000-domain cybercrime operationA previously unknown traffic distribution system (TDS) named 'VexTrio' has been active since at least 2017, aiding 60 affiliates in their cybercrime operations through a massive network of 70,000 sites.CyberCrime

BleepingComputer

1.2.24

GitLabOver 5,300 GitLab servers exposed to zero-click account takeover attacksOver 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.Vulnerebility

BleepingComputer

1.2.24AI hacker security Artificial IntelligenceUK says AI will empower ransomware over the next two yearsThe United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware.AI

BleepingComputer

1.2.24

EquiLendGlobal fintech firm EquiLend offline after recent cyberattackNew York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in a Monday cyberattack.Attack

BleepingComputer

1.2.24How to secure AD passwords without sacrificing end-user experienceHow to secure AD passwords without sacrificing end-user experienceTo increase password security, regulatory bodies recommend longer and unique passwords. Despite this, many still stick to using the same easy-to-guess passwords for the sake of convenience.Security

BleepingComputer

1.2.24

Pwn2Own TokyoTesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.Congress

BleepingComputer

1.2.24

Windows 11Windows 11 KB5034204 update fixes Bluetooth audio issues, 24 bugsMicrosoft released the January 2024 preview update for Windows 11 versions 22H2 and 23H2, which comes with Bluetooth audio bug fixes and addresses 24 known issues.OS

BleepingComputer

1.2.24Windows 10Microsoft: Recent updates cause Sysprep Windows validation errorsMicrosoft says admins are seeing 0x80073cf2 errors when using the System Preparation (Sysprep) tool to validate Windows installations for deployment after installing recent Windows 10 updates.OSBleepingComputer

1.2.24

RunC Flaws Enable Container Escapes, Granting Attackers Host AccessMultiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of theExploitThe Hacker News

1.2.24

Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active ExploitationIvanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. ExploitThe Hacker News
1.2.24Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and MalwareCybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter forPhishingThe Hacker News

1.2.24

The SEC Won't Let CISOs Be: Understanding New SaaS Cybersecurity RulesThe SEC isn't giving SaaS a free pass. Applicable public companies, known as "registrants," are now subject to cyber incident disclosure and cybersecurityBigBrothersThe Hacker News

1.2.24

Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking MalwareA financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations inCryptocurrencyThe Hacker News
1.2.24Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader MalwareA pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-VirusThe Hacker News

1.2.24

New Glibc Flaw Grants Attackers Root Access on Major Linux DistrosMalicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (akaVulnerebilityThe Hacker News