H  January(270)  February(364) March(400) April(276) May(343) June(373) July(246) August(0) September(0) October(0) November(0) December(0) 

DATE

NAME

Info

CATEG.

WEB

25.7.24

Telegram App Flaw Exploited to Spread Malware Hidden in Videos A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised Social The Hacker News

25.7.24

Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel Hack The Hacker News

25.7.24

CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash Security The Hacker News

25.7.24

Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver Exploit The Hacker News

25.7.24

CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The BigBrothers The Hacker News

24.7.24

Chinese Hackers Target Taiwan and US NGO with MgBot Malware Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state- BigBrothers The Hacker News

24.7.24

New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been ICS The Hacker News

24.7.24

Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest CyberCrime The Hacker News

24.7.24

Meta Given Deadline to Address E.U. Concerns Over 'Pay or Consent' Model Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its "pay or Social The Hacker News

24.7.24

Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research BigBrothers The Hacker News

23.7.24

Google Abandons Plan to Phase Out Third-Party Cookies in Chrome Google on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years Security The Hacker News

23.7.24

Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese Hack The Hacker News

23.7.24

PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud Virus The Hacker News

23.7.24

SocGholish Malware Exploits BOINC Project for Covert Cyberattacks The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called Virus The Hacker News

23.7.24

New Linux Variant of Play Ransomware Targeting VMware ESXi Systems Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) Ransom The Hacker News

22.7.24

Microsoft releases Windows repair tool to remove CrowdStrike driver Microsoft has released a custom WinPE recovery tool to find and remove the faulty CrowdStrike update that crashed an estimated 8.5 million Windows devices on Friday. Security

BleepingComputer

22.7.24

Fake CrowdStrike fixes target companies with malware, data wipers Threat actors are exploiting the massive business disruption from CrowdStrike's glitchy update on Friday to target companies with data wipers and remote access tools. Virus

BleepingComputer

22.7.24

UK arrests suspected Scattered Spider hacker linked to MGM attack UK police have arrested a 17-year-old boy suspected of being involved in the 2023 MGM Resorts ransomware attack and a member of the Scattered Spider hacking collective. CyberCrime

BleepingComputer

22.7.24

Microsoft confirms CrowdStrike update also hit Windows 365 PCs Microsoft says the faulty CrowdStrike Falcon update, which caused widespread outages by crashing Windows systems worldwide, also resulted in Windows 365 Cloud PCs getting stuck in reboot loops, rendering them unusable. Cyber

BleepingComputer

21.7.24

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows Virus The Hacker News

21.7.24

17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in U.K. Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious CyberCrime The Hacker News

20.7.24

ClickFix Deception: A Social Engineering Tactic to Deploy Malware McAfee Labs has discovered a highly unusual method of malware delivery, referred to by researchers as the “Clickfix” infection chain. The attack chain begins with users being lured to visit seemingly legitimate but compromised websites. Malware blog McAfee

20.7.24

CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched. Vulnerebility blog Trend Micro

20.7.24

Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike. Cyber blog Trend Micro

20.7.24

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more. Ransom blog Trend Micro

20.7.24

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409 We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems. Vulnerebility blog Trend Micro

20.7.24

Teaming up with IBM to secure critical SAP workloads Trend Micro partners with IBM to offer advanced threat detection and response for protecting critical infrastructures running on IBM Power serversCyber blog Trend Micro

20.7.24

An In-Depth Look at Crypto-Crime in 2023 Part 2 In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise.Cryptocurrency blog Trend Micro

20.7.24

Container Breakouts: Escape Techniques in Cloud Environments Container escapes are a notable security risk for organizations, because they can be a critical step of an attack chain that can allow malicious threat actors access. We previously published one such attack chain in an article about a runC vulnerability. Vulnerebility blog Palo Alto

20.7.24

Beware of BadPack: One Weird Trick Being Used Against Android Devices This article discusses recent samples of BadPack Android malware and examines how this threat’s tampered headers can obstruct malware analysis. We also review the effectiveness of various freely available tools for analyzing BadPack Android Package Kit (APK) files. Malware blog Palo Alto

20.7.24

NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS MuddyWater, an Iranian threat group affiliated with the Ministry of Intelligence and Security (MOIS), has significantly increased its activities in Israel since the beginning of the Israel-Hamas war in October 2023. This parallels with activities against targets in Saudi Arabia, Turkey, Azerbaijan, India and Portugal. Malware blog Checkpoint

20.7.24

It's best to just assume you’ve been involved in a data breach somehow Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers. Incident blog Cisco Blog

20.7.24

HotPage: Story of a signed, vulnerable, ad-injecting driver A study of a sophisticated Chinese browser injector that leaves more doors open!Malware blog Eset

20.7.24

Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills These five formidable bits of kit that can assist cyber-defenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurity Cyber blog Eset

20.7.24

Hello, is it me you’re looking for? How scammers get your phone number Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters. Security blog Eset

20.7.24

Should ransomware payments be banned? – Week in security with Tony Anscombe Blanket bans on ransomware payments are a much-debated topic in cybersecurity and policy circles. What are the implications of outlawing the payments, and would the ban be effective? Ransom blog Eset

20.7.24

MediSecure: Ransomware gang stole data of 12.9 million people MediSecure, an Australian prescription delivery service provider, revealed that roughly 12.9 million people had their personal and health information stolen in an April ransomware attack. Ransom

BleepingComputer

20.7.24

CrowdStrike update crashes Windows systems, causes outages worldwide A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. Security

BleepingComputer

20.7.24

Russians plead guilty to involvement in LockBit ransomware attacks Two Russian individuals admitted to participating in many LockBit ransomware attacks, which targeted victims worldwide and across the United States. Ransom

BleepingComputer

20.7.24

Revolver Rabbit gang registers 500,000 domains for malware campaigns A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems. Virus

BleepingComputer

20.7.24

SolarWinds fixes 8 critical bugs in access rights audit software SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices. Vulnerebility BleepingComputer

20.7.24

Critical Cisco bug lets hackers add root users on SEG devices Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. Vulnerebility

BleepingComputer

20.7.24

Microsoft: Windows 11 23H2 now available for all eligible devices Microsoft says the Windows 11 2023 Update has entered the broad deployment phase and is now available to all seekers on eligible systems. OS

BleepingComputer

20.7.24

Notorious FIN7 hackers sell EDR killer to other threat actors The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. APT

BleepingComputer

20.7.24

Exchange Online adds Inbound DANE with DNSSEC for security boost Microsoft is rolling out inbound SMTP DANE with DNSSEC for Exchange Online in public preview, a new capability to boost email integrity and security. Security

BleepingComputer

20.7.24

Cisco SSM On-Prem bug lets hackers change any user's password Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. Vulnerebility

BleepingComputer

20.7.24

Over 400,000 Life360 user phone numbers leaked via unsecured API A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. Incindent

BleepingComputer

19.7.24

Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty Security

The Hacker News

19.7.24

Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed Virus The Hacker News

19.7.24

APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K. Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in APT

The Hacker News

19.7.24

SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to Vulnerebility The Hacker News

19.7.24

WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in Cryptocurrency

The Hacker News

18.7.24

Alert: HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily Virus The Hacker News

18.7.24

SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying AI The Hacker News

18.7.24

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting APT

The Hacker News

18.7.24

Meta Halts AI Use in Brazil Following Data Protection Authority's Ban Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a AI The Hacker News

18.7.24

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On- Vulnerebility

The Hacker News

18.7.24

North Korean Hackers Update BeaverTail Malware to Target MacOS Users Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic APT The Hacker News

18.7.24

Yacht giant MarineMax data breach impacts over 123,000 people MarineMax, self-described as the world's largest recreational boat and yacht retailer, is notifying over 123,000 customers whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang. Incindent BleepingComputer

18.7.24

Kaspersky offers free security software for six months in U.S. goodbye Kaspersky is offering free security products for six months and tips for staying safe as a parting gift to consumers in the United States. BigBrothers

BleepingComputer

18.7.24

CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks ​CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks. Vulnerebility

BleepingComputer

18.7.24

Email addresses of 15 million Trello users leaked on hacking forum A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. Incindent

BleepingComputer

18.7.24

Rite Aid says June data breach impacts 2.2 million people Rite Aid, the third-largest drugstore chain in the United States, says that 2.2 million customers' personal information was stolen last month in what it described as a "data security incident." Incindent

BleepingComputer

18.7.24

Microsoft links Scattered Spider hackers to Qilin ransomware attacks Microsoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacks. Ransom

BleepingComputer

18.7.24

Microsoft finally fixes Outlook alerts bug caused by December updates Microsoft has finally fixed a known Outlook issue, confirmed in February, which was triggering incorrect security alerts after installing the December security updates for Outlook Desktop. OS

BleepingComputer

18.7.24

Kaspersky is shutting down its business in the United States Russian cybersecurity company and antivirus software provider Kaspersky Lab will start shutting down operations in the United States on July 20. BigBrothers

BleepingComputer

18.7.24

New BugSleep malware implant deployed in MuddyWater attacks The Iranian-backed MuddyWater hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems. Virus

BleepingComputer

18.7.24

SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks. Ransom

BleepingComputer

18.7.24

June Windows Server updates break Microsoft 365 Defender features Microsoft has confirmed that Windows Server updates from last month's Patch Tuesday break some Microsoft 365 Defender features that use the network data reporting service. Security

BleepingComputer

17.7.24

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground APT

The Hacker News

17.7.24

China-linked APT17 Targets Italian Companies with 9002 RAT Malware A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant APT The Hacker News

17.7.24

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into Ransom

The Hacker News

17.7.24

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to Vulnerebility The Hacker News

16.7.24

'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a Virus

The Hacker News

16.7.24

Malicious npm Packages Found Using Image Files to Hide Backdoor Code Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute Virus The Hacker News

16.7.24

Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent APT

The Hacker News

16.7.24

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the APT The Hacker News

16.7.24

Kaspersky Exits U.S. Market Following Commerce Department Ban Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a BigBrothers

The Hacker News

16.7.24

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer Exploit The Hacker News

16.7.24

GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the Hack

The Hacker News

15.7.24

Facebook ads for Windows desktop themes push info-stealing malware Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. Virus

BleepingComputer

15.7.24

Banks in Singapore to phase out one-time passwords in 3 months The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months. Security

BleepingComputer

15.7.24

Hackers use PoC exploits in attacks 22 minutes after release Threat actors are quick to weaponize available proof-of-concept (PoC) exploits in actual attacks, sometimes as quickly as 22 minutes after exploits are made publicly available. Exploit

BleepingComputer

15.7.24

Microsoft fixes bug causing Windows Update automation issues Microsoft has resolved a known issue caused by the June 2024 KB5039302 preview update, causing update problems when using Windows Update automation scripts on Windows 11 systems. Vulnerebility

BleepingComputer

15.7.24

Critical Exim bug bypasses security filters on 1.5 million mail servers Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters. Vulnerebility

BleepingComputer

15.7.24

Rite Aid confirms data breach after June ransomware attack Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. Ransom

BleepingComputer

15.7.24

10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting, Virus The Hacker News

15.7.24

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect Hack

The Hacker News

15.7.24

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication Security The Hacker News

15.7.24

New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new Ransom

The Hacker News

14.7.24

DNS hijacks target crypto platforms registered with Squarespace A wave of coordinated DNS hijacking attacks targets decentralized finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing sites hosting wallet drainers. Cryptocurrency

BleepingComputer

14.7.24

Netgear warns users to patch auth bypass, XSS router flaws Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. Vulnerebility

BleepingComputer

14.7.24

Massive AT&T data breach exposes call logs of 109 million customers AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company's Snowflake account. Incindent

BleepingComputer

14.7.24

ARRL finally confirms ransomware gang stole data in cyberattack The American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident." Incindent

BleepingComputer

14.7.24

Signal downplays encryption key flaw, fixes it after X drama Signal is finally tightening its desktop client's security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018. Social

BleepingComputer

14.7.24

Google increases bug bounty rewards five times, up to $151K Google has announced a fivefold increase in payouts for bugs found in its systems and applications reported through its Vulnerability Reward Program, with a new maximum bounty of $151,515 for a single security flaw. Security

BleepingComputer

14.7.24

Dallas County: Data of 200,000 exposed in 2023 ransomware attack Dallas County is notifying over 200,000 people that the Play ransomware attack, which occurred in October 2023, exposed their personal data to cybercriminals. Ransom

BleepingComputer

14.7.24

CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers deployed. Incindent

BleepingComputer

14.7.24

Advance Auto Parts data breach impacts 2.3 million people Advance Auto Parts is sending data breach notifications to over 2.3 million people whose personal data was stolen in recent Snowflake data theft attacks. Incindent

BleepingComputer

14.7.24

Huione Guarantee exposed as a $11 billion marketplace for cybercrime The seemingly legitimate online marketplace Huione Guarantee is being used as a platform for laundering money from online scams, especially "pig butchering" investment fraud, researchers say. CyberCrime

BleepingComputer

14.7.24

GitLab: Critical bug lets attackers run pipelines as other users GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user. Vulnerebility

BleepingComputer

13.7.24

ViperSoftX malware covertly runs PowerShell using AutoIT scripting The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection. Virus

BleepingComputer

13.7.24

CISA urges devs to weed out OS command injection vulnerabilities ​CISA and the FBI urged software companies on Wednesday to review their products and eliminate path OS command injection vulnerabilities before shipping. BigBrothers

BleepingComputer

13.7.24

Japan warns of attacks linked to North Korean Kimsuky hackers Japan's Computer Emergency Response Team Coordination Center (JPCERT/CC) is warning that Japanese organizations are being targeted in attacks by the North Korean 'Kimsuky' threat actors. APT

BleepingComputer

13.7.24

Windows MSHTML zero-day used in malware attacks for over a year Microsoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features. Virus

BleepingComputer

13.7.24

Microsoft fixes Windows 11 bug causing reboot loops, taskbar freezes Microsoft has fixed a known issue causing restart loops and taskbar problems on Windows 11 systems after installing the June KB5039302 preview update. OS

BleepingComputer

13.7.24

Ticket Heist fraud gang uses 700 domains to sell fake Olympics tickets A large-scale fraud campaign with over 700 domain names is likely targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris. Incindent

BleepingComputer

13.7.24

Google Advanced Protection Program gets passkeys for high-risk users Google announced today that passkeys are now available for high-risk users when enrolling in the Advanced Protection Program, which provides the strongest level of account security Safety

BleepingComputer

13.7.24

US disrupts AI-powered bot farm pushing Russian propaganda on X Almost a thousand Twitter accounts controlled by a large bot farm pushing Russian propaganda and domains used to register the bots were taken down in a joint international law enforcement operation led by the U.S. Justice Department. AI

BleepingComputer

13.7.24

New Blast-RADIUS attack bypasses widely-used RADIUS authentication Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. Attack

BleepingComputer

13.7.24

Fujitsu confirms customer data exposed in March cyberattack Fujitsu confirms that information related to some individuals and customers' business has been compromised during the data breach detected earlier this year. Incindent

BleepingComputer

13.7.24

Windows 10 KB5040427 update released with Copilot changes, 12 other fixes Microsoft has released the KB5040427 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 13 changes, including Microsoft Copilot now behaving like an app, providing more flexibility on how it is displayed. OS

BleepingComputer

13.7.24

Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days. OS

BleepingComputer

13.7.24

Windows 11 KB5040442 update released with 31 fixes, changes Microsoft is rolling out the KB5040442 cumulative update for Windows 11 23H2, which includes up to thirty-one improvements and changes. The changes include a new feature that adds back the "Show Desktop" button, which Copilot replaced. OS BleepingComputer

13.7.24

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its Incindent The Hacker News

13.7.24

DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the Virus

The Hacker News

13.7.24

Application Security report: 2024 update Cloudflare’s updated 2024 view on Internet cyber security trends spanning global traffic insights, bot traffic insights, API traffic insights, and client-side risks... Cyber blog Cloudflare

13.7.24

Euro 2024’s impact on Internet traffic: a closer look at finalists Spain and England Here we examine how UEFA Euro 2024 football matches have influenced Internet traffic patterns in participating countries, with a special focus on the two finalists, Spain and England, on their journey to the final... BigBrother blog Cloudflare

13.7.24

Cloudflare Zaraz adds support for server-side rendering of X and Instagram embeds We are thrilled to announce Cloudflare Zaraz support for server-side rendering of embeds from X and Instagram. This allows for secure, privacy-preserving, and performant embedding without third-party JavaScript or cookies, enhancing security, privacy, and performance on your website... Social blog Cloudflare

13.7.24

DDoS threat report for 2024 Q2 Welcome to the 18th edition of the Cloudflare DDoS Threat Report. Released quarterly, these reports provide an in-depth analysis of the DDoS threat landscape as observed across the Cloudflare network. This edition focuses on the second quarter of 2024... Attack blog Cloudflare

13.7.24

RADIUS/UDP vulnerable to improved MD5 collision attack The RADIUS protocol is commonly used to control administrative access to networking gear. Despite its importance, RADIUS hasn’t changed much in decades. We discuss an attack on RADIUS as a case study for why it’s important for legacy protocols to keep up with advancements in cryptography... Attack blog Cloudflare

13.7.24

French elections: political cyber attacks and Internet traffic shifts Check the dynamics of the 2024 French legislative elections, the surprising election results’ impact on Internet traffic changes, and the cyber attacks targeting political parties... BigBrother blog Cloudflare

13.7.24

UK election day 2024: traffic trends and attacks on political parties Here, we explore the dynamics of Internet traffic and cybersecurity during the UK’s 2024 general election, highlighting late-day traffic changes and a post-vote attack on a political party... BigBrother blog Cloudflare

13.7.24

Cloudflare 1.1.1.1 incident on June 27, 2024 On June 27, 2024, a small number of users globally may have noticed that 1.1.1.1 was unreachable or degraded. The root cause was a mix of BGP (Border Gateway Protocol) hijacking and a route leak... Incident blog Cloudflare

13.7.24

First round of French election: party attacks and a modest traffic dip How Cloudflare mitigated DDoS attacks targeting French political parties during the 2024 legislative elections, as detailed in our ongoing election coverage... Attack blog Cloudflare

13.7.24

Declare your AIndependence: block AI bots, scrapers and crawlers with a single click To help preserve a safe Internet for content creators, we’ve just launched a brand new “easy button” to block all AI bots. It’s available for all customers, including those on our free tier... AI blog Cloudflare

13.7.24

HardBit Ransomware version 4.0 In this Threat Analysis report, Cybereason Security Services investigates HardBit Ransomware version 4.0, a new version observed in the wild. Ransom blog Cybereason

13.7.24

Cactus Ransomware: New strain in the market Cactus is another variant in the ransomware family. It exploits VPN vulnerability(CVE-2023-38035) to enter into an internal organization network and deploys varies payloads for persistence(Scheduled Task/Job), C2 connection via RMM tools(Anydesk.exe) and encryption. Ransom blog Trelix

13.7.24

The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution ViperSoftX uses CLR to embed and execute PowerShell commands within AutoIt, seamlessly integrating malicious functions while evading detection with an AMSI bypass. Malware blog Trelix

13.7.24

Cracking Cobalt Strike: Taking Down Malicious Cybercriminal Infrastructure with Threat Intelligence Trellix and global law enforcement dismantle malicious Cobalt Strike infrastructure, enhancing cybersecurity and protecting critical sectors. Learn about our fight against cybercrime. APT blog Trelix

13.7.24

Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate Variant The SonicWall RTDMI ™ engine has recently protected users against the distribution of the “6.6” variant of DarkGate malware by a phishing email campaign containing PDF files as an attachment. DarkGate is an advanced Remote Access Trojan that has been widely active since 2018. The RAT has been marketed as Malware-as-a-Service in underground forums, and threat actors are actively updating its code. The malware supports a wide range of features, including (Anti-VM Anti-AV Delay Execution multi-variant support and process hollowing, etc.), which are controlled by flags in the configuration data.Malware blog SonicWall

13.7.24

Microsoft Security Bulletin Coverage for July 2024 Microsoft’s July 2024 Patch Tuesday has 138 vulnerabilities, 59 of which are Remote Code Execution. The SonicWall Capture Lab’s threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2024 and has produced coverage for 7 of the reported vulnerabilities. Vulnerebility blog SonicWall

13.7.24

Adobe Commerce Unauthorized XXE Vulnerability The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords. Successful exploitation could lead to arbitrary code execution, security feature bypass, and privilege escalation. Vulnerebility blog SonicWall

13.7.24

An In-Depth Look at Crypto-Crime in 2023 Part 2 In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise. Cryptocurrency blog Trend Micro

13.7.24

Network detection & response: the SOC stress reliever Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important. Cyber blog Trend Micro

13.7.24

An In-Depth Look at Crypto-Crime in 2023 Part 1 Cybersecurity is a growing concern in today's digital age, as more sensitive information is stored and transmitted online. With the rise of cryptocurrencies, there has also been a rise in crypto-crimes, which pose a significant threat to the security of both individuals and businesses. Cryptocurrency blog Trend Micro

13.7.24

The Top 10 AI Security Risks Every Business Should Know With every week bringing news of another AI advance, it’s becoming increasingly important for organizations to understand the risks before adopting AI tools. This look at 10 key areas of concern identified by the Open Worldwide Application Security Project (OWASP) flags risks enterprises should keep in mind through the back half of the year. AI blog Trend Micro

13.7.24

DarkGate: Dancing the Samba With Alluring Excel Files This article reviews a DarkGate malware campaign from March-April 2024 that uses Microsoft Excel files to download a malicious software package from public-facing SMB file shares. This was a relatively short-lived campaign that illustrates how threat actors can creatively abuse legitimate tools and services to distribute their malware. Malware blog Palo Alto

13.7.24

Dissecting GootLoader With Node.js This article shows how to circumvent anti-analysis techniques from GootLoader malware while using Node.js debugging in Visual Studio Code. This evasion technique used by GootLoader JavaScript files can present a formidable challenge for sandboxes attempting to analyze the malware. Malware blog Palo Alto

13.7.24

The Contrastive Credibility Propagation Algorithm in Action: Improving ML-powered Data Loss Prevention The Contrastive Credibility Propagation (CCP) algorithm is a novel approach to semi-supervised learning (SSL) developed by AI researchers at Palo Alto Networks to improve model task performance with imbalanced and noisy labeled and unlabeled data. AI blog Palo Alto

13.7.24

EXPLORING COMPILED V8 JAVASCRIPT USAGE IN MALWARE In recent months, CPR has been investigating the usage of compiled V8 JavaScript by malware authors. Compiled V8 JavaScript is a lesser-known feature in V8, Google’s JavaScript engine, that enables the compilation of JavaScript into low-level bytecode. This technique assists attackers in evading static detections and hiding their original source code, rendering it almost impossible to analyze statically. Exploit blog Checkpoint

13.7.24

RESURRECTING INTERNET EXPLORER: THREAT ACTORS USING ZERO-DAY TRICKS IN INTERNET SHORTCUT FILE TO LURE VICTIMS (CVE-2024-38112) Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution. Vulnerebility blog Checkpoint

13.7.24

Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers. Ransom blog Cisco Blog

13.7.24

Impact of data breaches is fueling scam campaigns Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time. Incident blog Cisco Blog

13.7.24

Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments. Spam blog Cisco Blog

13.7.24

How do cryptocurrency drainer phishing scams work? In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials. Cryptocurrency blog Cisco Blog

13.7.24

Checking in on the state of cybersecurity and the Olympics Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos. Cyber blog Cisco Blog

13.7.24

15 vulnerabilities discovered in software development kit for wireless routers Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router.Vulnerebility blog Cisco Blog

13.7.24

Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities. Vulnerebility blog Cisco Blog

13.7.24

Understanding IoT security risks and how to mitigate them | Cybersecurity podcast As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds?IoT blog Eset

13.7.24

5 common Ticketmaster scams: How fraudsters steal the show Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account Spam blog Eset

12.7.24

Australian Defence Force Private and Husband Charged with Espionage for Russia

Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a

BigBrothers The Hacker News

12.7.24

Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious

Vulnerebility

The Hacker News

12.7.24

U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation

The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that

AI

The Hacker News

12.7.24

Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910

Vulnerebility

The Hacker News

12.7.24

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an

Virus

The Hacker News

11.7.24

Hackers target WordPress calendar plugin used by 150,000 sites

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely.

Vulnerebility

BleepingComputer

11.7.24

City of Philadelphia says over 35,000 hit in May 2023 breach

The City of Philadelphia revealed that a May 2024 disclosed in October impacted more than 35,000 individuals' personal and protected health information.

Incindent

BleepingComputer

11.7.24

Chinese APT40 hackers hijack SOHO routers to launch attacks

An advisory by CISA and multiple international cybersecurity agencies highlights the tactics, techniques, and procedures (TTPs) of APT40 (aka "Kryptonite Panda"), a state-sponsored Chinese cyber-espionage actor.

APT

BleepingComputer

11.7.24

Evolve Bank says data breach impacts 7.6 million Americans

Evolve Bank & Trust (Evolve) is sending notices of a data breach to 7.6 million Americans whose data was stolen during a recent LockBit ransomware attack.

Incindent

BleepingComputer

11.7.24

Computer maker Zotac exposed customers' RMA info on Google Search

Computer hardware maker Zotac has exposed return merchandise authorization (RMA) requests and related documents online for an unknown period, exposing sensitive customer information.

Incindent

BleepingComputer

11.7.24

Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events

In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters.

Incindent

BleepingComputer

11.7.24

Neiman Marcus data breach: 31 million email addresses found exposed

A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month has exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analyzed the stolen data.

Incindent

BleepingComputer

11.7.24

Microsoft: Windows 11 22H2 reaches end of service in October

Microsoft reminded customers today that multiple editions of Windows 11, version 22H2, will reach the end of servicing (EOS) in three months, on October 8, 2024.

OS

BleepingComputer

11.7.24

Avast releases free decryptor for DoNex ransomware and past variants

Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free.

Ransom

BleepingComputer

11.7.24

Russia forces Apple to remove dozens of VPN apps from App Store

Apple has removed 25 virtual private network (VPN) apps from the Russian App Store at the request of Roskomnadzor, Russia's telecommunications watchdog.

BigBrothers

BleepingComputer

11.7.24

RCE bug in widely used Ghostscript library now exploited in attacks

A remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in attacks.

Vulnerebility

BleepingComputer

11.7.24

CloudSorcerer hackers abuse cloud services to steal Russian govt data

A new advanced persistent threat (APT) group named CloudSorcerer abuses public cloud services to steal data from Russian government organizations in cyberespionage attacks.

APT

BleepingComputer

11.7.24

Roblox vendor data breach exposes dev conference attendee info

Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees.

Incindent

BleepingComputer

11.7.24

Europol says Home Routing mobile encryption feature aids criminals

Europol is proposing solutions to avoid challenges posed by privacy-enhancing technologies in Home Routing that hinder law enforcement's ability to intercept communications during criminal investigations.

BigBrothers

BleepingComputer

11.7.24

Shopify denies it was hacked, links stolen data to third-party app

E-commerce platform Shopify denies it suffered a data breach after a threat actor began selling customer data they claim was stolen from the company's network.

Incindent

BleepingComputer

11.7.24

Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk

The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version"

APT

The Hacker News

11.7.24

New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called

Virus

The Hacker News

11.7.24

PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans,

Exploit

The Hacker News

11.7.24

GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs

GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug

Vulnerebility

The Hacker News

11.7.24

New Ransomware Group Exploiting Veeam Backup Software Vulnerability

A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation

Ransom

The Hacker News

10.7.24

Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited

Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have

OS

The Hacker News

10.7.24

Google Adds Passkeys to Advanced Protection Program for High-Risk Users

Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection

Safety

The Hacker News

10.7.24

HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia

Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in

Cryptocurrency

The Hacker News

10.7.24

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the

Virus

The Hacker News

10.7.24

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code

Vulnerebility

The Hacker News

9.7.24

RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks

Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that

Attack

The Hacker News

9.7.24

Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks

Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console

Cryptocurrency

The Hacker News

9.7.24

GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel

Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-

Virus

The Hacker News

9.7.24

Cybersecurity Agencies Warn of China-linked APT40's Rapid Exploit Adaptation

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a

APT

The Hacker News

9.7.24

Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be

Virus

The Hacker News

8.7.24

New APT Group "CloudSorcerer" Targets Russian Government Entities

A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-

APT

The Hacker News

8.7.24

Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites

An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of

Virus

The Hacker News

8.7.24

New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems

An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and

Ransom

The Hacker News

8.7.24

Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according to

Virus

The Hacker News

8.7.24

Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service

Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that

Vulnerebility

The Hacker News

8.7.24

Apple Removes VPN Apps from Russian App Store Amid Government Pressure

Apple removed a number of virtual private network (VPN) apps in Russia from its App Store on July 4, 2024, following a request by

OS

The Hacker News

6.7.24

Cloudflare blames recent outage on BGP hijacking incident

Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak.

Hack

BleepingComputer

6.7.24

Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion

Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events would be leaked if a $2 million extortion demand is not paid.

Incindent

BleepingComputer

6.7.24

New Eldorado ransomware targets Windows, VMware ESXi VMs

A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows.

Ransom

BleepingComputer

6.7.24

Ethereum mailing list breach exposes 35,000 to crypto draining attack

A threat actor compromised Ethereum's mailing list provider and sent to over 35,000 addresses a phishing email with a link to a malicious site running a crypto drainer.

Cryptocurrency

BleepingComputer

6.7.24

Hackers attack HFS servers to drop malware and Monero miners

Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software.

Virus

BleepingComputer

6.7.24

HealthEquity data breach exposes protected health information

Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information.

Incindent

BleepingComputer

6.7.24

OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers

French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024

Attack

The Hacker News

6.7.24

Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective

In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.

Cryptocurrency blog

Trend Micro

6.7.24

Mekotio Banking Trojan Threatens Financial Systems in Latin America

We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we'll provide an overview of the trojan and what it does.

Malware blog

Trend Micro

6.7.24

High-Risk Path Traversal in SolarWinds Serv-U

The SonicWall Capture Labs threat research team became aware of a path traversal vulnerability in SolarWinds Serv-U, assessed its impact and developed mitigation measures.

Vulnerebility blog

SonicWall

6.7.24

Not If, But When: The Need for a SOC and Introducing the SonicWall European SOC

When you think about cyber threats or attacks, what comes to mind? It’s easy to associate cyberattacks with large enterprises since those are the attacks that frequently make the news.

Security blog

SonicWall

6.7.24

The Hidden Danger of PDF Files with Embedded QR Codes

The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time.

Malware blog

SonicWall

6.7.24

Attackers Exploiting Public Cobalt Strike Profiles

In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. We also share examples of malicious Cobalt Strike samples that use Malleable C2 configuration profiles derived from the same profile hosted on a public code repository.

Exploit blog

Palo Alto

6.7.24

MODERN CRYPTOGRAPHIC ATTACKS: A GUIDE FOR THE PERPLEXED

Cryptographic attacks, even more advanced ones, are often made more difficult to understand than they need to be. Sometimes it’s because the explanation is “too much too soon” — it skips the simple general idea and goes straight to real world attacks with all their messy details.

Attack blog

Checkpoint

6.7.24

Social media and teen mental health – Week in security with Tony Anscombe

Social media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick?

Social blog

Eset

6.7.24

No room for error: Don’t get stung by these common Booking.com scams

From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation

Phishing blog

Eset

6.7.24

AI in the workplace: The good, the bad, and the algorithmic

While AI can liberate us from tedious tasks and even eliminate human error, it's crucial to remember its weaknesses and the unique capabilities that humans bring to the table

AI blog

Eset

6.7.24

Hijacked: How hacked YouTube channels spread scams and malware

Here’s how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platform

Malware blog

Eset

6.7.24

Key trends shaping the threat landscape in H1 2024 – Week in security with Tony Anscombe

Learn about the types of threats that 'topped the charts' and the kinds of techniques that bad actors leveraged most commonly in the first half of this year

Security blog

Eset

5.7.24

OVHcloud blames record-breaking DDoS attack on MikroTik botnet

OVHcloud, a global cloud services provider and one of the largest of its kind in Europe, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year that reached an unprecedented packet rate of 840 million packets per second (Mpps).

Attack

BleepingComputer

5.7.24

Hackers abused API to verify millions of Authy MFA phone numbers

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.

Safety

BleepingComputer

5.7.24

Formula 1 governing body discloses data breach after email hacks

FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack.

Incindent

BleepingComputer

5.7.24

Infostealer malware logs used to identify child abuse website members

Thousands of pedophiles who download and share child sexual abuse material (CSAM) were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations.

Virus

BleepingComputer

5.7.24

Europol takes down 593 Cobalt Strike servers used by cybercriminals

Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks.

CyberCrime

BleepingComputer

5.7.24

Proton launches free, privacy-focused Google Docs alternative

Proton has launched 'Docs in Proton Drive,' a free and open-source end-to-end encrypted web-based document editing and collaboration tool.

Security

BleepingComputer

5.7.24

Google now pays $250,000 for KVM zero-day vulnerabilities

Google has launched kvmCTF, a new vulnerability reward program (VRP) first announced in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor that comes with $250,000 bounties for full VM escape exploits.

Security

BleepingComputer

5.7.24

Patelco shuts down banking systems following ransomware attack

Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact.

Ransom

BleepingComputer

5.7.24

Affirm says cardholders impacted by Evolve Bank data breach

Buy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust (Evolve).

Incindent

BleepingComputer

5.7.24

Prudential Financial now says 2.5 million impacted by data breach

Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach.

Incindent

BleepingComputer

5.7.24

CDK Global says all dealers will be back online by Thursday

CDK Global says that its dealer management system (DMS), impacted by a massive IT outage following a June 18th ransomware attack, will be back online by Thursday for all car dealerships

CyberCrime

BleepingComputer

5.7.24

Australian charged for ‘Evil Twin’ WiFi attack on plane

An Australian man was charged by Australia's Federal Police (AFP) for allegedly conducting an 'evil twin' WiFi attack on various domestic flights and airports in Perth, Melbourne, and Adelaide to steal other people's email or social media credentials.

Hack

BleepingComputer

5.7.24

GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks

The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised

Virus

The Hacker News

5.7.24

Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies

The supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findings

Hack

The Hacker News

5.7.24

New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks

Cybersecurity researchers have uncovered a new botnet called Zergeca that's capable of conducting distributed denial-of-service

BotNet

The Hacker News

5.7.24

Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus

Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote,

ICS

The Hacker News

4.7.24

Brazil Halts Meta's AI Data Processing Amid Privacy Concerns

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing

AI

The Hacker News

4.7.24

Global Police Operation Shuts Down 600 Cybercrime Servers Linked to Cobalt Strike

A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal

CyberCrime

The Hacker News

4.7.24

Twilio's Authy App Breach Exposes Millions of Phone Numbers

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in

Incindent

The Hacker News

4.7.24

Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool

Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool

Virus

The Hacker News

3.7.24

FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks

The loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using the

Virus

The Hacker News

3.7.24

Israeli Entities Targeted by Cyberattack Using Donut and Sliver Frameworks

Cybersecurity researchers have discovered an attack campaign that targets various Israeli entities with publicly-available frameworks like

Hack

The Hacker News

3.7.24

South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware

An unnamed South Korean enterprise resource planning (ERP) vendor's product update server has been found to be compromised

Virus

The Hacker News

2.7.24

New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data

Modern CPUs from Intel, including Raptor Lake and Alder Lake, have been found vulnerable to a new side-channel attack that could be

Attack

The Hacker News

2.7.24

Cisco warns of NX-OS zero-day exploited to deploy custom malware

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.

Exploit

BleepingComputer

2.7.24

Latest Intel CPUs impacted by new Indirector side-channel attack

Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU.

Attack

BleepingComputer

2.7.24

New regreSSHion OpenSSH RCE bug gives root on Linux servers

A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems.

Vulnerebility

BleepingComputer

2.7.24

Router maker's support portal hacked, replies with MetaMask phishing

BleepingComputer has verified that the helpdesk portal of a router manufacturer is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise.

Phishing

BleepingComputer

2.7.24

Google Chrome to let Isolated Web App access sensitive USB devices

Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API.

Security

BleepingComputer

2.7.24

Juniper releases out-of-cycle fix for max severity auth bypass flaw

Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.

Vulnerebility

BleepingComputer

2.7.24

Dev rejects CVE severity, makes his GitHub repo read-only

The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects.

Vulnerebility

BleepingComputer

2.7.24

Fake IT support sites push malicious PowerShell scripts as Windows fixes

Fake IT support sites promote malicious PowerShell "fixes" for common Windows errors, like the 0x80070643 error, to infect devices with information-stealing malware.

OS

BleepingComputer

2.7.24

Meta's 'Pay or Consent' Approach Faces E.U. Competition Rules Scrutiny

Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the

Social

The Hacker News

2.7.24

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in

Vulnerebility

The Hacker News

2.7.24

Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights

An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user

Hack

The Hacker News

2.7.24

Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks

A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that

Vulnerebility

The Hacker News

1.7.24

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering

Virus

The Hacker News

1.7.24

Indian Software Firm's Products Hacked to Spread Data-Stealing Malware

Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to

Virus

The Hacker News

1.7.24

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems.

Vulnerebility

The Hacker News

1.7.24

Juniper Networks Releases Critical Security Update for Routers

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication

Vulnerebility

The Hacker News