What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-12-24 18:52:00 | Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts (lien direct) | Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs.
The packages, named zebo and cometlogger, attracted 118 and 164 downloads each, prior to them being taken down.
Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, attracted 118 and 164 downloads each, prior to them being taken down. |
★★★ | ||
|
2024-12-24 15:10:00 | North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin (lien direct) | Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.
"The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces," the agencies said. "TraderTraitor activity is often characterized by targeted social
Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. "The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces," the agencies said. "TraderTraitor activity is often characterized by targeted social |
Threat | ★★★ | |
|
2024-12-24 14:55:00 | CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.
The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that |
Vulnerability | ★★★ | |
|
2024-12-24 11:36:00 | Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (lien direct) | The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions.
The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that
The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that |
Vulnerability | ★★★ | |
|
2024-12-23 19:18:00 | AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case (lien direct) | Cybersecurity researchers have found that it\'s possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection.
"Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect," Palo Alto Networks Unit 42 researchers
Cybersecurity researchers have found that it\'s possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. "Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect," Palo Alto Networks Unit 42 researchers |
Malware | ★★★ | |
|
2024-12-23 16:51:00 | Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service (lien direct) | An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm.
"It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable," Sophos said in a new report published last
An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm. "It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable," Sophos said in a new report published last |
★★ | ||
|
2024-12-23 15:07:00 | Top 10 Cybersecurity Trends to Expect in 2025 (lien direct) | The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with protecting sensitive information for their customers while continuing to provide seamless and easy user experiences. Here\'s a closer look at ten emerging challenges and threats set to shape the
The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with protecting sensitive information for their customers while continuing to provide seamless and easy user experiences. Here\'s a closer look at ten emerging challenges and threats set to shape the |
Prediction | ★★★ | |
|
2024-12-23 14:50:00 | U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case (lien direct) | Meta Platforms-owned WhatsApp scored a major legal victory in its fight against Israeli commercial spyware vendor NSO Group after a federal judge in the U.S. state of California ruled in favor of the messaging giant for exploiting a security vulnerability to deliver Pegasus.
"The limited evidentiary record before the court does show that defendants\' Pegasus code was sent through plaintiffs\'
Meta Platforms-owned WhatsApp scored a major legal victory in its fight against Israeli commercial spyware vendor NSO Group after a federal judge in the U.S. state of California ruled in favor of the messaging giant for exploiting a security vulnerability to deliver Pegasus. "The limited evidentiary record before the court does show that defendants\' Pegasus code was sent through plaintiffs\' |
Vulnerability Commercial | ★★★ | |
|
2024-12-23 12:12:00 | Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations (lien direct) | Italy\'s data protection authority has fined ChatGPT maker OpenAI a fine of €15 million ($15.66 million) over how the generative artificial intelligence application handles personal data.
The fine comes nearly a year after the Garante found that ChatGPT processed users\' information to train its service in violation of the European Union\'s General Data Protection Regulation (GDPR).
The authority
Italy\'s data protection authority has fined ChatGPT maker OpenAI a fine of €15 million ($15.66 million) over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users\' information to train its service in violation of the European Union\'s General Data Protection Regulation (GDPR). The authority |
ChatGPT | ★★ | |
|
2024-12-21 14:52:00 | LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages (lien direct) | A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024.
Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice (DoJ) said in a
A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice (DoJ) said in a |
Ransomware | ★★★ | |
|
2024-12-20 16:14:00 | Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware (lien direct) | The Lazarus Group, an infamous threat actor linked to the Democratic People\'s Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024.
The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are
The Lazarus Group, an infamous threat actor linked to the Democratic People\'s Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are |
Malware Threat | APT 38 | ★★★★ |
|
2024-12-20 14:09:00 | Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (lien direct) | The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware.
Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest |
Malware | ★★★ | |
|
2024-12-20 13:43:00 | Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation (lien direct) | Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions.
Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows -
Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows - |
Vulnerability | ★★★ | |
|
2024-12-20 11:55:00 | Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (lien direct) | A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect.
The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending specially crafted
A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending specially crafted |
Tool Vulnerability | ★★ | |
|
2024-12-20 10:00:00 | CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that |
Vulnerability | ★★★ | |
|
2024-12-19 19:26:00 | Thousands Download Malicious npm Libraries Impersonating Legitimate Tools (lien direct) | Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry.
The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively.
"While typosquatting attacks are
Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. "While typosquatting attacks are |
Tool Threat | ★★ | |
|
2024-12-19 19:07:00 | Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords (lien direct) | Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware.
The company said it\'s issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024.
"These systems have been infected with the Mirai
Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it\'s issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. "These systems have been infected with the Mirai |
Malware | ★★★ | |
|
2024-12-19 16:01:00 | Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits (lien direct) | Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information.
The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0.
"A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive files," the
Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. "A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive files," the |
Vulnerability | ★★★ | |
|
2024-12-19 15:30:00 | CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines.
"Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls,
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines. "Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, |
Cloud | ★★ | |
|
2024-12-19 14:56:00 | Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency (lien direct) | The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and 2020.
An investigation launched by the DPA in 2019 found that the tech giant did not inform customers clearly enough in its privacy statement about what it does with the data
The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and 2020. An investigation launched by the DPA in 2019 found that the tech giant did not inform customers clearly enough in its privacy statement about what it does with the data |
★★ | ||
|
2024-12-19 14:10:00 | UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless.
Users who visit the
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless. Users who visit the |
Malware Threat Mobile | ★★ | |
|
2024-12-18 19:40:00 | HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft (lien direct) | Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims\' Microsoft Azure cloud infrastructure.
The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical,
Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims\' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical, |
Tool Cloud | ★★★ | |
|
2024-12-18 17:25:00 | Not Your Old ActiveState: Introducing our End-to-End OS Platform (lien direct) | Having been at ActiveState for nearly eight years, I\'ve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code.
ActiveState has been helping enterprises manage open source for over a decade. In the early days, open source was in its infancy. We focused mainly on the
Having been at ActiveState for nearly eight years, I\'ve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises manage open source for over a decade. In the early days, open source was in its infancy. We focused mainly on the |
★★★ | ||
|
2024-12-18 16:45:00 | APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP (lien direct) | The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files.
The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously
The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously |
Threat | APT 29 | ★★★ |
|
2024-12-18 16:00:00 | ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation (lien direct) | Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it\'s vital to understand the current cybersecurity vendor landscape and continually assess the effectiveness of available solutions. Luckily, the 2024 MITRE ATT&CK
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it\'s vital to understand the current cybersecurity vendor landscape and continually assess the effectiveness of available solutions. Luckily, the 2024 MITRE ATT&CK |
★★★ | ||
|
2024-12-18 14:45:00 | BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (lien direct) | BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands.
Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users.
BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users. |
Vulnerability Cloud | ★★ | |
|
2024-12-18 14:40:00 | INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse (lien direct) | INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship.
"The term \'pig butchering\' dehumanizes and shames victims of such frauds, deterring people from coming
INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. "The term \'pig butchering\' dehumanizes and shames victims of such frauds, deterring people from coming |
★★★ | ||
|
2024-12-18 11:13:00 | Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts (lien direct) | Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what\'s the latest financial hit the company has taken for flouting stringent privacy laws.
The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million
Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what\'s the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million |
Data Breach | ★★ | |
|
2024-12-18 10:23:00 | Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (lien direct) | Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.
The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS
Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS |
Vulnerability Threat | ★★ | |
|
2024-12-17 22:05:00 | Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (lien direct) | A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate.
"An attacker used social engineering via a Microsoft Teams call to impersonate a user\'s client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said.
"The attacker failed to install a
A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user\'s client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said. "The attacker failed to install a |
Malware Threat Prediction | ★★ | |
|
2024-12-17 19:41:00 | Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (lien direct) | A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan.
Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn\'t obtain the original email used to launch the attack.
"One of the
A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn\'t obtain the original email used to launch the attack. "One of the |
★★ | ||
|
2024-12-17 17:35:00 | Even Great Companies Get Breached - Find Out Why and How to Stop It (lien direct) | Even the best companies with the most advanced tools can still get hacked. It\'s a frustrating reality: you\'ve invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen.
So, what\'s going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticed-even in well-prepared organizations. The good
Even the best companies with the most advanced tools can still get hacked. It\'s a frustrating reality: you\'ve invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen. So, what\'s going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticed-even in well-prepared organizations. The good |
Tool | ★★ | |
|
2024-12-17 16:37:00 | Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware (lien direct) | A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT.
"The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint
A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. "The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint |
Malware Threat | ★★★ | |
|
2024-12-17 16:22:00 | 5 Practical Techniques for Effective Cyber Threat Hunting (lien direct) | Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel.
To avoid this, use these five battle-tested techniques that are
Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel. To avoid this, use these five battle-tested techniques that are |
Threat | ★★★★ | |
|
2024-12-17 14:33:00 | Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (lien direct) | Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker.
"Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday.
The attacks make use of fake update alerts that employ
Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday. The attacks make use of fake update alerts that employ |
Malware Tool Threat Technical | ★★ | |
|
2024-12-17 12:25:00 | The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal (lien direct) | A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022.
"The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets
A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets |
Malware Threat | ★★ | |
|
2024-12-17 11:17:00 | CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of flaws is below -
CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below - CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted |
Vulnerability | ★★ | |
|
2024-12-16 19:52:00 | DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages (lien direct) | Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds.
"Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising - delivering over
Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. "Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising - delivering over |
★★ | ||
|
2024-12-16 18:15:00 | NoviSpy Spyware Installed on Journalist\\'s Phone After Unlocking It With Cellebrite Tool (lien direct) | A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International.
"NoviSpy allows for capturing sensitive personal data from a target\'s phone after infection and provides the ability to turn on the phone\'s microphone or camera remotely," the
A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. "NoviSpy allows for capturing sensitive personal data from a target\'s phone after infection and provides the ability to turn on the phone\'s microphone or camera remotely," the |
Tool | ★★ | |
|
2024-12-16 17:41:00 | ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips (lien direct) | This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there\'s a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small.
Meanwhile, law enforcement has scored wins
This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there\'s a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small. Meanwhile, law enforcement has scored wins |
Tool Legislation | ★★ | |
|
2024-12-16 16:30:00 | Data Governance in DevOps: Ensuring Compliance in the AI Era (lien direct) | With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we\'ll explore the concept of CI/CD pipeline governance and why it\'s vital, especially as AI becomes
With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we\'ll explore the concept of CI/CD pipeline governance and why it\'s vital, especially as AI becomes |
★★ | ||
|
2024-12-16 15:47:00 | New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide (lien direct) | Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss.
"The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest
Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. "The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest |
★★ | ||
|
2024-12-16 14:39:00 | New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (lien direct) | Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa.
QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti (
Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti ( |
Malware | ★★ | |
|
2024-12-16 12:14:00 | Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes (lien direct) | The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia\'s Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games."
Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv. These groups, per the agency,
The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia\'s Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games." Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv. These groups, per the agency, |
Legislation | ★★ | |
|
2024-12-14 17:03:00 | Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action (lien direct) | Germany\'s Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country.
In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains
Germany\'s Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains |
Malware | ★★ | |
|
2024-12-14 15:46:00 | Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques (lien direct) | Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai.
"The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior engineer for Netskope\'s Security Efficacy team, told The Hacker News. "The Yokai backdoor itself is not
Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior engineer for Netskope\'s Security Efficacy team, told The Hacker News. "The Yokai backdoor itself is not |
Threat | ★★ | |
|
2024-12-14 01:30:00 | 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (lien direct) | A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials.
The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that
A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that |
Tool Threat | ★★ | |
|
2024-12-13 22:18:00 | Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (lien direct) | A security flaw has been disclosed in OpenWrt\'s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages.
The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the
A security flaw has been disclosed in OpenWrt\'s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the |
Vulnerability | ★★★ | |
|
2024-12-13 21:21:00 | DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years (lien direct) | The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People\'s Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations.
"The conspirators, who worked for
The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People\'s Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations. "The conspirators, who worked for |
★★ | ||
|
2024-12-13 17:14:00 | Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (lien direct) | Iran-affiliated threat actors have been linked to a new custom malware that\'s geared toward IoT and operational technology (OT) environments in Israel and the United States.
The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable
Iran-affiliated threat actors have been linked to a new custom malware that\'s geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable |
Malware Threat Industrial | ★★★★ |
To see everything:
Our RSS (filtrered)
