What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-12-13 17:00:00 | How to Generate a CrowdStrike RFM Report With AI in Tines (lien direct) | Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform.
Their bi-annual “You Did What with Tines?!” competition highlights some of the most interesting workflows submitted by their
Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform. Their bi-annual “You Did What with Tines?!” competition highlights some of the most interesting workflows submitted by their |
★★ | ||
|
2024-12-13 14:41:00 | New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection (lien direct) | Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection.
"PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with
Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. "PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with |
Tool | ★★★ | |
|
2024-12-13 11:36:00 | FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized (lien direct) | The U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace called Rydox ("rydox.ru" and "rydox[.]cc") for selling stolen personal information, access devices, and other tools for conducting cybercrime and fraud.
In tandem, three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, have been arrested. Ardit
The U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace called Rydox ("rydox.ru" and "rydox[.]cc") for selling stolen personal information, access devices, and other tools for conducting cybercrime and fraud. In tandem, three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, have been arrested. Ardit |
Tool | ★★★ | |
|
2024-12-12 19:54:00 | Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online (lien direct) | Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks.
"Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API
Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API |
★★★ | ||
|
2024-12-12 19:05:00 | Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States (lien direct) | The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns.
"BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both
The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both |
Malware Tool Threat Mobile | ★★★ | |
|
2024-12-12 18:05:00 | Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (lien direct) | Details have emerged about a now-patched security vulnerability in Apple\'s iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information.
The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved
Details have emerged about a now-patched security vulnerability in Apple\'s iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved |
Vulnerability Threat | ★★★ | |
|
2024-12-12 17:00:00 | SaaS Budget Planning Guide for IT Professionals (lien direct) | SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it\'s no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect both the bottom line and employee productivity.
In this article, we\'ll break down this topic
SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it\'s no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect both the bottom line and employee productivity. In this article, we\'ll break down this topic |
Cloud | ★★★ | |
|
2024-12-12 14:48:00 | WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins (lien direct) | Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks.
The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations.
"This flaw poses a significant security risk, as it
Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. "This flaw poses a significant security risk, as it |
Vulnerability | ★★★ | |
|
2024-12-12 11:45:00 | Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested (lien direct) | A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF.
The effort, coordinated by Europol and involving 15 countries, dismantled several booter and stresser websites, including zdstresser.net, orbitalstress.net, and
A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 countries, dismantled several booter and stresser websites, including zdstresser.net, orbitalstress.net, and |
Legislation | ★★ | |
|
2024-12-11 23:32:00 | Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service (lien direct) | The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine.
The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically
The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically |
Malware Threat | ★★★ | |
|
2024-12-11 20:43:00 | New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (lien direct) | A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions.
"To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. "
A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. " |
Malware Tool Threat | ★★★ | |
|
2024-12-11 20:02:00 | Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts (lien direct) | Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft\'s multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim\'s account.
"The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the
Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft\'s multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim\'s account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the |
Vulnerability | ★★★ | |
|
2024-12-11 19:37:00 | ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms (lien direct) | Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago.
"Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell
Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell |
Malware Tool Threat | ★★★ | |
|
2024-12-11 16:32:00 | Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017 (lien direct) | Cybersecurity researchers have discovered a novel surveillance program that\'s suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices.
The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as
Cybersecurity researchers have discovered a novel surveillance program that\'s suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as |
Malware Tool Legislation Mobile | ★★★ | |
|
2024-12-11 16:30:00 | Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia (lien direct) | A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023.
The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat Hunter Team
A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet, the Symantec Threat Hunter Team |
Threat | ★★★ | |
|
2024-12-11 12:46:00 | Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (lien direct) | Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild.
Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the
Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the |
Vulnerability | ★★★ | |
|
2024-12-11 11:59:00 | U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (lien direct) | The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020.
Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan has been
The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan has been |
Vulnerability Threat | ★★★ | |
|
2024-12-11 08:29:00 | Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (lien direct) | Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution.
The list of vulnerabilities is as follows -
CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote
Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote |
Vulnerability Cloud | ★★ | |
|
2024-12-10 21:27:00 | Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (lien direct) | Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems.
Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo\'s LexiCom,
Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo\'s LexiCom, |
Vulnerability Threat | ★★★ | |
|
2024-12-10 19:43:00 | Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam (lien direct) | Cybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing) campaign that\'s designed to distribute an updated version of the Antidot banking trojan.
"The attackers presented themselves as recruiters, luring unsuspecting victims with job offers," Zimperium zLabs Vishnu Pratapagiri researcher said in a new report.
"As part of their fraudulent hiring process, the
Cybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing) campaign that\'s designed to distribute an updated version of the Antidot banking trojan. "The attackers presented themselves as recruiters, luring unsuspecting victims with job offers," Zimperium zLabs Vishnu Pratapagiri researcher said in a new report. "As part of their fraudulent hiring process, the |
Mobile | ★★★ | |
|
2024-12-10 17:20:00 | The Future of Network Security: Automated Internal and External Pentesting (lien direct) | In today\'s rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay
In today\'s rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay |
Threat | ★★ | |
|
2024-12-10 16:49:00 | Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands (lien direct) | Belgian and Dutch authorities have arrested eight suspects in connection with a "phone phishing" gang that primarily operated out of the Netherlands with an aim to steal victims\' financial data and funds.
As part of the international operation, law enforcement agencies carried out 17 searches in different locations in Belgium and the Netherlands, Europol said. In addition, large amounts of cash,
Belgian and Dutch authorities have arrested eight suspects in connection with a "phone phishing" gang that primarily operated out of the Netherlands with an aim to steal victims\' financial data and funds. As part of the international operation, law enforcement agencies carried out 17 searches in different locations in Belgium and the Netherlands, Europol said. In addition, large amounts of cash, |
Legislation | ★★ | |
|
2024-12-10 16:30:00 | Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage (lien direct) | A suspected China-nexus cyber espionage group has been attributed to an attacks targeting large business-to-business IT service providers in Southern Europe as part of a campaign codenamed Operation Digital Eye.
The intrusions took place from late June to mid-July 2024, cybersecurity companies SentinelOne SentinelLabs and Tinexta Cyber said in a joint report shared with The Hacker News, adding
A suspected China-nexus cyber espionage group has been attributed to an attacks targeting large business-to-business IT service providers in Southern Europe as part of a campaign codenamed Operation Digital Eye. The intrusions took place from late June to mid-July 2024, cybersecurity companies SentinelOne SentinelLabs and Tinexta Cyber said in a joint report shared with The Hacker News, adding |
★★★ | ||
|
2024-12-10 15:31:00 | Ongoing Phishing and Malware Campaigns in December 2024 (lien direct) | Cyber attackers never stop inventing new ways to compromise their targets. That\'s why organizations must stay updated on the latest threats.
Here\'s a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you.
Zero-day Attack: Corrupted Malicious Files Evade Detection by Most Security Systems
The analyst
Cyber attackers never stop inventing new ways to compromise their targets. That\'s why organizations must stay updated on the latest threats. Here\'s a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you. Zero-day Attack: Corrupted Malicious Files Evade Detection by Most Security Systems The analyst |
Malware | ★★ | |
|
2024-12-10 14:42:00 | CERT-UA Warns of Phishing Attacks Targeting Ukraine\\'s Defense and Security Force (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defense companies in the country as well as its security and defense forces.
The phishing attacks have been attributed to a Russia-linked threat actor called UAC-0185 (aka UNC4221), which has been active since at least 2022.
"The phishing emails mimicked official messages
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defense companies in the country as well as its security and defense forces. The phishing attacks have been attributed to a Russia-linked threat actor called UAC-0185 (aka UNC4221), which has been active since at least 2022. "The phishing emails mimicked official messages |
Threat | ★★★ | |
|
2024-12-09 23:14:00 | Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering (lien direct) | The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024.
"Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user\'s email to numerous mailing lists simultaneously," Rapid7
The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user\'s email to numerous mailing lists simultaneously," Rapid7 |
Ransomware Threat | ★★ | |
|
2024-12-09 18:41:00 | ⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8) (lien direct) | This week\'s cyber world is like a big spy movie. Hackers are breaking into other hackers\' setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in.
Want to
This week\'s cyber world is like a big spy movie. Hackers are breaking into other hackers\' setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to |
Malware Tool | ★★★ | |
|
2024-12-09 17:25:00 | Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI (lien direct) | Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim\'s account by means of a prompt injection attack.
Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print
Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim\'s account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print |
Tool Vulnerability | ★★★ | |
|
2024-12-09 16:30:00 | Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions (lien direct) | Identity security is all the rage right now, and rightfully so. Securing identities that access an organization\'s resources is a sound security model.
But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what we at SSH Communications Security want to talk about today.
Let\'s look at seven ways to add
Identity security is all the rage right now, and rightfully so. Securing identities that access an organization\'s resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what we at SSH Communications Security want to talk about today. Let\'s look at seven ways to add |
★★★ | ||
|
2024-12-09 16:14:00 | Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices (lien direct) | A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight.
"Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company\'s security research team said in an analysis
A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company\'s security research team said in an analysis |
Malware Threat | ★★★ | |
|
2024-12-07 16:24:00 | Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions (lien direct) | In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner.
The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures
In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures |
★★ | ||
|
2024-12-07 14:08:00 | Learn How Experts Secure Privileged Accounts-Proven PAS Strategies Webinar (lien direct) | Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why?
Traditional Privileged Access Management (PAM) solutions often fall short, leaving:
Blind spots that limit full visibility.
Complex deployment processes.
Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots that limit full visibility. Complex deployment processes. |
★★ | ||
|
2024-12-07 13:48:00 | Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals\\' Data (lien direct) | Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings.
"The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said. "The company
Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. "The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said. "The company |
Malware Threat | ★★★ | |
|
2024-12-07 12:55:00 | Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok (lien direct) | In a historic decision, Romania\'s constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference.
As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place. Călin Georgescu, who won the first round, denounced the verdict as an "officialized coup" and an attack on
In a historic decision, Romania\'s constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference. As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place. Călin Georgescu, who won the first round, denounced the verdict as an "officialized coup" and an attack on |
★★★ | ||
|
2024-12-06 21:45:00 | FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine (lien direct) | A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year.
The findings come as part of a collaborative investigation by First Department and the University of Toronto\'s Citizen Lab.
"The spyware placed on his device allows the operator to track a target device\'s
A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and the University of Toronto\'s Citizen Lab. "The spyware placed on his device allows the operator to track a target device\'s |
Mobile | ★★★ | |
|
2024-12-06 16:58:00 | Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks (lien direct) | Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution.
The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month.
Unlike the first
Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike the first |
Tool Vulnerability | ★★ | |
|
2024-12-06 16:30:00 | Conquering the Complexities of Modern BCDR (lien direct) | The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures that go beyond traditional backup solutions to address the intricacies of today\'s complex IT ecosystems.
The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures that go beyond traditional backup solutions to address the intricacies of today\'s complex IT ecosystems. |
★★ | ||
|
2024-12-06 13:52:00 | More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader (lien direct) | The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation.
This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on
The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on |
Malware Tool Threat | ★★ | |
|
2024-12-06 12:33:00 | Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (lien direct) | The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop.
The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that\'s designed to drop the Visual Basic Script malware, Recorded Future\'s Insikt Group said in a new analysis.
The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that\'s designed to drop the Visual Basic Script malware, Recorded Future\'s Insikt Group said in a new analysis. |
Malware Threat | ★★ | |
|
2024-12-05 21:28:00 | This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges (lien direct) | As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot.
"DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring," Cleafy researchers Simone Mattia, Alessandro
As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. "DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring," Cleafy researchers Simone Mattia, Alessandro |
Mobile | ★★★ | |
|
2024-12-05 20:26:00 | Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access (lien direct) | Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances.
The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input
Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input |
Vulnerability Threat | ★★★ | |
|
2024-12-05 20:25:00 | Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers (lien direct) | Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale.
The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More than 200 terabytes of digital evidence have been collected.
Manson Market ("manson-market[.]pw") is
Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More than 200 terabytes of digital evidence have been collected. Manson Market ("manson-market[.]pw") is |
Legislation | ★★★ | |
|
2024-12-05 18:13:00 | Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (lien direct) | A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs.
"Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a
A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. "Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a |
Threat Mobile | ★★★ | |
|
2024-12-05 17:15:00 | Want to Grow Vulnerability Management into Exposure Management? Start Here! (lien direct) | Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.
At its core, Vulnerability Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident. At its core, Vulnerability Management |
Vulnerability | ★★★ | |
|
2024-12-05 16:30:00 | Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (lien direct) | A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion.
According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn\'t rule out the possibility that the intrusion may have occurred earlier.
"The attackers moved laterally
A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn\'t rule out the possibility that the intrusion may have occurred earlier. "The attackers moved laterally |
Threat | ★★★ | |
|
2024-12-05 13:00:00 | ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan (lien direct) | The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024.
The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis.
"An interesting aspect of this campaign is the comeback of a backdoor
The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024. The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis. "An interesting aspect of this campaign is the comeback of a backdoor |
Threat Prediction Technical | ★★ | |
|
2024-12-05 11:17:00 | NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions (lien direct) | The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America.
The effort, codenamed Operation Destabilise, has resulted in the arrest of 84 suspects linked to two Russian-speaking networks
The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, codenamed Operation Destabilise, has resulted in the arrest of 84 suspects linked to two Russian-speaking networks |
★★★ | ||
|
2024-12-05 10:39:00 | CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of vulnerabilities is as follows -
CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissions
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissions |
Vulnerability | ★★★ | |
|
2024-12-04 22:53:00 | Russia-Linked Turla Exploits Pakistani Hackers\\' Servers to Target Afghan and Indian Entities (lien direct) | The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022.
The activity, first observed in December 2022, is the latest instance of the nation-state adversary "embedding
The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, first observed in December 2022, is the latest instance of the nation-state adversary "embedding |
Threat | ★★ | |
|
2024-12-04 17:50:00 | Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown (lien direct) | Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that\'s created by criminals for criminal purposes.
The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted
Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that\'s created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted |
★★★ |
To see everything:
Our RSS (filtrered)
