What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-12-04 17:20:00 | 7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments (lien direct) | Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud\'s flexibility, scalability, and efficiency come with significant risk - an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and
Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud\'s flexibility, scalability, and efficiency come with significant risk - an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and |
Cloud | ★★★ | |
|
2024-12-04 16:00:00 | How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges (lien direct) | Many organizations struggle with password policies that look strong on paper but fail in practice because they\'re too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose they may as well not exist. And many simply copy
Many organizations struggle with password policies that look strong on paper but fail in practice because they\'re too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose they may as well not exist. And many simply copy |
★★ | ||
|
2024-12-04 15:18:00 | Researchers Uncover Backdoor in Solana\\'s Popular Web3.js npm Library (lien direct) | Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users\' private keys with an aim to drain their cryptocurrency wallets.
The attack has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from the npm
Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users\' private keys with an aim to drain their cryptocurrency wallets. The attack has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from the npm |
★★ | ||
|
2024-12-04 11:37:00 | Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks (lien direct) | A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People\'s Republic of China (PRC)-affiliated threat actors targeting telecommunications providers.
"Identified exploitations or compromises associated with these threat actors\' activity align with existing weaknesses associated with victim infrastructure; no novel
A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People\'s Republic of China (PRC)-affiliated threat actors targeting telecommunications providers. "Identified exploitations or compromises associated with these threat actors\' activity align with existing weaknesses associated with victim infrastructure; no novel |
Threat | ★★ | |
|
2024-12-04 11:04:00 | Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (lien direct) | Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances.
The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing.
"From the VSPC management agent machine, under
Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing. "From the VSPC management agent machine, under |
Vulnerability | ★★ | |
|
2024-12-04 10:38:00 | Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (lien direct) | A critical security vulnerability has been disclosed in SailPoint\'s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory.
The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions.
IdentityIQ "allows
A critical security vulnerability has been disclosed in SailPoint\'s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions. IdentityIQ "allows |
Vulnerability | ★★ | |
|
2024-12-04 10:18:00 | Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses (lien direct) | Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses.
"The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook\'s spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X.
The
Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook\'s spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X. The |
Spam | ★★★ | |
|
2024-12-03 18:21:00 | Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability (lien direct) | Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).
The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA\'s WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack
Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA\'s WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack |
Vulnerability | ★★ | |
|
2024-12-03 15:47:00 | NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise (lien direct) | Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems.
"By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels of access
Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. "By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels of access |
Tool | ★★ | |
|
2024-12-03 15:21:00 | North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (lien direct) | The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft.
"Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September,
The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September, |
Threat | ★★ | |
|
2024-12-03 10:53:00 | Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads (lien direct) | A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT.
The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer
A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer |
Malware | ★★ | |
|
2024-12-02 19:31:00 | SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan (lien direct) | Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware.
"SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks," Fortinet FortiGuard Labs said in a report shared with The Hacker News.
"While
Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. "SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks," Fortinet FortiGuard Labs said in a report shared with The Hacker News. "While |
Malware Medical | ★ | |
|
2024-12-02 17:20:00 | A Guide to Securing AI App Development: Join This Cybersecurity Webinar (lien direct) | Artificial Intelligence (AI) is no longer a far-off dream-it\'s here, changing the way we live. From ordering coffee to diagnosing diseases, it\'s everywhere. But while you\'re creating the next big AI-powered app, hackers are already figuring out ways to break it.
Every AI app is an opportunity-and a potential risk. The stakes are huge: data leaks, downtime, and even safety threats if security
Artificial Intelligence (AI) is no longer a far-off dream-it\'s here, changing the way we live. From ordering coffee to diagnosing diseases, it\'s everywhere. But while you\'re creating the next big AI-powered app, hackers are already figuring out ways to break it. Every AI app is an opportunity-and a potential risk. The stakes are huge: data leaks, downtime, and even safety threats if security |
★★ | ||
|
2024-12-02 16:44:00 | THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1) (lien direct) | Ever wonder what happens in the digital world every time you blink? Here\'s something wild - hackers launch about 2,200 attacks every single day, which means someone\'s trying to break into a system somewhere every 39 seconds.
And get this - while we\'re all worried about regular hackers, there are now AI systems out there that can craft phishing emails so convincingly, that even cybersecurity
Ever wonder what happens in the digital world every time you blink? Here\'s something wild - hackers launch about 2,200 attacks every single day, which means someone\'s trying to break into a system somewhere every 39 seconds. And get this - while we\'re all worried about regular hackers, there are now AI systems out there that can craft phishing emails so convincingly, that even cybersecurity |
Tool | ★★ | |
|
2024-12-02 15:16:00 | 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (lien direct) | Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs.
"These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which
Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs. "These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which |
Malware Mobile | ★★ | |
|
2024-12-02 12:32:00 | INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million (lien direct) | A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies.
The coordinated exercise saw the participation of authorities from 40 countries, territories, and regions as part of the latest wave of Operation HAECHI-V, which took place between July and
A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies. The coordinated exercise saw the participation of authorities from 40 countries, territories, and regions as part of the latest wave of Operation HAECHI-V, which took place between July and |
Legislation | ★★ | |
|
2024-11-30 12:44:00 | Wanted Russian Cybercriminal Linked to Hive and LockBit Ransomware Has Been Arrested (lien direct) | A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country.
According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key.
"At present,
A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. "At present, |
Ransomware Legislation | ★★ | |
|
2024-11-29 18:47:00 | AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections (lien direct) | A Moscow-based company sanctioned by the U.S. earlier this year has been linked to yet another influence operation designed to turn public opinion against Ukraine and erode Western support since at least December 2023.
The covert campaign undertaken by Social Design Agency (SDA), leverages videos enhanced using artificial intelligence (AI) and bogus websites impersonating reputable news sources
A Moscow-based company sanctioned by the U.S. earlier this year has been linked to yet another influence operation designed to turn public opinion against Ukraine and erode Western support since at least December 2023. The covert campaign undertaken by Social Design Agency (SDA), leverages videos enhanced using artificial intelligence (AI) and bogus websites impersonating reputable news sources |
★★★ | ||
|
2024-11-29 16:30:00 | Protecting Tomorrow\\'s World: Shaping the Cyber-Physical Future (lien direct) | The lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025, we explored the different factors shaping the cyber-physical future. In an insightful conversation with industry experts, we discussed
The lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025, we explored the different factors shaping the cyber-physical future. In an insightful conversation with industry experts, we discussed |
★★ | ||
|
2024-11-29 15:36:00 | Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (lien direct) | Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials.
"This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA)
Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. "This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA) |
★★ | ||
|
2024-11-29 15:04:00 | Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (lien direct) | Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild.
The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com.
"An
Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. "An |
Vulnerability Cloud | ★★ | |
|
2024-11-29 11:01:00 | U.S. Citizen Sentenced for Spying on Behalf of China\\'s Intelligence Agency (lien direct) | A 59-year-old U.S. citizen who immigrated from the People\'s Republic of China (PRC) has been sentenced to four years in prison for conspiring to act as a spy for the country and sharing sensitive information about his employer with China\'s principal civilian intelligence agency.
Ping Li, 59, of Wesley Chapel, Florida, is said to have served as a cooperative contact for the Ministry of State
A 59-year-old U.S. citizen who immigrated from the People\'s Republic of China (PRC) has been sentenced to four years in prison for conspiring to act as a spy for the country and sharing sensitive information about his employer with China\'s principal civilian intelligence agency. Ping Li, 59, of Wesley Chapel, Florida, is said to have served as a cooperative contact for the Ministry of State |
Legislation | ★★ | |
|
2024-11-28 22:27:00 | Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP (lien direct) | Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges.
"These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality,
Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality, |
Vulnerability Industrial | ★★ | |
|
2024-11-28 17:00:00 | The Future of Serverless Security in 2025: From Logs to Runtime Protection (lien direct) | Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is |
★★★ | ||
|
2024-11-28 16:18:00 | XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner (lien direct) | Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems.
The package, named @0xengine/xmlrpc, was originally published on October 2, 2023 as a JavaScript-based XML-RPC
Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems. The package, named @0xengine/xmlrpc, was originally published on October 2, 2023 as a JavaScript-based XML-RPC |
★★★ | ||
|
2024-11-28 14:59:00 | Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware (lien direct) | A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024.
"Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique
A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique |
Malware Threat | ★★ | |
|
2024-11-28 10:07:00 | U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider (lien direct) | U.S. telecom service provider T-Mobile said it recently detected attempts made by bad actors to infiltrate its systems in recent weeks but noted that no sensitive data was accessed.
These intrusion attempts "originated from a wireline provider\'s network that was connected to ours," Jeff Simon, chief security officer at T-Mobile, said in a statement. "We see no instances of prior attempts like
U.S. telecom service provider T-Mobile said it recently detected attempts made by bad actors to infiltrate its systems in recent weeks but noted that no sensitive data was accessed. These intrusion attempts "originated from a wireline provider\'s network that was connected to ours," Jeff Simon, chief security officer at T-Mobile, said in a statement. "We see no instances of prior attempts like |
★★ | ||
|
2024-11-27 21:35:00 | Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (lien direct) | A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck.
The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720. As of November 26, 2024,
A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720. As of November 26, 2024, |
Vulnerability | ★★ | |
|
2024-11-27 17:29:00 | Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels (lien direct) | Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems.
Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. Also tracked as IranuKit, it was uploaded
Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. Also tracked as IranuKit, it was uploaded |
★★ | ||
|
2024-11-27 17:00:00 | Latest Multi-Stage Attack Scenarios with Real-World Examples (lien direct) | Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let\'s examine real-world examples of some of the most common multi-stage attack scenarios that are active right now.
URLs and Other Embedded
Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let\'s examine real-world examples of some of the most common multi-stage attack scenarios that are active right now. URLs and Other Embedded |
★★★ | ||
|
2024-11-27 16:44:00 | APT-C-60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor (lien direct) | The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor.
That\'s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024.
"In this attack,
The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That\'s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024. "In this attack, |
Vulnerability Threat | ★★ | |
|
2024-11-27 12:50:00 | INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled (lien direct) | An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent.
Dubbed Serengeti, the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email
An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent. Dubbed Serengeti, the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email |
Ransomware Legislation | ★★★ | |
|
2024-11-27 10:51:00 | Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign (lien direct) | A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet.
"This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a
A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a |
Malware Vulnerability Threat | ★★ | |
|
2024-11-26 18:53:00 | Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (lien direct) | Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution.
The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in versions
Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in versions |
Spam Vulnerability | ★★ | |
|
2024-11-26 17:00:00 | Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats (lien direct) | When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That\'s why Intruder, a leader in attack surface management, built Intel - a free vulnerability intelligence platform designed to help you act fast and prioritize real threats.
What is Intel?
Intel was created to fill a gap in the resources available for tracking emerging
When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That\'s why Intruder, a leader in attack surface management, built Intel - a free vulnerability intelligence platform designed to help you act fast and prioritize real threats. What is Intel? Intel was created to fill a gap in the resources available for tracking emerging |
Vulnerability | ★★★ | |
|
2024-11-26 16:04:00 | RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (lien direct) | The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems.
"In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user
The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. "In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user |
Vulnerability Threat | ★★★ | |
|
2024-11-26 15:49:00 | Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (lien direct) | The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.
Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed
The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies. Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed |
Malware Hack Threat | ★★★ | |
|
2024-11-26 10:33:00 | CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.
The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that |
Vulnerability | ★★★ | |
|
2024-11-25 19:52:00 | Google\\'s New Restore Credentials Tool Simplifies App Login After Android Migration (lien direct) | Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device.
Part of Android\'s Credential Manager API, the feature aims to reduce the hassle of re-entering the login credentials for every app during the handset replacement.
"With Restore Credentials, apps can seamlessly onboard
Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android\'s Credential Manager API, the feature aims to reduce the hassle of re-entering the login credentials for every app during the handset replacement. "With Restore Credentials, apps can seamlessly onboard |
Tool Mobile | ★★ | |
|
2024-11-25 19:24:00 | PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot (lien direct) | The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate private keys via Telegram.
The package in question is described as a synchronous and asynchronous Crypto Pay API client. The package, originally released in September 2024, has been downloaded 12,100 times to date.
By putting the
The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate private keys via Telegram. The package in question is described as a synchronous and asynchronous Crypto Pay API client. The package, originally released in September 2024, has been downloaded 12,100 times to date. By putting the |
★★ | ||
|
2024-11-25 17:00:00 | Flying Under the Radar - Security Evasion Techniques (lien direct) | Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures.
The Evolution of Phishing Attacks
“I really like the saying that \'This is out of scope\' said no hacker ever. Whether it\'s tricks, techniques or technologies, hackers will do anything to evade detection and make sure their
Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures. The Evolution of Phishing Attacks “I really like the saying that \'This is out of scope\' said no hacker ever. Whether it\'s tricks, techniques or technologies, hackers will do anything to evade detection and make sure their |
Malware | ★★ | |
|
2024-11-25 16:54:00 | Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks (lien direct) | Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp\'s Terraform and Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to breach cloud platforms and exfiltrate data.
"Since these are hardened languages with limited capabilities, they\'re supposed to be more secure than
Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp\'s Terraform and Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to breach cloud platforms and exfiltrate data. "Since these are hardened languages with limited capabilities, they\'re supposed to be more secure than |
Tool Cloud | ★★★ | |
|
2024-11-25 16:43:00 | THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 - Nov 24) (lien direct) | We hear terms like “state-sponsored attacks” and “critical vulnerabilities” all the time, but what\'s really going on behind those words? This week\'s cybersecurity news isn\'t just about hackers and headlines-it\'s about how digital risks shape our lives in ways we might not even realize.
For instance, telecom networks being breached isn\'t just about stolen data-it\'s about power. Hackers are
We hear terms like “state-sponsored attacks” and “critical vulnerabilities” all the time, but what\'s really going on behind those words? This week\'s cybersecurity news isn\'t just about hackers and headlines-it\'s about how digital risks shape our lives in ways we might not even realize. For instance, telecom networks being breached isn\'t just about stolen data-it\'s about power. Hackers are |
Tool | ★★ | |
|
2024-11-25 14:46:00 | Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections (lien direct) | Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver (BYOVD) to disarm security protections and ultimately gain access to the infected system.
"This malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda," Trellix
Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver (BYOVD) to disarm security protections and ultimately gain access to the infected system. "This malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda," Trellix |
Malware | ★★ | |
|
2024-11-23 17:40:00 | Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites (lien direct) | Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077.
The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services across the world, Microsoft said.
Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077. The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services across the world, Microsoft said. |
Threat Industrial | ★★ | |
|
2024-11-23 17:23:00 | North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (lien direct) | The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period.
These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both
The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both |
Malware Threat | ★★ | |
|
2024-11-22 22:29:00 | APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware (lien direct) | The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell.
The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today.
Mysterious Elephant, which is also known as
The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Mysterious Elephant, which is also known as |
Malware Threat | ★★ | |
|
2024-11-22 22:17:00 | China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign (lien direct) | A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection.
"The attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a
A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection. "The attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a |
★★★ | ||
|
2024-11-22 17:36:00 | Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (lien direct) | Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe.
Recorded Future\'s Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The
Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future\'s Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The |
Malware Threat | APT 28 | ★★ |
|
2024-11-22 17:00:00 | Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data? (lien direct) | Google Workspace has quickly become the productivity backbone for businesses worldwide, offering an all-in-one suite with email, cloud storage and collaboration tools. This single-platform approach makes it easy for teams to connect and work efficiently, no matter where they are, enabling seamless digital transformation that\'s both scalable and adaptable.
As companies shift from traditional,
Google Workspace has quickly become the productivity backbone for businesses worldwide, offering an all-in-one suite with email, cloud storage and collaboration tools. This single-platform approach makes it easy for teams to connect and work efficiently, no matter where they are, enabling seamless digital transformation that\'s both scalable and adaptable. As companies shift from traditional, |
Tool Cloud | ★★★ |
To see everything:
Our RSS (filtrered)
