CISA Warns of Actively Exploited Adobe Acrobat Reader Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as CVE-2023-21608 CVSS score: 7.8, the vulnerability has been described ...

New Cryptojacking Operation Targeting Kubernetes Clusters for Dero Mining

Cybersecurity researchers have discovered the first-ever illicit cryptocurrency mining campaign used to mint Dero since the start of February 2023. "The novel Dero cryptojacking operation concentrates on locating Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening ...

North Korea's APT37 Targeting Southern Counterpart with New M2RAT Malware

The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting continued evolution of the group's features and tactics. APT37, also tracked under the monikers Reaper, RedEyes, Ricochet Chollima,...

Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike

Researchers have disclosed a new offensive framework referred to as Manjusaka that they call is a "Chinese sibling of Sliver and Cobalt Strike." "A fully functional version of the command-and-control C2, written in Golang with a User Interface in Simplified Chinese, is freely available and can...

Bitter APT Hackers Continue to Target Bangladesh Military Entities

Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter. "Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans,"...

U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware

The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems ICS and supervisory control and data acquisition SCADA devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple...

Use This Definitive RFP Template to Effectively Evaluate XDR solutions

A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response. Emerging Extended Detection and Response XDR solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize...

14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices

Cybersecurity researchers on Tuesday disclosed 14 critical vulnerabilities in the BusyBox Linux utility that could be exploited to result in a denial-of-service DoS condition and, in select cases, even lead to information leaks and remote code execution. The security weaknesses, tracked from...

Chinese Hackers Believed to be Behind Second Cyberattack on Air India

Even as a massive data breach affecting Air India came to light the previous month, India's flag carrier airline appears to have suffered a separate cyber assault that lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate...

Beef Supplier JBS Paid Hackers $11 Million Ransom After Cyberattack

Meat processing company JBS on Wednesday confirmed it paid extortionists $11 million in bitcoins to regain access to its systems following a destructive ransomware attack late last month. "In consultation with internal IT professionals and third-party cybersecurity experts, the company made the...

Valve's Steam Server Bugs Could've Let Hackers Hijack Online Games

Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected third-party game servers. "An attacker could remotely crash an opponent's game client to force a win or even...

Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords

Cybercriminals will stop at nothing to exploit every chance to prey on internet users. Even the disastrous spread of SARS-COV-II the virus, which causes COVID-19 the disease, is becoming an opportunity for them to likewise spread malware or launch cyber attacks. Reason Labs recently released a...

Company Detected Years-Long Breach Only After Hacker Maxed Out Servers' Storage

What could be even worse than getting hacked? It's the "failure to detect intrusions" that always results in huge losses to the organizations. Utah-based technology company InfoTrax Systems is the latest example of such a security blunder, as the company was breached more than 20 times from May...

Is Facebook Secretly Accessing Your iPhone's Camera? Some Users Claimed

Found a @facebook security & privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl...

Baltimore City Shuts Down Most of Its Servers After Ransomware Attack

For the second time in just over a year, the city of Baltimore has been hit by a ransomware attack, affecting its computer network and forcing officials to shut down a majority of its computer servers as a precaution. Ransomware works by encryption files and locking them up so users can't access...

Get a Lifetime Subscription to Unlimited VPN for just $59.99 (5 Devices)

For all of the undeniable conveniences the Internet has brought us, it's becoming an increasingly dangerous place to be. Both individual hackers and entire government agencies are now able to hack into your computer or smartphone from across the globe and steal everything from your browsing histo...

U.S. Charges North Korean Spy Over WannaCry and Sony Pictures Hack

The U.S. Department of Justice announces criminal charges against a North Korean government spy in connection with the 2017 global WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack. According to multiple government officials cited by the NY Times who are familiar with the...

iPhone Hacking Campaign Using MDM Software Is Broader Than Previously Known

India-linked highly targeted mobile malware campaign, first unveiled two weeks ago, has been found to be part of a broader campaign targeting multiple platforms, including windows devices and possibly Android as well. As reported in our previous article, earlier this month researchers at Talos...

Microsoft Offers $100,000 Bounty for Finding Bugs in Its Identity Services

Microsoft today launched a new bug bounty program for bug hunters and researchers finding security vulnerabilities in its "identity services." Hacking into networks and stealing data have become common and easier than ever but not all data holds the same business value or carries the same risk...

Hackers Used Malicious MDM Solution to Spy On 'Highly Targeted' iPhone Users

Security researchers have uncovered a "highly targeted" mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India. The attackers, who are also believed to be operating from India, were found abusing mobile device management MDM protocol—a...

Free Thanatos Ransomware Decryption Tool Released

If your computer has been infected with Thanatos Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files—your search is over here. Security researchers at Cisco Talos have discovered a weakness in the Thanatos ransomware code that makes it possible f...

DNS-Hijacking Malware Targeting iOS, Android and Desktop Users Worldwide

Widespread routers' DNS hijacking malware that recently found targeting Android devices has now been upgraded its capabilities to target iOS devices as well as desktop users. Dubbed Roaming Mantis, the malware was initially found hijacking Internet routers last month to distribute Android banking...

ISPs Caught Injecting Cryptocurrency Miners and Spyware In Some Countries

Governments in Turkey and Syria have been caught hijacking local internet users' connections to secretly inject surveillance malware, while the same mass interception technology has been found secretly injecting browser-based cryptocurrency mining scripts into users' web traffic in Egypt...

'Kill Switch' to Mitigate Memcached DDoS Attacks — Flush 'Em All

Security researchers have discovered a "kill switch" that could help companies protect their websites under massive DDoS attack launched using vulnerable Memcached servers. Massive Memcached reflection DDoS attacks with an unprecedented amplification factor of 50,000 recently resulted in some of...

Beware! Built-in Keylogger Discovered In Several HP Laptop Models

Do you own a Hewlett-Packard HP laptop? Yes? Just stop whatever you are doing and listen carefully: Your HP laptop may be silently recording everything you are typing on your keyboard. While examining Windows Active Domain infrastructures, security researchers from the Switzerland-based security...

Patch now! Adobe releases Emergency Security Updates for Flash Player

The Adobe Flash Player just said goodbye to the year with another bunch of vulnerability patches. Adobe released an out-of-band security update on Monday to address Nineteen 19 vulnerabilities in its Flash Player, including one CVE-2015-8651 that is being exploited in the wild. All the programmin...

Incomplete 'Stagefright' Security Patch Leaves Android Vulnerable to Text Hack

Wanna hack someone's Android smartphone by sending just an MMS message? Yes, you can, because Google's patch for the Stagefright vulnerability in hundreds of Millions of Android devices is BUGGY. Last week, Google issued an official patch for Stagefright vulnerability that affects 95 percent of...

Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies

Could a perfectly innocent looking device like router, TV set-top box or security cameras can mine Bitcoins? YES! Hackers will not going to spare the Smart Internet-enabled devices. A Linux worm named Linux.Darlloz, earlier used to target Internet of Things IoT devices, i.e. Home Routers, Set-top...

Microsoft's Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation

Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rat...

8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining

Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware...

Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP!

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 CVSS score: 9.1, concerns an authentication bypass that...

Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating...

Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities

Indian government entities and the defense sector have been targeted by a phishing campaign that's engineered to drop Rust-based malware for intelligence gathering. The activity, first detected in October 2023, has been codenamed Operation RusticWeb by enterprise security firm SEQRITE. "New...

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. "The threat actor targets Ukrainian employees working for companies outside of Ukraine,"...

Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware

Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the...

LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks

The Unified Extensible Firmware Interface UEFI code from various independent firmware/BIOS vendors IBVs has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, "can ...

Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure

Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation of the country's energy sector were targeted in May 2023. "22 simultaneous, successful cyberattacks...

Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server

Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WSFTP Server Ad hoc Transfer Module and in the WSFTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions...

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 CVSS score: 9.8, is a case of authentication bypass that enables unauthenticated attackers to...

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 CVSS score: 9.8 that cou...

Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks

Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology OT networks to external attacks. The findings were presented by Israeli industrial cybersecurity firm OTORIO at the...

CISA Warns of Critical Flaws in Illumina's DNA Sequencing Instruments

The U.S. Cybersecurity and Infrastructure Security Agency CISA has released an Industrial Control Systems ICS medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service UCS software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iS...

Researchers Detail Severe "Super FabriXss" Vulnerability in Microsoft Azure SFX

Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer SFX that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383 CVSS score: 8.2, the issue has been dubbed "Super FabriXss" by Orca Security, a nod to the FabriXss flaw CVE-2022-35829,...

ISC Releases Security Patches for New BIND DNS Software Vulnerabilities

The Internet Systems Consortium ISC has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain BIND 9 Domain Name System DNS software suite that could lead to a denial-of-service DoS condition. "A remote attacker could exploit these vulnerabilities to...

Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability

A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to ...

Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products

Australian software company Atlassian has rolled out security updates to address two critical flaws affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as CVE-2022-43781 and CVE-2022-43782, are both rated 9 out of 10 on the CVSS vulnerability scoring system...

Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN

A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. Tracked as CVE-2021-3064 CVSS score: 9.8, the security weakness impact...

Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days

Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group's Pegasus surveillance...

Download the Essential Guide to Response Automation

In the classic children's movie 'The Princess Bride,' one of the characters utters the phrase, "You keep using that word. I do not think it means what you think it means." It's freely used as a response to someone's misuse or misunderstanding of a word or phrase. "Response Automation" is another...

Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed

A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019. Tracked as CVE-2021-34730 CVSS score: 9.8, the issue resides in the routers' Universal Plug-and-Play UPnP service, enabling an...