20924 matches found
Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. "The attack involves the use of AzureChecker.exe, a Command Line Interface CLI tool that is being used by a wide range of...
VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi
VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 CVSS scores: 9.8 -...
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior t...
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The...
Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. "The attackers...
Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin
A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer MFT software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4....
Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software
Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked as CVE-2024-20272 CVSS score: 7.3, the vulnerability is an arbitrary file upload bug residing in the...
Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector
Organizations in the Defense Industrial Base DIB sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach...
Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom
A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway ESG appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which i...
Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability
Advanced persistent threat APT actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile EPMM as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint...
Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin
Cybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as XE Group. According to Menlo Security, which pieced together the information from different online sources, "Nguyen Huu Tai, who also goes by the names J...
Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users
Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers "use several highly obfuscated and under-development custom loaders in order to infect...
Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day...
Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework
Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control C2 framework in their intrusion campaigns as a replacement for Cobalt Strike. "Given Cobalt Strike's popularity as an attack tool, defenses against it have also improved over time," Microsoft...
Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices
Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain...
Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild
A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as CVE-2022-22620 CVSS score: 8.8, concerns a case of a use-after-free...
Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild
A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as CVE-2022-22954, the security shortcoming relates to a remote code execution vulnerability...
Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances
Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances ACI services that could have been weaponized by a malicious actor "to access other customers' information" in what the researchers described as the "first cross-account container takeover in the public...
TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected
TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system. The new functionality, dubbed "TrickBoot" by Advanced Intelligence...
New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service
A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site or a legitimate site loaded with malicious ads...
New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users
High impact vulnerabilities in modern communication protocol used by mobile network operators MNOs can be exploited to intercept user data and carry out impersonation, fraud, and denial of service DoS attacks, cautions a newly published research. The findings are part of a new Vulnerabilities in...
Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait
As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who've taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to a new report published by Check Point Research today a...
The Comprehensive Compliance Guide (Get Assessment Templates)
Complying with cyber regulations forms a significant portion of the CISO's responsibility. Compliance is, in fact, one of the major drivers in the purchase and implementation of new security products. But regulations come in multiple different colors and shapes – some are tailored to a specific...
Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested
The United States Department of Justice said today that they had arrested hundreds of criminals in a global crackdown after taking down the largest known child porn site on the dark web and tracing payments made in bitcoins. With an international coalition of law enforcement agencies, federal...
Researchers Find New Hack to Read Content Of Password Protected PDF Files
Looking for ways to unlock and read the content of an encrypted PDF without knowing the password? Well, that's now possible, sort of—thanks to a novel set of attacking techniques that could allow attackers to access the entire content of a password-protected or encrypted PDF file, but under some...
European Central Bank Shuts Down 'BIRD Portal' After Getting Hacked
The European Central Bank ECB confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank ECB is the...
Top 5 Last-Minute Memorial Day Deals at THN Store → Get 60% Extra OFF
Memorial Day has come and gone, but you still have time to land some of the best deals on some of the best apps and tech training bundles around. Whether you're looking for a world-class VPN or want to begin a career as a high-paid ethical hacker or IT pro, this list of ultra-discounted apps and...
Over 92 Million New Accounts Up for Sale from More Unreported Breaches
All these numbers…. "More than 5 billion records from 6,500 data breaches were exposed in 2018" — a report from Risk Based Security says. "More than 59,000 data breaches have been reported across the European since the GDPR came into force in 2018" — a report from DLA Piper says. …came from data...
T-Mobile Hacked — 2 Million Customers' Personal Data Stolen
T-Mobile today confirmed that the telecom giant suffered a security breach on its US servers on August 20 that may have resulted in the leak of "some" personal information of up to 2 million T-Mobile customers. The leaked information includes customers' name, billing zip code, phone number, email...
ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability
Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday. Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a...
How to Find Out Everything Facebook Knows About You
Facebook CEO Mark Zuckerberg will testify before Congress this week to explain how his company collects and handles users' personal information. The past few weeks have been difficult for Facebook over concerns that the data of millions of users has been breached. Facebook stores details of almos...
Linux Kernel Gets Patch For Years-Old Serious Vulnerability
Another dangerous vulnerability has been discovered in Linux kernel that dates back to 2009 and affects a large number of Linux distros, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu. The latest Linux kernel flaw CVE-2017-2636, which existed in the Linux kernel for the past seven years,...
A Simple JavaScript Exploit Bypasses ASLR Protection On 22 CPU Architectures
Security researchers have discovered a chip flaw that could nullify hacking protections for millions of devices regardless of their operating system or application running on them, and the worse — the flaw can not be entirely fixed with any mere software update. The vulnerability resides in the w...
NTP DoS Exploit Released — Update Your Servers to Patch 10 Flaws
A proof-of-concept PoC exploit for a critical vulnerability in the Network Time Protocol daemon ntpd has been publically released that could allow anyone to crash a server with just a single maliciously crafted packet. The vulnerability has been patched by the Network Time Foundation with the...
Mission '1 Billion' — Microsoft will Automatically Offer Windows 10 Upgrade
Microsoft wholeheartedly wants you to upgrade your PCs to Windows 10, so much so that the company plans to automatically download its new operating system to Windows 7/8 computers next year. Just two weeks ago, Microsoft accidentally pushed Windows 10 installation to Windows 7 and Windows 8/8.1...
Microsoft Windows Zero-Day Vulnerability "CVE-2014-4114" Used to Hack NATO
Once again a Russian cyber espionage group has gained media attention by exploiting a Zero-day vulnerability in Microsoft’s Windows operating system to spy on the North Atlantic Treaty Organization NATO, Ukrainian and Polish government agencies, and a variety of sensitive European industries over...
⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More
In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can...
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 CVSS score: 9.8, relates ...
CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September
The U.S. Cybersecurity and Infrastructure Security Agency CISA has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 CVSS score: 6.6, is case of...
Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies
Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A...
Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware
North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark...
GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability
The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts. The attacks involve th...
NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors
Threat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT. "The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders such as GHOSTPULSE, and various...
CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs
A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization SEV technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines VMs and even perform privilege escalation. The attack has been codenamed CacheWarp...
Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel
Google is warning of multiple threat actors sharing a public proof-of-concept PoC exploit that leverages its Calendar service to host command-and-control C2 infrastructure. The tool, called Google Calendar RAT GCR, employs Google Calendar Events for C2 using a Gmail account. It was first publishe...
Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability
VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 CVSS score: 9.8, has been described as an out-of-bounds write vulnerability in the implementation of the DCE/R...
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place...
North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines. The findings come from Google's Threat Analysis Group TAG, which found the adversary setting up...
Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari
Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when...
Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down?
Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it's no wonder that cybersecurity is top of mind for leaders across all industries and regions. Howeve...