20926 matches found
Apple macOS Bug Reveals Passwords for APFS Encrypted Volumes in Plaintext
A severe programming bug has been found in APFS file system for macOS High Sierra operating system that exposes passwords of encrypted external drives in plain text. Introduced two years ago, APFS Apple File System is an optimized file system for flash and SSD-based storage solutions running MacO...
2-Year-Old Linux Kernel Issue Resurfaces As High-Risk Flaw
A bug in Linux kernel that was discovered two years ago, but was not considered a security threat at that time, has now been recognised as a potential local privilege escalation flaw. Identified as CVE-2017-1000253, the bug was initially discovered by Google researcher Michael Davidson in April...
Unpatched Wordpress Flaw Could Allow Hackers To Reset Admin Password
WordPress, the most popular CMS in the world, is vulnerable to a logical vulnerability that could allow a remote attacker to reset targeted users’ password under certain circumstances. The vulnerability CVE-2017-8295 becomes even more dangerous after knowing that it affects all versions of...
Internet Traffic Hijacking Linux Flaw Affects 80% of Android Devices
An estimated 80 percent of Android smartphones and tablets running Android 4.4 KitKat and higher are vulnerable to a recently disclosed Linux kernel flaw that allows hackers to terminate connections, spy on unencrypted traffic or inject malware into the parties' communications. Even the latest...
SpyEye 1.3.45 Download - Loader source code
SpyEye 1.3.45 Download - Loader source code A new fresh and sophisticated web-based bot named SpyEye is around in the markets and looks like to be the possible successor of the famous Zeus Trojan due to its very interesting features, with the main objective to steal bank accounts, credit cards, f...
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
Most of this week's threats didn't rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What stands out is how little friction attackers no...
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]
In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack. This week, we've seen cybercriminals turn overlooked weaknesses into...
Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks
A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow "any malicious actor to claim ownership...
Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping
Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods 2nd generation and later, AirPods Pro all models, AirPods Max, Powerbeats Pro, and...
Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code
The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code. The most severe of the vulnerabilities are listed below - CVE-2024-25641 CVSS score:...
New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA
Financial organizations in the Asia-Pacific APAC and Middle East and North Africa MENA are being targeted by a new version of an "evolving threat" called JSOutProx. "JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET," Resecurity said in a technical report published...
CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 CVSS score: 7.2,...
BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident "began with the exploitatio...
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware
At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTE...
Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability
Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a now-patched critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called...
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in...
Microsoft Warns of North Korean Attacks Exploiting JetBrains TeamCity Flaw
North Korean threat actors are actively exploiting a critical security flaw in JetBrains TeamCity to opportunistically breach vulnerable servers, according to Microsoft. The attacks, which entail the exploitation of CVE-2023-42793 CVSS score: 9.8, have been attributed to Diamond Sleet aka Labyrin...
MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?
MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency CISA said. "An attacker can often exploit these vulnerabilities to tak...
Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass
Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to g...
Experts Discover Flaw in U.S. Govt's Chosen Quantum-Resistant Encryption Algorithm
A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked...
Hackers Exploit Containerized Environments to Steal Proprietary Data and Software
A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary...
New Mirai Botnet Variant 'V3G4' Exploiting 13 Flaws to Target Linux and IoT Devices
A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different...
SpyNote Strikes Again: Android Spyware Targeting Financial Institutions
Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022 that combines both spyware and banking trojan characteristics. "The reason behind this increase is that the developer of the spyware, who was previously selling it to other...
Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users
High-severity security vulnerabilities have been disclosed in different endpoint detection and response EDR and antivirus AV products that could be exploited to turn them into data wipers. "This wiper runs with the permissions of an unprivileged user yet has the ability to wipe almost any file on...
64,000 Additional Patients Impacted by Omnicell Data Breach - What is Your Data Breach Action Plan?
In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. The company has revealed that the incident has impacted an additional 64,000 individuals. This brings the total number of patients affected to over 126,000. Will you be the next victim like Omnicell? If you are...
Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely
WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 CVSS score: 9.8, a critical integer overflow vulnerability in WhatsApp that results in the...
Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion
In what's an act of deliberate sabotage, the developer behind the popular "node-ipc" NPM package shipped a new tampered version to condemn Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the...
Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012
Cybersecurity researchers on Tuesday revealed details of a previously undocumented UEFI Unified Extensible Firmware Interface bootkit that has been put to use by threat actors to backdoor Windows systems as early as 2012 by modifying a legitimate Windows Boot Manager binary to achieve persistence...
YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs
Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into visiting seemingly legitimate Google sites that install a Remote Access Trojan RAT capable of carrying out a wide range of attacks. The attack works by leveraging searches for business forms suc...
Researchers Spotted Malware Written in Nim Programming Language
Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware...
Iranian Hackers Using Remote Utilities Software to Spy On Its Targets
Hackers with suspected ties to Iran are actively targeting academia, government agencies, and tourism entities in the Middle East and neighboring regions as part of an espionage campaign aimed at data theft. Dubbed "Earth Vetala" by Trend Micro, the latest finding expands on previous research...
Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks
Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti or APT41, Positive Technologies dated the first...
Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers
New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email. The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on...
Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified
The South African arm of one of the world's largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers. While Experian itself didn't mention the number of affect customers, in a report, the South African Bankin...
Cynet Offers Free Threat Assessment for Mid-Sized and Large Organizations
Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game with a free threat assessment...
Police Shut Down xDedic – An Online Market for Cyber Criminals
In an international operation involving law enforcement authorities from the U.S. and several European countries, feds have shut down an online underground marketplace and arrested three suspects in Ukraine. Dubbed xDedic, the illegal online marketplace let cybercriminals buy, sell or rent out...
Microsoft building Chrome-based browser to replace Edge on Windows 10
It is no secret how miserably Microsoft's 3-year-old Edge web browser has failed to compete against Google Chrome despite substantial investment and continuous improvements. According to the latest round of tech rumors, Microsoft has given up on Edge and reportedly building a new Chromium-based w...
KICKICO Hacked: Cybercriminal Steals $7.7 Million from ICO Platform
Again some bad news for cryptocurrency users. KICKICO, a blockchain-based initial coin offering ICO support platform, has fallen victim to a suspected cyber attack and lost more than 70 million KICK tokens or KickCoins worth an estimated $7.7 million. In a statement released on its Medium post on...
A New Paradigm For Cyber Threat Hunting
It's no secret that expecting security controls to block every infection vector is unrealistic. For most organizations, the chances are very high that threats have already penetrated their defenses and are lurking in their network. Pinpointing such threats quickly is essential, but traditional...
Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again
Earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server. However, a security researcher, who operates throu...
Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems
Remember SambaCry? Two weeks ago we reported about a 7-year-old critical remote code execution vulnerability in Samba networking software re-implementation of SMB networking protocol that allows a remote hacker to take full control of a vulnerable Linux and Unix machines. To know more about the...
New MySQL Zero Days — Hacking Website Databases
Two critical zero-day vulnerabilities have been discovered in the world's 2nd most popular database management software MySQL that could allow an attacker to take full control over the database. Polish security researcher Dawid Golunski has discovered two zero-days, CVE-2016-6662 and CVE-2016-666...
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall WAF on GitHub, with over 16.4K stars and a rapidly...
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to...
Anatomy of an Attack
In today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using...
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL...
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the...
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber aka C3RB3R ransomware. The attacks leverage CVE-2023-22518 CVSS score: 9.1, a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated...
Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure
U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. "Structured as a ransomware as a...
Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries
The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. "Some of the droppers in the campaign successfully exploited the accessibility service, despite Google Play's enhanced detection and...