Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks

Watch out Windows users! The cybercriminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple's iTunes and iCloud software for Windows to evade antivirus detection. The vulnerab...

Microsoft Windows 10 will get a full built-in Linux Kernel for WSL 2

Yes, you heard me right. Microsoft is taking another step forward to show its love for Linux and open source community by shipping a full Linux kernel in Windows 10 this summer. No, that doesn't mean Microsoft is making its Windows 10 a Linux distro, but the company will begin to ship an in-house...

Facebook Could Be Fined Up To $5 Billion Over Privacy Violations

Facebook expects to face a massive fine of up to $5 billion from the Federal Trade Commission FTC as the result of an investigation into its privacy policies—that's about one month's revenue for the social media giant. To be clear the amount of fine is not what the FTC has announced or hinted yet...

Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress

Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin. The vulnerable plugin in question is Social Warfare which is a popul...

Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered

A new powerful rootkit-enabled spyware operation has been discovered wherein hackers are distributing multifunctional malware disguised as cracked software or trojanized app posing as legitimate software like video players, drivers and even anti-virus products. While the rootkit malware—dubbed...

540 Million Facebook User Records Found On Unprotected Amazon Servers

It's been a bad week for Facebook users. First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now… ...the bad week gets worse with a new privacy breach. More than half a billion records of millions of Facebook users hav...

Georgia Tech Data Breach Exposes 1.3 Million Users' Personal Data

The Georgia Institute of Technology, well known as Georgia Tech, has confirmed a data breach that has exposed personal information of 1.3 million current and former faculty members, students, staff and student applicants. In a brief note published Tuesday, Georgia Tech says an unknown outside...

WhiteSource Bolt for GitHub: Free Open Source Vulnerability Management App for Developers

Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications. Collaboration on open source projects throughout the community produces stronger code,...

New Cold Boot Attack Unlocks Disk Encryption On Nearly All Modern PCs

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption. The attack is a new variation of a traditional Cold Boot Attack, which is around since 2008 and lets attackers...

Researchers Uncover New Attacks Against LTE Network Protocol

If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely. A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on...

75% of the 'Left to Get Hacked' Redis Servers Found Infected

Despite the continual emergence of new cyber attacks because of misconfigured servers and applications, people continue to ignore security warnings. A massive malware campaign designed to target open Redis servers, about which researchers warned almost two months ago, has now grown and already...

Google Employees Help Thousands Of Open Source Projects Patch Critical ‘Mad Gadget Bug’

Last year Google employees took an initiative to help thousands of Open Source Projects patch a critical remote code execution vulnerability in a widely used Apache Commons Collections ACC library. Dubbed Operation Rosehub, the initiative was volunteered by some 50 Google employees, who utilized ...

OpenSSL to Patch High Severity Vulnerability this Week

The OpenSSL Foundation is set to release a handful of patches for undisclosed security vulnerabilities in its widely used open source software later this week, including one that has been rated "high" severity. In a mailing list note published last night, Matt Caswell of the OpenSSL Project Team...

Lizard Squad vs Anonymous — 'PlayStation, Xbox and Tor Network' Attacks

It was the sad Christmas day for gamers all around the world!! A lot of people get new PlayStations and Xboxes on Christmas, but this Christmas they bought the game, popped it into the console for online gaming, and what they found? Oh Crap! I can't log on. It was the notorious hacker group "Liza...

Oracle releases Critical Update to Patch 104 Vulnerabilities

It’s time to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities. The United States software maker Oracle releases its security updates every three months, which it referred to as "Critical Patch Updates" CPU. Yesterday, Oracle released...

Billions of Smartphone Users affected by Heartbleed Vulnerability

Heartbleed has left a worst impression worldwide affecting millions of websites and is also supposed to put millions of Smartphones and tablets users at a great risk. Heartbleed is a critical bug CVE-2014-0160 in the popular OpenSSL cryptographic software library, that actually resides in the...

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the...

PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware

Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System CLFS was exploited as a zero-day in ransomware attacks aimed at a small number of targets. "The targets include organizations in the information technology IT and real estate sectors of the United...

New SideWinder Cyber Attacks Target Maritime Facilities in Multiple Countries

The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. The BlackBerry Research and Intelligence Team, which discovered the activity, said targets of the spear-phishi...

New Ransomware Group Exploiting Veeam Backup Software Vulnerability

A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of...

RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name...

CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 CVSS score: 7.2,...

Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. The vulnerabilities are listed below - CVE-2024-1708 CVSS score: 8.4 - Improper...

URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite

GitLab once again released fixes to address a critical security flaw in its Community Edition CE and Enterprise Edition EE that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10. "An...

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. "Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord," Tren...

U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem

U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that's known to employ sophisticated phishing tactics to infiltrate targets. "Scattered Spider threat actors typically engage in data theft for extortion using multipl...

DoNot Team's New Firebird Backdoor Hits Pakistan and Afghanistan

The threat actor known as DoNot Team has been linked to the use of a novel .NET-based backdoor called Firebird targeting a handful of victims in Pakistan and Afghanistan. Cybersecurity company Kaspersky, which disclosed the findings in its APT trends report Q3 2023, said the attack chains are als...

Iranian APT Group OilRig Using New Menorah Malware for Covert Operations

Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine,...

Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment CI/CD software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and ha...

HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack

The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system. Besides recompiling malware samples for different architectures, the artifacts are sa...

WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks

With generative artificial intelligence AI becoming all the rage these days, it's perhaps not surprising that the technology has been repurposed by malicious actors to their own advantage, enabling avenues for accelerated cybercrime. According to findings from SlashNext, a new generative AI...

Legion Malware Upgraded to Target SSH Servers and AWS Credentials

An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services AWS credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to...

New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks

Details have emerged about a high-severity security vulnerability impacting Service Location Protocol SLP that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive...

North Korean UNC2970 Hackers Expands Operations with New Malware Families

A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. Google-owned Mandiant said the threat cluster shares "multipl...

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud

Two security flaws have been disclosed in Samsung's Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues, tracked as CVE-2023-21433 and CVE-2023-21434, were...

CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...

Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images

A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to...

Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines

The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that...

These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times

As many as 16 malicious apps with over 20 million cumulative downloads have been taken down from the Google Play Store after they were caught committing mobile ad fraud. The Clicker malware masqueraded as seemingly harmless utilities like cameras, currency/unit converters, QR code readers,...

Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure

Researchers have disclosed a new severe Oracle Cloud Infrastructure OCI vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz, said in a...

Okta Hackers Behind Twilio and Cloudflare Attacks Hit Over 130 Organizations

The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned 0ktapus by Group-IB because the initial goal of the...

Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability

Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the...

New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks

Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers PLCs to gain an initial foothold in engineering workstations and subsequently invade the operational technology OT networks. Dubbed "Evil PLC" attack by industrial security firm...

Experts Uncover Spyware Attacks Against Catalan Politicians and Activists

A previously unknown zero-click exploit in Apple's iMessage was used to install mercenary spyware from NSO Group and Candiru against at least 65 individuals as part of a "multi-year clandestine operation." "Victims included Members of the European Parliament, Catalan Presidents, legislators,...

Wazuh Offers XDR Functionality at a Price Enterprises Will Love — Free!

Back in 2018, Palo Alto Networks CTO and co-founder Nir Zuk coined a new term to describe the way that businesses needed to approach cybersecurity in the years to come. That term, of course, was extended detection and response XDR. It described a unified cybersecurity infrastructure that brought...

New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable

A novel phishing technique called browser-in-the-browser BitB attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, wh...

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security

Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discove...

VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server

VMware on Tuesday published a new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that a remote attacker could exploit to take control of an affected system. The most urgent among them is an arbitrary file upload vulnerability in the Analytics...

FIN7 Supervisor Gets 7-Year Jail Term for Stealing Millions of Credit Cards

A Ukrainian national and a mid-​level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a "pen tester" and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards. Andrii Kolpakov, 33,...

Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks

Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment IDE. The vulnerable extensions could be exploited to run arbitrary code on ...