20926 matches found
Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic
The OpenSSL Foundation has released the promised patch for a high severity vulnerability in its cryptographic code library that let attackers obtain the key to decrypt HTTPS-based communications and other Transport layer security TLS channels. OpenSSL is an open-source library that is the most...
20-Year Old Vulnerability in LZO Compression Algorithm Went to Planet Mars
A 20 year old critical subtle integer overflow vulnerability has been discovered in Lempel-Ziv-Oberhumer LZO, an extremely efficient data compression algorithm that focuses on decompression speed, which is almost five times faster than zlib and bzip compression algorithms. Lempel-Ziv-Oberhumer LZ...
Billions of Smartphone Users affected by Heartbleed Vulnerability
Heartbleed has left a worst impression worldwide affecting millions of websites and is also supposed to put millions of Smartphones and tablets users at a great risk. Heartbleed is a critical bug CVE-2014-0160 in the popular OpenSSL cryptographic software library, that actually resides in the...
CVE-2013-5065: Microsoft Windows XP and Server 2003 Privilege escalation Zero-Day exploit discovered
None...
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. "Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control C2 servers...
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week's cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new...
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware
The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 CVSS score: 7.5, a memory corruption bug in the Scripting Engine...
Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware
Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three year...
Severe Flaws Disclosed in Brocade SANnav SAN Management Software
Several security vulnerabilities disclosed in Brocade SANnav storage area network SAN management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discover...
New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth
A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control C2 server IP...
Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage NAS devices. Tracked as CVE-2024-3272 CVSS score: 9.8 and CVE-2024-3273 CVSS score: 7.3, the vulnerabilities impact legacy D-Link...
Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now
ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. The vulnerabilities are listed below - CVE-2024-1708 CVSS score: 8.4 - Improper...
Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs
Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it's currently beginning to notify them. The development comes a day after Hewlett Packard Enterprise HPE...
Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts
Threat actors can take advantage of Amazon Web Services Security Token Service AWS STS as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and...
Researchers Expose Prolific Puma's Underground Link Shortening Service
A threat actor known as Prolific Puma has been maintaining a low profile and operating an underground link shortening service that's offered to other threat actors for at least over the past four years. Prolific Puma creates "domain names with an RDGA registered domain generation algorithm and us...
The Fast Evolution of SaaS Security from 2020 to 2024 (Told Through Video)
SaaS Security's roots are in configuration management. An astounding 35% of all security breaches begin with security settings that were misconfigured. In the past 3 years, the initial access vectors to SaaS data have widened beyond misconfiguration management. "SaaS Security on Tap" is a new vid...
Researcher Reveals New Techniques to Bypass Cloudflare's Firewall and DDoS Protection
Firewall and distributed denial-of-service DDoS attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of these safeguards, it has emerged. "Attackers can utilize their own Cloudflare accounts to abuse the...
Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw
Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild. Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android...
Legion Malware Upgraded to Target SSH Servers and AWS Credentials
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services AWS credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to...
New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems
A new ransomware-as-service RaaS operation called MichaelKors has become the latest file-encrypting malware to target Linux and VMware ESXi systems as of April 2023. The development points to cybercriminal actors increasingly setting their eyes on the ESXi, cybersecurity firm CrowdStrike said in ...
Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor
An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated...
NAPLISTENER: New Malware in REF2924 Group's Arsenal for Bypassing Detection
The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia. The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C and is designed to evade "network-based forms of...
CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers
The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...
Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems
Microsoft on Tuesday disclosed it took steps to implement blocking protections and suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program. The tech giant said its investigation revealed the activity was restricted to a number of...
New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers
Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan. "In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico City and from the Public...
Resolving Availability vs. Security, a Constant Conflict in IT
Conflicting business requirements is a common problem – and you find it in every corner of an organization, including in information technology. Resolving these conflicts is a must, but it isn't always easy – though sometimes there is a novel solution that helps. In IT management there is a...
Pakistani Hackers Targeting Indian Students in Latest Malware Campaign
The advanced persistent threat APT group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network ...
New Hertzbleed Side Channel Attack Affects All Modern AMD and Intel CPUs
A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. Dubbed Hertzbleed by a group of researchers from the University of Texas, the University of Illinois Urbana-Champaign, and the University ...
GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts
DevOps platform GitLab has released software updates to address a critical security vulnerability that, if potentially exploited, could permit an adversary to seize control of accounts. Tracked as CVE-2022-1162, the issue has a CVSS score of 9.1 and is said to have been discovered internally by t...
New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable
A novel phishing technique called browser-in-the-browser BitB attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, wh...
New "SockDetour" Fileless, Socketless Backdoor Targets U.S. Defense Contractors
Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. "SockDetour is a backdoor that is designed to...
Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike
Vulnerable internet-facing Microsoft SQL MS SQL Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. "Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not...
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution RCE on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak...
Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse
Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on...
Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers
Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept PoC tool on December 12. The two vulnerabilities — tracked as CVE-2021-42278 and CVE-2021-42287 — have a severi...
VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client
VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Track...
Ransomware Group FIN12 Aggressively Going After Healthcare Targets
An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon...
VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server
VMware on Tuesday published a new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that a remote attacker could exploit to take control of an affected system. The most urgent among them is an arbitrary file upload vulnerability in the Analytics...
Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack
Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "high confidence" to a threat actor operating out of China. In mid-July, the Texas-based company...
MSPs and MSSPs Can Increase Profit Margins With Cynet 360 Platform
As cyber threats keep on increasing in volume and sophistication, more and more organizations acknowledge that outsourcing their security operations to a 3rd-party service provider is a practice that makes the most sense. To address this demand, managed security services providers MSSPs and manag...
A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System
A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor." The campaign — dubbed "MeteorExpress" — has not be...
Hackers Turning to 'Exotic' Programming Languages for Malware Development
Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts. "Malware authors are known for their ability to adapt and modify their...
SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm
Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said its intrusion was not the result of a SolarWin...
China's Baidu Android Apps Caught Collecting Sensitive User Data
Two popular Android apps from Chinese tech giant Baidu were temporarily unavailable on the Google Play Store in October after they were caught collecting sensitive user details. The two apps in question—Baidu Maps and Baidu Search Box—were found to collect device identifiers, such as the...
Intel CPUs Vulnerable to New 'SGAxe' and 'CrossTalk' Side-Channel Attacks
Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU's trusted execution environments TEE. Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack...
New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective
Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. The findings are from a paper "DABANGG: Time for Fearless Flush based Cache...
Researchers Uncover Brazilian Hacktivist's Identity Who Defaced Over 4800 Sites
It's one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It's, however, an entirely different thing to leave a digital trail that leads cybersecurity researchers right to their doorsteps. That's exactly what happened in the case of a hacktivi...
Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims
A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang. The findings, published by digital forensics firm Volexity, reveal that the exploit — named "Insomnia" —...
Let's Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years
Let's Encrypt, a free, automated, and open certificate signing authority CA from the nonprofit Internet Security Research Group ISRG, has said it's issued a billion certificates since its launch in 2015. The CA issued its first certificate in September 2015, before eventually reaching 100 million...
New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users
A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf. The impersonation attack —...