20926 matches found
Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware
Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has been tracking a series of attacks in the past month leveraging compromised VPN credentials and CVE-2024-40711 to...
North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit
A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which has made ...
Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users
Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being...
CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that...
New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data
Modern CPUs from Intel, including Raptor Lake and Alder Lake, have been found vulnerable to a new side-channel attack that could be exploited to leak sensitive information from the processors. The attack, codenamed Indirector by security researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen,...
Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence AI infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud...
Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia
The Black Basta ransomware-as-a-service RaaS operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022. In a joint advisory published by the Cybersecurity and Infrastructure Security Agency...
China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws
A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign. Google-owned Mandiant is tracking the activity under its...
New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities
A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane as part of a cyber attack that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that's believed to have be...
Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws
Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below - CVE-2024-23225 - A memory corruption issue in Kernel that an attacker with arbitrary kernel read and writ...
Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks
A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig...
U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile EPMM and MobileIron Core to its Known Exploited Vulnerabilities KEV catalog, stating it's being actively exploited in the wild. The vulnerability i...
SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails
A new exploitation technique called Simple Mail Transfer Protocol SMTP smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from...
Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks
Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under "limited, targeted exploitation" back in October 2023. The vulnerabilities are as follows - CVE-2023-33063 CVSS score: 7.8 - Memory corruption in DSP Services during a remote call fro...
6 Steps to Accelerate Cybersecurity Incident Response
Modern security tools continue to improve in their ability to defend organizations' networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That's why it's...
PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS
An ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of a larger China-based operation codenamed BADBOX, which also entails selling off-brand mobile and...
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud
LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider IDP as initial access into an environment with the goal of stealing Intellectual Property IP for extortion. LUCR-3 targets Fortune 20...
Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability
Adobe's Patch Tuesday update for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the...
Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird
Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser. The shortcoming, assigned the identifier CVE-2023-4863, is a he...
Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer's corporate account. This enabled the adversary to access a debugging environment that contained informatio...
New Android 14 Security Feature: IT Admins Can Now Disable 2G Networks
Google has introduced a new security feature in Android 14 that allows IT administrators to disable support for 2G cellular networks in their managed device fleet. The search giant said it's introducing a second user setting to turn off support, at the model level, for null-ciphered cellular...
WhatsApp Upgrades Proxy Feature Against Internet Shutdowns
Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. This includes the ability to send and receive images, voice notes, files, stickers and GIFs, WhatsApp told The Hacker News. The new features were firs...
Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software
Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol BGP that could be weaponized to achieve a denial-of-service DoS condition on vulnerable BGP peers. The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source...
Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware
Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. Jamf Threat Labs, which made the discovery, said the XMRig coin miner was executed by means of an unauthorized modification in Final Cut Pro, a video editing software fr...
New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild
Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency CIA's Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017. "This is the first time we caught a variant of the CIA Hive...
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...
Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products
Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller ADC and Gateway products that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized...
Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government
A former U.S. National Security Agency NSA employee has been arrested on charges of attempting to sell classified information to a foreign spy, who was actually an undercover agent working for the Federal Bureau of Investigation FBI. Jareh Sebastian Dalke, 30, was employed at the NSA for less tha...
GitLab Issues Security Patch for Critical Account Takeover Vulnerability
GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of...
15-Year-Old Bug in PEAR PHP Repository Could've Enabled Supply Chain Attacks
A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. "An attacker exploiting the first one could take over...
New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360's Netlab security team called it B1txor20 "based on its propagation using the file name...
Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion
UPDATE: It's worth noting that the malware Microsoft tracks as FoxBlade is the same as the data wiper that's been denominated HermeticWiper aka KillDisk. Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital...
Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software
Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager RCM for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 CVSS scor...
Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console
Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month. The issue, tracked as CVE-2021-42392, is the "first critical issue published since...
Why Everyone Needs to Take the Latest CISA Directive Seriously
Government agencies publish notices and directives all the time. Usually, these are only relevant to government departments, which means that nobody else really pays attention. It's easy to see why you would assume that a directive from CISA just doesn't relate to your organization. But, in the...
Researchers Uncover 'Process Ghosting' — A New Malware Evasion Technique
Cybersecurity researchers have disclosed a new executable image tampering attack dubbed "Process Ghosting" that could be potentially abused by an attacker to circumvent protections and stealthily run malicious code on a Windows system. "With this technique, an attacker can write a piece of malwar...
Hackers Breached Colonial Pipeline Using Compromised VPN Password
The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator's network using a compromised virtual private network VPN account password, the latest investigation into the incident has revealed. The development, which was reported by Bloomber...
Hackers Using Fake Foundations to Target Uyghur Minority in China
The Uyghur community located in China and Pakistan has been the subject of an ongoing espionage campaign aiming to trick the targets into downloading a Windows backdoor to amass sensitive information from their systems. "Considerable effort was put into disguising the payloads, whether by creatin...
Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy
WhatsApp on Friday disclosed that it won't deactivate accounts of users who don't accept its new privacy policy rolling out on May 15, adding it will continue to keep reminding them to accept the new terms. "No one will have their accounts deleted or lose functionality of WhatsApp on May 15 becau...
Hackers Using Website's Contact Forms to Deliver IcedID Malware
Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive...
22-Year-Old Charged With Hacking Water System and Endangering Lives
A 22-year-old man from the U.S. state of Kansas has been indicted on charges that he unauthorizedly accessed a public water facility's computer system, jeopardizing the residents' safety and health in the local community. Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, has been charged with...
Fixing the Weakest Link — The Passwords — in Cybersecurity Today
Password security has long been an issue for businesses and their cybersecurity standards. Account passwords are often the weakest link in the overall security posture for many organizations. Many companies have used Microsoft's default password policies for decades. While these can be customized...
Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials
A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks...
Enhancing Email Security with MTA-STS and SMTP TLS Reporting
In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the...
4 Free Online Cyber Security Testing Tools For 2021
Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In September, Gartner published a list of "Top 9 Security and Risk Trends for 2020" putting a bold emphasis on the growing complexity and size of...
Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web
In a new report into the global cybersecurity industry's exposure on the Dark Web this year, global application security company, ImmuniWeb, uncovered that 97% of leading cybersecurity companies have data leaks or other security incidents exposed on the Dark Web, while on average, there are over...
New PIN Verification Bypass Flaw Affects Visa Contactless Payments
Even as Visa issued a warning about a new JavaScript web skimmer known as Baka, cybersecurity researchers have uncovered an authentication flaw in the company's EMV enabled payment cards that permits cybercriminals to obtain funds and defraud cardholders as well as merchants illicitly. The...
Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network
In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders. Dubbed...
Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets
Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and carry out malvertising campaigns. In a new report shared with The Hacker News, cybersecurity firm RiskIQ said it identified...
Unveiled: How xHelper Android Malware Re-Installs Even After Factory Reset
Remember xHelper? A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers...