20754 matches found
Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild
Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on the timing of its appearance in the threat landscape and use by multiple...
FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide
The U.S. Federal Bureau of Investigation FBI is sounding the alarm on the BlackCat ransomware-as-a-service RaaS, which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Also called ALPHV and Noberus, the malware is notable for being the...
JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots
As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. "Successful exploitation of these vulnerabilities could cause a...
FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin
An international law enforcement operation raided and took down RaidForums, one of the world's largest hacking forums notorious for selling access to hacked personal information belonging to users. Dubbed Tourniquet, the seizure of the cybercrime website involved authorities from the U.S., U.K.,...
Critical Security Flaws Reported in Moxa MXview Network Management Software
Technical details have been disclosed regarding a number of security vulnerabilities affecting Moxa's MXview web-based network management system, some of which could be chained by an unauthenticated adversary to achieve remote code execution on unpatched servers. The five security weaknesses "cou...
Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks
An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group...
Hackers Using New Evasive Technique to Deliver AsyncRAT Malware
A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an HTML attachment, threat attackers are delivering AsyncRAT a remote access trojan...
Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability
Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent denial-of-service DoS issue affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its release notes fo...
FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug
The U.S. Federal Bureau of Investigation FBI has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks,...
The Gap in Your Zero Trust Implementation
Over the last several years, there have been numerous high-profile security breaches. These breaches have underscored the fact that traditional cyber defenses have become woefully inadequate and that stronger defenses are needed. As such, many organizations have transitioned toward a zero trust...
New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
A set of new security vulnerabilities has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service DoS attacks. Collectively dubbed "BrakTooth" referring to the Norwegian word "Brak" which translates...
Get Lifetime Access to 24 Professional Cybersecurity Certification Prep Courses
Not all heroes wear capes. Cybersecurity professionals are digital warriors who use their knowledge and skill to battle malicious hackers. Sounds like an exciting career, right? If the comic-book comparisons aren't working for you, perhaps some figures will. According to ZipRecruiter, the average...
Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan
A new social engineering-based malvertising campaign targeting Japan has been found to deliver a malicious application that deploys a banking trojan on compromised Windows machines to steal credentials associated with cryptocurrency accounts. The application masquerades as an animated porn game, ...
PyPI Python Package Repository Patches Critical Supply Chain Flaw
The maintainers of Python Package Index PyPI last week issued fixes for three vulnerabilities, one among which could be abused to achieve arbitrary code execution and take full control of the official third-party software repository. The security weaknesses were discovered and reported by Japanes...
Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild
Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what's a "highly modular" .NET-based information stealer and keylogger, charting the course for the threat actor's continued evolution while simultaneously remaining under the radar...
APT Hackers Distributed Android Trojan via Syrian e-Government Portal
An advanced persistent threat APT actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observ...
Top 10 Privacy and Security Features Apple Announced at WWDC 2021
Apple on Monday announced a number of privacy and security-centric features to its upcoming versions of iOS and macOS at its all-online Worldwide Developers Conference. Here is a quick look at some of the big-ticket changes that are expected to debut later this fall: 1 — Decouple Security Patches...
Why Password Hygiene Needs a Reboot
In today's digital world, password security is more important than ever. While biometrics, one-time passwords OTP, and other emerging forms of authentication are often touted as replacements to the traditional password, today, this concept is more marketing hype than anything else. But just becau...
New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers
Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System DNS resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers. The flaw, called 'TsuNAME,' was discovered by researche...
Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites
A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads. "The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Soph...
Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware
Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's...
TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers
Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked...
British Court Rejects U.S. Request to Extradite WikiLeaks' Julian Assange
A British court has rejected the U.S. government's request to extradite Wikileaks founder Julian Assange to the country on charges pertaining to illegally obtaining and sharing classified material related to national security. In a hearing at Westminster Magistrates' Court today, Judge Vanessa...
SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack
Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory...
Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners
A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender...
Chinese APT Hackers Target Southeast Asian Government Institutions
Cybersecurity researchers today unveiled a complex and targeted espionage attack on potential government sector victims in South East Asia that they believe was carried out by a sophisticated Chinese APT group at least since 2018. "The attack has a complex and complete arsenal of droppers,...
Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents
Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information. The threat actor, suspected to be of Iranian...
FBI adds 5 Chinese APT41 hackers to its Cyber's Most Wanted List
The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking more than 100 companies throughout the world. Named as APT41 and also known as 'Barium,' 'Winnti, 'Wicked Panda,' and...
Is Your Security Vendor Forcing You To Move to the Cloud? You Don't Have To!
Many endpoint security vendors are beginning to offer their applications only in the cloud, sunsetting their on-premise offerings. This approach may be beneficial to the vendor, but many clients continue to need on-premise solutions. Vendors that sunset on-premise solutions force clients that...
Security Drift – The Silent Killer
Global spending on cybersecurity products and services is predicted to exceed $1 trillion during the period of five years, between 2017 to 2021, with different analysts predicting the Compound Annual Growth Rate CAGR at anywhere between 8 to 15%. It is not surprising to see this growth in spendin...
Critical Security Patches Released for Magento, Adobe Illustrator and Bridge
It's not 'Patch Tuesday,' but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical vulnerabilities. The list of affected software includes Adobe Illustrator, Adobe Bridge, and Magento e-commerce platform,...
Researchers Uncover a Nigerian Hacker's Pursuit of his Million Dollar Dream
Social engineering-driven malware threats continue to be a big threat, but new research details how cybercriminals profit off such schemes to launder hundreds of thousands of dollars from stolen credit cards of unsuspecting victims. Cybersecurity firm Check Point Research, in a report shared with...
The Pirate Bay was recently down for over a week due to a DDoS attack
It seems like the prolonged downtime and technical difficulties faced by The Pirate Bay over the past several weeks were due to a series of distributed denial of service DDoS attacks against the widely-popular torrent website by malicious actors. For those unaware, The Pirate Bay was down for mor...
Epic Games Hit With Class Action Lawsuit Over Hacked 'Fortnite' Accounts
Epic Games, the creator of the popular 'Fortnite' video game, is facing a class-action lawsuit from gamers over hacked Fortnite accounts, accusing the company of failing to maintain adequate security measures and notify users of the security breach in a timely manner. The lawsuit, filed by...
OnePlus 6 Flaw Allows to Boot Any Image Even With Locked Bootloader
Have you recently bought a OnePlus 6? Don't leave your phone unattended. A serious vulnerability has been discovered in the OnePlus 6 bootloader that makes it possible for someone to boot arbitrary or modified images to take full admin control of your phone—even if the bootloader is locked. A...
Mac Software Mines Cryptocurrency in Exchange for Free Access to Premium Account
Nothing comes for free, especially online. Would you be okay with allowing a few paid services to mine cryptocurrencies using your system instead of paying the subscription fee? Most free websites and services often rely on advertising revenue to survive, but now there is a new way to make...
New Cryptocurrency Mining Malware Infected Over 500,000 PCs in Just Few Hours
Two days ago, Microsoft encountered a rapidly spreading cryptocurrency-mining malware that infected almost 500,000 computers within just 12 hours and successfully blocked it to a large extent. Dubbed Dofoil, aka Smoke Loader, the malware was found dropping a cryptocurrency miner program as payloa...
Highly Critical Flaw (CVSS Score 10) Lets Hackers Hijack Oracle Identity Manager
A highly critical vulnerability has been discovered in Oracle's enterprise identity management system that can be easily exploited by remote, unauthenticated attackers to take full control over the affected systems. The critical vulnerability tracked as CVE-2017-10151, has been assigned the highe...
China Bans WhatsApp Messenger
Popular instant messaging app WhatsApp has already been struggling for its existence in China ever since July when Chinese government blocked its users from sending photos and videos over the app. Now, it appears that China has largely blocked Facebook-owned WhatsApp in its latest step to tighten...
Warning! Just an Image Can Hack Your Android Phone — Patch Now
Own an Android smartphone? Beware, as just an innocuous-looking image on social media or messaging app could compromise your smartphone. Along with the dangerous Quadrooter vulnerabilities that affected 900 Million devices and other previously disclosed issues, Google has patched a...
Warning! Over 900 Million Android Phones Vulnerable to New 'QuadRooter' Attack
Android has Fallen! Yet another set of Android security vulnerabilities has been discovered in Qualcomm chipsets that affect more than 900 Million Android smartphones and tablets worldwide. What's even worse: Most of those affected Android devices will probably never be patched. Dubbed...
Shocking! Instagram HACKED! Researcher hacked into Instagram Server and Admin Panel
Ever wonder how to hack Instagram or how to hack a facebook account? Well, someone just did it! But, remember, even responsibly reporting a security vulnerability could end up in taking legal actions against you. An independent security researcher claims he was threatened by Facebook after he...
Microsoft pushes Emergency Patch for Zero-Day Internet Explorer Flaw
It's time to immediately patch your Internet Explorer – Once again! Microsoft has issued an emergency out-of-band patch for all supported versions of Internet Explorer browser, to fix a critical security flaw that hackers are actively exploiting to hijack control of targeted computers. The Zero-D...
NetUSB Driver Flaw Exposes Millions of Routers to Hacking
A simple but shockingly dangerous vulnerability has been uncovered in the NetUSB component, putting Millions of modern routers and other embedded devices across the globe at risk of being compromised by hackers. The security vulnerability, assigned CVE-2015-3036, is a remotely exploitable kernel...
Vulnerability in Hotel WiFi Network Exposes You to Hackers
There is no end to users problem when it comes to security. Everything is easily hackable — from home wireless routers to the large web servers that leak users' personal data into the world in one shot. If you love to travel and move hotels to hotels, then you might be dependent on free Wi-Fi...
Samba Service Hit By Remote Code Execution Vulnerability
A critical vulnerability has been fixed in Samba — Open Source standard Windows interoperability suite of programs for Linux and Unix, that could have allowed hackers to remotely execute an arbitrary code in the Samba daemon smbd. Samba is an open source implementation of the SMB/CIFS network fil...
Internet Explorer zero-day vulnerability actively being exploited in the wild
Security researchers at FireEye have detected a new series of drive-by attacks based on a new Internet Explorer zero-day vulnerability. The attackers breached a website based in the US to deploy the exploit code to conduct a classic watering hole attack. The discovery was announced just a few day...
Microsoft issues Emergency Fix for Internet Explorer zero-day exploit
All supported versions of Internet Explorer are vulnerable to a zero-day Exploit that is currently being exploited in targeted attacks against IE 8 and IE 9, dubbed "CVE-2013-3893 MSHTML Shim Workaround". Microsoft confirmed that the flaw was unknown before the attacks and that it is already...
Anonymous hackers exposes details of U.S FEMA contractors
Anonymous hackers claimed yesterday that they have broken into a server used by the Federal Emergency Management Agency FEMA and leaked the database password : fema includes - names, addresses and other information of FEMA contractors, private defense contractors, federal agents and local...
AirDroid vulnerability allows hackers to perform Dos attack from your Android device
A vulnerability in AirDroid application which provides wireless management of your Android phone or tablet from any browser on the same Wi-Fi network allow hackers to perform Dos attack from your Android device. Cross Site scripting or XSS vulnerability in the browser version of AirDroid allows a...