Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails

An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims' inboxes. "The code vulnerability ... can be easily exploited by an attacker by sending a malicious email to a victim that uses...

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices. According to Israeli cybersecurity company Check Point,...

New Incident Report Reveals How Hive Ransomware Targets Organizations

A recent Hive ransomware attack carried out by an affiliate involved the exploitation of "ProxyShell" vulnerabilities in the Microsoft Exchange Server that were disclosed last year to encrypt an unnamed customer's network. "The actor managed to achieve its malicious goals and encrypt the...

Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure

The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the...

Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021

Google Project Zero called 2021 a "record year for in-the-wild 0-days," as 58 security vulnerabilities were detected and disclosed during the course of the year. The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, onl...

Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System

Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service DoS condition and render it powerless against malicious traffic. Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and...

[eBook] The Ultimate Security for Management Presentation Template

Are you a CISO, CIO, or IT Director? In your role, you're responsible for breach protection – which means you oversee and govern the process of designing, building, maintaining, and continuously enhancing your organization's security program. But getting buy-in from leadership can be difficult wh...

Okta Says Security Breach by Lapsus$ Hackers Impacted Only Two of Its Customers

Identity and access management provider Okta on Tuesday said it concluded its probe into the breach of a third-party vendor in late January 2022 by the LAPSUS$ extortionist gang and that it was far more limited in scope. Stating that the "impact of the incident was significantly less than the...

Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild

A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency CISA has warned. To that end, the agency has added the shortcoming to its Known Exploited...

New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops

Three high-impact Unified Extensible Firmware Interface UEFI security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and...

Experts Uncover Spyware Attacks Against Catalan Politicians and Activists

A previously unknown zero-click exploit in Apple's iMessage was used to install mercenary spyware from NSO Group and Candiru against at least 65 individuals as part of a "multi-year clandestine operation." "Victims included Members of the European Parliament, Catalan Presidents, legislators,...

FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies

The U.S. Cybersecurity and Infrastructure Security Agency CISA, along with the Federal Bureau of Investigation FBI and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies. Calling the activity cluster TraderTraitor,...

GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens

GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. "Customers should also continue to monitor Heroku an...

Researchers Share In-Depth Analysis of PYSA Ransomware Group

An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like ...

Benchmarking Linux Security – Latest Research Findings

How well do your Linux security practices stack up in today's challenging operating environment? Are you following the correct processes to keep systems up-to-date and protected against the latest threats? Now you can find out thanks to research independently conducted by the Ponemon Institute. T...

New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar

Cybersecurity researchers have disclosed an advanced version of the SolarMarker malware that packs in new improvements with the goal of updating its defense evasion abilities and staying under the radar. "The recent version demonstrated an evolution from Windows Portable Executables EXE files to...

New Hacking Campaign Targeting Ukrainian Government with IcedID Malware

The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information. Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, th...

Critical RCE Flaw Reported in WordPress Elementor Website Builder Plugin

Elementor, a WordPress website builder plugin with over five million active installations, has been found to be vulnerable to an authenticated remote code execution flaw that could be abused to take over affected websites. Plugin Vulnerabilities, which disclosed the flaw last week, said the bug w...

Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector

The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group aka Hidden Cobra in the theft of $540 million from video game Axie Infinity's Ronin Network last month. On Thursday, the Treasury tied the Ethereum wallet address that received the stolen digital currency to the thre...

Get Lifetime Access to This 60-Hour Java Programming Training Bundle @ 97% Discount

Java is a very versatile programming language. From Android apps to Oracle databases, it can be used to power a wide range of software and systems. As with most technical skills, the best way to learn Java is through building your own projects. But you can definitely speed things up with...

GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens

Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations. "An attacker abused stolen OAuth user tokens issued to two third-party...

JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots

As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. "Successful exploitation of these vulnerabilities could cause a...

Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free

A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. "It features the ability to steal sensitive information from victims and can download...

Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller WLC that could be abused by an unauthenticated, remote attacker to take control of an affected system. Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and...

As State-Backed Cyber Threats Grow, Here's How the World Is Reacting

With the ongoing conflict in Eurasia, cyberwarfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months. Notably, cyber attacks backed by state...

Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure

Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks. The issue, assigned the identifier CVE-2022-22966, has a CVSS score of 9.1...

Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw

Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild. Tracked as CVE-2022-1364, the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine...

Ethereum Developer Jailed 63 Months for Helping North Korea Evade Sanctions

A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country. "There is no question North Korea poses a national...

Rarible NFT Marketplace Flaw Could've Let Attackers Hijack Crypto Wallets

Cybersecurity researchers have disclosed a now-fixed security flaw in the Rarible non-fungible token NFT marketplace that, if successfully exploited, could have led to account takeover and theft of cryptocurrency assets. "By luring victims to click on a malicious NFT, an attacker can take full...

New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt

A threat group that pursues crypto mining and distributed denial-of-service DDoS attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things IoT devices since last month. "This botnet is mainly derived from Gafgyt's source code but h...

Microsoft Disrupts ZLoader Cybercrime Botnet in Global Operation

Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts. "ZLoader is made up of computing devices in businesses, hospitals, schools, and home...

U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware

The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems ICS and supervisory control and data acquisition SCADA devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple...

Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild

A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as CVE-2022-22954, the security shortcoming relates to a remote code execution vulnerability...

Webinar: How The Right XDR Can Be a Game-Changer for Lean Security Teams

Extended detection and response XDR is expected to be the future of cybersecurity, merging security technologies with the evolving approach to the way we do cybersecurity. And while many organizations are scrambling to integrate XDR into their cybersecurity strategies – even more are still trying...

Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. The threat actor is said to have targeted entities in the telecommunication, internet service provider and data services sectors from Augus...

Russian Hackers Tried Attacking Ukraine's Power Grid with Industroyer2 Malware

The Computer Emergency Response Team of Ukraine CERT-UA on Tuesday disclosed that it thwarted a cyberattack by Sandworm, a hacking group affiliated with Russia's military intelligence, to sabotage the operations of an unnamed energy provider in the country. "The attackers attempted to take down...

FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin

An international law enforcement operation raided and took down RaidForums, one of the world's largest hacking forums notorious for selling access to hacked personal information belonging to users. Dubbed Tourniquet, the seizure of the cybercrime website involved authorities from the U.S., U.K.,...

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities

Microsoft's Patch Tuesday updates for the month of April have addressed a total of 128 security vulnerabilities spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others. 10 of the 128 bugs fixed are rated...

Cross-Regional Disaster Recovery with Elasticsearch

Unsurprisingly, here at Rewind, we've got a lot of data to protect over 2 petabytes worth. One of the databases we use is called Elasticsearch ES or Opensearch, as it is currently known in AWS. To put it simply, ES is a document database that facilitates lightning-fast search results. Speed is...

Critical LFI Vulnerability Reported in Hashnode Blogging Platform

Researchers have disclosed a previously undocumented local file inclusion LFI vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information. "The LFI originates in a Bulk Markdo...

E.U. Officials Reportedly Targeted with Israeli Pegasus Spyware

Senior officials in the European Union were allegedly targeted with NSO Group's infamous Pegasus surveillance tool, according to a new report from Reuters. At least five individuals, including European Justice Commissioner Didier Reynders, are said to have been singled out in total, the news agen...

NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation

The maintainers of the NGINX web server project have issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol LDAP Reference Implementation. "NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use...

Finding Attack Paths in Cloud Environments

The mass adoption of cloud infrastructure is fully justified by innumerable advantages. As a result, today, organizations' most sensitive business applications, workloads, and data are in the cloud. Hackers, good and bad, have noticed that trend and effectively evolved their attack techniques to...

Google Sues Scammer for Running 'Puppy Fraud Scheme' Website

Google on Monday disclosed that it's taking legal action against a nefarious actor who has been spotted operating fraudulent websites to defraud unsuspecting people into buying non-existent puppies. "The actor used a network of fraudulent websites that claimed to sell basset hound puppies — with...

Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service

A new traffic direction system TDS called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns. "The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, universit...

Researchers warn of FFDroider and Lightning info-stealers targeting users in the wild

Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. "Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself ...

Microsoft's New Autopatch Feature to Help Businesses Keep Their Systems Up-to-Date

Microsoft last week announced that it intends to make generally available a feature called Autopatch as part of Windows Enterprise E3 in July 2022. "This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost," said Lior Bela, senior...

Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware

The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. "The exploitation allows threat actors to download the Mirai sample to the '/tmp' folder...

Chinese Hacker Groups Continue to Target Indian Power Grid Assets

China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to...

Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity

Cybersecurity researchers have uncovered further links between BlackCat aka ALPHV and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new BlackCat group have links to the BlackMatter group,...