20782 matches found
Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild
Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year. What's more, three of the four zero-days were...
16 Cybercriminals Behind Mekotio and Grandoreiro Banking Trojan Arrested in Spain
Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe. The arrests were made in Ribeira A Coruña, Madrid, Parla and...
REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks
REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down. Multiple darknet and clearnet sites maintained by the Russia-linke...
Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days
Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems. Of the 117...
Chinese Hackers Exploited Latest SolarWinds 0-Day in Targeted Attacks
Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution RCE exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322." The revelation comes days after the Texas-based IT monitori...
Critical Flaws Reported in Etherpad — a Popular Google Docs Alternative
Cybersecurity researchers have disclosed new security vulnerabilities in the Etherpad text editor version 1.8.13 that could potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents. The two flaws — tracked as CVE-2021-34816 and...
Iranian Hackers Posing as Scholars Target Professors and Writers in Middle-East
A sophisticated social engineering attack undertaken by an Iranian-state aligned actor targeted think tanks, journalists, and professors with an aim to solicit sensitive information by masquerading as scholars with the University of London's School of Oriental and African Studies SOAS. Enterprise...
Trickbot Malware Returns with a new VNC Module to Spy on its Victims
Cybersecurity researchers have opened the lid on the continued resurgence of the insidious Trickbot malware, making it clear that the Russia-based transnational cybercrime group is working behind the scenes to revamp its attack infrastructure in response to recent counter efforts from law...
Critical RCE Flaw in ForgeRock Access Manager Under Active Attack
Cybersecurity agencies in Australia and the U.S. are warning of an actively exploited vulnerability impacting ForgeRock's OpenAM access management solution that could be leveraged to execute arbitrary code on an affected system remotely. "The Australian Cyber Security Centre has observed actors...
A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack
SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service. The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP product...
Crafting a Custom Dictionary for Your Password Policy
Modern password policies are comprised of many different elements that contribute to its effectiveness. One of the components of an effective current password policy makes use of what is known as a custom dictionary that filters out certain words that are not allowed as passwords in the...
Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites
Cybersecurity researchers are warning about a new malware that's striking online gambling companies in China via a watering hole attack to deploy either Cobalt Strike beacons or a previously undocumented Python-based backdoor called BIOPASS RAT that takes advantage of Open Broadcaster Software OB...
Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack
Florida-based software vendor Kaseya on Sunday rolled out urgent updates to address critical security vulnerabilities in its Virtual System Administrator VSA solution that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain...
Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration
Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocksBlockcomment and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously...
New SaaS Security Report Dives into the Concerns and Plans of CISOs in 2021
For years, security professionals have recognized the need to enhance SaaS security. However, the exponential adoption of Software-as-a-Service SaaS applications over 2020 turned slow-burning embers into a raging fire. Organizations manage anywhere from thirty-five to more than a hundred...
Critical Flaws Reported in Philips Vue PACS Medical Imaging Systems
Multiple security vulnerabilities have been disclosed in Philips Clinical Collaboration Platform Portal aka Vue PACS, some of which could be exploited by an adversary to take control of an affected system. "Successful exploitation of these vulnerabilities could allow an unauthorized person or...
Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files
While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain directly, new findings indicate attackers are using non-malicious documents to disable security warnings prior to executing mac...
Critical Flaws Reported in Sage X3 Enterprise Management Software
Four security vulnerabilities have been uncovered in the Sage X3 enterprise resource planning ERP product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems. These issues were discovered ...
Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America
Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims. Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary...
Security Awareness Training is Broken. Human Risk Management (HRM) is the Fix
Humans are an organization's strongest defence against evolving cyber threats, but security awareness training alone often isn't enough to transform user behaviour. In this guide, usecure looks at why Human Risk Management HRM is the new fix for building a security-savvy workforce. Don't be...
How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare
This week, PrintNightmare - Microsoft's Print Spooler vulnerability CVE-2021-34527 was upgraded from a 'Low' criticality to a 'Critical' criticality. This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers. As we...
SideCopy Hackers Target Indian Government Officials With New Malware
A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans RATs, signaling a "boost in their development operations." Attributed to a group tracked as SideCopy, th...
Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability
Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain...
WildPressure APT Emerges With New Malware Targeting Windows and macOS
A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats...
Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform
An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process. In light...
[Whitepaper] XDR vs. NDR/NTA – What do Organizations Truly Need to Stay Safe?
Security teams whose organizations are outside the Fortune 500 are faced with a dilemma. Most teams will have to choose between deploying either a network traffic analysis NTA or network detection and response NDR tool or an endpoint detection and response EDR tool to supplement their existing...
Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability
Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability — known as "PrintNightmare" — that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems. Tracked as...
Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities
Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit...
Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly
U.S. technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware. While initial reports raised speculations that REvil, the ransomwa...
Getting Started with Security Testing: A Practical Guide for Startups
A common misconception among startup founders is that cybercriminals won't waste time on them, because they're not big or well known enough yet. But just because you are small doesn't mean you're not in the firing line. The size of a startup does not exempt it from cyber-attacks – that's because...
TrickBot Botnet Found Deploying A New Ransomware Called Diavol
Threat actors behind the infamous TrickBot malware have been linked to a new ransomware strain named "Diavol," according to the latest research. Diavol and Conti ransomware payloads were deployed on different systems in a case of an unsuccessful attack targeting one of its customers earlier this...
Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw
Microsoft is urging Azure users to update the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting .NET Core. The issue, tracked as CVE-2021-26701 CVSS score: 8.1, affects PowerShell versions 7.0 and 7.1 and have been...
REvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom
Amidst the massive supply-chain ransomware attack that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about how the notorious Russia-linked REvil cybercrime gang may have pulled off the unprecedented hack. The Dutch Institute for Vulnerabilit...
Android Apps with 5.8 million Installs Caught Stealing Users' Facebook Passwords
Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials. "The applications were fully functional, which was supposed to weaken the vigilance of potential...
Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware
Threat actors behind the notorious REvil cybercrime operation appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack. "Beginning around mid-day EST/US on Friday...
Learn to Code — Get 2021 Master Bundle of 13 Online Courses @ 99% OFF
Whether you are looking to turn into a full-time developer or simply increasing your earnings in your current niche, learning to code can be a smart move. It is a well-known fact that recruiters strive to recruit people with technical skills, and these skills are a great way to build your own...
New Mirai-Inspired Botnet Could Be Using Your KGUARD DVRs in Cyber Attacks
Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called "miraiptea" that leverages an undisclosed vulnerability in digital video recorders DVR provided by KGUARD to propagate and carry out distributed denial-of-service DDoS attacks. Chinese security firm...
Mongolian Certificate Authority Hacked to Distribute Backdoored CA Software
In yet another instance of software supply chain attack, unidentified hackers breached the website of MonPass, one of Mongolia's major certificate authorities, to backdoor its installer software with Cobalt Strike binaries. The trojanized client was available for download between February 8, 2021...
New Google Scorecards Tool Scans Open-Source Software for More Security Risks
Google has launched an updated version of Scorecards, its automated security tool that produces a "risk score" for open source initiatives, with improved checks and capabilities to make the data generated by the utility accessible for analysis. "With so much software today relying on open-source...
NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers
An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S. The National Security Agency NSA, Cybersecurity and...
Microsoft Warns of Critical "PrintNightmare" Flaw Being Exploited in the Wild
Microsoft on Thursday officially confirmed that the "PrintNightmare" remote code execution RCE vulnerability affecting Windows Print Spooler is different from the issue the company addressed as part of its Patch Tuesday update released earlier this month, while warning that it has detected...
IndigoZebra APT Hacking Campaign Targets the Afghan Government
Cybersecurity researchers are warning of ongoing attacks coordinated by a suspected Chinese-speaking threat actor targeting the Afghanistan government as part of an espionage campaign that may have had its provenance as far back as 2014. Israeli cybersecurity firm Check Point Research attributed...
Rethinking Application Security in the API-First Era
Securing applications it the API-first era can be an uphill battle. As development accelerates, accountability becomes unclear, and getting controls to operate becomes a challenge in itself. It's time that we rethink our application security strategies to reflect new priorities, principles and...
Facebook Sues 4 Vietnamese for Hacking Accounts and $36 Million Ad Fraud
Facebook on Tuesday revealed it filed two separate legal actions against perpetrators who abused its ad platform to run deceptive advertisements in violation of the company's Terms and Advertising Policies. "In the first case, the defendants are a California marketing company and its agents...
3 Steps to Strengthen Your Ransomware Defenses
The recent tsunami of ransomware has brought to life the fears of downtime and data loss cybersecurity pros have warned about, as attacks on the energy sector, food supply chain, healthcare industry, and other critical infrastructure have grabbed headlines. For the industry experts who track the...
Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers
Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses CV...
Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia
Colombian authorities on Wednesday said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012. Mihai Ionut Paunescu aka "Virus", the individual in question, was detained at the El Dorado airport in...
[Webinar] How Cyber Attack Groups Are Spinning a Larger Ransomware Web
Organizations today already have an overwhelming number of dangers and threats to look out for, from spam to phishing attempts to new infiltration and ransomware tactics. There is no chance to rest, since attack groups are constantly looking for more effective means of infiltrating and infecting...
Authorities Seize DoubleVPN Service Used by Cybercriminals
A coordinated international law enforcement operation resulted in the takedown of a VPN service called DoubleVPN for providing a safe haven for cybercriminals to cover their tracks. "On 29th of June 2021, law enforcement took down DoubleVPN," the agencies said in a seizure notice splashed on the...
Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability
A proof-of-concept PoC exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. Identified as CVE-2021-1675, the security issue could grant remote attackers full contr...