20793 matches found
Evilnum hackers targeting financial firms with a new Python-based RAT
An adversary known for targeting the fintech sector at least since 2018 has switched up its tactics to include a new Python-based remote access Trojan RAT that can steal passwords, documents, browser cookies, email credentials, and other sensitive information. In an analysis published by Cybereas...
(Live) Webinar – XDR and Beyond with Autonomous Breach Protection
Anyone paying attention to the cybersecurity technology market has heard the term XDR - Extended Detection and Response. XDR is a new technology approach that combines multiple protection technologies into a single platform. All the analyst firms are writing about it, and many of the top...
(Live) Webinar – XDR and Beyond with Autonomous Breach Protection
Anyone paying attention to the cybersecurity technology market has heard the term XDR - Extended Detection and Response. XDR is a new technology approach that combines multiple protection technologies into a single platform. All the analyst firms are writing about it, and many of the top...
Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely
Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code. The flaws, which were uncover...
Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely
Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code. The flaws, which were uncover...
New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data
Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send...
New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data
Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send...
Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today
Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months 825 days. In a move that's meant to boost security, Apple, Google, and Mozilla are set to reject publicly rooted digital certificates...
Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today
Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months 825 days. In a move that's meant to boost security, Apple, Google, and Mozilla are set to reject publicly rooted digital certificates...
Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP...
Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP...
Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware
An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware. Detailing the new tactics of the "Charming Kitten" APT group,...
Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware
An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware. Detailing the new tactics of the "Charming Kitten" APT group,...
QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money
A notorious banking trojan aimed at stealing bank account credentials and other financial information has now come back with new tricks up its sleeve to target government, military, and manufacturing sectors in the US and Europe, according to new research. In an analysis released by Check Point...
QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money
A notorious banking trojan aimed at stealing bank account credentials and other financial information has now come back with new tricks up its sleeve to target government, military, and manufacturing sectors in the US and Europe, according to new research. In an analysis released by Check Point...
Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware
Hackers always find a way in, even if there's no software vulnerability to exploit. The FBI has arrested a Russian national who recently traveled to the United States and offered $1 million in bribe to an employee of a targeted company for his help in installing malware into the company's compute...
Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware
Hackers always find a way in, even if there's no software vulnerability to exploit. The FBI has arrested a Russian national who recently traveled to the United States and offered $1 million in bribe to an employee of a targeted company for his help in installing malware into the company's compute...
APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage
It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information. Bitdefender's Cyber Threat Intelligence Lab...
APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage
It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information. Bitdefender's Cyber Threat Intelligence Lab...
Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud
A popular iOS software development kit SDK used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information. According to a report published by cybersecurity firm Snyk...
Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud
A popular iOS software development kit SDK used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information. According to a report published by cybersecurity firm Snyk...
Get Lifetime Access to 1000+ Premium Online Training Courses for Just $59
"In today's knowledge economy, continual learning is an imperative." — Those words from Aytekin Tank, the founder of JotForm, are particularly important for anyone working in IT or development. With over 1,000 premium courses complete list from top instructors, StackSkills Unlimited provides...
Get Lifetime Access to 1000+ Premium Online Training Courses for Just $59
"In today's knowledge economy, continual learning is an imperative." — Those words from Aytekin Tank, the founder of JotForm, are particularly important for anyone working in IT or development. With over 1,000 premium courses complete list from top instructors, StackSkills Unlimited provides...
Google Researcher Reported 3 Flaws in Apache Web Server Software
If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the...
Google Researcher Reported 3 Flaws in Apache Web Server Software
If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the...
A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware
An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. The latest security issue—of which Google...
A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware
An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. The latest security issue—of which Google...
Former Uber Security Chief Charged Over Covering Up 2016 Data Breach
The federal prosecutors in the United States have charged Uber's former chief security officer, Joe Sullivan, for covering up a massive data breach that the ride-hailing company suffered in 2016. According to the press release published by the U.S. Department of Justice, Sullivan "took deliberate...
Former Uber Security Chief Charged Over Covering Up 2016 Data Breach
The federal prosecutors in the United States have charged Uber's former chief security officer,Joe Sullivan , for covering up a massive data breach that the ride-hailing company suffered in 2016. According to the press release published by the U.S. Department of Justice, Sullivan "took deliberate...
Hackers Target Defense Contractors' Employees By Posing as Recruiters
The United States Cybersecurity and Infrastructure Security Agency CISA has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Dubbed 'BLINDINGCAN ,' the advanced remo...
Hackers Target Defense Contractors' Employees By Posing as Recruiters
The United States Cybersecurity and Infrastructure Security Agency CISA has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Dubbed 'BLINDINGCAN,' the advanced remot...
Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified
The South African arm of one of the world's largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers. While Experian itself didn't mention the number of affect customers, in a report, the South African Bankin...
Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified
The South African arm of one of the world's largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers. While Experian itself didn't mention the number of affect customers, in a report, the South African Bankin...
Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2
Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities. Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service RAS in a way i...
Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2
Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities. Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service RAS in a way i...
Experts Reported Security Bug in IBM's Db2 Data Management Software
Cybersecurity researchers today disclosed details of a memory vulnerability in IBM's Db2 family of data management products that could potentially allow a local attacker to access sensitive data and even cause a denial of service attacks. The flaw CVE-2020-4414, which impacts IBM Db2 V9.7, V10.1,...
Experts Reported Security Bug in IBM's Db2 Data Management Software
Cybersecurity researchers today disclosed details of a memory vulnerability in IBM's Db2 family of data management products that could potentially allow a local attacker to access sensitive data and even cause a denial of service attacks. The flaw CVE-2020-4414, which impacts IBM Db2 V9.7, V10.1,...
XDR: The Next Level of Prevention, Detection and Response [New Guide]
One new security technology we keep hearing about is Extended Detection and Response XDR. This new technology merges multiple prevention and detection technologies on a single platform to better understand threat signals so that you don't need to purchase, integrate, and manage various control an...
XDR: The Next Level of Prevention, Detection and Response [New Guide]
One new security technology we keep hearing about is Extended Detection and Response XDR. This new technology merges multiple prevention and detection technologies on a single platform to better understand threat signals so that you don't need to purchase, integrate, and manage various control an...
A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide
Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer P2P botnet written in Golang that has been actively targeting SSH servers since January 2020. Called "FritzFrog ," the modular, multi-threaded and file-less botnet has breached more than 500 servers ...
A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide
Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer P2P botnet written in Golang that has been actively targeting SSH servers since January 2020. Called "FritzFrog," the modular, multi-threaded and file-less botnet has breached more than 500 servers t...
Critical Jenkins Server Vulnerability Could Leak Sensitive Information
Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. Tracked as CVE-2019-17638, the flaw has a CVSS rating of...
Critical Jenkins Server Vulnerability Could Leak Sensitive Information
Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. Tracked as CVE-2019-17638, the flaw has a CVSS rating of...
Researchers Exploited A Bug in Emotet to Stop the Spread of Malware
Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months. "Most of the vulnerabilities and exploits th...
Researchers Exploited A Bug in Emotet to Stop the Spread of Malware
Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months. "Most of the vulnerabilities and exploits th...
How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques
Web applications suffer continuously evolving attacks, where a web application firewall WAF is the first line of defense and a necessary part of organizations' cybersecurity strategies. WAFs are getting more sophisticated all the time, but as its core protection starts with efficient pattern...
How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques
Web applications suffer continuously evolving attacks, where a web application firewall WAF is the first line of defense and a necessary part of organizations' cybersecurity strategies. WAFs are getting more sophisticated all the time, but as its core protection starts with efficient pattern...
New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls
A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today presented a new attack called 'ReVoLTE ,' that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted...
New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls
A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today presented a new attack called 'ReVoLTE,' that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted...
Amazon Alexa Bugs Could've Let Hackers Install Malicious Skills Remotely
Attention! If you use Amazon's voice assistant Alexa in you smart speakers, just opening an innocent-looking web-link could let attackers install hacking skills on it and spy on your activities remotely. Check Point cybersecurity researchers—Dikla Barda, Roman Zaikin and Yaara Shriki—today...