Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service DoS as well as remote code execution RCE attacks. "Prometheus servers or exporters, often lacking proper...

Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome , marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome...

Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control TCC framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 CVSS score:...

SaaS Budget Planning Guide for IT Professionals

SaaS services are one of the biggest drivers of OpEx operating expenses for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it's no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect...

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 CVSS score: 9.8, affects all versions of the plugin prior to 1.9.0. The...

Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service DDoS attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 countries, dismantled...

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observ...

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

A newly devised technique leverages a Windows accessibility framework called UI Automation UIA to perform a wide range of malicious activities without tipping off endpoint detection and response EDR solutions. "To exploit this technique, a user must be convinced to run a program that uses UI...

Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication MFA implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour ...

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System DNS tunnel for command-and-control C2 communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable...

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at...

What is Nudge Security and How Does it Work?

Regain control of SaaS sprawl with Day One discovery of all SaaS and GenAI accounts along with workflows to help you mitigate security risks, curb rogue app usage, and manage SaaS spend. In today's highly distributed workplace, every employee has the ability to act as their own CIO, adopting new...

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air...

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity...

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng aka gbigmao and gxiaomao, who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been...

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application CSA and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 CVSS score: 10.0 - An authentication...

Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors...

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

Cybersecurity researchers have shed light on a sophisticated mobile phishing aka mishing campaign that's designed to distribute an updated version of the Antidot banking trojan. "The attackers presented themselves as recruiters, luring unsuspecting victims with job offers," Zimperium zLabs Vishnu...

The Future of Network Security: Automated Internal and External Pentesting

In today's rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing pentesting, while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated...

Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands

Belgian and Dutch authorities have arrested eight suspects in connection with a "phone phishing" gang that primarily operated out of the Netherlands with an aim to steal victims' financial data and funds. As part of the international operation, law enforcement agencies carried out 17 searches in...

Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage

A suspected China-nexus cyber espionage group has been attributed to an attacks targeting large business-to-business IT service providers in Southern Europe as part of a campaign codenamed Operation Digital Eye. The intrusions took place from late June to mid-July 2024, cybersecurity companies...

Ongoing Phishing and Malware Campaigns in December 2024

Cyber attackers never stop inventing new ways to compromise their targets. That's why organizations must stay updated on the latest threats. Here's a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you. Zero-day...

CERT-UA Warns of Phishing Attacks Targeting Ukraine's Defense and Security Force

The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new set of cyber attacks that it said were aimed at defense companies in the country as well as its security and defense forces. The phishing attacks have been attributed to a Russia-linked threat actor called UAC-0185 aka...

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, whic...

⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8)

This week's cyber world is like a big spy movie. Hackers are breaking into other hackers' setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat...

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence AI chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled...

Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions

Identity security is all the rage right now, and rightfully so. Securing identities that access an organization's resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what...

Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of maliciou...

Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management PAM solutions...

Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence AI library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index...

Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data

Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. "The threat actors behind the malware have set up fake companies usi...

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

In a historic decision, Romania's constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference. As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place. Călin...

FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine

A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service FSB after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and the University of...

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning ML tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22...

Conquering the Complexities of Modern BCDR

The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures tha...

More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

The threat actors behind the Moreeggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service MaaS operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using...

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's design...

This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan RAT called DroidBot. "DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities,...

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

Cybersecurity researchers have released a proof-of-concept PoC exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability ...

Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers

Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More...

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Vulnerability Management VM has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations...

Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor

A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. "Earth Minotaur uses MOONSHINE to delive...

Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers

A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn't...

ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024. The aim of the campaign is to deliver backdoors known as NOOPDOOR aka HiddenFace and ANEL aka UPPERCUT, Trend Micro said ...

NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions

The U.K. National Crime Agency NCA on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, codenamed Operation...

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

The U.S. Cybersecurity and Infrastructure Security Agency CISA added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of...

Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities

The Russia-linked advanced persistent threat APT group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control C2 servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, firs...

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that...

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that com...

How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

Many organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards,...