20926 matches found
Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged
Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors...
Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam
Cybersecurity researchers have shed light on a sophisticated mobile phishing aka mishing campaign that's designed to distribute an updated version of the Antidot banking trojan. "The attackers presented themselves as recruiters, luring unsuspecting victims with job offers," Zimperium zLabs Vishnu...
The Future of Network Security: Automated Internal and External Pentesting
In today's rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing pentesting, while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated...
Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands
Belgian and Dutch authorities have arrested eight suspects in connection with a "phone phishing" gang that primarily operated out of the Netherlands with an aim to steal victims' financial data and funds. As part of the international operation, law enforcement agencies carried out 17 searches in...
Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage
A suspected China-nexus cyber espionage group has been attributed to an attacks targeting large business-to-business IT service providers in Southern Europe as part of a campaign codenamed Operation Digital Eye. The intrusions took place from late June to mid-July 2024, cybersecurity companies...
Ongoing Phishing and Malware Campaigns in December 2024
Cyber attackers never stop inventing new ways to compromise their targets. That's why organizations must stay updated on the latest threats. Here's a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you. Zero-day...
CERT-UA Warns of Phishing Attacks Targeting Ukraine's Defense and Security Force
The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new set of cyber attacks that it said were aimed at defense companies in the country as well as its security and defense forces. The phishing attacks have been attributed to a Russia-linked threat actor called UAC-0185 aka...
Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering
The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, whic...
⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8)
This week's cyber world is like a big spy movie. Hackers are breaking into other hackers' setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat...
Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI
Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence AI chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled...
Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions
Identity security is all the rage right now, and rightfully so. Securing identities that access an organization's resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what...
Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices
A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of maliciou...
Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions
In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence AI library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index...
Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar
Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management PAM solutions...
Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data
Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. "The threat actors behind the malware have set up fake companies usi...
Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok
In a historic decision, Romania's constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference. As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place. Călin...
FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine
A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service FSB after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and the University of...
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning ML tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22...
Conquering the Complexities of Modern BCDR
The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures tha...
More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader
The threat actors behind the Moreeggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service MaaS operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using...
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's design...
This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges
As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan RAT called DroidBot. "DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities,...
Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access
Cybersecurity researchers have released a proof-of-concept PoC exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability ...
Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers
Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More...
Want to Grow Vulnerability Management into Exposure Management? Start Here!
Vulnerability Management VM has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations...
Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor
A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. "Earth Minotaur uses MOONSHINE to delive...
Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers
A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn't...
ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan
The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024. The aim of the campaign is to deliver backdoors known as NOOPDOOR aka HiddenFace and ANEL aka UPPERCUT, Trend Micro said ...
NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions
The U.K. National Crime Agency NCA on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, codenamed Operation...
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
The U.S. Cybersecurity and Infrastructure Security Agency CISA added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of...
Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities
The Russia-linked advanced persistent threat APT group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control C2 servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, firs...
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown
Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that...
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments
Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that com...
How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges
Many organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards,...
Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library
Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users' private keys with an aim to drain their cryptocurrency wallets. The attack has been detected in...
Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks
A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People's Republic of China PRC-affiliated threat actors targeting telecommunications providers. "Identified exploitations or compromises associated with these threa...
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console
Veeam has released security updates to address a critical flaw impacting Service Provider Console VSPC that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted...
Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access
A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management IAM software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905 , has a CVSS score of 10.0, indicating maximum severit...
Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses
Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters,...
Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance ASA. The vulnerability, tracked as CVE-2014-2120 CVSS score: 4.3, concerns a case of insufficient input validation in ASA's WebVPN login page that...
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise
Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network VPN clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. "By targeting the implicit trust VPN clients place in servers,...
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks
The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Kore...
Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads
A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns &Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end...
A Guide to Securing AI App Development: Join This Cybersecurity Webinar
Artificial Intelligence AI is no longer a far-off dream—it's here, changing the way we live. From ordering coffee to diagnosing diseases, it's everywhere. But while you're creating the next big AI-powered app, hackers are already figuring out ways to break it. Every AI app is an opportunity—and a...
SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan
Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. "SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide ran...
THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1)
Ever wonder what happens in the digital world every time you blink? Here's something wild - hackers launch about 2,200 attacks every single day, which means someone's trying to break into a system somewhere every 39 seconds. And get this - while we're all worried about regular hackers, there are...
8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play
Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs. "These PUP potentially unwanted programs applications use social engineering tactics to...
INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million
A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies. The coordinated exercise saw the participation of authorities from 40 countries,...
Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested
A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a...
AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections
A Moscow-based company sanctioned by the U.S. earlier this year has been linked to yet another influence operation designed to turn public opinion against Ukraine and erode Western support since at least December 2023. The covert campaign undertaken by Social Design Agency SDA leverages videos...