20928 matches found
French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform
French prosecutors on Wednesday formally charged Telegram CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged...
Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability
Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL databas...
APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor
A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace. The activity has been attributed to a threat actor dubbed APT-C-60, according to cybersecuri...
BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave
The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. "The BlackByte ransomware group continues to leverage...
CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning ERP system to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The...
New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials
Cybersecurity researchers are calling attention to a new QR code phishing aka quishing campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. "By using legitimate cloud applications, attacke...
Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution
A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The vulnerability, tracked as CVE-2024-6386 CVSS score: 9.9, impacts all versions of the plugin before 4.6.13,...
macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users
Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of...
Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors
The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet...
CTEM in the Spotlight: How Gartner's New Categories Help to Manage Exposures
Want to know what's the latest and greatest in SecOps for 2024? Gartner's recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in thi...
Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot
Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling. "ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not...
Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation
Google has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8...
SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 CVSS score: 9.3, has been described as an improper access contr...
Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S.
The Dutch Data Protection Authority DPA has fined Uber a record €290 million $324 million for allegedly failing to comply with European Union E.U. data protection standards when sending sensitive driver data to the U.S. "The Dutch DPA found that Uber transferred personal data of European taxi...
Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration
Nowadays, sensitive and critical data is traveling in everyday business channels that offer only the basic level of security and encryption, and companies are often oblivious to the risk. A case in point: Disney suffered a devastating data leak by a hacktivist group known as NullBulge that got ho...
Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms
Cybersecurity researchers are warning about the security risks in the machine learning ML software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms. These vulnerabilities, which are described as inherent- and implementation-bas...
Critical Flaws in Traccar GPS System Expose Users to Remote Attacks
Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized ...
New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards
Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as...
Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures
Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to French television network TF1. Durov is believed to have been apprehended pursuant to a warrant issued in connection with a preliminary police investigation. TF1 said t...
New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules
Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to achieve persistence on infected systems and hide credit card skimmer code. The malware, attributed to a financially motivated threat actor, has been codenamed sedexp by Aon...
CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September
The U.S. Cybersecurity and Infrastructure Security Agency CISA has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 CVSS score: 6.6, is case of...
Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp
Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The...
PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads
Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader,"...
Webinar: Experience the Power of a Must-Have All-in-One Cybersecurity Platform
Let's be honest. The world of cybersecurity feels like a constant war zone. You're bombarded by threats, scrambling to keep up with patches, and drowning in an endless flood of alerts. It's exhausting, isn't it? But what if there was a better way? Imagine having every essential cybersecurity tool...
Focus on What Matters Most: Exposure Management and Your Attack Surface
Read the full article for key points from Intruder's VP of Product, Andy Hornegold's recent talk on exposure management. If you'd like to hear Andy's insights first-hand, watch Intruder's on-demand webinar. To learn more about reducing your attack surface, reach out to their team today. Attack...
New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data
The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascadi...
New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data
Cybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are increasingly setting their sights on the operating system. Dubbed Cthulhu Stealer, the malware has been...
Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group
A 33-year-old Latvian national living in Moscow, Russia, has been charged in the U.S. for allegedly stealing data, extorting victims, and laundering ransom payments since August 2021. Deniss Zolotarjovs aka Sforzacesarini has been charged with conspiring to commit money laundering, wire fraud and...
Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide
Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that could allow authentication with an unknown key and open hotel rooms and office doors. The attacks have been demonstrated against FM11RF08S, a new variant of MIFARE Class...
Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk
SolarWinds has issued patches to address a new security flaw in its Web Help Desk WHD software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances. "The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowi...
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliances and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the...
New 'ALBeast' Misconfiguration Exposes Weakness in AWS Application Load Balancer
As many as 15,000 applications using Amazon Web Services' AWS Application Load Balancer ALB for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That's according to findings from Israeli...
The Facts About Continuous Penetration Testing and Why It's Important
What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing CASPT is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital...
Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Typ...
Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access
Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. "The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated...
GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges
GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a...
New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining
Cybersecurity researchers have unpacked a new malware strain dubbed PGMEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. "Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gaine...
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data
Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 CVSS score: 8.5, the vulnerability has been described as an information disclosure bug stemming from a...
North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign
A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of...
It's Time To Untangle the SaaS Ball of Yarn
It's no great revelation to say that SaaS applications have changed the way we operate, both in our personal and professional lives. We routinely rely on cloud-based and remote applications to conduct our basic functions, with the result that the only true perimeter of our networks has become the...
Styx Stealer Creator's OPSEC Fail Leaks Client List and Profit Details
In what's a case of an operational security OPSEC lapse, the operator behind a new information stealer called Styx Stealer leaked data from their own computer, including details related to the clients, profit information, nicknames, phone numbers, and email addresses. Styx Stealer, a derivative o...
New macOS Malware TodoSwift Linked to North Korean Hacking Groups
Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups. "This application shares several behaviors with malware we've seen that originated in North Korea DPRK —...
CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait
The Computer Emergency Response Team of Ukraine CERT-UA has warned of new phishing attacks that aim to infect devices with malware. The activity has been attributed to a threat cluster it tracks as UAC-0020, which is also known as Vermin. The exact scale and scope of the attacks are presently...
GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk
A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 CVSS score: 10.0, impacts all versions of the plugin prior to version 3.14.2,...
Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys
As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS Amazon Web Services still being the dominant cloud it is important for any security professional to know where to look for signs of compromise. AWS CloudTrail...
Czech Mobile Users Targeted in New Banking Credential Theft Scheme
Mobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application PWA in an attempt to sidestep security protections and steal their banking account credentials. The attacks have targeted the Czech-based Československá obchodní banka CSOB,...
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor
A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. "The most notable feature of this backdoor is that it communicates with a command-and-control C&C server via DNS traffic," the Symantec Threat Hunter Team, part ...
Anatomy of an Attack
In today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using...
Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters
Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster. "An attacker with command execution in a pod runnin...
Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware
Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint is tracking the...