Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo

Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control C2 framework within a PNG image of the project's logo. The package employing this...

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT

The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. "The threat actors used malicious websites to impersonate well-known brands,...

North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms

The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at two South Korean cryptocurrency firms. "Durian boasts comprehensive backdoor functionality, enabling the...

CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar)

Artificial intelligence AI is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you'll explore how AI tools are shaping the futur...

Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability

Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymou...

What's the Right EDR for You?

A guide to finding the right endpoint detection and response EDR solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as t...

Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials

Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X formerly Twitter have been observed to steal users' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their...

Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models

Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model LLM services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team...

New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation

Researchers have detailed a Virtual Private Network VPN bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 CVSS score: 7.6. It impac...

Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign

Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. "The campaign sent emails with content intended to arouse the recipient's interest and persuade him to click on the link," the computer...

New Guide: How to Scale Your vCISO Services Profitably

Cybersecurity and compliance guidance are in high demand among SMEs. However, many of them cannot afford to hire a full-time CISO. A vCISO can answer this need by offering on-demand access to top-tier cybersecurity expertise. This is also an opportunity for MSPs and MSSPs to grow their business a...

Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery

Two recently disclosed security flaws in Ivanti Connect Secure ICS devices are being exploited to deploy the infamous Mirai botnet. That's according to findings from Juniper Threat Labs, which said the vulnerabilities CVE-2023-46805 and CVE-2024-21887 have been leveraged to deliver the botnet...

Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover

Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administrative control of...

A SaaS Security Challenge: Getting Permissions All in One Place 

Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user's base permission is determined by their role, while additional permissions may ...

New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data

Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard AES algorithm. The techniques have been collectively dubbed Pathfinder by a group of academics from the...

The Fundamentals of Cloud Security Stress Testing

״Defenders think in lists, attackers think in graphs," said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list security gaps directly related to...

Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version

A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. "These enhancements aim to increase the malware's stealthiness, thereby remaining undetected for longer periods of time," Zscaler ThreatLabz...

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability CVE-2023-40000, CVSS score: 8.3 has been leveraged to set u...

Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator

The U.K. National Crime Agency NCA has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development...

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud...

China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to light last month, singled out MITRE's Networked Experimentation, Research, and Virtualization...

New Case Study: The Malicious Comment

How safe is your comments section? Discover how a seemingly innocent 'thank you' comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read the full real-life case study here. When is a 'Thank you' not a 'Thank you'? When it's a...

Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever)

Google on Monday announced that it's simplifying the process of enabling two-factor authentication 2FA for users with personal and Workspace accounts. Also called 2-Step Verification 2SV, it aims to add an extra layer of security to users' accounts to prevent takeover attacks in case the password...

Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering

A Russian operator of a now-dismantled BTC-e cryptocurrency exchange has pleaded guilty to money laundering charges from 2011 to 2017. Alexander Vinnik, 44, was charged in January 2017 and taken into custody in Greece in July 2017. He was subsequently extradited to the U.S. in August 2022. Vinnik...

Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution

More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which...

China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices

The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced...

It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs

Cybercriminals are vipers. They're like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business SMB, your organization is the ideal lair for these serpents to slither into. With cybercriminals becoming more sophisticated, SMBs like y...

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system...

New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and...

Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union E.U., the North Atlantic Treaty Organization NATO, the U.K., and the U.S. The Cze...

Expert-Led Webinar - Uncovering Latest DDoS Tactics and Learn How to Fight Back

In today's rapidly evolving digital landscape, the threat of Distributed Denial of Service DDoS attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To...

Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control C&C infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of...

New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data

SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does n...

NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources

The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency NSA, the...

Google Announces Passkeys Adopted by Over 400 Million Accounts

Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times over the past two years. "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than...

Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks

HPE Aruba Networking formerly Aruba Networks has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution RCE on affected systems. Of the 10 security defects, four are rated critical in severity - CVE-2024-26304 CVSS score: 9.8 -...

Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw

Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability codenamed the Dirty Stream attack that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory. "The implications of...

Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million

A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims. Yaroslav Vasinskyi aka Rabotnik, 24, along with his co-conspirators part of the REvil ransomware group...

When is One Vulnerability Scanner Not Enough?

Like antivirus software, vulnerability scans rely on a database of known weaknesses. That's why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn't existed in the vulnerability...

Dropbox Discloses Breach of Digital Signature Service Affecting All Users

Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign formerly HelloSign was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with th...

New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw

A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is CVE-2015-2051 CVSS score: 9.8, which affects D-Link DIR-645...

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities KEV catalog, owing to active exploitation in the wild. Tracked as CVE-2023-7028 CVSS score: 10.0, the maximum severity vulnerability could facilitate...

New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials

A new malware called Cuttlefish is targeting small office and home office SOHO routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests. "This malware is modular, designed primarily to steal authentication materi...

Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds

A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet marke...

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers

Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control C2 servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS...

How to Make Your Employees Your First Line of Cyber Defense

There's a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you've got to remain prepared to confront those very same threats. As a decision-maker for your organization, you know this well. But no matter how many experts...

ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan

The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it's based on, indicating that it's being actively developed. "The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the...

Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia

A former employee of the U.S. National Security Agency NSA has been sentenced to nearly 22 years 262 months in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that...

Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositori...

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence AI-related threats. "These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and...