no alarms and no surprises please..
-
Dutch DPA Fines Netflix €4.75 Million for GDPR Violations
Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Streaming giant Netflix has been hit with a hefty fine by the Dutch Data Protection Authority (Dutch DPA) for failing to provide clear and sufficient information to customers about how… Go to gbhackers.com
-
CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability
CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337. This vulnerability affects a wide range… Go to gbhackers.com
-
CVE-2024-56145 (CVSS 9.3): Remote Code Execution Vulnerability in Craft CMS, PoC Published
CVE-2024-56145 (CVSS 9.3): Remote Code Execution Vulnerability in Craft CMS, PoC Published Security researchers at Assetnote have disclosed a critical vulnerability (CVE-2024-56145) in Craft CMS, a widely-used PHP-based content management system. This flaw, assigned a CVSS score of 9.3, enables unauthenticated remote… Go to gbhackers.com
-
DigiEver DVR Vulnerability Under Attack by Hail Cock Botnet
DigiEver DVR Vulnerability Under Attack by Hail Cock Botnet Akamai Security Intelligence Research Team (SIRT) has uncovered a vulnerability in DigiEver DS-2105 Pro DVRs is being actively exploited by the Hail Cock botnet, a Mirai variant enhanced with modern… Go to gbhackers.com
-
NodeStealer Infostealer: New Python-Based Variant Targets Facebook Ads Manager
NodeStealer Infostealer: New Python-Based Variant Targets Facebook Ads Manager The NodeStealer malware, first identified as a JavaScript-based threat, has undergone a transformation into a Python-based infostealer, expanding its capabilities to harvest a broader range of sensitive data. According to… Go to gbhackers.com
-
Pegasus Spyware: Court Finds NSO Group Liable for 1,400 Infections
Pegasus Spyware: Court Finds NSO Group Liable for 1,400 Infections A California court has ruled that Israeli firm NSO Group is liable for hacking into WhatsApp and deploying its notorious Pegasus spyware. The ruling, delivered by Judge Phyllis Hamilton in… Go to gbhackers.com
-
LNK Files and SSH Commands: The New Arsenal of Advanced Cyber Attacks
LNK Files and SSH Commands: The New Arsenal of Advanced Cyber Attacks A recent report by Cyble Research and Intelligence Labs (CRIL) unveils a troubling trend: threat actors are increasingly leveraging LNK files and SSH commands as stealthy tools to orchestrate advanced… Go to gbhackers.com
-
New Skuld Infostealer Campaign Unveiled in npm Ecosystem
New Skuld Infostealer Campaign Unveiled in npm Ecosystem The npm ecosystem has been infiltrated once more by the persistent Skuld infostealer, a notorious malware strain targeting developers with deceptive packages. Socket’s threat research team unveiled this campaign, led… Go to gbhackers.com
-
Cybercriminals Go Mobile: Executives Targeted in Advanced Phishing Campaigns
Cybercriminals Go Mobile: Executives Targeted in Advanced Phishing Campaigns Cybercriminals are targeting corporate executives with highly advanced mobile spear phishing attacks, leveraging sophisticated evasion techniques and exploiting the inherent vulnerabilities of mobile devices, a new report reveals. In today’s… Go to gbhackers.com
-
NotLockBit: New Cross-Platform Ransomware Threatens Windows and macOS
NotLockBit: New Cross-Platform Ransomware Threatens Windows and macOS Pranita Pradeep Kulkarni, Senior Engineer in Threat Research at Qualys, has detailed a new ransomware strain dubbed NotLockBit, which mimics the notorious LockBit ransomware while introducing unique cross-platform capabilities. This… Go to gbhackers.com
-
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel…
-
From .NET to C++: BellaCiao Malware Evolves with BellaCPP
From .NET to C++: BellaCiao Malware Evolves with BellaCPP Kaspersky has uncovered a fresh variant of the BellaCiao malware family—BellaCPP—marking a shift from .NET to C++ in its development. First appearing in April 2023, BellaCiao is a .NET-based malware… Go to gbhackers.com
-
CVE-2024-51466 (CVSS 9.0): Critical Vulnerability Found in IBM Cognos Analytics
CVE-2024-51466 (CVSS 9.0): Critical Vulnerability Found in IBM Cognos Analytics IBM has disclosed two severe vulnerabilities in its Cognos Analytics platform that could compromise sensitive data and system integrity. These vulnerabilities, identified as CVE-2024-51466 and CVE-2024-40695, highlight risks in business… Go to gbhackers.com
-
LummApp Malware Campaign: Researcher Exposes Advanced Data Stealing Operation
LummApp Malware Campaign: Researcher Exposes Advanced Data Stealing Operation In a recent revelation, Team Axon, the elite threat hunting division at Hunters, exposed a sophisticated malware campaign named “LummApp.” This operation employs a combination of advanced techniques, including DLL… Go to gbhackers.com
-
Threat Actors Selling Nunu Stealer On Hacker Forums
Threat Actors Selling Nunu Stealer On Hacker Forums A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker forums and Telegram channels.Priced at $100 per month, this malicious… Go to gbhackers.com
-
Google Chrome uses AI to analyze pages in new scam detection feature
Google Chrome uses AI to analyze pages in new scam detection feature Google is using artificial intelligence to power a new Chrome scam protection feature that analyzes brands and the intent of pages as you browse the web. […] Mayank Parmar Go to bleepingcomputer
-
Malicious Rspack, Vant packages published using stolen NPM tokens
Malicious Rspack, Vant packages published using stolen NPM tokens Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. […] Bill Toulas Go to bleepingcomputer
-
US charges Russian-Israeli as suspected LockBit ransomware coder
US charges Russian-Israeli as suspected LockBit ransomware coder The US Department of Justice has charged a Russian-Israeli dual-national for his suspected role in developing malware and managing the infrastructure for the notorious LockBit ransomware group. […] Lawrence Abrams Go to bleepingcomputer
-
Sophos discloses critical Firewall remote code execution flaw
Sophos discloses critical Firewall remote code execution flaw Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices. […] Bill Toulas Go to bleepingcomputer
-
Krispy Kreme breach, data theft claimed by Play ransomware gang
Krispy Kreme breach, data theft claimed by Play ransomware gang The Play ransomware gang has claimed responsibility for a cyberattack that impacted the business operations of the U.S. doughnut chain Krispy Kreme in November. […] Sergiu Gatlan Go to bleepingcomputer
-
TR-24-1895 (WordPress Eklenti Güvenlik Zafiyeti)
TR-24-1895 (WordPress Eklenti Güvenlik Zafiyeti) Go to usom.gov
-
TR-24-1894 (WordPress Eklenti Güvenlik Zafiyeti)
TR-24-1894 (WordPress Eklenti Güvenlik Zafiyeti) Go to usom.gov
-
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks,…
-
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the…
-
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence…
-
Friday Squid Blogging: Squid Sticker
Friday Squid Blogging: Squid Sticker A sticker for your water bottle. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
Critical Flaws in Rockwell Automation PowerMonitor 1000 Devices: CVSS Scores Hit 9.8/10
Critical Flaws in Rockwell Automation PowerMonitor 1000 Devices: CVSS Scores Hit 9.8/10 Rockwell Automation has issued a critical security advisory highlighting three severe vulnerabilities affecting its PowerMonitor 1000 devices. These vulnerabilities, identified by Vera Mens of Claroty Research – Team82, pose significant… Go to gbhackers.com
-
Diicot Threat Group Targets Linux with Advanced Malware Campaign
Diicot Threat Group Targets Linux with Advanced Malware Campaign Wiz Threat Research revealed a new malware campaign orchestrated by the Romanian-speaking threat group Diicot, also known as Mexals. This campaign targets Linux environments with advanced malware techniques, marking a… Go to gbhackers.com
-
Tax-Themed Campaign Exploits Windows MSC Files to Deliver Stealthy Backdoor
Tax-Themed Campaign Exploits Windows MSC Files to Deliver Stealthy Backdoor The Securonix Threat Research team has uncovered a sophisticated phishing campaign named FLUX#CONSOLE, leveraging tax-related lures and the use of Windows MSC (Microsoft Management Console) files to deploy a stealthy… Go to gbhackers.com
-
How to Protect Your Environment from the NTLM Vulnerability
How to Protect Your Environment from the NTLM Vulnerability This Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability. Roy Akerman Go to gbhackers.com
-
LockBit Ransomware Developer Arrested in Israel
LockBit Ransomware Developer Arrested in Israel Dual Russian-Israeli national Rostislav Panev was arrested last August and is facing extradition to the US for playing a critical role in LockBit’s RaaS activities, dating back to the ransomware gang’s origins. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
US Ban on TP-Link Routers More About Politics Than Exploitation Risk
US Ban on TP-Link Routers More About Politics Than Exploitation Risk While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company’s popular routers is more about geopolitics than actual cybersecurity — and that may not be a bad thing. Robert Lemos, Contributing Writer Go to gbhackers.com
-
How Nation-State Cybercriminals Are Targeting the Enterprise
How Nation-State Cybercriminals Are Targeting the Enterprise Combating nation-state threat actors at the enterprise level requires more than just cyber readiness and investment — it calls for a collaborative effort. Adam Finkelstein Go to gbhackers.com
-
Managing Threats When Most of the Security Team Is Out of the Office
Managing Threats When Most of the Security Team Is Out of the Office During holidays and slow weeks, teams thin out and attackers move in. Here are strategies to bridge gaps, stay vigilant, and keep systems secure during those lulls. Joan Goodchild Go to gbhackers.com
-
Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution
Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution A critical vulnerability has been identified in Siemens’ User Management Component (UMC), which could allow unauthenticated remote attackers to execute arbitrary code.The flaw,… Go to gbhackers.com
-
Foxit PDF Editor Vulnerabilities Allows Remote Code Execution
Foxit PDF Editor Vulnerabilities Allows Remote Code Execution Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit PDF Reader and Foxit PDF Editor.The updates—Foxit PDF Reader 2024.4… Go to gbhackers.com
-
Windows 11 Privilege Escalation Vulnerability Lets Attackers Execute Code to Gain Access
Windows 11 Privilege Escalation Vulnerability Lets Attackers Execute Code to Gain Access Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which could allow local attackers to escalate privileges to the SYSTEM… Go to gbhackers.com
-
NetWalker Ransomware Operator Sentenced to 20 Years in Prison
NetWalker Ransomware Operator Sentenced to 20 Years in Prison A Romanian man has been sentenced to 20 years in prison for his involvement in the notorious NetWalker ransomware attacks.The sentencing, which took… Go to gbhackers.com
-
CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild
CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability impacting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support… Go to gbhackers.com
-
Romanian Netwalker ransomware affiliate sentenced to 20 years in prison
Romanian Netwalker ransomware affiliate sentenced to 20 years in prison Daniel Christian Hulea, a Romanian man charged for his involvement in NetWalker ransomware attacks, was sentenced to 20 years in prison after pleading guilty to computer fraud conspiracy and wire fraud conspiracy in June. […] Sergiu Gatlan Go to bleepingcomputer
-
BadBox malware botnet infects 192,000 Android devices despite disruption
BadBox malware botnet infects 192,000 Android devices despite disruption The BadBox Android malware botnet has grown to over 192,000 infected devices worldwide despite a recent sinkhole operation that attempted to disrupt the operation in Germany. […] Bill Toulas Go to bleepingcomputer
-
Microsoft 365 users hit by random product deactivation errors
Microsoft 365 users hit by random product deactivation errors Microsoft is investigating a known issue randomly triggering “Product Deactivated” errors for customers using Microsoft 365 Office apps. […] Sergiu Gatlan Go to bleepingcomputer
-
Android malware found on Amazon Appstore disguised as health app
Android malware found on Amazon Appstore disguised as health app A malicious Android spyware application named ‘BMI CalculationVsn’ was discovered on the Amazon Appstore, masquerading as a simple health tool but stealing data from infected devices in the background. […] Bill Toulas Go to bleepingcomputer
-
Juniper warns of Mirai botnet scanning for Session Smart routers
Juniper warns of Mirai botnet scanning for Session Smart routers Juniper Networks has warned customers of Mirai malware attacks scanning the Internet for Session Smart routers using default credentials. […] Sergiu Gatlan Go to bleepingcomputer
-
TR-24-1893 (ISDO Yazılım – Web Yazılımı Güvenlik Bildirimi)
TR-24-1893 (ISDO Yazılım – Web Yazılımı Güvenlik Bildirimi) Go to usom.gov
-
TR-24-1892 (WordPress Eklenti Güvenlik Zafiyeti)
TR-24-1892 (WordPress Eklenti Güvenlik Zafiyeti) Go to usom.gov
-
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug…
-
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked…
-
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. “While…
-
Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords
Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it’s issuing the advisory after “several customers” reported anomalous behavior on their Session…
-
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. It…
-
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar gallagherseanm Go to sophos
-
Mailbox Insecurity
Mailbox Insecurity It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier, they can open any mailbox. I get that a single master key makes the whole system easier, but it’s very fragile security. Bruce Schneier Go to bruce schneier
-
Romanian National Sentenced to 20 Years for NetWalker Ransomware Attacks
Romanian National Sentenced to 20 Years for NetWalker Ransomware Attacks A Romanian man has been sentenced to 20 years in prison for his role in the devastating NetWalker ransomware attacks. Daniel Christian Hulea, 30, was also ordered to forfeit over… Go to gbhackers.com
-
CVE-2024-12727 and More: Sophos Issues Urgent Firewall Security Update
CVE-2024-12727 and More: Sophos Issues Urgent Firewall Security Update Sophos has announced the resolution of three critical security vulnerabilities affecting its Sophos Firewall product, a widely used network security tool. These vulnerabilities, tracked as CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729, pose… Go to gbhackers.com
-
PoC Exploit Released for Databricks Remote Code Execution Vulnerability CVE-2024-49194
PoC Exploit Released for Databricks Remote Code Execution Vulnerability CVE-2024-49194 A newly discovered vulnerability in the Databricks JDBC Driver (CVE-2024-49194) could allow attackers to remotely execute code on vulnerable systems. The flaw, found by security researchers at Alibaba Cloud Intelligence… Go to gbhackers.com
-
Phishing Campaign Targets European Companies with Fake HubSpot and DocuSign Forms
Phishing Campaign Targets European Companies with Fake HubSpot and DocuSign Forms A recent report by Unit 42 researchers has uncovered an extensive phishing campaign targeting European companies, with the automotive, chemical, and industrial compound manufacturing sectors among the hardest hit. The… Go to gbhackers.com
-
CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws
CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws Foxit has released a crucial security update for its widely used Foxit PDF Reader and Foxit PDF Editor. The update, version 2024.4, resolves multiple vulnerabilities that pose significant risks, including… Go to gbhackers.com
-
TA397 Leverages Sophisticated Spearphishing Techniques to Deploy Malware in Defense Sector
TA397 Leverages Sophisticated Spearphishing Techniques to Deploy Malware in Defense Sector Proofpoint researchers have identified a new spearphishing campaign by TA397, a South Asia-based advanced persistent threat (APT) group also known as Bitter. The campaign, observed on November 18, 2024, targets… Go to gbhackers.com
-
Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kreme
Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kreme This week, we delve into the dark world of fake CAPTCHAs designed to hijack your computer. Plus, the AI safety clock is ticking down – is doomsday closer than we think? And to top it off, we uncover the sticky situation of Krispy Kreme facing…
-
OT/ICS Engineering Workstations Face Barrage of Fresh Malware
OT/ICS Engineering Workstations Face Barrage of Fresh Malware Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Fortinet Addresses Unpatched Critical RCE Vector
Fortinet Addresses Unpatched Critical RCE Vector Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com
-
Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2
Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2 A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn’t enough to fix it. Nate Nelson, Contributing Writer Go to gbhackers.com
-
Kaspersky Uncovers Active Exploitation of Fortinet Vulnerability CVE-2023-48788
Kaspersky Uncovers Active Exploitation of Fortinet Vulnerability CVE-2023-48788 In a recent investigation, Kaspersky’s Global Emergency Response Team (GERT) uncovered active exploitation of a patched vulnerability in Fortinet FortiClient EMS. This SQL injection vulnerability, identified as CVE-2023-48788, affects FortiClient… Go to gbhackers.com
-
Bridging the ‘Keyboard-to-Chair’ Gap With Identity Verification
Bridging the ‘Keyboard-to-Chair’ Gap With Identity Verification Modern identity verification (IDV) approaches aim to connect digital credentials and real-world identity without sacrificing usability. Joan Goodchild Go to gbhackers.com
-
CISA Proposes National Cyber Incident Response Plan
CISA Proposes National Cyber Incident Response Plan The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a proposed update to the National Cyber Incident Response Plan (NCIRP), inviting public feedback on… Go to gbhackers.com
-
Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure
Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure In a joint cybersecurity advisory, the FBI, CISA, NSA, and partner agencies from Canada, the United Kingdom, and Israel have issued an urgent warning… Go to gbhackers.com
-
Next.js Vulnerability Let Attackers Bypass Authentication
Next.js Vulnerability Let Attackers Bypass Authentication A high-severity vulnerability has been discovered in the popular web framework, Next.js, which allows attackers to bypass authentication under specific circumstances.The issue, cataloged… Go to gbhackers.com
-
CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies
CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies In a decisive move to bolster cloud security, the Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01: Implementing Secure… Go to gbhackers.com
-
Fortinet Critical Vulnerabilitiy Let Attackers Inject Commands Remotely
Fortinet Critical Vulnerabilitiy Let Attackers Inject Commands Remotely Fortinet, a global leader in cybersecurity solutions, has issued an urgent security advisory addressing two critical vulnerabilities affecting its FortiManager and FortiWLM products.The vulnerabilities,… Go to gbhackers.com
-
Ongoing phishing attack abuses Google Calendar to bypass spam filters
Ongoing phishing attack abuses Google Calendar to bypass spam filters An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. […] Lawrence Abrams Go to bleepingcomputer
-
Raccoon Stealer malware operator gets 5 years in prison after guilty plea
Raccoon Stealer malware operator gets 5 years in prison after guilty plea Ukrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the Raccoon Stealer malware cybercrime operation. […] Sergiu Gatlan Go to bleepingcomputer
-
Russian hackers use RDP proxies to steal data in MiTM attacks
Russian hackers use RDP proxies to steal data in MiTM attacks The Russian hacking group tracked as APT29 (aka “Midnight Blizzard”) is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. […] Bill Toulas Go to bleepingcomputer
-
US considers banning TP-Link routers over cybersecurity risks
US considers banning TP-Link routers over cybersecurity risks The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. […] Sergiu Gatlan Go to bleepingcomputer
-
HubSpot phishing targets 20,000 Microsoft Azure accounts
HubSpot phishing targets 20,000 Microsoft Azure accounts A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials. […] Bill Toulas Go to bleepingcomputer
-
HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft
HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims’ Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing…
-
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with…
-
Not Your Old ActiveState: Introducing our End-to-End OS Platform
Not Your Old ActiveState: Introducing our End-to-End OS Platform Having been at ActiveState for nearly eight years, I’ve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises manage open…
-
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities,…
-
ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation
ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendor…
-
CISA Releases Draft of National Cyber Incident Response Plan
CISA Releases Draft of National Cyber Incident Response Plan The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident. Jennifer Lawinski Go to gbhackers.com
-
New Advances in the Understanding of Prime Numbers
New Advances in the Understanding of Prime Numbers Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters. Bruce Schneier Go to bruce schneier
-
India Sees Surge in API Attacks, Especially in Banking, Utilities
India Sees Surge in API Attacks, Especially in Banking, Utilities The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target. Robert Lemos, Contributing Writer Go to gbhackers.com
-
CVE-2023-34990 (CVSS 9.8): Critical Security Flaw Found in Fortinet FortiWLM
CVE-2023-34990 (CVSS 9.8): Critical Security Flaw Found in Fortinet FortiWLM Fortinet, a leading cybersecurity vendor, has issued urgent advisories regarding several critical vulnerabilities affecting its popular products, including FortiClient VPN, FortiManager, and FortiWLM. These flaws range from password exposure to… Go to gbhackers.com
-
CVE-2024-51479: Next.js Authorization Bypass Vulnerability Affects Millions of Developers
CVE-2024-51479: Next.js Authorization Bypass Vulnerability Affects Millions of Developers A recently disclosed security vulnerability in Next.js, a popular React framework used by millions of developers worldwide, could have allowed unauthorized access to sensitive application data. The vulnerability, tracked as… Go to gbhackers.com
-
VIPKeyLogger: A New Infostealer Targeting Sensitive Data via Phishing Campaigns
VIPKeyLogger: A New Infostealer Targeting Sensitive Data via Phishing Campaigns Forcepoint researchers have uncovered an alarming rise in activity involving a new infostealer malware named VIPKeyLogger. Distributed through phishing campaigns, VIPKeyLogger demonstrates sophisticated techniques to harvest sensitive data from its… Go to gbhackers.com
-
Azure Key Vault Vulnerability: Exploiting Role Misconfigurations for Privilege Escalation
Azure Key Vault Vulnerability: Exploiting Role Misconfigurations for Privilege Escalation Datadog Security Labs has uncovered a potential privilege escalation method in Azure Key Vault that could grant unintended access to sensitive secrets, keys, and certificates. This discovery sheds light on… Go to gbhackers.com
-
CVE-2024-10205: Critical Authentication Bypass Flaw Found in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer
CVE-2024-10205: Critical Authentication Bypass Flaw Found in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer Hitachi Vantara has disclosed a critical authentication bypass vulnerability (CVE-2024-10205) affecting its Infrastructure Analytics Advisor and Ops Center Analyzer. These tools are widely used for IT infrastructure optimization, making the… Go to gbhackers.com
-
How to Lose a Fortune with Just One Bad Click
How to Lose a Fortune with Just One Bad Click Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and…
-
It’s time to stop calling it “pig butchering”
It’s time to stop calling it “pig butchering” Online romance and investment scams are painful enough without its victims being described as “pigs.” Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
CVE-2024-12356 (CVSS 9.8): Critical Vulnerability in BeyondTrust PRA and RS Enables Remote Code Execution
CVE-2024-12356 (CVSS 9.8): Critical Vulnerability in BeyondTrust PRA and RS Enables Remote Code Execution A critical command injection vulnerability (CVE-2024-12356) has been discovered in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) solutions. With a CVSS score of 9.8, this flaw represents a… Go to gbhackers.com
-
BADBOX Botnet Rises Again: 192,000+ Android Devices Compromised
BADBOX Botnet Rises Again: 192,000+ Android Devices Compromised The BADBOX botnet is back and more dangerous than ever. Originally thought to have been dismantled, this cybercriminal operation has not only resurfaced but expanded, compromising over 192,000 Android-based devices… Go to gbhackers.com
-
Data Exfiltration and RCE Risks Found in Azure Data Factory’s Airflow Integration
Data Exfiltration and RCE Risks Found in Azure Data Factory’s Airflow Integration Unit 42 researchers have uncovered multiple vulnerabilities in Azure Data Factory’s managed Apache Airflow integration, potentially enabling attackers to achieve shadow administrator control, data exfiltration, and remote code execution. Apache… Go to gbhackers.com
-
High-Severity Vulnerabilities Fixed in Latest Chrome Release
High-Severity Vulnerabilities Fixed in Latest Chrome Release Google has released a crucial update for its Chrome browser, addressing five security vulnerabilities, several of which are rated as “High” severity. Users are strongly urged to update to the… Go to gbhackers.com
-
Fake CAPTCHAs Deliver Lumma Infostealer Malware in Massive Malvertising Campaign
Fake CAPTCHAs Deliver Lumma Infostealer Malware in Massive Malvertising Campaign A large-scale malvertising campaign analyzed by Guardio Labs exposes how fake CAPTCHA prompts are used to deliver the Lumma infostealer malware. This sophisticated operation highlights the dark side of Internet… Go to gbhackers.com
-
Interpol: Can We Drop the Term ‘Pig Butchering’?
Interpol: Can We Drop the Term ‘Pig Butchering’? The agency asks the cybersecurity community to adopt “romance baiting” in place of dehumanizing language. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Recorded Future: Russia’s ‘Undesirable’ Designation Is a Compliment
Recorded Future: Russia’s ‘Undesirable’ Designation Is a Compliment The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin’s regime. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com
-
Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaign
Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaign Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
Wallarm Releases API Honeypot Report Highlighting API Attack Trends
Wallarm Releases API Honeypot Report Highlighting API Attack Trends Go to gbhackers.com