no alarms and no surprises please..
-
IOCONTROL Malware: CyberAv3ngers’ Weapon of Choice Targets Critical Infrastructure
IOCONTROL Malware: CyberAv3ngers’ Weapon of Choice Targets Critical Infrastructure A sophisticated malware strain dubbed “IOCONTROL” has emerged as a significant threat to industrial control systems (ICS) and Internet of Things (IoT) devices, particularly in Israel and the United States…. Go to gbhackers.com
-
Auto parts giant LKQ says cyberattack disrupted Canadian business unit
Auto parts giant LKQ says cyberattack disrupted Canadian business unit Automobile parts giant LKQ Corporation disclosed that one of its business units in Canada was hacked, allowing threat actors to steal data from the company. […] Lawrence Abrams Go to bleepingcomputer
-
Citrix shares mitigations for ongoing Netscaler password spray attacks
Citrix shares mitigations for ongoing Netscaler password spray attacks Citrix Netscaler is the latest target in widespread password spray attacks targeting edge networking devices and cloud platforms this year to breach corporate networks. […] Lawrence Abrams Go to bleepingcomputer
-
CISA confirms critical Cleo bug exploitation in ransomware attacks
CISA confirms critical Cleo bug exploitation in ransomware attacks CISA confirmed today that a critical remote code execution bug in Cleo Harmony, VLTrader, and LexiCom file transfer software is being exploited in ransomware attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
FTC warns of online task job scams hooking victims like gambling
FTC warns of online task job scams hooking victims like gambling The Federal Trade Commission (FTC) warns about a significant rise in gambling-like online job scams, known as “task scams,” that draw people into earning cash through repetitive tasks, with the promises of earning more if they deposit their own money. […] Bill Toulas Go…
-
CISA warns water facilities to secure HMI systems exposed online
CISA warns water facilities to secure HMI systems exposed online CISA and the Environmental Protection Agency (EPA) warned water facilities today to secure Internet-exposed Human Machine Interfaces (HMIs) from cyberattacks. […] Sergiu Gatlan Go to bleepingcomputer
-
TR-24-1886 (WordPress Eklenti Güvenlik Zafiyeti)
TR-24-1886 (WordPress Eklenti Güvenlik Zafiyeti) Go to usom.gov
-
TR-24-1885 (Microsoft Update Catalog Güvenlik Bildirimi)
TR-24-1885 (Microsoft Update Catalog Güvenlik Bildirimi) Go to usom.gov
-
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat…
-
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt…
-
DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years
DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People’s Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity…
-
Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms
Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms Iran-affiliated threat actors have been linked to a new custom malware that’s geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control…
-
How to Generate a CrowdStrike RFM Report With AI in Tines
How to Generate a CrowdStrike RFM Report With AI in Tines Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform. Their bi-annual…
-
Friday Squid Blogging: Biology and Ecology of the Colossal Squid
Friday Squid Blogging: Biology and Ecology of the Colossal Squid Good survey paper. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
Ultralytics Supply-Chain Attack
Ultralytics Supply-Chain Attack Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics —which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was…
-
Careto APT Returns: Decade-Old Threat Resurfaces with New Sophistication
Careto APT Returns: Decade-Old Threat Resurfaces with New Sophistication Kaspersky Labs has unveiled research on the return of “The Mask,” also known as Careto, a legendary Advanced Persistent Threat (APT) actor. After a decade-long silence since its last known… Go to gbhackers.com
-
DCOM Upload & Execute: A New Backdoor Technique Unveiled
DCOM Upload & Execute: A New Backdoor Technique Unveiled Deep Instinct Security Researcher Eliran Nissan has uncovered a new and potent lateral movement technique, “DCOM Upload & Execute,” redefining how attackers might exploit Distributed Component Object Model (DCOM) interfaces… Go to gbhackers.com
-
Over 15,000 Sites at Risk: Woffice WordPress Theme Vulnerabilities Could Lead to Full Site Takeovers
Over 15,000 Sites at Risk: Woffice WordPress Theme Vulnerabilities Could Lead to Full Site Takeovers Patchstack has disclosed two critical vulnerabilities in the widely used Woffice WordPress theme, a premium intranet/extranet solution with over 15,000 sales. Developed by Xtendify, the Woffice theme offers team and… Go to gbhackers.com
-
Abusing Microsoft’s UI Automation Framework: The New Evasion Technique Bypassing EDR
Abusing Microsoft’s UI Automation Framework: The New Evasion Technique Bypassing EDR Akamai security researcher Tomer Peled has unveiled a novel attack technique exploiting Microsoft’s legacy UI Automation framework, a tool originally designed to enhance computer accessibility. The findings reveal how attackers… Go to gbhackers.com
-
Zerto Introduces Cloud Vault Solution for Enhanced Cyber Resilience Through MSPs
Zerto Introduces Cloud Vault Solution for Enhanced Cyber Resilience Through MSPs Go to gbhackers.com
-
Versa Introduces Integrated Endpoint Data Loss Prevention in SASE Solution
Versa Introduces Integrated Endpoint Data Loss Prevention in SASE Solution Go to gbhackers.com
-
Cleo MFT Zero-Day Exploits Are About Escalate, Analysts Warn
Cleo MFT Zero-Day Exploits Are About Escalate, Analysts Warn Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Generative AI Security Tools Go Open Source
Generative AI Security Tools Go Open Source Businesses deploying large language models and other GenAI systems have a growing collection of open source tools for testing AI security. Robert Lemos, Contributing Writer Go to gbhackers.com
-
Test Your Cyber Skills With the SANS Holiday Hack Challenge
Test Your Cyber Skills With the SANS Holiday Hack Challenge Open to players of all skill levels, the “Snow-mageddon” cybersecurity competition is set in the world of Santa, elves, and Christmas mayhem. Jennifer Lawinski Go to gbhackers.com
-
OData Injection Risk in Low-Code/No-Code Environments
OData Injection Risk in Low-Code/No-Code Environments As the adoption of LCNC grows, so will the complexity of the threats organizations face. Amichai Shulman Go to gbhackers.com
-
MAC Address vs. IP Address: Key Differences and Practical Uses
MAC Address vs. IP Address: Key Differences and Practical Uses The internet is one of the marvels of the century. It allows us to stay connected at a global level by using various devices that are convenient for us. Whether… Go to gbhackers.com
-
Nigerian National Extradited to Nebraska for Wire Fraud Charges
Nigerian National Extradited to Nebraska for Wire Fraud Charges United States Attorney Susan Lehr announced the extradition of Abiola Kayode, 37, from Nigeria to the District of Nebraska.The extradition follows a Conspiracy to… Go to gbhackers.com
-
Dell Security Update, Patch for Multiple Critical Vulnerabilities
Dell Security Update, Patch for Multiple Critical Vulnerabilities Dell Technologies has released a security advisory addressing multiple critical vulnerabilities that could expose affected systems to exploitation by malicious actors.Customers are strongly… Go to gbhackers.com
-
CISA Issues 10 New Advisories on Industrial Control System Vulnerabilities
CISA Issues 10 New Advisories on Industrial Control System Vulnerabilities The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten critical advisories, highlighting vulnerabilities across Siemens’ industrial products.Released on December 12, 2024, these advisories… Go to gbhackers.com
-
FBI Seizes Rydox Marketplace, Arrests Key Administrators
FBI Seizes Rydox Marketplace, Arrests Key Administrators The Federal Bureau of Investigation (FBI) announced the seizure of Rydox, an illicit online marketplace that facilitated the buying and selling of stolen personal… Go to gbhackers.com
-
MITRE ATT&CK Evaluation Results 2024 – Cynet Became a Leader With 100% Detection &…
MITRE ATT&CK Evaluation Results 2024 – Cynet Became a Leader With 100% Detection &… Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running.To… Go to gbhackers.com
-
New stealthy Pumakit Linux rootkit malware spotted in the wild
New stealthy Pumakit Linux rootkit malware spotted in the wild A new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems. […] Bill Toulas Go to bleepingcomputer
-
Police shuts down Rydox cybercrime market, arrests 3 admins
Police shuts down Rydox cybercrime market, arrests 3 admins International law enforcement operation seizes the Rydox cybercrime marketplace and arrests three administrators. […] Sergiu Gatlan Go to bleepingcomputer
-
New IOCONTROL malware used in critical infrastructure attacks
New IOCONTROL malware used in critical infrastructure attacks Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. […] Bill Toulas Go to bleepingcomputer
-
US offers $5 million for info on North Korean IT worker farms
US offers $5 million for info on North Korean IT worker farms The U.S. State Department is offering a reward of up to $5 million for information that could help disrupt the activities of North Korean front companies and employees who generated over $88 million via illegal remote IT work schemes in six years. […] Sergiu…
-
Cleo patches critical zero-day exploited in data theft attacks
Cleo patches critical zero-day exploited in data theft attacks Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
‘Dubai Police’ Lures Anchor Wave of UAE Mobile Attacks
‘Dubai Police’ Lures Anchor Wave of UAE Mobile Attacks A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com
-
Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. “Prometheus servers or exporters, often lacking proper authentication, allowed attackers…
-
Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet States
Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet States The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. “BoneSpy and PlainGnome target former Soviet…
-
Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS
Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS Details have emerged about a now-patched security vulnerability in Apple’s iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in…
-
SaaS Budget Planning Guide for IT Professionals
SaaS Budget Planning Guide for IT Professionals SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it’s no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect…
-
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior…
-
The Bite from Inside: The Sophos Active Adversary Report
The Bite from Inside: The Sophos Active Adversary Report A sea change in available data fuels fresh insights from the first half of 2024 Angela Gunn Go to sophos
-
Dell Warns of Critical Flaws in Enterprise Products, Including CVE-2024-37143 (CVSS 10)
Dell Warns of Critical Flaws in Enterprise Products, Including CVE-2024-37143 (CVSS 10) Dell has released a critical security update to address multiple vulnerabilities impacting several of its enterprise products, including PowerFlex, InsightIQ, and Data Lakehouse. These vulnerabilities, identified as CVE-2024-37143 and CVE-2024-37144,… Go to gbhackers.com
-
PDQ Deploy Vulnerability Exposes Admin Credentials: CERT/CC Issues Advisory
PDQ Deploy Vulnerability Exposes Admin Credentials: CERT/CC Issues Advisory A critical vulnerability in PDQ Deploy, a software deployment service used by system administrators, has been highlighted in a recent advisory by the CERT Coordination Center (CERT/CC). The flaw, which… Go to gbhackers.com
-
Citrix NetScaler Under Siege: Significant Increase in Brute Force Attacks Observed
Citrix NetScaler Under Siege: Significant Increase in Brute Force Attacks Observed A significant increase in brute-force attacks targeting outdated and misconfigured Citrix NetScaler devices has been observed in Germany, prompting warnings from cybersecurity experts and organizations, including CERT Germany and the… Go to gbhackers.com
-
CVE-2024-55633: Apache Superset Vulnerability Exposes Sensitive Data to Unauthorized Modification
CVE-2024-55633: Apache Superset Vulnerability Exposes Sensitive Data to Unauthorized Modification A newly discovered vulnerability in Apache Superset, a popular open-source business intelligence platform, could allow attackers to gain unauthorized write access to sensitive data. Tracked as CVE-2024-55633 and assigned a… Go to gbhackers.com
-
Gamaredon APT Deploys Two Russian Android Spyware Families: BoneSpy and PlainGnome
Gamaredon APT Deploys Two Russian Android Spyware Families: BoneSpy and PlainGnome Researchers at the Lookout Threat Lab have uncovered two sophisticated Android spyware families, BoneSpy and PlainGnome, attributed to the Russian-aligned Advanced Persistent Threat (APT) group Gamaredon. Also known as Primitive… Go to gbhackers.com
-
Doughnut orders disrupted! Krispy Kreme suffers hack attack
Doughnut orders disrupted! Krispy Kreme suffers hack attack Krispy Kreme, the dispenser of delectable doughnuts, says that it suffered a cyber attack at the end of last month which saw its IT systems compromised and has disrupted online orders in parts of the United States. Read more in my article on the Hot for Security…
-
27 DDoS-for-hire services disrupted in run-up to holiday season
27 DDoS-for-hire services disrupted in run-up to holiday season Operation PowerOFF has disrupted what was anticipated to be a surge of distributed denial-of-service (DDoS) attacks over the Christmas period by taking over two dozen “booter” or “stresser” websites offline. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to…
-
Smashing Security podcast #397: Snowflake hackers, and under the influence
Smashing Security podcast #397: Snowflake hackers, and under the influence A Canadian man is arrested in relation to the Snowflake hacks from earlier this year – after a cybersecurity researcher managed to track his identity, and a cryptocurrency-trading Instagram influencer is in trouble with the law. All this and more is discussed in the latest…
-
Secure Email Gateways Fail to Stop Advanced Phishing Campaign Targeting Multiple Industries
Secure Email Gateways Fail to Stop Advanced Phishing Campaign Targeting Multiple Industries A detailed report from Group-IB reveals a sophisticated global phishing campaign targeting employees across 30 companies in 15 jurisdictions. By leveraging trusted domains and dynamic personalization, the threat actors have… Go to gbhackers.com
-
International Cybercrime Ring Dismantled: Rydox Marketplace Seized and Administrators Arrested
International Cybercrime Ring Dismantled: Rydox Marketplace Seized and Administrators Arrested The U.S. Department of Justice announced the takedown of Rydox, a notorious online marketplace for stolen personal information and cybercrime tools. This operation, involving authorities in the U.S., Kosovo, Albania,… Go to gbhackers.com
-
APT-C-60 Exploits Legitimate Services in Sophisticated Malware Attack Targeting Japanese Organizations
APT-C-60 Exploits Legitimate Services in Sophisticated Malware Attack Targeting Japanese Organizations In August 2024, JPCERT/CC confirmed a targeted attack against a Japanese organization, believed to be the work of the threat group APT-C-60. This advanced campaign utilized legitimate services like Google… Go to gbhackers.com
-
336K Prometheus Instances Exposed to DoS, ‘Repojacking’
336K Prometheus Instances Exposed to DoS, ‘Repojacking’ Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations. Nate Nelson, Contributing Writer Go to gbhackers.com
-
Chinese Cops Caught Using Android Spyware to Track Mobile Devices
Chinese Cops Caught Using Android Spyware to Track Mobile Devices Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
IoT Cloud Cracked by ‘Open Sesame’ Over-the-Air Attack
IoT Cloud Cracked by ‘Open Sesame’ Over-the-Air Attack Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Europol Cracks Down on Holiday DDoS Attacks
Europol Cracks Down on Holiday DDoS Attacks In Operation PowerOFF, global authorities aim to deter individuals from engaging in malicious cyber acts. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com
-
Efforts to Secure US Telcos Beset by Salt Typhoon Might Fall Flat
Efforts to Secure US Telcos Beset by Salt Typhoon Might Fall Flat The rules necessary to secure US communications have already been in place for 30 years, argues Sen. Wyden, the FCC just hasn’t enforced them. It’s unclear if they will help. Nate Nelson, Contributing Writer Go to gbhackers.com
-
Cultivating a Hacker Mindset in Cybersecurity Defense
Cultivating a Hacker Mindset in Cybersecurity Defense Security isn’t just about tools — it’s about understanding how the enemy thinks and why they make certain choices. Roei Sherman Go to gbhackers.com
-
GitLab Security Update, Patch for Critical Vulnerabilities
GitLab Security Update, Patch for Critical Vulnerabilities GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE).The newly released versions 17.6.2, 17.5.4, and… Go to gbhackers.com
-
BadRAM Attack Breaches AMD Secure VMs with $10 Device
BadRAM Attack Breaches AMD Secure VMs with $10 Device Researchers have uncovered a vulnerability that allows attackers to compromise AMD’s Secure Encrypted Virtualization (SEV) technology using a $10 device.This breakthrough exposes a… Go to gbhackers.com
-
Splunk RCE Vulnerability Let Attackers Execute Remote Code
Splunk RCE Vulnerability Let Attackers Execute Remote Code Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution (RCE) vulnerability.This flaw, identified as CVE-2024-53247, affects several versions… Go to gbhackers.com
-
Europol Shutsdown 27 DDoS Service Provider Platforms
Europol Shutsdown 27 DDoS Service Provider Platforms In a major international operation codenamed “PowerOFF,” Europol, collaborating with law enforcement agencies across 15 countries, has taken down 27 illegal platforms facilitating Distributed… Go to gbhackers.com
-
Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication
Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication Zloader, a sophisticated Trojan, has recently evolved with features that enhance its stealth and destructive potential, as the latest version, 2.9.4.0, introduces a custom… Go to gbhackers.com
-
Operation PowerOFF: Europol Cracks Down on Global DDoS-for-Hire Platforms
Operation PowerOFF: Europol Cracks Down on Global DDoS-for-Hire Platforms Law enforcement worldwide has delivered a significant blow to cybercriminals with Operation PowerOFF, an international effort led by Europol to dismantle Distributed Denial-of-Service (DDoS)-for-hire platforms. In a coordinated strike involving… Go to gbhackers.com
-
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Hunk Companion WordPress plugin exploited to install vulnerable plugins Hackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. […] Bill Toulas Go to bleepingcomputer
-
Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation
Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation The 2024 MITRE ATT&CK Evaluation results are now available with Cynet achieving 100% Visibility and 100% Protection in the 2024 evaluation. Learn more from Cynet about what these results mean. […] Sponsored by Cynet Go to bleepingcomputer
-
New EagleMsgSpy Android spyware used by Chinese police, researchers say
New EagleMsgSpy Android spyware used by Chinese police, researchers say A previously undocumented Android spyware called ‘EagleMsgSpy’ has been discovered and is believed to be used by law enforcement agencies in China to monitor mobile devices. […] Bill Toulas Go to bleepingcomputer
-
Microsoft lifts Windows 11 24H2 block on PCs with USB scanners
Microsoft lifts Windows 11 24H2 block on PCs with USB scanners Microsoft has lifted a compatibility block preventing Windows 11 24H2 upgrades after fixing a bug causing USB connection issues to some scanners. […] Sergiu Gatlan Go to bleepingcomputer
-
Facebook, Instagram, WhatsApp hit by massive worldwide outage
Facebook, Instagram, WhatsApp hit by massive worldwide outage Facebook, Instagram, Threads, and WhatsApp suffered a massive worldwide Wednesday afternoon, with services impacted in varying degrees based on user’s region. […] Lawrence Abrams Go to bleepingcomputer
-
EagleMsgSpy: Unmasking a Sophisticated Chinese Surveillance Tool
EagleMsgSpy: Unmasking a Sophisticated Chinese Surveillance Tool Researchers at the Lookout Threat Lab have identified a sophisticated surveillance tool, dubbed EagleMsgSpy, reportedly used by law enforcement agencies in mainland China. The tool, operational since at least 2017,… Go to gbhackers.com
-
TR-24-1884 (WordPress Eklenti Güvenlik Bildirimi)
TR-24-1884 (WordPress Eklenti Güvenlik Bildirimi) Go to usom.gov
-
TR-24-1883 (Microsoft Windows LDAP Bildirimi)
TR-24-1883 (Microsoft Windows LDAP Bildirimi) Go to usom.gov
-
TR-24-1882 (Adobe Connect Güvenlik Bildirimi)
TR-24-1882 (Adobe Connect Güvenlik Bildirimi) Go to usom.gov
-
Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service
Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed…
-
New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools
New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. “To exploit this technique, a user must be convinced to run a program…
-
Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts
Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts Cybersecurity researchers have flagged a “critical” security vulnerability in Microsoft’s multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim’s account. “The bypass was simple: it took around an hour to execute, required no user…
-
ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms
ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. “Zloader 2.9.4.0 adds notable improvements…
-
What is Nudge Security and How Does it Work?
What is Nudge Security and How Does it Work? Regain control of SaaS sprawl with Day One discovery of all SaaS and GenAI accounts along with workflows to help you mitigate security risks, curb rogue app usage, and manage SaaS spend. In today’s highly distributed workplace, every employee has the ability to act as their…
-
Keeping it real: Sophos and the 2024 MITRE ATT&CK Evaluations: Enterprise
Keeping it real: Sophos and the 2024 MITRE ATT&CK Evaluations: Enterprise Sophos X-Ops looks at the realism of this year’s MITRE ATT&CK Evaluations Michael Wood Go to sophos
-
December Patch Tuesday arrives bearing 71 gifts
December Patch Tuesday arrives bearing 71 gifts Seventeen Critical-severity CVEs ready to deck your halls; also, new blog guidance for Windows Server admins Angela Gunn Go to sophos
-
Sophos excels in the 2024 MITRE ATT&CK® Evaluations: Enterprise
Sophos excels in the 2024 MITRE ATT&CK® Evaluations: Enterprise Results from the latest ATT&CK Evaluations for endpoint detection and response solutions. rajansanhotra Go to sophos
-
CVE-2024-53677 (CVSS 9.5): Critical Vulnerability in Apache Struts Allows Remote Code Execution
CVE-2024-53677 (CVSS 9.5): Critical Vulnerability in Apache Struts Allows Remote Code Execution Developers using the popular Apache Struts framework are urged to update their systems immediately following the discovery of a critical security flaw (CVE-2024-53677, CVSS 9.5) that could allow attackers to… Go to gbhackers.com
-
PoC Exploit Code Releases Cleo Zero-Day Vulnerability (CVE-2024-50623)
PoC Exploit Code Releases Cleo Zero-Day Vulnerability (CVE-2024-50623) Organizations using Cleo file transfer software are urged to take immediate action as a critical vulnerability, CVE-2024-50623, is being actively exploited in the wild. This zero-day flaw affects Cleo LexiCom,… Go to gbhackers.com
-
“Aggressive Inventory Zombies”: Unmasking a Massive Phishing and Pig-Butchering Network
“Aggressive Inventory Zombies”: Unmasking a Massive Phishing and Pig-Butchering Network Silent Push Threat Analysts have shed light on a large-scale phishing and pig-butchering network targeting retail brands and cryptocurrency users. Dubbed “Aggressive Inventory Zombies” (AIZ), this campaign underscores the threat… Go to gbhackers.com
-
BadRAM Vulnerability (CVE-2024-21944): Researchers Uncover Security Flaw in AMD SEV
BadRAM Vulnerability (CVE-2024-21944): Researchers Uncover Security Flaw in AMD SEV A collaborative research effort has exposed a significant vulnerability, designated CVE-2024-21944 and named “BadRAM,” that undermines the integrity of AMD’s Secure Encrypted Virtualization (SEV) technology. This security flaw permits malicious… Go to gbhackers.com
-
Zloader Trojan Employs Novel DNS Tunneling Protocol for Enhanced Evasion
Zloader Trojan Employs Novel DNS Tunneling Protocol for Enhanced Evasion Zloader, the modular Trojan with roots in the infamous Zeus malware, has once again evolved, presenting a new and sophisticated challenge to cybersecurity professionals. ThreatLabz, the security research team at… Go to gbhackers.com
-
Malicious npm Package Mimics ESLint Plugin, Steals Sensitive Data
Malicious npm Package Mimics ESLint Plugin, Steals Sensitive Data A recent report by the Socket Research Team uncovers a sophisticated typosquatting attack targeting developers using the popular @typescript-eslint/eslint-plugin. The legitimate @typescript-eslint/eslint-plugin is a cornerstone of TypeScript development, having over… Go to gbhackers.com
-
CVE-2024-11274: GitLab Vulnerability Exposes User Accounts
CVE-2024-11274: GitLab Vulnerability Exposes User Accounts GitLab has issued an important security update addressing a range of vulnerabilities affecting multiple versions of its platform. The update, which includes versions 17.6.2, 17.5.4, and 17.4.6 for Community Edition… Go to gbhackers.com
-
ChatGPT and Sora Go Offline: OpenAI Scrambles to Restore Service Amid Global Outage
ChatGPT and Sora Go Offline: OpenAI Scrambles to Restore Service Amid Global Outage In a sudden and unexpected turn of events, OpenAI’s ChatGPT, the AI chatbot that has taken the world by storm, is experiencing a major global outage. The disruption, which began… Go to gbhackers.com
-
Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug
Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com
-
Krispy Kreme Doughnut Delivery Gets Cooked in Cyberattack
Krispy Kreme Doughnut Delivery Gets Cooked in Cyberattack Threat actors punch holes in the company’s online ordering systems, tripping up doughnut deliveries across the US after a late November breach. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Symmetrical Cryptography Pioneer Targets the Post-Quantum Era
Symmetrical Cryptography Pioneer Targets the Post-Quantum Era Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can’t gain enough information to breach. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com
-
Researchers Crack Microsoft Azure MFA in an Hour
Researchers Crack Microsoft Azure MFA in an Hour A critical flaw in the company’s rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
Cybersecurity Lessons From 3 Public Breaches
Cybersecurity Lessons From 3 Public Breaches High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others’ mistakes. Dmytro Tereshchenko Go to gbhackers.com
-
Tips for Preventing Breaches in 2025
Tips for Preventing Breaches in 2025 Hackers are constantly evolving, and so too should our security protocols. Pukar C. Hamal Go to gbhackers.com
-
Ivanti CSA Vulnerabilities Let Attackers Gain Admin Access
Ivanti CSA Vulnerabilities Let Attackers Gain Admin Access Ivanti has issued critical software updates to address several severe vulnerabilities in its Cloud Services Application (CSA).These vulnerabilities tracked as CVE-2024-11639, CVE-2024-11772, and… Go to gbhackers.com