no alarms and no surprises please..
-
Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware
Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using spearphishing emails with malicious HTML attachments to deliver GammaLoad malware. To… Go to gbhackers.com
-
Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication
Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to the Pakistani group Storm-0156, which allows Secret Blizzard to access… Go to gbhackers.com
-
Microsoft expands Recall preview to Intel and AMD Copilot+ PCs
Microsoft expands Recall preview to Intel and AMD Copilot+ PCs Microsoft is now testing its AI-powered Recall feature on AMD and Intel-powered Copilot+ PCs enrolled in the Windows 11 Insider program. […] Sergiu Gatlan Go to bleepingcomputer
-
Ultralytics AI model hijacked to infect thousands with cryptominer
Ultralytics AI model hijacked to infect thousands with cryptominer The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI) […] Bill Toulas Go to bleepingcomputer
-
Blue Yonder SaaS giant breached by Termite ransomware gang
Blue Yonder SaaS giant breached by Termite ransomware gang The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. […] Sergiu Gatlan Go to bleepingcomputer
-
New Windows zero-day exposes NTLM credentials, gets unofficial patch
New Windows zero-day exposes NTLM credentials, gets unofficial patch A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. […] Bill Toulas Go to bleepingcomputer
-
Crypto-stealing malware posing as a meeting app targets Web3 pros
Crypto-stealing malware posing as a meeting app targets Web3 pros Cybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows and Macs with crypto-stealing malware. […] Bill Toulas Go to bleepingcomputer
-
TR-24-1878 (Hi e-learning – Learning Management System (LMS) Güvenlik Bildirimi)
TR-24-1878 (Hi e-learning – Learning Management System (LMS) Güvenlik Bildirimi) Go to usom.gov
-
FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine
FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and…
-
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the…
-
Conquering the Complexities of Modern BCDR
Conquering the Complexities of Modern BCDR The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures that go beyond traditional backup solutions to address the intricacies of today’s complex…
-
More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader
More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a…
-
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that’s designed to…
-
Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device
Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device Fifteen years ago I blogged about a different SQUID. Here’s an update: Fleeing drivers are a common problem for law enforcement. They just won’t stop unless persuaded—persuaded by bullets, barriers, spikes, or snares. Each option is risky business. Shooting up a fugitive’s car is one possibility. But…
-
Detecting Pegasus Infections
Detecting Pegasus Infections This tool seems to do a pretty good job. The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for…
-
free book
https://www.troyhunt.com/pwned-the-book-is-now-available-for-free/
-
free!
https://github.com/google/vanir
-
another free waf
https://docs.bunkerweb.io/1.5.12/integrations/
-
Earth Minotaur: MOONSHINE Exploit Kit and DarkNimbus Backdoor Threaten Multi-Platform Security
Earth Minotaur: MOONSHINE Exploit Kit and DarkNimbus Backdoor Threaten Multi-Platform Security A sophisticated cyber campaign orchestrated by the threat actor Earth Minotaur has been uncovered by Trend Micro researchers, exposing their reliance on the MOONSHINE exploit kit and a previously unreported… Go to gbhackers.com
-
US Organization in China Falls Victim to Suspected Chinese Espionage Campaign
US Organization in China Falls Victim to Suspected Chinese Espionage Campaign A recent report from the Symantec Threat Hunter Team reveals a troubling cyberespionage operation targeting a large US organization operating in China. The attack, suspected to be the work of… Go to gbhackers.com
-
Sophisticated Campaign Targets Manufacturing Industry with Lumma Stealer and Amadey Bot
Sophisticated Campaign Targets Manufacturing Industry with Lumma Stealer and Amadey Bot Cyble Research and Intelligence Labs (CRIL) has uncovered a multi-stage cyberattack campaign targeting the manufacturing industry. Leveraging advanced techniques and a combination of Lumma Stealer and Amadey Bot, this campaign… Go to gbhackers.com
-
“Pwned”, The Book, Is Now Available for Free
“Pwned”, The Book, Is Now Available for Free Nearly four years ago now, I set out to write a book with Charlotte and RobIt was the stories behind the stories, the things that drove me to write my most important blog posts, and then the things that happened afterwards. It’s almost like a collection of…
-
Texas Teen Arrested for Scattered Spider Telecom Hacks
Texas Teen Arrested for Scattered Spider Telecom Hacks An FBI operation nabbed a member of the infamous cybercrime group, who is spilling the tea on ‘key Scattered Spider members’ and their tactics. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Microsoft Expands Access to Windows Recall AI Feature
Microsoft Expands Access to Windows Recall AI Feature The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com
-
Why SOC Roles Need to Evolve to Attract a New Generation
Why SOC Roles Need to Evolve to Attract a New Generation The cybersecurity industry faces a growing crisis in attracting and retaining SOC analysts. Jessica Belt Go to gbhackers.com
-
Open Source Security Priorities Get a Reshuffle
Open Source Security Priorities Get a Reshuffle The “Census of Free and Open Source Software” report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components. Robert Lemos, Contributing Writer Go to gbhackers.com
-
Django Security Update, Patch for DoS & SQL Injection Vulnerability
Django Security Update, Patch for DoS & SQL Injection Vulnerability The Django team has issued critical security updates for versions 5.1.4, 5.0.10, and 4.2.17.These updates address two vulnerabilities: a potential denial-of-service (DoS) attack… Go to gbhackers.com
-
Rockwell Automation Warns of Multiple Code Execution Vulnerabilities in Arena
Rockwell Automation Warns of Multiple Code Execution Vulnerabilities in Arena Rockwell Automation has issued a critical security advisory addressing multiple remote code execution (RCE) vulnerabilities discovered in its Arena® software.These vulnerabilities, reported by the… Go to gbhackers.com
-
Europol Dismantled 50+ Servers Used For Fake Online Shopping Websites
Europol Dismantled 50+ Servers Used For Fake Online Shopping Websites Europol, in collaboration with law enforcement across Europe, has taken down a sophisticated cybercriminal network responsible for large-scale online fraud.Over 50 servers were… Go to gbhackers.com
-
Multiple ICS Advisories Released by CISA Detailing Exploits & Vulnerabilities
Multiple ICS Advisories Released by CISA Detailing Exploits & Vulnerabilities The Cybersecurity and Infrastructure Security Agency (CISA) has released two advisories highlighting significant security vulnerabilities in Industrial Control Systems (ICS) software and hardware.These… Go to gbhackers.com
-
Researchers Released hrtng IDA Pro Plugin for Malware Analyst to Make Reverse Engineering Easy
Researchers Released hrtng IDA Pro Plugin for Malware Analyst to Make Reverse Engineering Easy The Global Research and Analysis Team (GReAT) has announced the release of hrtng, a cutting-edge plugin for IDA Pro, one of the most prominent tools for… Go to gbhackers.com
-
Unpatched Zero-Day Vulnerability in Mitel MiCollab Exposes Businesses to Serious Security Risks
Unpatched Zero-Day Vulnerability in Mitel MiCollab Exposes Businesses to Serious Security Risks A newly disclosed zero-day vulnerability in the Mitel MiCollab collaboration platform has raised serious concerns regarding the security of sensitive business data. Discovered by security researchers at watchTowr, the vulnerability… Go to gbhackers.com
-
Kroah-Hartman Confirms: Linux Kernel 6.12 is Now LTS
Kroah-Hartman Confirms: Linux Kernel 6.12 is Now LTS Linux kernel version 6.12, released on November 17, 2024, has been officially designated as a Long-Term Support (LTS) release. Maintained by renowned kernel developer Greg Kroah-Hartman, this version is slated… Go to gbhackers.com
-
Nebraska Man pleads guilty to $3.5 million cryptojacking scheme
Nebraska Man pleads guilty to $3.5 million cryptojacking scheme A Nebraska man pleaded guilty on Thursday to operating a large-scale cryptojacking operation after being arrested and charged in April. […] Sergiu Gatlan Go to bleepingcomputer
-
Romania’s election systems targeted in over 85,000 cyberattacks
Romania’s election systems targeted in over 85,000 cyberattacks A declassified report from Romania’s Intelligence Service says that the country’s election infrastructure was targeted by more than 85,000 cyberattacks. […] Ionut Ilascu Go to bleepingcomputer
-
U.S. org suffered four month intrusion by Chinese hackers
U.S. org suffered four month intrusion by Chinese hackers A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024. […] Bill Toulas Go to bleepingcomputer
-
US arrests Scattered Spider suspect linked to telecom hacks
US arrests Scattered Spider suspect linked to telecom hacks U.S. authorities have arrested a 19-year-old teenager linked to the notorious Scattered Spider cybercrime gang who is now charged with breaching a U.S. financial institution and two unnamed telecommunications firms. […] Sergiu Gatlan Go to bleepingcomputer
-
Police shuts down Manson cybercrime market, arrests key suspects
Police shuts down Manson cybercrime market, arrests key suspects German law enforcement has seized over 50 servers that hosted the Manson Market cybercrime marketplace and fake online shops used in phishing operations. […] Sergiu Gatlan Go to bleepingcomputer
-
that didnt take long…
First of all, it’s highly unlikely that this containerized version of Android 12 will pass Play Integrity checks, especially once the new Play Integrity upgrades roll out next year. That means many Android apps will refuse to run entirely. Second, the container appears to use microG instead of Google Play Services, which means certain features…
-
a monitoring option
https://bluewavelabs.gitbook.io/checkmate/users-guide/pagespeed-monitoring
-
This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges
This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. “DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and…
-
Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access
Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713…
-
Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers
Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of…
-
Want to Grow Vulnerability Management into Exposure Management? Start Here!
Want to Grow Vulnerability Management into Exposure Management? Start Here! Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach…
-
Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor
Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. “Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows…
-
Critical Zero-Day Vulnerability in Windows Exposes User Credentials
Critical Zero-Day Vulnerability in Windows Exposes User Credentials A newly discovered zero-day vulnerability affecting all supported and legacy versions of Microsoft Windows allows attackers to capture user NTLM credentials through the simple act of file viewing within Windows… Go to gbhackers.com
-
Django Releases Patches for CVE-2024-53907 and CVE-2024-53908 to Mitigate DoS and SQLi Threats
Django Releases Patches for CVE-2024-53907 and CVE-2024-53908 to Mitigate DoS and SQLi Threats The Django team has recently announced the release of Django 5.1.4, Django 5.0.10, and Django 4.2.17 to address two security vulnerabilities. All users are strongly encouraged to upgrade their Django… Go to gbhackers.com
-
Browser Isolation Bypassed: QR Codes Used in Novel C2 Attacks
Browser Isolation Bypassed: QR Codes Used in Novel C2 Attacks Browser isolation technology, often lauded as a cornerstone of modern cybersecurity, is not impervious to creative exploitation. A recent report from Thibault Van Geluwe de Berlaere at Mandiant unveils an… Go to gbhackers.com
-
Phishing, Fraud, and Stolen Data: Europol Takes Down Cybercrime Network
Phishing, Fraud, and Stolen Data: Europol Takes Down Cybercrime Network Europol has announced the successful dismantling of a sophisticated network responsible for facilitating large-scale online fraud. This operation, led by German authorities with support from law enforcement agencies across Europe,… Go to gbhackers.com
-
CVE-2024-43222 (CVSS 9.8): Critical Flaw in Sweet Date WordPress Theme Exposes Thousands of Sites to Potential Takeovers
CVE-2024-43222 (CVSS 9.8): Critical Flaw in Sweet Date WordPress Theme Exposes Thousands of Sites to Potential Takeovers A critical vulnerability (CVE-2024-43222) has been identified in the Sweet Date WordPress theme, a popular premium theme with nearly 10,000 sales. This vulnerability carries a CVSS score of 9.8, indicating… Go to gbhackers.com
-
iVerify Unveils Disturbing Prevalence of Pegasus Spyware on Mobile Devices
iVerify Unveils Disturbing Prevalence of Pegasus Spyware on Mobile Devices In an investigation, iVerify has revealed the pervasive presence of the notorious Pegasus spyware in mobile devices, uncovering seven infections in a sample of 2,500 user-scanned devices. This discovery challenges… Go to gbhackers.com
-
Russian money-laundering network linked to drugs and ransomware disrupted, 84 arrests
Russian money-laundering network linked to drugs and ransomware disrupted, 84 arrests The UK’s National Crime Agency (NCA) has revealed details of Operation Destabilise, a years-long international law enforcement investigation into a giant Russian money laundering enterprise that handled billions of dollars for drug traffickers and ransomware gangs worldwide. Read more in my article on the…
-
Smashing Security podcast #396: Dishy DDoS dramas, and mining our minds for data
Smashing Security podcast #396: Dishy DDoS dramas, and mining our minds for data A CEO is arrested for turning satellite receivers into DDoS attack weapons! Then, we’ll journey into the world of bossware and “affective computing” and explore how AI is learning to read our emotions – is this the future of work, or a…
-
Library of Congress Offers AI Legal Guidance to Researchers
Library of Congress Offers AI Legal Guidance to Researchers Researchers testing generative AI systems can use prompt injection, re-register after being banned, and bypass rate limits without running afoul of copyright law. Robert Lemos, Contributing Writer Go to gbhackers.com
-
Russia’s ‘BlueAlpha’ APT Hides in Cloudflare Tunnels
Russia’s ‘BlueAlpha’ APT Hides in Cloudflare Tunnels Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com
-
Bypass Bug Revives Critical N-Day in Mitel MiCollab
Bypass Bug Revives Critical N-Day in Mitel MiCollab A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there’s a workaround. Nate Nelson, Contributing Writer Go to gbhackers.com
-
Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges
Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges At least 17 affiliate groups have used the “DroidBot” Android banking Trojan against 77 financial services companies across Europe, with more to come, researchers warn. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
‘Earth Minotaur’ Exploits WeChat Bugs, Sends Spyware to Uyghurs
‘Earth Minotaur’ Exploits WeChat Bugs, Sends Spyware to Uyghurs The emerging threat actor, potentially a Chinese state-sponsored APT, is using the known exploit kit Moonshine in cross-platform attacks that deliver a previously undisclosed backdoor called “DarkNimbus” to ethnic minorities, including Tibetans. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
Vulnerability Management Challenges in IoT & OT Environments
Vulnerability Management Challenges in IoT & OT Environments By understanding the unique challenges of protecting IoT and OT devices, organizations can safeguard these critical assets against evolving cyber threats. Malleswar Reddy Yerabolu Go to gbhackers.com
-
How an Intranet Can Enhance Business Security
How an Intranet Can Enhance Business Security Security is a paramount concern that impacts all facets of business operations. An intranet, as a restricted network within a company, plays a crucial role in bolstering business security. This… Go to gbhackers.com
-
HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks
HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to solve Capture The Flag (CTF) challenges without human intervention. It utilizes… Go to gbhackers.com
-
Fuji Electric Indonesia Hit by Ransomware Attack
Fuji Electric Indonesia Hit by Ransomware Attack Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and raising concerns about data security and business continuity.The attack was… Go to gbhackers.com
-
Thinkware Cloud APK Vulnerability Allows Code Execution With Elevated Privileges
Thinkware Cloud APK Vulnerability Allows Code Execution With Elevated Privileges A critical vulnerability identified as CVE-2024–53614 has been discovered in the Thinkware Cloud APK version 4.3.46.This vulnerability arises from the use of a… Go to gbhackers.com
-
I-O DATA Routers Command Injection Vulnerabilities Actively Exploited in Attacks
I-O DATA Routers Command Injection Vulnerabilities Actively Exploited in Attacks I-O DATA DEVICE, INC. has announced that several critical vulnerabilities in their UD-LT1 and UD-LT1/EX routers are being actively exploited.These vulnerabilities pose significant… Go to gbhackers.com
-
ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF
ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF Researchers released a detailed report on a significant security vulnerability named CVE-2023-49785, affecting the ChatGPT Next Web, popularly known as NextChat.This vulnerability has raised… Go to gbhackers.com
-
Microsoft says having a TPM is “non-negotiable” for Windows 11
Microsoft says having a TPM is “non-negotiable” for Windows 11 Microsoft made it abundantly clear this week that Windows 10 users won’t be able to upgrade to Windows 11 unless their systems come with TPM 2.0 support, stating it’s a “non-negotiable” requirement. […] Sergiu Gatlan Go to bleepingcomputer
-
White House: Salt Typhoon hacked telcos in dozens of countries
White House: Salt Typhoon hacked telcos in dozens of countries Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden’s deputy national security adviser Anne Neuberger said today. […] Sergiu Gatlan Go to bleepingcomputer
-
FBI shares tips on how to tackle AI-powered fraud schemes
FBI shares tips on how to tackle AI-powered fraud schemes The FBI warns that scammers are increasingly using artificial intelligence to improve the quality and effectiveness of their online fraud schemes, ranging from romance and investment scams to job hiring schemes. […] Bill Toulas Go to bleepingcomputer
-
UK disrupts Russian money laundering networks used by ransomware
UK disrupts Russian money laundering networks used by ransomware A law enforcement operation led by the United Kingdom’s National Crime Agency (NCA) has disrupted two Russian money laundering networks working with criminals worldwide, including ransomware gangs. […] Sergiu Gatlan Go to bleepingcomputer
-
BT unit took servers offline after Black Basta ransomware breach
BT unit took servers offline after Black Basta ransomware breach Multinational telecommunications giant BT Group (formerly British Telecom) has confirmed that its BT Conferencing business division shut down some of its servers following a Black Basta ransomware breach. […] Sergiu Gatlan Go to bleepingcomputer
-
TR-24-1877 (RestApp Bilgi Teknolojileri A.Ş. – Online Sipariş Sistemi Güvenlik Bildirimi)
TR-24-1877 (RestApp Bilgi Teknolojileri A.Ş. – Online Sipariş Sistemi Güvenlik Bildirimi) Go to usom.gov
-
African Law Enforcement Nabs 1,000+ Cybercrime Suspects
African Law Enforcement Nabs 1,000+ Cybercrime Suspects Authorities across 19 African countries also dismantled their infrastructure and networks, thanks to cooperation between global law enforcement and private firms. Robert Lemos, Contributing Writer Go to gbhackers.com
-
NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions
NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, codenamed Operation Destabilise,…
-
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as…
-
Russia-Linked Turla Exploits Pakistani Hackers’ Servers to Target Afghan and Indian Entities
Russia-Linked Turla Exploits Pakistani Hackers’ Servers to Target Afghan and Indian Entities The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, first observed…
-
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that’s created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in…
-
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud’s flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also…
-
AI and the 2024 Elections
AI and the 2024 Elections It’s been the biggest year for elections in human history: 2024 is a “super-cycle” year in which 3.7 billion eligible voters in 72 countries had the chance to go the polls. These are also the first AI elections, where many feared that deepfakes and artificial intelligence-generated misinformation would overwhelm the…
-
Veeam Backup & Replication Vulnerabilities Exposed: High-Severity Flaws Put Data at Risk
Veeam Backup & Replication Vulnerabilities Exposed: High-Severity Flaws Put Data at Risk Veeam Software, a prominent provider of backup, recovery, and data management solutions, has released a security update to address multiple vulnerabilities in its Veeam Backup & Replication software. These vulnerabilities… Go to gbhackers.com
-
Five Flaws in Lorex 2K Security Cameras Enable Hackers to Take Full Control, PoC Published
Five Flaws in Lorex 2K Security Cameras Enable Hackers to Take Full Control, PoC Published Rapid7’s latest research reveals a series of critical vulnerabilities in the Lorex 2K Indoor Wi-Fi Security Camera, raising significant concerns for consumer security. The vulnerabilities, identified during the 2024 Pwn2Own… Go to gbhackers.com
-
CVE-2024-10905 (CVSS 10): Critical Vulnerability in SailPoint IdentityIQ Exposes Sensitive Data
CVE-2024-10905 (CVSS 10): Critical Vulnerability in SailPoint IdentityIQ Exposes Sensitive Data A critical vulnerability has been discovered in SailPoint IdentityIQ, a widely used identity and access management (IAM) platform. This flaw, tracked as CVE-2024-10905, has been assigned a CVSS score of… Go to gbhackers.com
-
Fuji Electric Indonesia Suffers Ransomware Attack: Business Partner Data Potentially Leaked
Fuji Electric Indonesia Suffers Ransomware Attack: Business Partner Data Potentially Leaked Fuji Electric Co., Ltd. has disclosed a ransomware attack targeting its wholly-owned subsidiary, Fuji Electric Indonesia (FEID). The incident, which occurred in late November 2024, rendered several PCs and servers… Go to gbhackers.com
-
CVE-2024-51378 (CVSS 10): Critical CyberPanel Flaw Under Active Attack, CISA Warns
CVE-2024-51378 (CVSS 10): Critical CyberPanel Flaw Under Active Attack, CISA Warns The Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in CyberPanel, an open-source web hosting control panel. This flaw, tracked as CVE-2024-51378, is being actively exploited… Go to gbhackers.com
-
U.S. Offered $10M for Hacker Just Arrested by Russia
U.S. Offered $10M for Hacker Just Arrested by Russia In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “Wazawaka,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information…
-
New Andromeda/Gamarue Command-and-Control Cluster Targets APAC Industries
New Andromeda/Gamarue Command-and-Control Cluster Targets APAC Industries In a recent report, the Cybereason Security Services Team unveiled the discovery of a new cluster of Command-and-Control (C2) servers linked to the infamous Andromeda (aka Gamarue) malware family. This… Go to gbhackers.com
-
Akira v2 Emerges: Rust-Based Ransomware Raises the Stakes
Akira v2 Emerges: Rust-Based Ransomware Raises the Stakes The Akira ransomware took a significant leap earlier this year with the introduction of a new Rust-based variant, according to a detailed analysis from Check Point Research (CPR). This version,… Go to gbhackers.com
-
Phishing Frenzy: Cloudflare Domains Exploited in Latest Attacks
Phishing Frenzy: Cloudflare Domains Exploited in Latest Attacks A new report from cybersecurity firm Fortra has revealed a dramatic increase in the abuse of Cloudflare’s pages.dev and workers.dev domains for phishing attacks. This abuse capitalizes on Cloudflare’s trusted… Go to gbhackers.com
-
Beware of Celestial Stealer: New MaaS Targets Browsers and Crypto Wallets
Beware of Celestial Stealer: New MaaS Targets Browsers and Crypto Wallets A new report from Trellix Advanced Research Center has exposed the inner workings of Celestial Stealer, a sophisticated Malware-as-a-Service (MaaS) platform targeting developers, gamers, and cryptocurrency users. The JavaScript-based infostealer… Go to gbhackers.com
-
Ransomware-hit vodka maker Stoli files for bankruptcy in the United States
Ransomware-hit vodka maker Stoli files for bankruptcy in the United States Stoli Group USA, the US subsidiary of vodka maker Stoli, has filed for bankruptcy – and a ransomware attack is at least partly to blame. The American branch of Stoli, which imports and distributes Stoli brands in the United States, as well as the…
-
Tech support scams leverage Google ads again and again, fleecing unsuspecting internet users
Tech support scams leverage Google ads again and again, fleecing unsuspecting internet users It’s not a new technique, but that doesn’t mean that cybercriminals cannot make rich rewards from SEO poisoning. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley
-
Welcoming the Armenian Government to Have I Been Pwned
Welcoming the Armenian Government to Have I Been Pwned Today, we’re happy to welcome the 37th government to have full and free access to domain searches of their gov domains in Have I Been Pwned, Armenia. Armenia’s National Computer Incident Response Team AM-CERT now joins three dozen other national counterparts in gaining visibility into how…
-
Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects
Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects Go to gbhackers.com
-
Wyden and Schmitt Call for Investigation of Pentagon’s Phone Systems
Wyden and Schmitt Call for Investigation of Pentagon’s Phone Systems Go to gbhackers.com
-
CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat
CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say. Jai Vijayan, Contributing Writer Go to gbhackers.com
-
Veeam Urges Updates After Discovering Critical Vulnerability
Veeam Urges Updates After Discovering Critical Vulnerability The vulnerability affects certain versions of the Veeam Service Provider Console that can only be fixed by updating with the latest patch. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com
-
Pegasus Spyware Infections Proliferate Across iOS, Android Devices
Pegasus Spyware Infections Proliferate Across iOS, Android Devices The notorious spyware from Israel’s NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
Navigating the Changing Landscape of Cybersecurity Regulations
Navigating the Changing Landscape of Cybersecurity Regulations The evolving regulatory environment presents both challenges and opportunities for businesses. Michael McLaughlin Go to gbhackers.com
-
Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities
Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control. Stephen Lawton Go to gbhackers.com
-
Google Chrome Security Update, Patch for High-severity Vulnerability
Google Chrome Security Update, Patch for High-severity Vulnerability Google has released a significant security update for its Chrome browser, aiming to address several vulnerabilities and enhance user safety.The Stable channel has… Go to gbhackers.com