no alarms and no surprises please..
-
Interpol Cyber-Fraud Action Nets More Than 5K Arrests
Interpol Cyber-Fraud Action Nets More Than 5K Arrests Chalk up another win for global cooperation among law enforcement, this time targeting seven types of cyber fraud, including voice phishing and business email compromise. Dark Reading Staff Go to gbhackers.com
-
Name That Edge Toon: Shackled!
Name That Edge Toon: Shackled! Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card. John Klossner Go to gbhackers.com
-
Does Your Company Need a Virtual CISO?
Does Your Company Need a Virtual CISO? With cybersecurity talent hard to come by and companies increasingly looking for guidance and best practices, virtual and fractional chief information security officers can make a lot of sense. Robert Lemos, Contributing Writer Go to gbhackers.com
-
2 UK Hospitals Targeted in Separate Cyberattacks
2 UK Hospitals Targeted in Separate Cyberattacks Alder Hey Children’s Hospital got hit with a ransomware attack, while the nature of an incident at Wirral University Teaching Hospital remains undisclosed. Dark Reading Staff Go to gbhackers.com
-
Incident Response Playbooks: Are You Prepared?
Incident Response Playbooks: Are You Prepared? The playbooks that accompany your incident response plan provide efficiency and consistency in responses, help reduce downtime and dwell time, and can be a cost-saving and reputational-saving measure for your organization. James Bruhl Go to gbhackers.com
-
Microsoft Boosts Device Security With Windows Resiliency Initiative
Microsoft Boosts Device Security With Windows Resiliency Initiative Microsoft is readying a new release of Windows in 2025 that will have significant security controls such as more resilient drivers and “self-defending” operating system kernel. Jeffrey Schwartz Go to gbhackers.com
-
Why Should Gamers Use a Proxy?
Why Should Gamers Use a Proxy? Feature Gaming Without Proxy Gaming With Proxy Ping and Latency High ping, leading to lag Reduced ping for smoother gameplay Geo-Restrictions Limited access to some servers Unblocks restricted gaming servers… Go to gbhackers.com
-
Beware Of Malicious PyPI Packages That Inject infostealer Malware
Beware Of Malicious PyPI Packages That Inject infostealer Malware Recent research uncovered a novel crypto-jacking attack targeting the Python Package Index (PyPI), where malicious actors uploaded a legitimate-seeming cryptocurrency client package, “aiocpa,” to… Go to gbhackers.com
-
Amazon GuardDuty Enhanced With AI/ML Threat Detection Capabilities for Cloud Security
Amazon GuardDuty Enhanced With AI/ML Threat Detection Capabilities for Cloud Security Amazon has taken a significant step forward to enhance the security of its cloud environment.The introduction of advanced AI/ML threat detection capabilities in… Go to gbhackers.com
-
Linux 6.13-rc1 Released: What’s New!
Linux 6.13-rc1 Released: What’s New! In a recent announcement, Linus Torvalds, the creator of Linux, officially released the first release candidate (RC1) for Linux kernel version 6.13.This release… Go to gbhackers.com
-
Windows Server 2012 0-day Vulnerability Exposes Critical Security Flaw
Windows Server 2012 0-day Vulnerability Exposes Critical Security Flaw Cybersecurity researchers have identified a critical 0-day vulnerability in Windows Server 2012 and Server 2012 R2.This previously unknown security flaw allows attackers to… Go to gbhackers.com
-
Apple Safari JavaScriptCore Remote Code Execution Flaw Exploited in the Wild
Apple Safari JavaScriptCore Remote Code Execution Flaw Exploited in the Wild A critical vulnerability identified as CVE-2024-44308 has been actively exploited in the wild, affecting multiple versions of Apple Safari across iOS, visionOS, and macOS… Go to gbhackers.com
-
Zero-Day Attack Alert: Corrupted Files Weaponized in New Attacks
Zero-Day Attack Alert: Corrupted Files Weaponized in New Attacks A new 0-day attack leverages file corruption to slip past antivirus and sandbox defenses. A sophisticated new phishing campaign is leveraging a novel technique to bypass traditional security measures, delivering… Go to gbhackers.com
-
Cyber Monday Scams: Unmasking the Shadows of Online Shopping
Cyber Monday Scams: Unmasking the Shadows of Online Shopping Cyber Monday, a day eagerly awaited by shoppers for its irresistible deals, has become a hunting ground for cybercriminals leveraging the surge in online activity to execute sophisticated scams. CloudSEK’s… Go to gbhackers.com
-
Bologna FC Suffers Major Data Breach in Ransomware Attack
Bologna FC Suffers Major Data Breach in Ransomware Attack Serie A club falls victim to RansomHub, exposing sensitive player, financial, and operational data. Bologna FC 1909 S.p.a. has officially confirmed a targeted ransomware attack on its internal security systems,… Go to gbhackers.com
-
Windows 10 ESU Cracked: Free Security Updates on the Horizon?
Windows 10 ESU Cracked: Free Security Updates on the Horizon? The MAS team, led by developer @Massgravel, has reportedly bypassed the paid Extended Security Updates (ESU) program for Windows 10, potentially allowing users to receive security updates for free even… Go to gbhackers.com
-
Microsoft Clarifies Windows 11 Installation on Unsupported Devices: Proceed with Caution
Microsoft Clarifies Windows 11 Installation on Unsupported Devices: Proceed with Caution Microsoft has updated its support documentation regarding Windows 11 installation on devices that don’t meet the minimum system requirements. While the company still advises against this practice, the updated documentation… Go to gbhackers.com
-
MediaTek Patches High-Severity Vulnerability in Smartphone Chipsets (CVE-2024-20125)
MediaTek Patches High-Severity Vulnerability in Smartphone Chipsets (CVE-2024-20125) MediaTek has released its latest Product Security Bulletin, addressing a high-severity vulnerability that could lead to unauthorized access and control of user devices. The vulnerability, identified as CVE-2024-20125, allows attackers… Go to gbhackers.com
-
Windows Server 2012 Users Beware: 0day Vulnerability Bypasses Mark of the Web Security
Windows Server 2012 Users Beware: 0day Vulnerability Bypasses Mark of the Web Security ACROS Security, the creators of 0patch micropatching technology, have uncovered a zero-day vulnerability affecting Windows Server 2012 and Server 2012 R2. This vulnerability allows malicious actors to circumvent the “Mark… Go to gbhackers.com
-
Critical Vulnerabilities Discovered in IBM Security Verify Access Appliance
Critical Vulnerabilities Discovered in IBM Security Verify Access Appliance Security researchers have disclosed multiple critical vulnerabilities affecting IBM Security Verify Access Appliance, a widely deployed solution for web application access management and authentication. IBM has issued a security bulletin… Go to gbhackers.com
-
Security Alert: Bootkitty Bootkit Targets Linux via UEFI Vulnerability (CVE-2023-40238)
Security Alert: Bootkitty Bootkit Targets Linux via UEFI Vulnerability (CVE-2023-40238) Security researchers from Binarly and ESET have uncovered “Bootkitty,” the first-ever UEFI bootkit designed to target Linux systems. This new threat exploits the LogoFAIL vulnerability (CVE-2023-40238), a UEFI firmware flaw,… Go to gbhackers.com
-
Hackers vs. LED Indicators: Why Tape Remains the Ultimate Camera Shield
Hackers vs. LED Indicators: Why Tape Remains the Ultimate Camera Shield A few years ago, a viral photo of Mark Zuckerberg’s laptop revealed a simple yet effective security measure: tape covering the webcam. It was a moment that ignited global conversations… Go to gbhackers.com
-
Operation “Code on Toast”: A Deep Dive into TA-RedAnt’s Exploitation of Zero-Day Flaw (CVE-2024-38178)
Operation “Code on Toast”: A Deep Dive into TA-RedAnt’s Exploitation of Zero-Day Flaw (CVE-2024-38178) North Korean-linked hacking group TA-RedAnt has been implicated in a sophisticated large-scale cyber attack dubbed “Operation Code on Toast,” targeting unsuspecting users through a novel Internet Explorer (IE) vulnerability. Security… Go to gbhackers.com
-
CVE-2024-52336 & CVE-2024-52337: Vulnerabilities in Linux Tuned Daemon
CVE-2024-52336 & CVE-2024-52337: Vulnerabilities in Linux Tuned Daemon The SUSE Security Team has uncovered two vulnerabilities in the Linux Tuned daemon, a critical tool for runtime hardware and kernel optimization. These vulnerabilities, tracked as CVE-2024-52336 (CVSS 7.8) and… Go to gbhackers.com
-
CVE-2024-11980 (CVSS 10): Critical Flaw in Billion Electric Routers
CVE-2024-11980 (CVSS 10): Critical Flaw in Billion Electric Routers TWCERT/CC disclosed multiple vulnerabilities affecting several Billion Electric router models, including the M100, M150, M120N, and M500. These vulnerabilities range in severity, with the most critical (CVE-2024-11980) receiving a CVSSv3… Go to gbhackers.com
-
Weekly Update 428
Weekly Update 428 I wouldn’t say this is a list of my favourite breaches from this year as that’s a bit of a disingenuous term, but oh boy were there some memorable ones. So many of the incidents I deal with are relatively benign in terms of either the data they expose or the nature…
-
Ransomware Developer Mikhail Matveev Arrested in Russia
Ransomware Developer Mikhail Matveev Arrested in Russia Russian authorities have arrested Mikhail Matveev, a notorious Russian hacker linked to multiple ransomware attacks worldwide.Matveev, who was also known by online aliases such… Go to gbhackers.com
-
Hackers Can Secretly Access ThinkPad Webcams by Disabling LED Indicator Light
Hackers Can Secretly Access ThinkPad Webcams by Disabling LED Indicator Light In a presentation at the POC 2024 conference, cybersecurity expert Andrey Konovalov revealed a novel method for covertly disabling the LED indicator of the… Go to gbhackers.com
-
SpyLoan Android malware on Google play installed 8 million times
SpyLoan Android malware on Google play installed 8 million times A new set of 15 SpyLoan Android malware apps with over 8 million installs was discovered on Google Play, targeting primarily users from South America, Southeast Asia, and Africa. […] Bill Toulas Go to bleepingcomputer
-
Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested
Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a…
-
why CAs?
https://follow.agwa.name/notice/AoZSMI38xcA3TrN1sm
-
CVE-2024-8672 (CVSS 9.9): Critical Flaw in Widget Options Plugin Threatens 100,000+ Websites
CVE-2024-8672 (CVSS 9.9): Critical Flaw in Widget Options Plugin Threatens 100,000+ Websites A critical security vulnerability (CVE-2024-8672) in the popular “Widget Options” plugin, which boasts over 100,000 active installations, has been patched in the latest release (version 4.0.8). This vulnerability, assigned a… Go to gbhackers.com
-
Over-the-Air Vulnerabilities in Advantech EKI Access Points Put Industrial Networks at Risk
Over-the-Air Vulnerabilities in Advantech EKI Access Points Put Industrial Networks at Risk Industrial environments are increasingly relying on wireless technologies to power critical operations. However, a recent report from Nozomi Networks Labs reveals that this technological shift is exposing industrial networks to… Go to gbhackers.com
-
i can only plug for them
https://sfconservancy.org/news/2024/nov/29/openwrt-one-wireless-router-now-ships-black-friday/ my APs are still in working condition..
-
600,000+ Sensitive Records Exposed From Background Checks Service Provider
600,000+ Sensitive Records Exposed From Background Checks Service Provider A publicly exposed database has left the sensitive information of hundreds of thousands of individuals vulnerable to potential misuse.Not protected by passwords or encryption,… Go to gbhackers.com
-
Uniswap Labs to Offer $15.5 Million Bounty for Bug Hunters
Uniswap Labs to Offer $15.5 Million Bounty for Bug Hunters Uniswap Labs has launched a $15.5 million bug bounty program to ensure the security of its latest protocol, Uniswap v4.This substantial bounty is… Go to gbhackers.com
-
New Phishing Attack Targeting Corporate Internet Banking Users
New Phishing Attack Targeting Corporate Internet Banking Users A sophisticated phishing scam has surfaced in Japan, targeting corporate internet banking users.This attack, which has rapidly gained attention nationwide, involves fraudsters impersonating… Go to gbhackers.com
-
New Rockstar 2FA phishing service targets Microsoft 365 accounts
New Rockstar 2FA phishing service targets Microsoft 365 accounts A new phishing-as-a-service (PhaaS) platform named ‘Rockstar 2FA’ has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. […] Bill Toulas Go to bleepingcomputer
-
Russia arrests cybercriminal Wazawaka for ties with ransomware gangs
Russia arrests cybercriminal Wazawaka for ties with ransomware gangs Russian law enforcement has arrested and indicted notorious ransomware affiliate Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for developing malware and his involvement in several hacking groups. […] Sergiu Gatlan Go to bleepingcomputer
-
Bologna FC confirms data breach after RansomHub ransomware attack
Bologna FC confirms data breach after RansomHub ransomware attack Bologna Football Club 1909 has confirmed it suffered a ransomware attack after its stolen data was leaked online by the RansomHub extortion group. […] Bill Toulas Go to bleepingcomputer
-
New Windows Server 2012 zero-day gets free, unofficial patches
New Windows Server 2012 zero-day gets free, unofficial patches Free unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism. […] Sergiu Gatlan Go to bleepingcomputer
-
TR-24-1875 (Microsoft Copilot Studio Güvenlik Bildirimi)
TR-24-1875 (Microsoft Copilot Studio Güvenlik Bildirimi) Go to usom.gov
-
TR-24-1874 (IBM Engineering Systems Design Rhapsody – Model Manager Güvenlik Bildirimi)
TR-24-1874 (IBM Engineering Systems Design Rhapsody – Model Manager Güvenlik Bildirimi) Go to usom.gov
-
TR-24-1873 (Pandora FMS Güvenlik Bildirimi)
TR-24-1873 (Pandora FMS Güvenlik Bildirimi) Go to usom.gov
-
TR-24-1872 (H3C GR-1800AX Güvenlik Zafiyeti)
TR-24-1872 (H3C GR-1800AX Güvenlik Zafiyeti) Go to usom.gov
-
TR-24-1871 (WordPress Eklenti Güvenlik Bildirimi)
TR-24-1871 (WordPress Eklenti Güvenlik Bildirimi) Go to usom.gov
-
AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections
AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections A Moscow-based company sanctioned by the U.S. earlier this year has been linked to yet another influence operation designed to turn public opinion against Ukraine and erode Western support since at least December 2023. The covert campaign undertaken by Social Design Agency (SDA),…
-
Protecting Tomorrow’s World: Shaping the Cyber-Physical Future
Protecting Tomorrow’s World: Shaping the Cyber-Physical Future The lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025, we explored the different factors shaping the cyber-physical future. In an insightful conversation…
-
Phishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks
Phishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. “This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even…
-
Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks
Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an “Exploitation Detected” assessment is…
-
Friday Squid Blogging: Squid-Inspired Needle Technology
Friday Squid Blogging: Squid-Inspired Needle Technology Interesting research: Using jet propulsion inspired by squid, researchers demonstrate a microjet system that delivers medications directly into tissues, matching the effectiveness of traditional needles. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
Race Condition Attacks against LLMs
Race Condition Attacks against LLMs These are two attacks against the system components surrounding LLMs: We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be bypassed, and more about whether user inputs…
-
CVE-2024-52338: Critical Security Flaw in Apache Arrow R Package Allows Arbitrary Code Execution
CVE-2024-52338: Critical Security Flaw in Apache Arrow R Package Allows Arbitrary Code Execution The Apache Software Foundation has addressed a critical security vulnerability (CVE-2024-52338) in the Apache Arrow R package. This vulnerability, impacting versions 4.0.0 through 16.1.0, could allow attackers to execute arbitrary… Go to gbhackers.com
-
Malicious PyPI Package Targets Cryptocurrency Wallets: aiocpa Campaign Exposed
Malicious PyPI Package Targets Cryptocurrency Wallets: aiocpa Campaign Exposed Cybersecurity researchers at ReversingLabs have uncovered a stealthy supply chain attack targeting cryptocurrency wallets via the PyPI repository. The malicious package, named aiocpa, posed as a legitimate crypto client tool,… Go to gbhackers.com
-
ShadowHound: Enhancing Active Directory Reconnaissance with a Stealthy and Efficient Ingestor
ShadowHound: Enhancing Active Directory Reconnaissance with a Stealthy and Efficient Ingestor Abstract In the realm of offensive security assessments, the need for discreet and effective Active Directory (AD) reconnaissance is paramount. Traditional methods often rely on introducing external binaries, increasing the… Go to gbhackers.com
-
UK hospital, hit by cyberattack, resorts to paper and postpones procedures
UK hospital, hit by cyberattack, resorts to paper and postpones procedures A British hospital is grappling with a major cyberattack that has crippled its IT systems and disrupted patient care. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
How AI Is Enhancing Security in Ridesharing
How AI Is Enhancing Security in Ridesharing Whether it’s detecting fraudulent activity, preventing phishing, or protecting sensitive data, AI is transforming cybersecurity in ridesharing. Rachita Naik Go to gbhackers.com
-
Ransomware Gangs Seek Pen Testers to Boost Quality
Ransomware Gangs Seek Pen Testers to Boost Quality Qualified applicants must be able to test ransomware encryption and find bugs that might enable defenders to jailbreak the malware. Robert Lemos, Contributing Writer Go to gbhackers.com
-
UK Healthcare Provider Hit by Cyberattack, Services Affected
UK Healthcare Provider Hit by Cyberattack, Services Affected Wirral University Teaching Hospital in the UK has been hit by a targeted cyberattack, leading to the declaration of a major incident.The cyberattack has… Go to gbhackers.com
-
Zyxel Firewall Vulnerability Actively Exploited in Attacks
Zyxel Firewall Vulnerability Actively Exploited in Attacks Zyxel has announced awareness of active exploitation attempts by threat actors targeting their firewall products.This follows a detailed report by cybersecurity firm Sekoia… Go to gbhackers.com
-
Researchers Detailed New Exfiltration Techniques Used By Ransomware Groups
Researchers Detailed New Exfiltration Techniques Used By Ransomware Groups Ransomware groups and state-sponsored actors increasingly exploit data exfiltration to maximize extortion and intelligence gains by leveraging a mix of custom and legitimate tools… Go to gbhackers.com
-
New Skimmer Malware Steals Credit Card Data From Checkout Pages
New Skimmer Malware Steals Credit Card Data From Checkout Pages A JavaScript-based malware targeting Magento eCommerce websites has been identified, which is designed to skim payment card details and activates exclusively on checkout pages. The… Go to gbhackers.com
-
SMOKEDHAM Backdoor Mimic As Legitimate Tools Leveraging Google Drive & Dropbox
SMOKEDHAM Backdoor Mimic As Legitimate Tools Leveraging Google Drive & Dropbox UNC2465, a financially motivated threat actor, leverages the SMOKEDHAM backdoor to gain initial access to target networks, which are often delivered via phishing emails,… Go to gbhackers.com
-
Tor needs 200 new WebTunnel bridges to fight censorship
Tor needs 200 new WebTunnel bridges to fight censorship The Tor Project has put out an urgent call to the privacy community asking volunteers to help deploy 200 new WebTunnel bridges by the end of the year to fight government censorship. […] Bill Toulas Go to bleepingcomputer
-
UK hospital network postpones procedures after cyberattack
UK hospital network postpones procedures after cyberattack Major UK healthcare provider Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, has suffered a cyberattack that caused a systems outage leading to postponing appointments and scheduled procedures. […] Bill Toulas Go to bleepingcomputer
-
U.S. Citizen Sentenced for Spying on Behalf of China’s Intelligence Agency
U.S. Citizen Sentenced for Spying on Behalf of China’s Intelligence Agency A 59-year-old U.S. citizen who immigrated from the People’s Republic of China (PRC) has been sentenced to four years in prison for conspiring to act as a spy for the country and sharing sensitive information about his employer with China’s principal civilian intelligence agency.…
-
Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP
Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. “These vulnerabilities pose significant risks, allowing unauthenticated remote code execution…
-
The Future of Serverless Security in 2025: From Logs to Runtime Protection
The Future of Serverless Security in 2025: From Logs to Runtime Protection Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and…
-
XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner
XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems. The…
-
Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware
Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. “Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands…
-
CVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited
CVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited CERT Germany (CERT-Bund) and Zyxel have warned of actively exploiting a critical vulnerability in Zyxel firewalls. This vulnerability tracked as CVE-2024-11667, is being leveraged to deploy Helldown ransomware, with initial… Go to gbhackers.com
-
Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC
Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC Security researchers from TrustedSec have uncovered a critical zero-day vulnerability, CVE-2024-49019, affecting Active Directory Certificate Services (AD CS). This flaw exploits a feature of version 1 certificate templates, allowing attackers… Go to gbhackers.com
-
Evasive Malware Campaign Leverages CleverSoar Installer & Nidhogg Rootkit
Evasive Malware Campaign Leverages CleverSoar Installer & Nidhogg Rootkit Rapid7 Labs has uncovered a sophisticated malware campaign employing the newly identified CleverSoar installer, a highly evasive threat targeting Chinese and Vietnamese-speaking users. With advanced evasion techniques and layered malicious… Go to gbhackers.com
-
Malicious npm Packages Threaten Crypto Developers: Keylogging and Wallet Theft Revealed
Malicious npm Packages Threaten Crypto Developers: Keylogging and Wallet Theft Revealed Researchers at Socket have uncovered a malicious campaign targeting crypto developers. The attacker, operating under the pseudonym “topnotchdeveloper12”, has published three malicious npm packages—crypto-keccak, crypto-jsonwebtoken, and crypto-bignumber—that mimic legitimate cryptographic… Go to gbhackers.com
-
Integer Overflow Vulnerability in Windows Driver Enables Privilege Escalation, PoC Published
Integer Overflow Vulnerability in Windows Driver Enables Privilege Escalation, PoC Published An independent researcher has uncovered a critical vulnerability in the ksthunk.sys driver, a component of the Windows operating system responsible for facilitating 32-bit to 64-bit process communications. The flaw, which… Go to gbhackers.com
-
‘Operation Undercut’ Adds to Russia Malign Influence Campaigns
‘Operation Undercut’ Adds to Russia Malign Influence Campaigns Just like Russia’s Doppelgänger effort, the goal is to spread misinformation about Ukraine and Western efforts to help Ukraine in its war with Russia. Jai Vijayan, Contributing Writer Go to gbhackers.com
-
Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday
Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
How Learning to Fly Made Me a Better Cybersecurity CEO
How Learning to Fly Made Me a Better Cybersecurity CEO The lessons I’ve learned soaring through the skies have extended far beyond the runway. Yochai Corem Go to gbhackers.com
-
Russian Script Kiddie Assembles Massive DDoS Botnet
Russian Script Kiddie Assembles Massive DDoS Botnet Over the past year, “Matrix” has used publicly available malware tools and exploit scripts to target weakly secured IoT devices — and enterprise servers. Jai Vijayan, Contributing Writer Go to gbhackers.com
-
News Desk 2024: The Rise of Cybersecurity Platforms
News Desk 2024: The Rise of Cybersecurity Platforms Enterprise cybersecurity teams tell Omdia’s Maxine Holt that they want to dig out from underneath mounting tech and pivot to a simpler platform model — but they are finding that tricky to pull off. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Mimic ransomware: what you need to know
Mimic ransomware: what you need to know What makes Mimic particularly unusual is that it exploits the API of a legitimate Windows file search tool (“Everything” by Voidtools) to quickly locate files for encryption. Find out more about the threat in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley
-
is endemic?
Damien Hinds, a former prisons minister, said about 40% of prison officers did not turn up for their shift at Wandsworth on the day of Khalife’s escape, but the Ministry of Justice insisted it had been adequately staffed.
-
Critical Jenkins Vulnerability Let Attackers Trigger DoS & Inject Scripts
Critical Jenkins Vulnerability Let Attackers Trigger DoS & Inject Scripts A series of vulnerabilities have been identified, posing significant risks to the system’s security.These vulnerabilities could allow attackers to trigger denial of service… Go to gbhackers.com
-
Microsoft Re-Releasing Exchange Server Nov 2024 Security Update Fixing Transport Rules
Microsoft Re-Releasing Exchange Server Nov 2024 Security Update Fixing Transport Rules Microsoft has re-released the November 2024 Security Update (SU) with enhancements to rectify problems encountered with transport rules.Originally rolled out on November 12,… Go to gbhackers.com
-
New Windows 11 Vulnerability Lets Attackers Elevate Privileges
New Windows 11 Vulnerability Lets Attackers Elevate Privileges A new vulnerability has been discovered in Windows 11, specifically affecting the 23H2 version.This vulnerability is identified in the ksthunk.sys driver, allows attackers to exploit… Go to gbhackers.com
-
“Bootkitty” – A First Ever UEFI Bootkit Attack Linux Systems
“Bootkitty” – A First Ever UEFI Bootkit Attack Linux Systems Cybersecurity researchers have uncovered the first-ever UEFI bootkit designed to target Linux systems.This discovery, named ‘Bootkitty’, marks a new chapter in UEFI threats,… Go to gbhackers.com
-
Matrix, A Single Actor Orchestrate Global DDOS Attack Campaign
Matrix, A Single Actor Orchestrate Global DDOS Attack Campaign Cybersecurity researchers have uncovered a widespread Distributed Denial-of-Service (DDoS) campaign attributed to a threat actor using the alias “Matrix.”This campaign, characterized by its… Go to gbhackers.com
-
Microsoft re-releases Exchange updates after fixing mail delivery
Microsoft re-releases Exchange updates after fixing mail delivery Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. […] Sergiu Gatlan Go to bleepingcomputer
-
Hackers abuse popular Godot game engine to infect thousands of PCs
Hackers abuse popular Godot game engine to infect thousands of PCs Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months. […] Sergiu Gatlan Go to bleepingcomputer
-
Hackers exploit ProjectSend flaw to backdoor exposed servers
Hackers exploit ProjectSend flaw to backdoor exposed servers Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. […] Bill Toulas Go to bleepingcomputer
-
Zello asks users to reset passwords after security incident
Zello asks users to reset passwords after security incident Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach. […] Lawrence Abrams Go to bleepingcomputer
-
Microsoft says it’s not using your Word, Excel data for AI training
Microsoft says it’s not using your Word, Excel data for AI training Microsoft has denied claims that it uses Microsoft 365 apps (including Word, Excel, and PowerPoint) to collect data to train the company’s artificial intelligence (AI) models. […] Sergiu Gatlan Go to bleepingcomputer
-
U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider
U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider U.S. telecom service provider T-Mobile said it recently detected attempts made by bad actors to infiltrate its systems in recent weeks but noted that no sensitive data was accessed. These intrusion attempts “originated from a wireline provider’s network that was connected to ours,” Jeff…
-
Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers
Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially…
-
Researchers Discover “Bootkitty” – First UEFI Bootkit Targeting Linux Kernels
Researchers Discover “Bootkitty” – First UEFI Bootkit Targeting Linux Kernels Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there…
-
Latest Multi-Stage Attack Scenarios with Real-World Examples
Latest Multi-Stage Attack Scenarios with Real-World Examples Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let’s examine real-world examples of some of the most…
-
APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign
APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That’s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google…
-
NSO Group Spies on People on Behalf of Governments
NSO Group Spies on People on Behalf of Governments The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now we’ve learned that that’s not true: that NSO Group employees operate the…
-
Hacker in Snowflake Extortions May Be a U.S. Soldier
Hacker in Snowflake Extortions May Be a U.S. Soldier Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this…
-
Feds Charge Five Men in ‘Scattered Spider’ Roundup
Feds Charge Five Men in ‘Scattered Spider’ Roundup Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio. A visual depiction of…