Tag: thehackersnews

  • LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

    LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel…

  • Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

    Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence…

  • Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

    Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the…

  • Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

    Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks,…

  • Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

    Thousands Download Malicious npm Libraries Impersonating Legitimate Tools Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. “While…

  • CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

    CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked…

  • Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

    Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect.  The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug…

  • Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

    Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. It…

  • Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

    Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it’s issuing the advisory after “several customers” reported anomalous behavior on their Session…

  • APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

    APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities,…

  • Not Your Old ActiveState: Introducing our End-to-End OS Platform

    Not Your Old ActiveState: Introducing our End-to-End OS Platform Having been at ActiveState for nearly eight years, I’ve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises manage open…

  • Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

    Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with…

  • HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft

    HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims’ Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing…

  • ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

    ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendor…

  • Even Great Companies Get Breached — Find Out Why and How to Stop It

    Even Great Companies Get Breached — Find Out Why and How to Stop It Even the best companies with the most advanced tools can still get hacked. It’s a frustrating reality: you’ve invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen. So, what’s going wrong? The truth is,…

  • Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

    Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link…

  • Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

    Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. “An attacker used social engineering via a Microsoft Teams call to impersonate a user’s client and gain remote access to their system,” Trend…

  • Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

    Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with…

  • Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

    Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what’s the latest financial hit the company has taken for…

  • New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

    New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. “The main goal of…

  • Data Governance in DevOps: Ensuring Compliance in the AI Era

    Data Governance in DevOps: Ensuring Compliance in the AI Era With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we’ll explore…

  • ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

    ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there’s a lot that might have flown under your radar. Attackers are adapting old tricks,…

  • NoviSpy Spyware Installed on Journalist’s Phone After Unlocking It With Cellebrite Tool

    NoviSpy Spyware Installed on Journalist’s Phone After Unlocking It With Cellebrite Tool A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. “NoviSpy allows for capturing sensitive personal data from a target’s phone after…

  • DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

    DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. “Entirely reliant on a single ad network for propagation,…

  • Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

    Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia’s Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of “quest games.” Law enforcement officials said that it…

  • Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

    Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. “The target of the threat actors were Thailand officials based on the nature of the lures,” Nikhil…

  • Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action

    Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action Germany’s Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between…

  • Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

    Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt…

  • 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

    390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat…

  • DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

    DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People’s Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity…

  • How to Generate a CrowdStrike RFM Report With AI in Tines

    How to Generate a CrowdStrike RFM Report With AI in Tines Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform.  Their bi-annual…

  • Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

    Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms Iran-affiliated threat actors have been linked to a new custom malware that’s geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control…

  • SaaS Budget Planning Guide for IT Professionals

    SaaS Budget Planning Guide for IT Professionals SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it’s no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect…

  • Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

    Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS Details have emerged about a now-patched security vulnerability in Apple’s iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in…

  • Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet States

    Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet States The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. “BoneSpy and PlainGnome target former Soviet…

  • Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

    Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. “Prometheus servers or exporters, often lacking proper authentication, allowed attackers…

  • WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

    WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior…

  • What is Nudge Security and How Does it Work?

    What is Nudge Security and How Does it Work? Regain control of SaaS sprawl with Day One discovery of all SaaS and GenAI accounts along with workflows to help you mitigate security risks, curb rogue app usage, and manage SaaS spend. In today’s highly distributed workplace, every employee has the ability to act as their…

  • ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

    ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. “Zloader 2.9.4.0 adds notable improvements…

  • Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

    Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts Cybersecurity researchers have flagged a “critical” security vulnerability in Microsoft’s multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim’s account. “The bypass was simple: it took around an hour to execute, required no user…

  • New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

    New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. “To exploit this technique, a user must be convinced to run a program…

  • Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

    Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed…

  • Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

    Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the…

  • Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

    Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows – CVE-2024-11639 (CVSS score: 10.0) – An authentication…

  • U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

    U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been…

  • The Future of Network Security: Automated Internal and External Pentesting

    The Future of Network Security: Automated Internal and External Pentesting In today’s rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution,…

  • Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

    Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam Cybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing) campaign that’s designed to distribute an updated version of the Antidot banking trojan. “The attackers presented themselves as recruiters, luring unsuspecting victims with job offers,” Zimperium zLabs Vishnu Pratapagiri researcher said in…

  • Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

    Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. “Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious…

  • Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions

    Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions Identity security is all the rage right now, and rightfully so. Securing identities that access an organization’s resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security…

  • Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

    Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim’s account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled…

  • ⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 – 8)

    ⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 – 8) This week’s cyber world is like a big spy movie. Hackers are breaking into other hackers’ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are…

  • Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

    Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. “Users within the target environment will be email bombed by…

  • Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

    Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok In a historic decision, Romania’s constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference. As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take…

  • Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals’ Data

    Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals’ Data Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. “The threat actors behind the malware have set up fake…

  • Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

    Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package…

  • Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

    Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots…

  • Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

    Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that’s designed to…

  • More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

    More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation. This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a…

  • Conquering the Complexities of Modern BCDR

    Conquering the Complexities of Modern BCDR The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures that go beyond traditional backup solutions to address the intricacies of today’s complex…

  • Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

    Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the…

  • FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine

    FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and…

  • Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor

    Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. “Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows…

  • Want to Grow Vulnerability Management into Exposure Management? Start Here!

    Want to Grow Vulnerability Management into Exposure Management? Start Here! Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach…

  • Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers

    Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale. The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of…

  • Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

    Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713…

  • This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

    This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. “DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and…

  • 7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

    7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud’s flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also…

  • Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

    Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that’s created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in…

  • Russia-Linked Turla Exploits Pakistani Hackers’ Servers to Target Afghan and Indian Entities

    Russia-Linked Turla Exploits Pakistani Hackers’ Servers to Target Afghan and Indian Entities The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, first observed…

  • CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

    CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as…

  • NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions

    NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, codenamed Operation Destabilise,…

  • NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

    NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. “By targeting the implicit trust VPN clients place in servers,…

  • Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

    Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA’s WebVPN login page that could allow…

  • Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

    Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. “The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook’s spam filters, allowing…

  • Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

    Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2.…

  • Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

    Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0.…

  • Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads

    Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The…

  • 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play

    8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs. “These PUP (potentially unwanted programs) applications use social…

  • THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 – Dec 1)

    THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 – Dec 1) Ever wonder what happens in the digital world every time you blink? Here’s something wild – hackers launch about 2,200 attacks every single day, which means someone’s trying to break into a system somewhere every 39 seconds. And get this – while…

  • SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan

    SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. “SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks,” Fortinet FortiGuard…

  • A Guide to Securing AI App Development: Join This Cybersecurity Webinar

    A Guide to Securing AI App Development: Join This Cybersecurity Webinar Artificial Intelligence (AI) is no longer a far-off dream—it’s here, changing the way we live. From ordering coffee to diagnosing diseases, it’s everywhere. But while you’re creating the next big AI-powered app, hackers are already figuring out ways to break it. Every AI app…

  • Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested

    Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a…

  • Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks

    Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an “Exploitation Detected” assessment is…

  • Phishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks

    Phishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. “This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even…

  • Protecting Tomorrow’s World: Shaping the Cyber-Physical Future

    Protecting Tomorrow’s World: Shaping the Cyber-Physical Future The lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025, we explored the different factors shaping the cyber-physical future. In an insightful conversation…

  • AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections

    AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections A Moscow-based company sanctioned by the U.S. earlier this year has been linked to yet another influence operation designed to turn public opinion against Ukraine and erode Western support since at least December 2023. The covert campaign undertaken by Social Design Agency (SDA),…

  • Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware

    Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. “Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands…

  • XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

    XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems. The…

  • The Future of Serverless Security in 2025: From Logs to Runtime Protection

    The Future of Serverless Security in 2025: From Logs to Runtime Protection Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and…

  • Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

    Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. “These vulnerabilities pose significant risks, allowing unauthenticated remote code execution…

  • U.S. Citizen Sentenced for Spying on Behalf of China’s Intelligence Agency

    U.S. Citizen Sentenced for Spying on Behalf of China’s Intelligence Agency A 59-year-old U.S. citizen who immigrated from the People’s Republic of China (PRC) has been sentenced to four years in prison for conspiring to act as a spy for the country and sharing sensitive information about his employer with China’s principal civilian intelligence agency.…

  • Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers

    Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially…

  • U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider

    U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider U.S. telecom service provider T-Mobile said it recently detected attempts made by bad actors to infiltrate its systems in recent weeks but noted that no sensitive data was accessed. These intrusion attempts “originated from a wireline provider’s network that was connected to ours,” Jeff…

  • APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign

    APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That’s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google…

  • Latest Multi-Stage Attack Scenarios with Real-World Examples

    Latest Multi-Stage Attack Scenarios with Real-World Examples Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let’s examine real-world examples of some of the most…

  • Researchers Discover “Bootkitty” – First UEFI Bootkit Targeting Linux Kernels

    Researchers Discover “Bootkitty” – First UEFI Bootkit Targeting Linux Kernels Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there…

  • Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats

    Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That’s why Intruder, a leader in attack surface management, built Intel – a free vulnerability intelligence platform designed to help you act fast and…

  • Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

    Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score…

  • Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign

    Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. “This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities,…

  • Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

    Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.  Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the…