FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdaySecurity

Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry

By Ravie Lakshmanan
A new botnet calledΒ Dark FrostΒ has been observed launching distributed denial-of-service (DDoS) attacks against the gaming industry. "The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices," Akamai security researcher Allen WestΒ saidΒ in a new technical analysis shared with The Hacker News. Targets include

Zyxel Issues Critical Security Patches for Firewall and VPN Products

By Ravie Lakshmanan
Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws – CVE-2023-33009 and CVE-2023-33010 – areΒ buffer overflow vulnerabilitiesΒ and are rated 9.8 out of 10 on the CVSS scoring system. A brief description of the two issues is below - CVE-2023-33009Β -

So the FBI 'persistently' abused its snoop powers. What's to worry about?

When is warrantless surveillance warranted?

Register Kettle If there's one thing that's more all the rage these days than this AI hype, it's warrantless spying by the Feds.…

  • May 25th 2023 at 14:30
  • β†—

Cynet Protects Hospital From Lethal Infection

By The Hacker News
A hospital with 2,000 employees in the E.U. deployed Cynet protections across its environment. The hospital was in the process of upgrading several expensive imaging systems that were still supported by Windows XP and Windows 7 machines. Cynet protections were in place on most of the Windows XP and Windows 7 machines during the upgrade process, ensuring that legacy operating systems would not

New PowerExchange Backdoor Used in Iranian Cyber Attack on UAE Government

By Ravie Lakshmanan
An unnamed government entity associated with the United Arab Emirates (U.A.E.) was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbedΒ PowerExchange. According to a new report from Fortinet FortiGuard Labs, the intrusion relied on email phishing as an initial access pathway, leading to the execution of a .NET

Alert: Brazilian Hackers Targeting Users of Over 30 Portuguese Banks

By Ravie Lakshmanan
A Brazilian threat actor is targeting more than 30 Portuguese financial institutions with information-stealing malware as part of a long-running campaign that commenced in 2021. "The attackers can steal credentials and exfiltrate users' data and personal information, which can be leveraged for malicious activities beyond financial gain," SentinelOne researchers Aleksandar Milenkoski and Tom

Webinar with Guest Forrester: Browser Security New Approaches

By The Hacker News
In today's digital landscape, browser security has become an increasingly pressing issue, making it essential for organizations to be aware of the latest threats to browser security. That's why the Browser Security platform LayerX is hostingΒ a webinarΒ featuring guest speaker Paddy Harrington, a senior analyst at Forrester and the lead author of Forrester's browser security report "Securing The

Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code

By Ravie Lakshmanan
The threat actors behind the nascentΒ BuhtiΒ ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. "While the group doesn't develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer designed to search for and archive specified file types," SymantecΒ saidΒ in a

Facial recog system used by Met Police shows racial bias at low thresholds

Tech used at King's Coronation employs higher thresholds on once-only watch-lists, Met tells MPs

The UK Parliament has heard that a facial recognition system used by the Metropolitan police during the King’s Coronation can exhibit racial bias at certain thresholds.…

  • May 25th 2023 at 10:34
  • β†—

Shedding light on AceCryptor and its operation

By Jakub Kaloč

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families

The post Shedding light on AceCryptor and its operation appeared first on WeLiveSecurity

China's Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected

By Ravie Lakshmanan
A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected,Β MicrosoftΒ andΒ the "Five Eyes" nationsΒ said on Wednesday. The tech giant's threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the nameΒ Volt Typhoon. The

Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware

By Ravie Lakshmanan
The Iranian threat actor known asΒ AgriusΒ is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations. Agrius, also known as Pink Sandstorm (formerly Americium), has aΒ track recordΒ of staging destructive data-wiping attacks aimed at Israel under the guise of ransomware infections. Microsoft has attributed the threat actor to Iran's Ministry of

The Security Hole at the Heart of ChatGPT and Bing

By Matt Burgess
Indirect prompt-injection attacks can leave people vulnerable to scams and data theft when they use the AI chatbots.

GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains

By Ravie Lakshmanan
Google on Wednesday announced theΒ 0.1 Beta versionΒ ofΒ GUACΒ (short for Graph for Understanding Artifact Composition) for organizations to secure their software supply chains. To that end, the search giant isΒ making availableΒ the open source framework as an API for developers to integrate their own tools and policy engines. GUACΒ aims to aggregate software security metadata from different sources

Five Eyes and Microsoft accuse China of attacking US infrastructure again

Defeating Volt Typhoon will be hard, because the attacks look like legit Windows admin activity

China has attacked critical infrastructure organizations in the US using a "living off the land" attack that hides offensive action among everyday Windows admin activity.…

  • May 25th 2023 at 03:30
  • β†—

This legit Android app turned into mic-snooping malware – and Google missed it

File-stealing nasty in my Play store? Preposterous!!1

Google Play has been caught with its cybersecurity pants down yet again after a once-legit Android screen-and-audio recorder app was updated to include malicious code that listened in on device microphones.…

  • May 24th 2023 at 23:58
  • β†—

China Hacks US Critical Networks in Guam, Raising Cyberwar Fears

By Andy Greenberg, Lily Hay Newman
Researchers say the state-sponsored espionage operation may also lay the groundwork for disruptive cyberattacks.

Philly Inquirer says Cuba ransomware gang's data leak claims are fake news

Now that's a Rocky relationship

The Philadelphia Inquirer has punched back at the Cuba ransomware gang after the criminals leaked what they said were files stolen from the newspaper.…

  • May 24th 2023 at 20:26
  • β†—

Ransomware tales: The MitM attack that really had a Man in the Middle

By Paul Ducklin
Another traitorous sysadmin story, this one busted by system logs that gave his game away...

Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry

By Ravie Lakshmanan
At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked asΒ Tortoiseshell, which is also called Crimson Sandstorm (previously Curium), Imperial Kitten, and TA456. "The infected

What to Look for When Selecting a Static Application Security Testing (SAST) Solution

By The Hacker News
If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing (SAST) solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on costs, reduces risk, and speeds time to development, delivery, and deployment of mission-critical

Data Stealing Malware Discovered in Popular Android Screen Recorder App

By Ravie Lakshmanan
Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app (APK package name "com.tsoft.app.iscreenrecorder"), which accrued over 50,000 installations, was first uploaded on September 19, 2021. The malicious functionality

Legion Malware Upgraded to Target SSH Servers and AWS Credentials

By Ravie Lakshmanan
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to compromise SSH servers and retrieve additional AWS-specific credentials from Laravel web applications,"

Digital security for the self‑employed: Staying safe without an IT team to help

By Phil Muncaster

Nobody wants to spend their time dealing with the fallout of a security incident instead of building up their business

The post Digital security for the self‑employed: Staying safe without an IT team to help appeared first on WeLiveSecurity

IT security analyst admits hijacking cyber attack to pocket ransom payments

Ashley Liles altered blackmail emails in bid to make off with Β£300,000 in Bitcoin

A former IT security analyst at Oxford Biomedica has admitted, five years after the fact, to turning to the dark side – by hijacking a cyber attack against his own company in an attempt to divert any ransom payments to himself.…

  • May 24th 2023 at 08:30
  • β†—

N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware

By Ravie Lakshmanan
The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat's (APT) continued abuse of DLL side-loading techniques to run arbitrary payloads

Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation

By Ravie Lakshmanan
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part of an espionage campaign. TheΒ intrusion set, attributed to a threat actor tracked by the authority as UAC-0063 since 2021, leverages phishing lures to deploy a variety of malicious tools on infected systems. The origins of the hacking crew are presently unknown. In

US bans North Korean outsourcer and its feisty freelancers

They do your work – usually from Russia and China – then send their wages home to pay for missiles

When businesses go shopping for IT services, North Korea-controlled companies probably struggle to make it into many lists.…

  • May 24th 2023 at 02:58
  • β†—

Apria Healthcare says potentially 2M people caught up in IT security breach

Took two years to tell us 'small number of emails' accessed

Personal and financial data describing almost 1.9 million Apria Healthcare patients and employees may have been accessed by crooks who breached the company's networks over a series of months in 2019 and 2021.…

  • May 23rd 2023 at 23:58
  • β†—

PyPI open-source code repository deals with manic malware maelstrom

By Paul Ducklin
Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future...

There’s Finally a Way to Improve Cloud Container Registry Security

By Lily Hay Newman
β€œContainer registries” are ubiquitous software clearinghouses, but they’ve been exposed for years. Chainguard says it now has a solution.

Dish confirms 300,000 people's data was exposed in February's attack

But don't worry – we know it was deleted. Hmm. How would you know that?

Dish Network has admitted that a February cybersecurity incident and associated multi-day outage led to the extraction of data on nearly 300,000 people, while also appearing to indirectly admit it may have paid cybercriminals to delete said data.…

  • May 23rd 2023 at 16:43
  • β†—

GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments

By Ravie Lakshmanan
Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor namedΒ GoldenJackal. Russian cybersecurity firm Kaspersky, which has beenΒ keeping tabsΒ on the group's activities since mid-2020, characterized the adversary as both capable and stealthy. The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq,

TikTok to let Oracle view source code, algorithm, and content moderation

It's all in the name of national security as Trump-era collab continues in Project Texas

TikTok, the social video platform used by around 150 million people in the US, is set to hand access to its source code, algorithm and content moderation material to Oracle in a bid to allay data protection and national security concerns stateside.…

  • May 23rd 2023 at 14:36
  • β†—
❌