FreshRSS

🔒
❌ About FreshRSS
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdaySecurity

Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures

By THN
A Russia-nexus adversary has been linked to 94 new domains starting March 2023, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities. Cybersecurity firm Recorded Future linked the revamped infrastructure to a threat actor it tracks under the name BlueCharlie, a hacking crew that's broadly known by the names Blue Callisto,

Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023

By THN
About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in the first half of

Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign

By THN
A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure. "Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook's Web Games platform,"

Top Industries Significantly Impacted by Illicit Telegram Networks

By The Hacker News
In recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries. One of the most notable platforms that has been host to many malicious actors and nefarious activities has been Telegram. Thanks to its accessibility, popularity, and user anonymity, Telegram has attracted a large number of threat actors driven by

Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan

By THN
Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments "The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with

Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers

By THN
Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. "Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S. sanctions – under the direction of someone going by the name Hassan Nozari," Halcyon said in a new

Australian Senate committee recommends bans on Chinese social media apps

WeChat accused of 'contempt for Parliament' as transparency rules floated for platforms

An Australian Senate Committee has recommended banning Chinese social media apps in the land down under, on grounds the Communist Party of China uses them to spread propaganda and misinformation.…

  • August 2nd 2023 at 06:30
  • ↗

Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability

By THN
Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian

Socket moves beyond JavaScript and Python and gets into Go

CEO, fresh with funds, lays out the dependency dilemma

Interview Open source security biz Socket is extending its source code dependency checker, which previously addressed only JavaScript and Python, by adding support for checking Go code.…

  • August 2nd 2023 at 01:58
  • ↗

Firefox fixes a flurry of flaws in the first of two releases this month

By Paul Ducklin
No zero-days, but some interesting patches with their very own "teachable moments".

Firefox

Bad news: Another data-leaking CPU flaw. Good news: It's utterly impractical

Collide+Power vulnerability leaks secrets bit by bit - but could take months or years to learn a useful secret

Boffins in Austria and Germany have devised a power-monitoring side-channel attack on modern computer chips that exposes sensitive data, but very slowly.…

  • August 1st 2023 at 17:00
  • ↗

New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets

By THN
Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency. Palo Alto Networks Unit 42 said it detected the previously undocumented strain as part of a campaign that commenced in December 2022. There is no evidence to suggest that the cyber offensive is currently active.

Mattress maker Tempur Sealy says it isolated tech system to contain cyber burglary

Sleeping giant says no sign yet personal info was stolen

Tempur Sealy, among the world's largest providers of bedding, has notified the Securities and Exchange Commission of a digital burglary by cyber crims that forced it to isolate parts of the tech infrastructure.…

  • August 1st 2023 at 14:31
  • ↗

European Bank Customers Targeted in SpyNote Android Trojan Campaign

By THN
Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023. "The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a combination of remote access trojan (RAT) capabilities and vishing attack," Italian cybersecurity

A New Attack Impacts ChatGPT—and No One Knows How to Stop It

By Will Knight
Researchers found a simple way to make ChatGPT, Bard, and other chatbots misbehave, proving that AI is hard to tame.

How AI May Be Used to Create Custom Disinformation Ahead of 2024

By Thor Benson
Generative AI won't just flood the internet with more lies—it may also create convincing disinformation that's targeted at groups or even individuals.

What is Data Security Posture Management (DSPM)?

By The Hacker News
Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture - regardless of where it's been duplicated or moved to. So, what is DSPM? Here's a quick example: Let's say you've built an excellent security posture for your cloud data. For the sake of this example, your data is in production, it's protected behind a

Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia

By THN
The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal. "The cybercriminals' main goals are still espionage and theft of confidential information, but the group has expanded its interests and the geography of its attacks," Positive

Quantum computing: Will it break crypto security within a few years?

Current cryptographic security methods watch out - quantum computing is coming for your lunch.
  • August 1st 2023 at 09:32
  • ↗

China's APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

By THN
A nation-state actor with links to China is suspected of being behind a series of attacks against industrial organizations in Eastern Europe that took place last year to siphon data stored on air-gapped systems. Cybersecurity company Kaspersky attributed the intrusions with medium to high confidence to a hacking crew called APT31, which is also tracked under the monikers Bronze Vinewood,

US military battling cyber threats from within and without

As if attacks from China weren't enough, one of the Air Force's own has reportedly gone rogue

The US government is fighting a pair of cyber security incidents, one involving Chinese spies who potentially gained access to crucial American computer networks and the other related to an Air Force engineer allegedly compromised communications security by stealing sensitive equipment and taking it home.…

  • August 1st 2023 at 07:29
  • ↗

China bans export of drones some countries have already banned anyway

Some say retaliation for sanctions, but Beijing says it just wants world peace

China introduced restrictions on Monday that mean would-be exporters will require a license to ship certain drones and related equipment out of the Middle Kingdom.…

  • August 1st 2023 at 06:00
  • ↗

Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan

By THN
Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware referred to as Ursnif (aka Gozi). "It is a sophisticated downloader with the objective of installing a second malware payload," Proofpoint said in a technical report. "The malware uses multiple mechanisms

White House: Losing Section 702 spy powers would be among 'worst intelligence failures of our time'

As expert panel suggests some tweaks to boost public's confidence in FISA

The White House has weighed in on the Section 702 debate, urging lawmakers to reauthorize, "without new and operationally damaging restrictions," the controversial snooping powers before they expire at the end of the year.…

  • July 31st 2023 at 19:58
  • ↗

SEC demands four-day disclosure limit for cybersecurity breaches

By Paul Ducklin
When is a ransomware attack a reportable matter? And how long have you got to decide?

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

By THN
The P2PInfect peer-to-peer (P2) worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security researchers Nate Bill and Matt Muir said in a report shared with The Hacker News. "A common attack

Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

By THN
Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also known by the names Operation Hangover and Zinc Emerson, is suspected to be a threat group that

Hikvision, Nvidia named in contract for 'Uyghur detection'

GPU giant says you can't stop secondary sales, surveillance gear maker maintains innocence

Updated Video surveillance equipment maker Hikvision was paid $6 million by the Chinese government last year to provide technology that could identify members of the nation's Uyghur people, a Muslim ethnic majority, according to physical security monitoring org IPVM.…

  • July 31st 2023 at 12:25
  • ↗

Webinar: Riding the vCISO Wave: How to Provide vCISO Services

By The Hacker News
Demand for Virtual CISO services is soaring. According to Gartner, the use of vCISO services among small and mid-size businesses and non-regulated enterprises was expected to grow by a whopping 1900% in just one year, from only 1% in 2021 to 20% in 2022! Offering vCISO services can be especially attractive for MSPs and MSSPs. By addressing their customers’ needs for proactive cyber resilience,

Apple iOS, Google Android Patch Zero-Days in July Security Updates

By Kate O'Flaherty
Plus: Mozilla fixes two high-severity bugs in Firefox, Citrix fixes a flaw that was used to attack a US-based critical infrastructure organization, and Oracle patches over 500 vulnerabilities.

AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service

By THN
More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) routers as part of a multi-year campaign active since at least May 2021. AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands and stealing victim's bandwidth for what appears to be an

Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT

By THN
Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT. "Among the software in question are various instruments for fine-tuning CPUs, graphic cards, and BIOS; PC hardware-monitoring tools; and some other apps," cybersecurity

What would sustainable security even look like?

Clue: Nothing like what’s on offer today

Opinion "There seems to be something wrong with our bloody ships today," fumed Admiral David Beatty during 1916's Battle of Jutland. Fair enough: three of the Royal Navy's finest vessels had just blown up and sank.…

  • July 31st 2023 at 08:30
  • ↗

Gathering dust and data: How robotic vacuums can spy on you

Mitigate the risk of data leaks with a careful review of the product and the proper settings.
  • July 26th 2023 at 10:40
  • ↗

Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable

By THN
Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data. The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack said in a report last week. Ninja Forms is installed on over 800,000 sites. A brief description
❌