A loose coalition of anti-censorship voices is working to highlight reports of one Indian companyβs hacker-for-hire pastβand the legal threats aimed at making them disappear.
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat.
"The campaign deploys a benign container generated using the Commando project," Cado security researchers Nate Bill and Matt Muir said in a new report published today. "The attacker escapes this container and runs multiple payloads on the
Howβs your vulnerability management program doing? Is it effective? A success? Letβs be honest, without the right metrics or analytics, how can you tell how well youβre doing, progressing, or if youβre getting ROI? If youβre not measuring, how do you know itβs working?
And even if you are measuring, faulty reporting or focusing on the wrong metrics can create blind spots and make it harder to
The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign.
The existence of the botnet, dubbed KV-botnet, was first disclosed by the Black Lotus Labs team at
Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world since early September 2021.
The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the financially-motivated threat actor behind the campaign is actively adapting and
Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices.
This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE.
"CHAINLINE is a Python web shell backdoor that is
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component.
"An attacker with
By Dhruv Mehrotra, Andrew Couts β February 1st 2024 at 01:28
For nearly two years, police have been tracking down the culprit behind a wave of hoax threats. A digital trail took them to the door of a 17-year-old in California.
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.
"These container
Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild.
The list of vulnerabilities is as follows -
CVE-2024-21888 (CVSS score: 8.8) - A privilege escalation vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230.
"This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy.
Google-owned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics.
"UNC4990 operations generally involve widespread USB infection followed by the deployment of the
The SEC isnβt giving SaaS a free pass. Applicable public companies, known as βregistrants,β are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps connected to them.
The new cybersecurity mandates make no distinction between data exposed in a breach that was stored on-premise, in the
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc).
Tracked as CVE-2023-6246 (CVSS score: 7.8), the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have
GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a workspace.
Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10.
"An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to
The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans.
The findings come from CSIRT-CTI, which said the activities took place in November 2023 and January 2024 after artifacts in connection with the attacks were uploaded to the
Aerial drones have changed the war in Ukraine. Now, both Russiaβs and Ukraineβs militaries are deploying more unmanned ground robotsβand the two are colliding.
Each New Year introduces a new set of challenges and opportunities for strengthening our cybersecurity posture. It's the nature of the field β the speed at which malicious actors carry out advanced persistent threats brings a constant, evolving battle for cyber resilience. The excitement in cybersecurity lies in this continuous adaptation and learning, always staying one step ahead of potential
Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems.
The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and impact all versions of Junos OS. Two other shortcomings, CVE-2023-36846 and CVE-2023-
Members of Congress say the DOJ is funding the use of AI tools that further discriminatory policing practices. They're demanding higher standards for federal grants.
A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file.
The issue, tracked as CVE-2023-35636 (CVSS score: 6.5), was addressed by the tech giant as part of its Patch Tuesday updates for December 2023.
"In an email attack scenario, an attacker could exploit the
In nearly every segment of our lives, AI (artificial intelligence) now makes a significant impact: It can deliver better healthcare diagnoses and treatments; detect and reduce the risk of financial fraud; improve inventory management; and serve up the right recommendation for a streaming movie on Friday night. However, one can also make a strong case that some of AIβs most significant impacts
The U.S. National Security Agency (NSA) has admitted to buying internet browsing records from data brokers to identify the websites and apps Americans use that would otherwise require a court order, U.S. Senator Ron Wyden said last week.
"The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans' privacy are not just unethical, but illegal
Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems.
The malware-laced packages are named nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111. They have been uploaded by a threat actor named "WS."
"These
Plus: North Korean hackers get into generative AI, a phone surveillance tool that can monitor billions of devices gets exposed, and ambient light sensors pose a new privacy risk.
Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT.
The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin America-based financially motivated threat actor. The campaign has been active since at least 2021.
"Lures use Mexican Social
A California teenager who allegedly used the handle Torswats to carry out a nationwide swatting campaign is being extradited to Florida to face felony charges, WIRED has learned.
US spy agencies purchased Americansβ phone location data and internet metadata without a warrant but only admitted it after a US senator blocked the appointment of a new NSA director.
40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said.
The development comes nearly two months after Dunaev pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud.
"
Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device.
Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a
Newly disclosed breaches of Microsoft and Hewlett-Packard Enterprise highlight the persistent threat posed by Midnight Blizzard, a notorious Russian cyber-espionage group.
Cybersecurity researchers have shed light on the command-and-control (C2) server workings of a known malware family called SystemBC.
"SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP," Kroll said in an analysis published last week.
The risk
From repeatedly crippling thousands of gas stations to setting a steel mill on fire, Predatory Sparrowβs offensive hacking has now targeted Iranians with some of history's most aggressive cyberattacks.
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE).
The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the
Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks.
The findings come from Japanese company ITOCHU Cyber & Intelligence, which said the malware "has been updated with new features, as well as changes to the anti-analysis (analysis avoidance) techniques."
LODEINFO (versions 0.6.6 and 0.6.7
The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team.
Discover the full scope of digital threats in the Axur Report 2023/2024.
Overview
Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud email environment to exfiltrate mailbox data.
"The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,"
The Amazon-owned home surveillance company says it is shuttering a feature in its Neighbors app that allows police to request footage from users. But itβs not shutting out the cops entirely.
Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster.
The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters in the wild are estimated to be susceptible to the attack vector.
In
By Vas Panagiotopoulos β January 24th 2024 at 12:00
NSO Group, creator of the infamous Pegasus spyware, is spending millions on lobbying in Washington while taking advantage of the crisis in Gaza to paint itself as essential for global security.
In todayβs highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance.
Nudge Security is the worldβs first and only solution to address
Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank.
Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network as well as the theft and release of Personally Identifiable
A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user.
Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10.
"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal," Fortra&
Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems on which they were installed.
The modules named warbeast2000 and kodiak2k were published at the start of the month, attracting 412 and 1,281 downloads before they were taken down by the npm
As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track DDoS attacks. Gcoreβs broad, internationally distributed network of scrubbing centers allows them to follow attack trends over time. Read on to learn about DDoS attack trends for Q3βQ4 of 2023, and what they mean for developing a robust
Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums.
Fitzpatrick, who went by the online alias "pompompurin," was arrested in March 2023 in New York and was subsequently charged with conspiracy to commit access device fraud and possession of child pornography. He was later released on a
Appleβs iOS 17.3 introduces Stolen Device Protection to iPhones, which could stop phone thieves from taking over your accounts. Hereβs how to enable it right now.
Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023.
"ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity
Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate.
"Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know whether an attack was being performed
Police around the US say they're justified to run DNA-generated 3D models of faces through facial recognition tools to help crack cold cases. Everyone but the cops thinks thatβs a bad idea.
Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts.
The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix security researcher Gurumoorthi Ramanathan said in an analysis published last week.
The ZIP file contains
Plus: Microsoft says attackers accessed employee emails, Walmart fails to stop gift card fraud, βpig butcheringβ scams fuel violence in Myanmar, and more.
An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021.
"UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, and this latest example
Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments.
The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly
The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter.
The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files.
"The PDFs
Login
FreshRSS