Port 22

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
October 5, 2024

Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with

U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown
October 4, 2024

Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. “The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials

How to Get Going with CTEM When You Don't Know Where to Start
October 4, 2024

Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities -

Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors
October 4, 2024

Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The web infrastructure and security company said it fended off “over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
October 4, 2024

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was

Scam Information and Event Management
October 4, 2024

Malicious actors are spreading miners through fake websites with popular software, Telegram channels and YouTube, installing Wazuh SIEM agent on victims’ devices for persistence.

Android 14 Adds New Security Features to Block 2G Exploits and Baseband Attacks
October 3, 2024

Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that’s responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface. “This

Disrupting COLDRIVER: U.S. court orders seizure of domains used in Russian cyberattacks
October 3, 2024

Microsoft’s Digital Crimes Unit takes legal action to dismantle Russia-based threat actor COLDRIVER following a joint investigation by The Citizen Lab and Access Now. In August, The Citizen Lab, jointly with Access Now, in collaboration with First Department, Arjuna Team, and RESIDENT.ngo, published a report that uncovered two distinct spear-phishing campaigns targeting members of Russian… Read more »

The Secret Weakness Execs Are Overlooking: Non-Human Identities
October 3, 2024

For years, securing a companys systems was synonymous with securing its perimeter. There was what was safe inside and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking
October 3, 2024

Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. “Perfctl is particularly elusive and persistent, employing several sophisticated techniques,” Aqua security researchers Assaf Morag and Idan Revivo said in a report shared with The Hacker News. “When a new user logs

A Single Cloud Compromise Can Feed an Army of AI Sex Bots
October 3, 2024

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.

North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks
October 3, 2024

Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries. The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37, which is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima,

INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa
October 3, 2024

INTERPOL has announced the arrest of eight individuals in Cte d’Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said. One such threat involved a large-scale phishing scam targeting Swiss citizens that resulted in financial losses to the tune

LockBit Ransomware and Evil Corp Leaders Arrested and Sanctioned in Joint Global Effort
October 3, 2024

A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K. who

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch
October 3, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity. “An

Fake Trading Apps Target Victims Globally via Apple App Store and Google Play
October 2, 2024

A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB. The campaign is part of a consumer investment fraud scheme that’s also widely known as pig butchering, in which prospective victims are lured into making investments in cryptocurrency or other financial

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration
October 2, 2024

A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. “The

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals
October 2, 2024

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applicant lures. “A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor infection,”

Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities
October 2, 2024

A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. “These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks,” Forescout

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit
October 2, 2024

Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,

5 Must-Have Tools for Effective Dynamic Malware Analysis
October 2, 2024

Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease.

  1. Interactivity Having the ability to interact with the

Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations
October 2, 2024

Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. “While the attackers didn’t succeed in deploying ransomware on the networks of any of the organizations affected, it is likely that the attacks were financially motivated,” Symantec, part of Broadcom, said in a

Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw
October 2, 2024

Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor’s Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a severe security flaw in its postjournal service that could enable unauthenticated attackers to

PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data
October 2, 2024

A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets. “The attack targeted users of Atomic, Trust Wallet, Metamask, Ronin, TronLink, Exodus, and other prominent wallets in the crypto ecosystem,”

AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition
October 1, 2024

The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what’s called “Seed Phrase Image Recognition.” “This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in

5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage
October 1, 2024

Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security

Page 1 of 338 Older Posts →