Port 22

The Julian Assange Saga Is Finally Over
June 25, 2024

WikiLeaks founder Julian Assange has agreed to plead guilty to one count of espionage in US court on Wednesday, ending a years-long legal battle between the US government and a controversial publisher.

New Attack Technique Exploits Microsoft Management Console Files
June 25, 2024

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact (“sccm-updater.msc”) that was uploaded to the VirusTotal malware

How to Cut Costs with a Browser Security Platform
June 25, 2024

Browser security is becoming increasingly popular, as organizations understand the need to protect at the point of risk - the browser. Network and endpoint solutions are limited in their ability to protect from web-borne threats like phishing websites or malicious browser extensions. They also do not protect from internal data exfiltration, like employees pasting sensitive data to ChatGPT. As it

New Cyberthreat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks
June 25, 2024

A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a modular trojan codenamed BMANAGER. “The threat actor behind this campaign has been carrying out opportunistic SQL injection attacks against websites in various countries since at least 2022,” Group-IB researchers Rustam Mirkasymov and Martijn van den Berk said in a

Wikileaks' Julian Assange Released from U.K. Prison, Heads to Australia
June 25, 2024

WikiLeaks founder Julian Assange has been freed in the U.K. and has departed the country after serving more than five years in a maximum security prison at Belmarsh for what was described by the U.S. government as the “largest compromises of classified information in the history” of the country. Capping off a 14-year legal saga, Assange, 52, pleaded guilty to one criminal count of conspiring to

4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree
June 25, 2024

Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of computer intrusions that caused over $71 million in losses to companies. The defendants, Ta Van Tai (aka Quynh Hoa and Bich Thuy), Nguyen Viet Quoc (aka Tien Nguyen), Nguyen Trang Xuyen, and Nguyen Van Truong (aka Chung Nguyen), have been accused of conducting

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts
June 25, 2024

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. “The injected malware attempts to create a new administrative user account and then sends those details back to the attacker-controlled server,” Wordfence security researcher Chloe Chamberland said in a Monday alert.

Job Opportunity: Informatics Security Analyst and Network Administrator
June 24, 2024

The Citizen Lab, Munk School of Global Affairs & Public Policy, University of Toronto, is hiring an Informatics Security Analyst and Network Administrator. Reporting to the Systems and Security Technical Lead, the incumbent is responsible for carrying out a range of system and network administration duties which include assisting in the management and oversight of… Read more »

Google Introduces Project Naptime for AI-Powered Vulnerability Research
June 24, 2024

Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out vulnerability research with an aim to improve automated discovery approaches. “The Naptime architecture is centered around the interaction between an AI agent and a target codebase,” Google Project Zero researchers Sergei Glazunov and Mark Brand said. “The agent is provided

Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
June 24, 2024

Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud security firm Wiz. Following responsible disclosure on May 5, 2024, the issue was addressed in version

Ease the Burden with AI-Driven Threat Intelligence Reporting
June 24, 2024

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgills threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  Cybersecurity professionals are facing unprecedented challenges as they strive to manage increasing workloads

XZ backdoor: Hook analysis
June 24, 2024

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook.

RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations
June 24, 2024

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future’s Insikt Group is tracking the activity under the name RedJuliett, describing it as a cluster that operates Fuzhou, China, to support Beijing’s intelligence

Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices
June 24, 2024

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps. “It provides malicious actors with a powerful toolkit for remote administration and control, enabling a range of malicious activities

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor
June 22, 2024

Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. “ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang,” Positive Technologies researchers Vladislav Lunin and Alexander Badayev said in a technical report

Warning: New Adware Campaign Targets Meta Quest App Seekers
June 22, 2024

A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. “The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes,” cybersecurity firm eSentire said in an analysis, adding it identified the activity earlier this month. "

U.S. Treasury Sanctions 12 Kaspersky Executives Amid Software Ban
June 22, 2024

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals serving executive and senior leadership roles at Kaspersky Lab, a day after the Russian company was banned by the Commerce Department. The move “underscores our commitment to ensure the integrity of our cyber domain and to protect our citizens against malicious cyber

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign
June 21, 2024

A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. “SneakyChef uses lures that are scanned documents of government agencies, most of which are related to various countries’ Ministries

Military-themed Email Scam Spreads Malware to Infect Pakistani Users
June 21, 2024

Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor. Dubbed PHANTOM#SPIKE by Securonix, the unknown threat actors behind the activity have leveraged military-related phishing documents to activate the infection sequence. “While there are many methods used today to deploy malware, the threat actors

Oyster Backdoor Spreading via Trojanized Popular Software Downloads
June 21, 2024

A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That’s according to findings from Rapid7, which identified lookalike websites hosting the malicious payloads that users are redirected to after searching for them on search engines like Google and Bing. The

SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately
June 21, 2024

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions of the software prior to and including Serv-U 15.4.2

U.S. Bans Kaspersky Software, Citing National Security Risks
June 21, 2024

The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) on Thursday announced a “first of its kind” ban that prohibits Kaspersky Lab’s U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company’s affiliates, subsidiaries and parent companies, the department said, adding the action is based on

US Bans Kaspersky Software
June 20, 2024

Using a Trump-era authority, the US Commerce Department has banned the sale of Kasperskys antivirus tools to new customers in the US, citing alleged threats to national security.

KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO
June 20, 2024

On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted. Meanwhile, their attorney has admitted that the person Radaris named as the CEO from its inception is a fabricated identity.

Page 1 of 315 Older Posts →