The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea.
The BlackBerry Research and Intelligence Team, which discovered the activity, said targets of the spear-phishing campaign include countries like Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and theView the full article
Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script.
"This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems," Trellix security researcher Rafael Pena said in a Monday analysis.
The cybersecurityView the full article
A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain elevated permissions and deploy file-encrypting malware.
The attacks involve the exploitation of CVE-2024-37085 (CVSS score: 6.8), an Active Directory integration authentication bypass that allows an attacker to obtain administrative access to the host.
"AView the full article
Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild.
The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code ********** that stems from the use of default passwords.
The flaw impacts the following versions of Acronis Cyber Infrastructure (ACI) -
&View the full article
An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint's defenses to send millions of messages spoofing various legitimate companies.
"These emails echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures, thus bypassing major security protections — all to deceiveView the full article
Searchable Encryption has long been a mystery. An oxymoron. An unattainable dream of cybersecurity professionals everywhere.
Organizations know they must encrypt their most valuable, sensitive data to prevent data theft and breaches. They also understand that organizational data exists to be used. To be searched, viewed, and modified to keep businesses running. Unfortunately, our Network andView the full article
A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service (DaaS) that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year.
The network, which comprises over 3,000 accounts on the cloud-based code hosting platform, spans thousands of repositories that are used toView the full article
The remote access ******* known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting ********-speaking Windows users.
These infections stem from a fake website ("chrome-web[.]com") serving malicious installer packages masquerading as Google's Chrome browser, indicating that users searching for the software on theView the full article
French judicial authorities, in collaboration with Europol, have launched a so-called "disinfection operation" to rid compromised hosts of a known malware called PlugX.
The Paris Prosecutor's Office, Parquet de Paris, said the initiative was launched on July 18 and that it's expected to continue for "several months."
It further said around a hundred victims located in France, Malta, Portugal,View the full article
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims.
The package, named "lr-utils-lib," attracted a total of 59 downloads before it was taken down. It was uploaded to the registry in early June 2024.
"The malware uses aView the full article
A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level.
Singaporean cybersecurity company Group-IB, which has been tracking the e-****** actor since January 2023, described the crimeware solution as a "sophisticated AI-powered phishing-as-a-service platform"View the full article
"Peace is the virtue of civilization. War is its ******. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo.
In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, which read "I'm the Creeper: catch me if you can." was the output of a program namedView the full article
The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world.
"Rim Jong Hyok and his co-conspirators deployedView the full article
Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining.
Cloud security Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of Selenium (3.141.59 and prior), is believed to be underway since at least April 2023.
"Unbeknownst to mostView the full article
CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting ******* customers as part of a highly targeted campaign.
The cybersecurity company said it identified what it described as an unattributed spear-phishing attempt on July 24, 2024, distributing an inauthentic CrowdStrike ****** ReporterView the full article
Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code **********.
The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier.
"In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), a remote codeView the full article
A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country.
Google-owned Mandiant is tracking the activity cluster under a new moniker APT45, which overlaps with names such as Andariel, Nickel Hyatt,View the full article
While the specifics for security testing vary for applications, web applications, and APIs, a holistic and proactive applications security strategy is essential for all three types. There are six core types of testing that every security professional should know about to secure their applications, regardless of what phase they are in in development or deployment.
In this article, we willView the full article
Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams.
"These included a smaller coordinated network of around 2,500 accounts that we were able to link to a group of around 20 individuals," the company said. "They targeted primarily ****** men in the U.S. and used fake accounts to maskView the full article
The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed. Modern cybersecurity requires a new approach based on the protection of the browser itself, which offers bothView the full article
Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner.
Tenable has given the vulnerability the name ConfusedFunction.
"An attacker could escalate their privileges to the Default Cloud Build Service Account andView the full article
Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances.
Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity.
"An attacker could exploit a bypass using an API request with Content-Length setView the full article
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition.
"A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity andView the full article
Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser.
"We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said.
To thatView the full article
A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos.
The exploit appeared for ***** for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11.
"View the full article
Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.
