Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power.
This indicates that the "IoT botnet is targeting more robust servers running on cloud native environments," Aqua Security researcher Assaf Morag said in a Wednesday analysis.View the full article
An ongoing social engineering campaign with alleged links to the ****** Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC.
"The initial lure being utilized by the threat actors ******** the same: an email ***** followed by an attempt to call impacted users and offer a fake solution,"View the full article
A coalition of law enforcement agencies coordinated by the U.K. National ****** Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups.
Maksim Silnikau (aka Maksym Silnikov), 38, went by the online monikers J.P. Morgan, ****, and lansky. He was extradited to the U.S. from Poland on August 9,View the full article
Simply relying on traditional password security measures is no longer sufficient. When it comes to protecting your organization from credential-based attacks, it is essential to lock down the basics first. Securing your Active Directory should be a priority – it is like making sure a house has a locked front door before investing in a high-end alarm system. Once the fundamentals are covered,View the full article
Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS ******* data, showcasing changes in ******* patterns and the broader landscape of cyber threats. Here, we share a selection of findings from the full report.
Key Takeaways
The number of DDoSView the full article
Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild.
Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that the tech giant resolved in its Edge browser since last month.
The Patch TuesdayView the full article
Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogue administrative users.
The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0.
"Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2View the full article
The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and ******* starting in late 2022.
Newly targeted countries as part of the activity include Italy, Germany, the U.A.E., and Qatar, with suspected attacks also detected in Georgia and Romania. Governments, media and communications, telecoms,View the full article
A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting ******** chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices.
The vulnerability has been codenamed GhostWrite. It has been described as a direct CPU bug embedded in the hardware, asView the full article
Cybersecurity researchers have discovered two security flaws in Microsoft's Azure Health **** Service that, if exploited, could permit a malicious actor to achieve lateral movement within customer environments and access sensitive patient data.
The critical issues, now patched by Microsoft, could have allowed access to cross-tenant resources within the service, Tenable said in a new report sharedView the full article
Traditionally, the focus has been on defending against digital threats such as malware, ransomware, and phishing attacks by detecting them and responding. However, as cyber threats become more sophisticated. There is a growing recognition of the importance of measures that stop new attacks before they are recognized. With high-value assets, it’s not good enough to have the protection, it’sView the full article
The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Dispossessor (aka Radar).
The effort saw the dismantling of three U.S. servers, three ******* Kingdom servers, 18 ******* servers, eight U.S.-based ********* domains, and one *******-based ********* domain. Dispossessor is said to be led byView the full article
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign that masquerades as the Security Service of Ukraine to distribute malware capable of remote desktop access.
The agency is tracking the activity under the name UAC-0198. More than 100 computers are estimated to have been infected since July 2024, including those related to government bodies in theView the full article
In 2023, no fewer than 94 percent of businesses were impacted by phishing attacks, a 40 percent increase compared to the previous year, according to research from Egress.
What's behind the surge in phishing? One popular answer is AI – particularly generative AI, which has made it trivially easier for threat actors to craft content that they can use in phishing campaigns, like malicious emailsView the full article
Cybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms operated by ******** companies Solarman and Deye that could enable malicious actors to cause disruption and power blackouts.
"If exploited, these vulnerabilities could allow an attacker to control inverter settings that could take parts of the grid down, potentially causingView the full article
After a good year of sustained exuberance, the hangover is finally here. It’s a gentle one (for now), as the market corrects the share price of the major players (like Nvidia, Microsoft, and Google), while other players reassess the market and adjust priorities. Gartner calls it the trough of disillusionment, when interest wanes and implementations fail to deliver the promised breakthroughs.View the full article
The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to ******** arbitrary code remotely with elevated privileges.
The vulnerability, tracked as CVE-2024-7589, carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity.
"A signal handler in sshd(8) may call a logging functionView the full article
Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks.
The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even get correctly signed X.509 VPN certificates for foreignView the full article
The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind.
The ******* chains are characterized by the use of RAR archive attachments containing a Windows shortcut (LNK) file that, upon opening, activates the infection sequence, culminating in the deployment of malware suchView the full article
Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims' secrets.
"The legitimate Solana Python API project is known as 'solana-py' on GitHub, but simply 'solana' on the Python software registry, PyPI," Sonatype researcher Ax SharmaView the full article
As many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code ********** (RCE) chain on systems that have the software installed.
"The Quick Share application implements its own specific application-layer communication protocol to support file transfers between nearby, compatible devices,"View the full article
An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a ******* distributed via fake websites masquerading as popular software.
"The ******* malware contains different deliverables ranging from simple adware extensions that ******* searches to more sophisticated malicious scripts that deliver local extensions to steal private dataView the full article
Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors.
The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.5), has been described as a spoofing flaw that affects the following versions of Office -
Microsoft Office 2016 for 32-bit edition and 64-bit editions
MicrosoftView the full article
Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, could result in serious consequences.
"The impact of these vulnerabilities range between remote code ********** (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, dataView the full article
Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code ********** (RCE) and local privilege escalation (LPE).
"This ******* chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive informationView the full article
Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.
