A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight.
"Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company's security research team said in an analysisView the full article
In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner.
The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensuresView the full article
Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why?
Traditional Privileged Access Management (PAM) solutions often fall short, leaving:
Blind spots that limit full visibility.
Complex deployment processes.View the full article
Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings.
"The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said. "The companyView the full article
In a historic decision, Romania's constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference.
As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place. Călin Georgescu, who won the first round, denounced the verdict as an "officialized coup" and an attack onView the full article
A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year.
The findings come as part of a collaborative investigation by First Department and the University of Toronto's Citizen Lab.
"The spyware placed on his device allows the operator to track a target device'sView the full article
Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution.
The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month.
Unlike the firstView the full article
The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for businesses of all sizes. Your organization needs robust security measures that go beyond traditional backup solutions to address the intricacies of today’s complex IT ecosystems.View the full article
The threat actors behind the More_eggs malware have been linked to two new malware families, indicating an expansion of its malware-as-a-service (MaaS) operation.
This includes a novel information-stealing ********* called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-onView the full article
The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop.
The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's designed to drop the Visual Basic Script malware, Recorded Future's Insikt Group said in a new analysis.View the full article
As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access ******* (RAT) called DroidBot.
"DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring," Cleafy researchers Simone Mattia, AlessandroView the full article
Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances.
The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient inputView the full article
Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale.
The operation, led by ******* authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects. More than 200 terabytes of digital evidence have been collected.
Manson Market ("manson-market[.]pw") isView the full article
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.
At its core, Vulnerability ManagementView the full article
A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-****-Windows ********* called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs.
"Earth Minotaur uses MOONSHINE to deliver the DarkNimbus ********* to Android and Windows devices, targeting WeChat, and possibly making it aView the full article
A suspected ******** threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion.
According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn't rule out the possibility that the intrusion may have occurred earlier.
"The attackers moved laterallyView the full article
The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024.
The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis.
"An interesting aspect of this campaign is the comeback of a *********View the full article
The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America.
The effort, codenamed Operation Destabilise, has resulted in the arrest of 84 suspects linked to two Russian-speaking networksView the full article
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of vulnerabilities is as follows -
CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissionsView the full article
The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022.
The activity, first observed in December 2022, is the latest instance of the nation-state adversary "embeddingView the full article
Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes.
The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convictedView the full article
Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity andView the full article
Many organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose they may as well not exist. And many simply copyView the full article
Cybersecurity researchers are alerting to a software supply chain ******* targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users' private keys with an aim to drain their cryptocurrency wallets.
The ******* has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from the npmView the full article
A ****** advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People's Republic of China (PRC)-affiliated threat actors targeting telecommunications providers.
"Identified exploitations or compromises associated with these threat actors' activity align with existing weaknesses associated with victim infrastructure; no novelView the full article
Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.