Infosecurity News
Ebury Botnet Operators Diversify with Financial and Crypto Theft
The 15-year-old Ebury botnet is more active than ever, as ESET found 400,000 Linux servers compromised for cryptocurrency theft and financial gain
Infosecurity News
The 15-year-old Ebury botnet is more active than ever, as ESET found 400,000 Linux servers compromised for cryptocurrency theft and financial gain
The Hacker News
Beware of "Shadow SaaS" - a hidden threat to organizations. Learn more: click the link for a must-read guide.
Security Affairs
A flaw in the R programming language enables the execution of arbitrary code when parsing specially crafted RDS and RDX files.
SecurityWeek
SafeBase has raised north of $50 million since launching in 2020 with plans to simplify vendor risk assessment disclosures.
DarkReading
Likely China-linked adversary has blanketed the Internet with DNS mail requests over the past five years via open resolvers, furthering Great Firewall of China ambitions. But the exact nature of its activity is unclear.
Cyber Security News
A backdoor was recently discovered in the xz-utils package versions 5.6.0 to 5.6.1, shocking the Linux community. This poses a significant threat to the security of Linux distributions, including Kali Linux.
SecurityWeek
Vulnerability (CVE-2024-28085) in core Linux system utilities package util-linux allows attackers to leak user passwords using fake prompts.
The DFIR Report
Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, … Read More
The Hacker News
A new Linux vulnerability puts user passwords at risk. It exploits the "wall" command to potentially leak passwords on Ubuntu & Debian systems.
The Hacker News
Beware of Darcula, a Phishing-as-a-Service platform targeting 100+ countries with over 20,000 fake domains.
Bleeping Computer
A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries.
Cyber Security News
Despite JavaScript's widespread use, writing secure code remains challenging, leading to web application vulnerabilities.
Ars Technica
Fixing newly discovered side channel will likely take a major toll on performance.
SecurityWeek
Tarsal raises $6 million in a seed funding round led by Harpoon Ventures and Mango Capital and appoints new CTO.
Ars Technica
LLMs are trained to block harmful responses. Old-school images can override those rules.
The Cyber Express
Atlanta-based Cyble Inc. has once again made waves in the cybersecurity industry. The trailblazing AI-powered threat intelligence platform secured a
DarkReading
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.
Cyber Security News
Kali Linux 2024.1 was released, marking the year's first release with new hacking tools, visual elements and updates.
Bleeping Computer
Kali Linux has released version 2024.1, the first version of 2024, with four new tools, a theme refresh, and desktop changes.
Ars Technica
Are you a sysadmin with control issues who needs a weekend project? Look no further!
CyberSecurity Dive
Infosys McCamish Systems, which works closely with the lender, was impacted by the cybersecurity incident in November that exposed customer Social Security numbers and other account information.
CyberSecurity Dive
To secure work from business partners, more companies are getting serious about having the right technical and legal safeguards, a specialist says.
Trend Micro
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
CyberNews
US regulators upgraded a probe into Tesla's EV power steering system after thousands of drivers reported losing the ability to control their vehicle's steering wheel.
Bleeping Computer
Three former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees.
DarkReading
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.
Bleeping Computer
Security researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition.
HACKRead
Bug Bounty Bonanza: Hackers Rake in Millions as Connected Cars Show Security Cracks at Pwn2Own Automotive 2024.
Bleeping Computer
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.
The Cyber Express
In the wake of a coordinated cyberattacks on Australia, Prime Minister Anthony Albanese has labeled the incident a 'scourge,' vowing
Security Affairs
Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz.
Cyber Security News
Researchers uncovered Bypass Zero-day flaw tracked as CVE-2023-51467, with a CVSS score of 9.8 affecting Apache OFBiz open-source.
The Record
The Click Here podcast team talks with research analyst Dakota Cary about China’s vulnerability disclosure process and how a recent law is part of a broad plan to reinvigorate its pipeline of cyber talent.
Bleeping Computer
A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits.
Security Affairs
Experts warn of new zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system.
The Hacker News
A zero-day security flaw discovered in Apache OfBiz ERP system could allow unauthorized access.
The Cyber Express
Atlanta-based Cyble Inc., a trailblazing AI-powered threat intelligence platform, has reached a remarkable milestone by earning recognition among the distinguished
HACKRead
Attention Kali Linux enthusiasts! Your holiday treat has arrived with the release of Kali Linux 2023.4, packed with a plethora of new features. Download now and elevate your Kali experience!
Cyber Security News
Offensive Security releases Kali Linux 2023.4, the latest version of the popular operating system and is the last 2023 version.
Bleeping Computer
Kali Linux 2023.4, the fourth and final version of 2023, is now available for download, with fifteen new tools and the GNOME 45 desktop environment.
Bleeping Computer
A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date.
CyberNews
Sam Altman, the ousted CEO of ChatGPT creator OpenAI, will definitely not return to the company he co-founded. It’s time to ask what happened.
The Record
Laurie Locascio, the director of the National Institute of Standards and Technology (NIST), kicked off the conference by discussing what will surely be a recurring theme: artificial intelligence.
The Record
On a recent trip to Ukraine, Click Here spoke with Ukraine's Alex Bornyakov about the country's booming drone sector and the Brave1 initiative, which aims to get innovative weapons into the hands of soldiers in a matter of weeks, not months.
Ars Technica
Altered images could destroy AI model training efforts that scrape art without consent.
Ars Technica
Turns out that only lightning could kill the otherwise-unkillable US-8-150W.
The Record
The government of Chile warned of ransomware attacks by a notorious gang of hackers after its customs department dealt with an incident on Tuesday.
Trend Micro
This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
The Hacker News
🚨Beware of LUCR-3 (aka Scattered Spider) – a threat actor targeting Fortune 2000 companies for extortion.
The Hacker News
New Android banking trojan Zanubis disguises as a Peruvian government app to infiltrate your device.
Infosecurity News
The Trojan utilizes the Obfuscapk obfuscator for Android APK files, Kaspersky explained
The DFIR Report
In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such … Read More
Ars Technica
"This was the point where AI-generated art passed the Turing Test for me."
SecurityWeek
SecurityWeek talks to Alex Ionescu, a cybersecurity expert who combined a career as a business executive with that of a security researcher.
SecurityWeek
ZDI is offering more than $1 million at the Pwn2Own Automotive hacking contest, hosted in January at the Automotive World conference in Tokyo.
DataBreaches
The Information Commissioner’s Office and eleven other data protection and privacy authorities from around the world have today published a joint...
Cyber Security News
Offensive Security recently launched Kali Linux 2023.3 with several new mods, changes, and new tools, which bring a multitude of positive effects and benefits to end-users.
Naked Security
Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead…
Bleeping Computer
Kali Linux 2023.3, the third version of 2023, is now available for download, with nine new tools and internal optimizations.
DataBreaches
A database listed for sale on a popular hacking forum may raise some political questions for El Salvadorans. On August 16, a listing offered 114GB of files...
Naked Security
Serious security stories explained clearly in plain English – listen now. (Full transcript available.)
Ars Technica
This time we discuss how we manage, update, and deploy the code that makes Ars work.
SecurityWeek
The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing user behavior.
Ars Technica
A family of pretrained and fine-tuned language models in sizes from 7 to 70 billion parameters.
DataBreaches
AlphV (aka BlackCat) threat actors have added Highland Health Systems in Alabama to their leak site. As proof of claims, they have leaked a number of files...
Naked Security
Zimbra didn’t actually say, “Do not delay/Do it today,” but they did say, “We kindly request your cooperation to apply the fix manually.”
SecurityWeek
Infisical banks $2.8 million in seed funding as investors continue to bet on companies in the software supply chain security space.
Ars Technica
The flight from Musk's Twitter to the "free" fediverse never really took off.
DarkReading
New LLM-based projects typically become successful in a short period of time, but the security posture of these generative AI projects are very low, making them extremely unsafe to use.
The Hacker News
Startup Security Tactics: Friction Surveys | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
The DFIR Report
In this intrusion, dated May 2023, we observed Truebot being used to deploy Cobalt Strike and FlawedGrace (aka GraceWire & BARBWIRE) resulting in the exfiltration of data and the deployment … Read More
Bleeping Computer
Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies.
Cyber Security News
Offensive Security launched Kali Linux 2023.2, an updated Penetration testing distro with new features, hacking tools, and various updates.
DataBreaches
CO: SECOP II platform affected by “presumed hacking” The SECOP II platform is a transactional platform with accounts for state entities and contractors...
ZDNet
Sudo stands for "superuser do" and effectively gives a regular user access to administrator-like powers. Here's how to use this powerful tool.
Security Affairs
The frontman of the American alternative rock band Smashing Pumpkins, Billy Corgan, has revealed he paid hackers who stole the band’s songs The frontman of the alternative rock band Smashing Pumpkins, Billy Corgan, revealed he paid a ransom after a hacker stole the band’s songs and threatened to leak them. The hacker stole some of the most important songs from […]
DataBreaches
CL: Saville Row attacked by BlackCat Saville Row, a Chilean clothing store, was added to BlackCat’s leak site on April 21. Sample files provided by the...
Security Affairs
Apache Superset open-source data visualization platform is affected by an insecure default configuration that could lead to remote code execution. Apache Superset is an open-source data visualization and data exploration platform. The maintainers of the software have released security patches to address an insecure default configuration, tracked as CVE-2023-27524 (CVSS score: 8.9), that could lead to remote […]
The Hacker News
A dangerous default configuration in Apache Superset has been discovered, which (CVE-2023-27524) could allow attackers to gain remote code execution.
Bleeping Computer
Google's Threat Analysis Group (TAG) has been monitoring and disrupting Russian state-backed cyberattacks targeting Ukraine's critical infrastructure in 2023.
DataBreaches
Cementos Bío-Bío S.A attacked by BlackByte Cementos Bio-Bio S.A, a Chilean cement company, was added to BlackBye’s leaks site on April 9. DataBreaches...
ZDNet
Your at-home or on-the-go work setup could be compromising your company's security. Experts told ZDNET how you can avoid common vulnerabilities.
DataBreaches
CL: Attack on multinational SONDA claimed by Medusa The Chilean IT multinational SONDA, which has a presence in 11 countries, has been placed on the leaks page...
ZDNet
Looking for the easiest method for protecting a file behind a layer of encryption in Linux? Here are two easy ways.
DataBreaches
ES: Secondary education center hit by Stormous After several months out of the public eye, the pro-Russian Stormous Ransomware group reappeared in February...
Naked Security
His prediction was called a “Law”, though it was an exhortation to engineering excellence as much it was an estimate.
DataBreaches
CR: CONASSIF Hacked With Chinese Characters El Consejo Nacional de Supervisión del Sistema Financiero (CONASSIF) is involved with the Costa Rican financial...
Ars Technica
The threat is serious enough to warrant a manual check ASAP.
Naked Security
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
DataBreaches
ES: HLA Grupo Hospitalario data listed for sale after web server misconfiguration On March 14, a forum user on BreachForums listed data from the HLA Grupo...
Bleeping Computer
Offensive Security has released Kali Linux 2023.1, the first version of 2023 and the project's 10th anniversary, with a new distro called 'Kali Purple,' aimed at Blue and Purple teamers for defensive security.
DataBreaches
CL: BlackCat confirms attack on Fonasa DataBreaches recently reported a malware attack on Chile’s National Health Fund (FONASA). There is an update to...
Naked Security
Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?
DataBreaches
ES: Stormous claims attack on Zurcal The Zurcal group, which belongs to the energy saving and efficiency sector, has been named by Stormous Ransomware in its...
DataBreaches
CO: The Red de Salud del Norte Joaquín Paz Borrero Hospital hit with ransomware The Cali District Government has implemented its contingency plan due to a...
Naked Security
Latest episode – listen now! Top-notch advice for cybersecurity, both at work and at home.
Naked Security
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!
Naked Security
Another day, another “sophisticated” attack. This time, the company has handily included some useful advice along with its mea culpa…
DataBreaches
ES: Cosmetics firm added by LockBit Skin and hair products firm Montibello has been added by LockBit3.0 to their leaks page. The listing was added on...
Security Affairs
The threat actors behind a massive AdSense fraud campaign infected 10,890 WordPress sites since September 2022. In November 2022, researchers from security firm Sucuri reported to have tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. The experts were tracking the campaign since September 2022, the campaign’s end goal was black […]
Loading more articles....